添加云虚拟主机文件部署，增加game-docker的安全加固

codes/agent/game-docker/dlweb/api/ntunnel_mysql.php

@@ -1,547 +0,0 @@
-<?php	//version my202
-
-//set allowTestMenu to false to disable System/Server test page
-$allowTestMenu = true;
-
-$use_mysqli = function_exists("mysqli_connect");
-
-header("Content-Type: text/plain; charset=x-user-defined");
-error_reporting(0);
-set_time_limit(0);
-
-function phpversion_int()
-{
-	list($maVer, $miVer, $edVer) = preg_split("(/|\.|-)", phpversion());
-	return $maVer*10000 + $miVer*100 + $edVer;
-}
-
-if (phpversion_int() < 50300)
-{
-	set_magic_quotes_runtime(0);
-}
-
-function GetLongBinary($num)
-{
-	return pack("N",$num);
-}
-
-function GetShortBinary($num)
-{
-	return pack("n",$num);
-}
-
-function GetDummy($count)
-{
-	$str = "";
-	for($i=0;$i<$count;$i++)
-		$str .= "\x00";
-	return $str;
-}
-
-function GetBlock($val)
-{
-	$len = strlen($val);
-	if( $len < 254 )
-		return chr($len).$val;
-	else
-		return "\xFE".GetLongBinary($len).$val;
-}
-
-function EchoHeader($errno)
-{
-	$str = GetLongBinary(1111);
-	$str .= GetShortBinary(202);
-	$str .= GetLongBinary($errno);
-	$str .= GetDummy(6);
-	echo $str;
-}
-
-function EchoConnInfo($conn)
-{
-	if ($GLOBALS['use_mysqli']) {
-		$str = GetBlock(mysqli_get_host_info($conn));
-		$str .= GetBlock(mysqli_get_proto_info($conn));
-		$str .= GetBlock(mysqli_get_server_info($conn));
-		echo $str;
-	} else {
-		$str = GetBlock(mysql_get_host_info($conn));
-		$str .= GetBlock(mysql_get_proto_info($conn));
-		$str .= GetBlock(mysql_get_server_info($conn));
-		echo $str;
-	}
-}
-
-function EchoResultSetHeader($errno, $affectrows, $insertid, $numfields, $numrows)
-{
-	$str = GetLongBinary($errno);
-	$str .= GetLongBinary($affectrows);
-	$str .= GetLongBinary($insertid);
-	$str .= GetLongBinary($numfields);
-	$str .= GetLongBinary($numrows);
-	$str .= GetDummy(12);
-	echo $str;
-}
-
-function EchoFieldsHeader($res, $numfields)
-{
-	$str = "";
-	for( $i = 0; $i < $numfields; $i++ ) {
-		if ($GLOBALS['use_mysqli']) {
-			$finfo = mysqli_fetch_field_direct($res, $i);
-			$str .= GetBlock($finfo->name);
-			$str .= GetBlock($finfo->table);
-			
-			$type = $finfo->type;
-			$length = $finfo->length;
-		
-			$str .= GetLongBinary($type);
-	
-			$intflag = $finfo->flags;
-			$str .= GetLongBinary($intflag);
-	
-			$str .= GetLongBinary($length);
-		} else {
-			$str .= GetBlock(mysql_field_name($res, $i));
-			$str .= GetBlock(mysql_field_table($res, $i));
-	
-			$type = mysql_field_type($res, $i);
-			$length = mysql_field_len($res, $i);
-			switch ($type) {
-				case "int":
-					if( $length > 11 ) $type = 8;
-					else $type = 3;
-					break;
-				case "real":
-					if( $length == 12 ) $type = 4;
-					elseif( $length == 22 ) $type = 5;
-					else $type = 0;
-					break;
-				case "null":
-					$type = 6;
-					break;
-				case "timestamp":
-					$type = 7;
-					break;
-				case "date":
-					$type = 10;
-					break;
-				case "time":
-					$type = 11;
-					break;
-				case "datetime":
-					$type = 12;
-					break;
-				case "year":
-					$type = 13;
-					break;
-				case "blob":
-					if( $length > 16777215 ) $type = 251;
-					elseif( $length > 65535 ) $type = 250;
-					elseif( $length > 255 ) $type = 252;
-					else $type = 249;
-					break;
-				default:
-					$type = 253;
-			}
-			$str .= GetLongBinary($type);
-	
-			$flags = explode( " ", mysql_field_flags ( $res, $i ) );
-			$intflag = 0;
-			if(in_array( "not_null", $flags )) $intflag += 1;
