[WIP] Optimize security features for Minecraft server management#1
Draft
Codex wants to merge 7 commits into
Draft
[WIP] Optimize security features for Minecraft server management#1Codex wants to merge 7 commits into
Codex wants to merge 7 commits into
Conversation
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
Co-authored-by: pilgrimage233 <70379307+pilgrimage233@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.
Original prompt
由于该项目涉及远程文件操作和命令执行(RCE),安全性是重中之重。
• 路径穿越防御 (Path Traversal Protection):在 FileService 处理上传、下载、删除等接口时,必须严格校验 path 参数。建议实现一个 safeJoin 工具类,确保所有操作都限制在指定的根目录下,防止通过 ../ 访问系统敏感文件。
• 命令注入防御:对于 POST /api/servers/{serverId}/command 和自定义启动脚本,应增加严格的字符过滤。对于控制台命令,建议限制敏感命令的使用(如 /op, /stop 的二次确认或权限分级)。
• 引入 Spring Security:目前项目使用了自定义的 TokenInterceptor,建议迁移到 Spring Security。这不仅能提供更标准化的 JWT/Session 处理,还能利用其内置的 CSRF 防御、安全响应头(XSS/HSTS)等特性。
• 敏感信息脱敏:确保 pom.xml 中引入的 spring-security-crypto 被用于数据库中用户密码和敏感密钥的加密存储,而非明文。
• 异步 IO 处理:Minecraft 启动和日志流(WebSocket)是长连接/高 IO 操作。目前项目已有 ThreadPoolConfig,应确保服务器启动、备份等耗时任务完全交给异步线程池(@async),避免阻塞主 Web 线程。
• 日志缓存与流式输出:/api/servers/{serverId}/console 如果直接读取文件或全量返回,在大日志文件下会崩溃。建议引入循环缓冲区(Circular Buffer)存储内存中的最近 N 行日志,并通过 WebSocket 实现增量推送。
• 数据库连接池:虽然使用 SQLite,但在并发访问(如多实例状态同时更新)时可能会遇到 database is locked。建议优化 MyBatis-Plus 的配置,或在写入操作频繁时考虑使用 WAL 模式(Write-Ahead Logging)。
• 资源监控增强:目前虽然引入了 oshi-core,但建议在节点端实现资源限额(Quota)。当某个实例 CPU 或内存占用异常时,节点能自动触发预警或限制,防止单实例崩溃拖垮整个物理机。
• 健康检查接口:添加 /actuator/health 或自定义 /api/system/status,以便主控端能够通过心跳机制实时发现节点离线或资源耗尽。
• 自动化备份机制:增加一个定时任务(基于 @scheduled),允许用户配置自动备份服务器核心文件或存档,并支持本地旋转(保持最近 N 个备份)。
• 统一响应体 (Result Wrapper):建议创建一个通用的 Result 类,包含 code, message, data 等字段,规范所有 Controller 的返回格式,方便主控端(前端)统一处理错误。
• API 文档自动化:项目中尚未发现 Swagger/OpenAPI。建议引入 springdoc-openapi-starter-webmvc-ui,通过注解自动生成接口文档,降低与主控端联调的沟通成本。
• 配置管理:InitConfigService 自动生成 application.yml 是个好主意,但建议区分“不可变配置”和“用户动态配置”。考虑支持通过环境变量(ENV)覆盖配置,以更好地支持 Docker 容器化部署。
• Dockerfile 支持:提供一个多阶段构建的 Dockerfile(基于 eclipse-temurin:17-jre),将 Minecraft 环境和节点端打包,简化用户的部署流程。