mirror of
https://github.com/whyour/qinglong.git
synced 2026-07-01 04:40:38 +08:00
定时任务支持自定义日志文件或者 /dev/null (#2823)
* Initial plan * Add log_name field to enable custom log folder naming Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add database migration for log_name column Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Add security validation to prevent path traversal attacks Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Apply prettier formatting to modified files Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Support absolute paths like /dev/null for log redirection Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> * Restrict absolute paths to log directory except /dev/null Co-authored-by: whyour <22700758+whyour@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
This commit is contained in:
+4
-1
@@ -21,6 +21,7 @@ export class Crontab {
|
||||
extra_schedules?: Array<{ schedule: string }>;
|
||||
task_before?: string;
|
||||
task_after?: string;
|
||||
log_name?: string;
|
||||
|
||||
constructor(options: Crontab) {
|
||||
this.name = options.name;
|
||||
@@ -45,6 +46,7 @@ export class Crontab {
|
||||
this.extra_schedules = options.extra_schedules;
|
||||
this.task_before = options.task_before;
|
||||
this.task_after = options.task_after;
|
||||
this.log_name = options.log_name;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -55,7 +57,7 @@ export enum CrontabStatus {
|
||||
'disabled',
|
||||
}
|
||||
|
||||
export interface CronInstance extends Model<Crontab, Crontab>, Crontab { }
|
||||
export interface CronInstance extends Model<Crontab, Crontab>, Crontab {}
|
||||
export const CrontabModel = sequelize.define<CronInstance>('Crontab', {
|
||||
name: {
|
||||
unique: 'compositeIndex',
|
||||
@@ -84,4 +86,5 @@ export const CrontabModel = sequelize.define<CronInstance>('Crontab', {
|
||||
extra_schedules: DataTypes.JSON,
|
||||
task_before: DataTypes.STRING,
|
||||
task_after: DataTypes.STRING,
|
||||
log_name: DataTypes.STRING,
|
||||
});
|
||||
|
||||
@@ -56,6 +56,11 @@ export default async () => {
|
||||
try {
|
||||
await sequelize.query('alter table Crontabs add column task_after TEXT');
|
||||
} catch (error) {}
|
||||
try {
|
||||
await sequelize.query(
|
||||
'alter table Crontabs add column log_name VARCHAR(255)',
|
||||
);
|
||||
} catch (error) {}
|
||||
|
||||
Logger.info('✌️ DB loaded');
|
||||
} catch (error) {
|
||||
|
||||
+54
-8
@@ -476,15 +476,61 @@ export default class CronService {
|
||||
`[panel][开始执行任务] 参数: ${JSON.stringify(params)}`,
|
||||
);
|
||||
|
||||
let { id, command, log_path } = cron;
|
||||
const uniqPath = await getUniqPath(command, `${id}`);
|
||||
const logTime = dayjs().format('YYYY-MM-DD-HH-mm-ss-SSS');
|
||||
const logDirPath = path.resolve(config.logPath, `${uniqPath}`);
|
||||
if (log_path?.split('/')?.every((x) => x !== uniqPath)) {
|
||||
await fs.mkdir(logDirPath, { recursive: true });
|
||||
let { id, command, log_path, log_name } = cron;
|
||||
|
||||
// Check if log_name is an absolute path
|
||||
const isAbsolutePath = log_name && log_name.startsWith('/');
|
||||
|
||||
let uniqPath: string;
|
||||
let absolutePath: string;
|
||||
let logPath: string;
|
||||
|
||||
if (isAbsolutePath) {
|
||||
// Special case: /dev/null is allowed as-is to discard logs
|
||||
if (log_name === '/dev/null') {
|
||||
uniqPath = log_name;
|
||||
absolutePath = log_name;
|
||||
logPath = log_name;
|
||||
} else {
|
||||
// For other absolute paths, ensure they are within the safe log directory
|
||||
const normalizedLogName = path.normalize(log_name!);
|
||||
const normalizedLogPath = path.normalize(config.logPath);
|
