feat(management): add support for control panel asset synchronization

- Introduced `EnsureLatestManagementHTML` to sync `management.html` asset from the latest GitHub release. - Added config option `DisableControlPanel` to toggle control panel functionality. - Serve management control panel via `/management.html` endpoint, with automatic download and update mechanism. - Updated `.gitignore` to include `static/*` directory for control panel assets.
2026-02-03 04:50:52 +08:00 · 2025-10-01 03:18:39 +08:00
parent 7c157d6ab1
commit c589c0d998
6 changed files with 296 additions and 1 deletions
--- a/internal/managementasset/updater.go
+++ b/internal/managementasset/updater.go
@@ -0,0 +1,245 @@
+package managementasset
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	managementReleaseURL = "https://api.github.com/repos/router-for-me/Cli-Proxy-API-Management-Center/releases/latest"
+	managementAssetName  = "management.html"
+	httpUserAgent        = "CLIProxyAPI-management-updater"
+)
+
+// ManagementFileName exposes the control panel asset filename.
+const ManagementFileName = managementAssetName
+
+var httpClient = &http.Client{Timeout: 15 * time.Second}
+
+type releaseAsset struct {
+	Name               string `json:"name"`
+	BrowserDownloadURL string `json:"browser_download_url"`
+	Digest             string `json:"digest"`
+}
+
+type releaseResponse struct {
+	Assets []releaseAsset `json:"assets"`
+}
+
+// StaticDir resolves the directory that stores the management control panel asset.
+func StaticDir(configFilePath string) string {
+	configFilePath = strings.TrimSpace(configFilePath)
+	if configFilePath == "" {
+		return ""
+	}
+	base := filepath.Dir(configFilePath)
+	return filepath.Join(base, "static")
+}
+
+// FilePath resolves the absolute path to the management control panel asset.
+func FilePath(configFilePath string) string {
+	dir := StaticDir(configFilePath)
+	if dir == "" {
+		return ""
+	}
+	return filepath.Join(dir, ManagementFileName)
+}
+
+// EnsureLatestManagementHTML checks the latest management.html asset and updates the local copy when needed.
+// The function is designed to run in a background goroutine and will never panic.
+func EnsureLatestManagementHTML(ctx context.Context, staticDir string) {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+
+	staticDir = strings.TrimSpace(staticDir)
+	if staticDir == "" {
+		log.Debug("management asset sync skipped: empty static directory")
+		return
+	}
+
+	if err := os.MkdirAll(staticDir, 0o755); err != nil {
+		log.WithError(err).Warn("failed to prepare static directory for management asset")
+		return
+	}
+
+	localPath := filepath.Join(staticDir, managementAssetName)
+	localHash, err := fileSHA256(localPath)
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			log.WithError(err).Debug("failed to read local management asset hash")
+		}
+		localHash = ""
+	}
+
+	asset, remoteHash, err := fetchLatestAsset(ctx)
+	if err != nil {
+		log.WithError(err).Warn("failed to fetch latest management release information")
+		return
+	}
+
+	if remoteHash != "" && localHash != "" && strings.EqualFold(remoteHash, localHash) {
+		log.Debug("management asset is already up to date")
+		return
+	}
+
+	data, downloadedHash, err := downloadAsset(ctx, asset.BrowserDownloadURL)
+	if err != nil {
+		log.WithError(err).Warn("failed to download management asset")
+		return
+	}
+
+	if remoteHash != "" && !strings.EqualFold(remoteHash, downloadedHash) {
+		log.Warnf("remote digest mismatch for management asset: expected %s got %s", remoteHash, downloadedHash)
+	}
+
+	if err = atomicWriteFile(localPath, data); err != nil {
+		log.WithError(err).Warn("failed to update management asset on disk")
+		return
+	}
+
+	log.Infof("management asset updated successfully (hash=%s)", downloadedHash)
+}
+
+func fetchLatestAsset(ctx context.Context) (*releaseAsset, string, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, managementReleaseURL, nil)
+	if err != nil {
+		return nil, "", fmt.Errorf("create release request: %w", err)
+	}
+	req.Header.Set("Accept", "application/vnd.github+json")
+	req.Header.Set("User-Agent", httpUserAgent)
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return nil, "", fmt.Errorf("execute release request: %w", err)
+	}
+	defer func() {
+		_ = resp.Body.Close()
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024))
+		return nil, "", fmt.Errorf("unexpected release status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var release releaseResponse
+	if err = json.NewDecoder(resp.Body).Decode(&release); err != nil {
+		return nil, "", fmt.Errorf("decode release response: %w", err)
+	}
+
+	for i := range release.Assets {
+		asset := &release.Assets[i]
+		if strings.EqualFold(asset.Name, managementAssetName) {
+			remoteHash := parseDigest(asset.Digest)
+			return asset, remoteHash, nil
+		}
+	}
+
+	return nil, "", fmt.Errorf("management asset %s not found in latest release", managementAssetName)
+}
+
+func downloadAsset(ctx context.Context, downloadURL string) ([]byte, string, error) {
+	if strings.TrimSpace(downloadURL) == "" {
+		return nil, "", fmt.Errorf("empty download url")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, downloadURL, nil)
+	if err != nil {
+		return nil, "", fmt.Errorf("create download request: %w", err)
+	}
+	req.Header.Set("User-Agent", httpUserAgent)
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return nil, "", fmt.Errorf("execute download request: %w", err)
+	}
+	defer func() {
+		_ = resp.Body.Close()
+	}()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024))
+		return nil, "", fmt.Errorf("unexpected download status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, "", fmt.Errorf("read download body: %w", err)
+	}
+
+	sum := sha256.Sum256(data)
+	return data, hex.EncodeToString(sum[:]), nil
+}
+
+func fileSHA256(path string) (string, error) {
+	file, err := os.Open(path)
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		_ = file.Close()
+	}()
+
+	h := sha256.New()
+	if _, err = io.Copy(h, file); err != nil {
+		return "", err
+	}
+
+	return hex.EncodeToString(h.Sum(nil)), nil
+}
+
+func atomicWriteFile(path string, data []byte) error {
+	tmpFile, err := os.CreateTemp(filepath.Dir(path), "management-*.html")
+	if err != nil {
+		return err
+	}
+
+	tmpName := tmpFile.Name()
+	defer func() {
+		_ = tmpFile.Close()
+		_ = os.Remove(tmpName)
+	}()
+
+	if _, err = tmpFile.Write(data); err != nil {
+		return err
+	}
+
+	if err = tmpFile.Chmod(0o644); err != nil {
+		return err
+	}
+
+	if err = tmpFile.Close(); err != nil {
+		return err
+	}
+
+	if err = os.Rename(tmpName, path); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func parseDigest(digest string) string {
+	digest = strings.TrimSpace(digest)
+	if digest == "" {
+		return ""
+	}
+
+	if idx := strings.Index(digest, ":"); idx >= 0 {
+		digest = digest[idx+1:]
+	}
+
+	return strings.ToLower(strings.TrimSpace(digest))
+}