增加ssh链接框架
This commit is contained in:
dengqichen
parent
c9b8157754
commit
b8412314a8
@ -1,5 +1,6 @@
|
||||
package com.qqchen.deploy.backend.deploy.entity;
|
||||
|
||||
import com.qqchen.deploy.backend.framework.annotation.LogicDelete;
|
||||
import com.qqchen.deploy.backend.framework.domain.Entity;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Table;
|
||||
@ -10,11 +11,17 @@ import java.time.LocalDateTime;
|
||||
|
||||
/**
|
||||
* SSH终端审计日志实体
|
||||
*
|
||||
* ⚠️ 审计日志逻辑删除设计:
|
||||
* - 支持逻辑删除(@LogicDelete)而非物理删除
|
||||
* - 确保审计记录的可追溯性和合规性
|
||||
* - 删除的审计日志仍可通过后台管理查询
|
||||
*/
|
||||
@Data
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
@jakarta.persistence.Entity
|
||||
@Table(name = "deploy_ssh_audit_log")
|
||||
@LogicDelete
|
||||
public class SSHAuditLog extends Entity<Long> {
|
||||
|
||||
/**
|
||||
|
||||
@ -2,6 +2,9 @@ package com.qqchen.deploy.backend.deploy.repository;
|
||||
|
||||
import com.qqchen.deploy.backend.deploy.entity.SSHAuditLog;
|
||||
import com.qqchen.deploy.backend.framework.repository.IBaseRepository;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
/**
|
||||
@ -24,4 +27,12 @@ public interface ISSHAuditLogRepository extends IBaseRepository<SSHAuditLog, Lon
|
||||
* 统计用户对指定服务器当前活跃的SSH会话数
|
||||
*/
|
||||
long countByUserIdAndServerIdAndDisconnectTimeIsNull(Long userId, Long serverId);
|
||||
|
||||
/**
|
||||
* 逻辑删除指定服务器的所有审计日志
|
||||
* 使用 @Modifying 注解执行批量更新
|
||||
*/
|
||||
@Modifying
|
||||
@Query("UPDATE SSHAuditLog a SET a.deleted = true WHERE a.serverId = :serverId")
|
||||
void deleteByServerId(@Param("serverId") Long serverId);
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import com.qqchen.deploy.backend.deploy.enums.ServerStatusEnum;
|
||||
import com.qqchen.deploy.backend.framework.enums.AuthTypeEnum;
|
||||
import com.qqchen.deploy.backend.deploy.query.ServerQuery;
|
||||
import com.qqchen.deploy.backend.deploy.repository.IServerRepository;
|
||||
import com.qqchen.deploy.backend.deploy.repository.ISSHAuditLogRepository;
|
||||
import com.qqchen.deploy.backend.deploy.service.IServerService;
|
||||
import com.qqchen.deploy.backend.framework.annotation.ServiceType;
|
||||
import com.qqchen.deploy.backend.framework.enums.ResponseCode;
|
||||
@ -38,6 +39,9 @@ public class ServerServiceImpl
|
||||
|
||||
@Resource
|
||||
private SSHCommandServiceFactory sshCommandServiceFactory;
|
||||
|
||||
@Resource
|
||||
private ISSHAuditLogRepository sshAuditLogRepository;
|
||||
|
||||
public ServerServiceImpl(IServerRepository serverRepository) {
|
||||
this.serverRepository = serverRepository;
|
||||
@ -206,5 +210,32 @@ public class ServerServiceImpl
|
||||
|
||||
return info;
|
||||
}
|
||||
|
||||
/**
|
||||
* 重写删除方法
|
||||
*
|
||||
* ⚠️ 删除策略:
|
||||
* 1. 服务器:物理删除(没有@LogicDelete注解)
|
||||
* 2. 审计日志:逻辑删除(有@LogicDelete注解)
|
||||
* 3. 审计日志永久保留,仅标记deleted=true,确保审计可追溯
|
||||
*/
|
||||
@Override
|
||||
@Transactional
|
||||
public void delete(Long id) {
|
||||
log.info("删除服务器: serverId={}", id);
|
||||
|
||||
// 1. 逻辑删除关联的SSH审计日志(保留历史记录)
|
||||
try {
|
||||
sshAuditLogRepository.deleteByServerId(id);
|
||||
log.info("已逻辑删除服务器关联的SSH审计日志: serverId={}", id);
|
||||
} catch (Exception e) {
|
||||
log.warn("逻辑删除服务器关联的SSH审计日志失败: serverId={}, error={}", id, e.getMessage());
|
||||
// 继续执行,即使审计日志删除失败也要删除服务器
|
||||
}
|
||||
|
||||
// 2. 物理删除服务器
|
||||
super.delete(id);
|
||||
log.info("服务器删除成功: serverId={}", id);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1256,7 +1256,9 @@ CREATE TABLE deploy_ssh_audit_log
|
||||
KEY idx_server_id (server_id),
|
||||
KEY idx_connect_time (connect_time),
|
||||
KEY idx_session_id (session_id),
|
||||
KEY idx_status (status),
|
||||
CONSTRAINT fk_ssh_audit_user FOREIGN KEY (user_id) REFERENCES sys_user (id),
|
||||
CONSTRAINT fk_ssh_audit_server FOREIGN KEY (server_id) REFERENCES deploy_server (id)
|
||||
KEY idx_status (status)
|
||||
-- ⚠️ 审计日志表不添加外键约束,原因:
|
||||
-- 1. 审计日志需要永久保留(逻辑删除)
|
||||
-- 2. 删除用户/服务器时,审计日志不应被物理删除
|
||||
-- 3. user_id/server_id 仅作为历史记录字段,通过冗余字段可查询
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='SSH终端审计日志表';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user