||||
|
||||
if (!normalizedLogName.startsWith(normalizedLogPath)) {
|
||||
this.logger.error(
|
||||
`[panel][日志路径安全检查失败] 绝对路径必须在日志目录内: ${log_name}`,
|
||||
);
|
||||
// Fallback to auto-generated path for security
|
||||
const fallbackUniqPath = await getUniqPath(command, `${id}`);
|
||||
const logTime = dayjs().format('YYYY-MM-DD-HH-mm-ss-SSS');
|
||||
const logDirPath = path.resolve(config.logPath, `${fallbackUniqPath}`);
|
||||
if (log_path?.split('/')?.every((x) => x !== fallbackUniqPath)) {
|
||||
await fs.mkdir(logDirPath, { recursive: true });
|
||||
}
|
||||
logPath = `${fallbackUniqPath}/${logTime}.log`;
|
||||
absolutePath = path.resolve(config.logPath, `${logPath}`);
|
||||
uniqPath = fallbackUniqPath;
|
||||
} else {
|
||||
// Absolute path is safe, use it
|
||||
uniqPath = log_name!;
|
||||
absolutePath = log_name!;
|
||||
logPath = log_name!;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Sanitize log_name to prevent path traversal for relative paths
|
||||
const sanitizedLogName = log_name
|
||||
? log_name.replace(/[\/\\\.]/g, '_').replace(/^_+|_+$/g, '')
|
||||
: '';
|
||||
uniqPath = sanitizedLogName || (await getUniqPath(command, `${id}`));
|
||||
const logTime = dayjs().format('YYYY-MM-DD-HH-mm-ss-SSS');
|
||||
const logDirPath = path.resolve(config.logPath, `${uniqPath}`);
|
||||
if (log_path?.split('/')?.every((x) => x !== uniqPath)) {
|
||||
await fs.mkdir(logDirPath, { recursive: true });
|
||||
}
|
||||
logPath = `${uniqPath}/${logTime}.log`;
|
||||
absolutePath = path.resolve(config.logPath, `${logPath}`);
|
||||
}
|
||||
const logPath = `${uniqPath}/${logTime}.log`;
|
||||
const absolutePath = path.resolve(config.logPath, `${logPath}`);
|
||||
const cp = spawn(
|
||||
`real_log_path=${logPath} no_delay=true ${this.makeCommand(
|
||||
cron,
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
import { Joi } from 'celebrate';
|
||||
import cron_parser from 'cron-parser';
|
||||
import { ScheduleType } from '../interface/schedule';
|
||||
import path from 'path';
|
||||
import config from '../config';
|
||||
|
||||
const validateSchedule = (value: string, helpers: any) => {
|
||||
if (
|
||||
@@ -37,4 +39,43 @@ export const commonCronSchema = {
|
||||
extra_schedules: Joi.array().optional().allow(null),
|
||||
task_before: Joi.string().optional().allow('').allow(null),
|
||||
task_after: Joi.string().optional().allow('').allow(null),
|
||||
log_name: Joi.string()
|
||||
.optional()
|
||||
.allow('')
|
||||
.allow(null)
|
||||
.custom((value, helpers) => {
|
||||
if (!value) return value;
|
||||
|
||||
// Check if it's an absolute path
|
||||
if (value.startsWith('/')) {
|
||||
// Allow /dev/null as special case
|
||||
if (value === '/dev/null') {
|
||||
return value;
|
||||
}
|
||||
|
||||
// For other absolute paths, ensure they are within the safe log directory
|
||||
const normalizedValue = path.normalize(value);
|
||||
const normalizedLogPath = path.normalize(config.logPath);
|
||||
|
||||
if (!normalizedValue.startsWith(normalizedLogPath)) {
|
||||
return helpers.error('string.unsafePath');
|
||||
}
|
||||
|
||||
return value;
|
||||
}
|
||||
|
||||
// For relative names, enforce strict pattern
|
||||
if (!/^[a-zA-Z0-9_-]+$/.test(value)) {
|
||||
return helpers.error('string.pattern.base');
|
||||
}
|
||||
if (value.length > 100) {
|
||||
return helpers.error('string.max');
|
||||
}
|
||||
return value;
|
||||
})
|
||||
.messages({
|
||||
'string.pattern.base': '日志名称只能包含字母、数字、下划线和连字符',
|
||||
'string.max': '日志名称不能超过100个字符',
|
||||
'string.unsafePath': '绝对路径必须在日志目录内或使用 /dev/null',
|
||||
}),
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user