-			if(in_array( "primary_key", $flags )) $intflag += 2;
-			if(in_array( "unique_key", $flags )) $intflag += 4;
-			if(in_array( "multiple_key", $flags )) $intflag += 8;
-			if(in_array( "blob", $flags )) $intflag += 16;
-			if(in_array( "unsigned", $flags )) $intflag += 32;
-			if(in_array( "zerofill", $flags )) $intflag += 64;
-			if(in_array( "binary", $flags)) $intflag += 128;
-			if(in_array( "enum", $flags )) $intflag += 256;
-			if(in_array( "auto_increment", $flags )) $intflag += 512;
-			if(in_array( "timestamp", $flags )) $intflag += 1024;
-			if(in_array( "set", $flags )) $intflag += 2048;
-			$str .= GetLongBinary($intflag);
-	
-			$str .= GetLongBinary($length);
-		}
-	}
-	echo $str;
-}
-
-function EchoData($res, $numfields, $numrows)
-{
-	for( $i = 0; $i < $numrows; $i++ ) {
-		$str = "";
-		$row = null;
-		if ($GLOBALS['use_mysqli'])
-			$row = mysqli_fetch_row( $res );
-		else
-			$row = mysql_fetch_row( $res );
-		for( $j = 0; $j < $numfields; $j++ ){
-			if( is_null($row[$j]) )
-				$str .= "\xFF";
-			else
-				$str .= GetBlock($row[$j]);
-		}
-		echo $str;
-	}
-}
-
-
-function doSystemTest()
-{
-	function output($description, $succ, $resStr) {
-		echo "<tr><td class=\"TestDesc\">$description</td><td ";
-		echo ($succ)? "class=\"TestSucc\">$resStr[0]</td></tr>" : "class=\"TestFail\">$resStr[1]</td></tr>";
-	}
-	output("PHP version >= 4.0.5", phpversion_int() >= 40005, array("Yes", "No"));
-	output("mysql_connect() available", function_exists("mysql_connect"), array("Yes", "No"));
-	output("mysqli_connect() available", function_exists("mysqli_connect"), array("Yes", "No"));
-	if (phpversion_int() >= 40302 && substr($_SERVER["SERVER_SOFTWARE"], 0, 6) == "Apache" && function_exists("apache_get_modules")){
-		if (in_array("mod_security2", apache_get_modules()))
-			output("Mod Security 2 installed", false, array("No", "Yes"));
-	}
-}
-
-/////////////////////////////////////////////////////////////////////////////
-////
-
-	if (phpversion_int() < 40005) {
-		EchoHeader(201);
-		echo GetBlock("unsupported php version");
-		exit();
-	}
-
-	if (phpversion_int() < 40010) {
-		global $HTTP_POST_VARS;
-		$_POST = &$HTTP_POST_VARS;	
-	}
-
-	if (!isset($_POST["actn"]) || !isset($_POST["host"]) || !isset($_POST["port"]) || !isset($_POST["login"])) {
-		$testMenu = $allowTestMenu;
-		if (!$testMenu){
-			EchoHeader(202);
-			echo GetBlock("invalid parameters");
-			exit();
-		}
-	}
-
-	if (!$testMenu){
-		if ($_POST["encodeBase64"] == '1') {
-			for($i=0;$i<count($_POST["q"]);$i++)
-				$_POST["q"][$i] = base64_decode($_POST["q"][$i]);
-		}
-		
-		if (!function_exists("mysql_connect") && !function_exists("mysqli_connect")) {
-			EchoHeader(203);
-			echo GetBlock("MySQL not supported on the server");
-			exit();
-		}
-		
-		$errno_c = 0;
-		$hs = $_POST["host"];
-		if ($use_mysqli) {
-			if( $_POST["port"] ) 
-				$conn = mysqli_connect($hs, $_POST["login"], $_POST["password"], '', $_POST["port"]);
-			else
-				$conn = mysqli_connect($hs, $_POST["login"], $_POST["password"]);
-			$errno_c = mysqli_connect_errno($conn);
-			if (phpversion_int() >= 50005){  // for unicode database name
-				mysqli_set_charset($conn, 'UTF8');
-			}
-			if($errno_c > 0) {
-				EchoHeader($errno_c);
-				echo GetBlock(mysqli_connect_error($conn));
-				exit;
-			}
-
-			if(($errno_c <= 0) && ( $_POST["db"] != "" )) {
-				$res = mysqli_select_db($conn, $_POST["db"] );
-				$errno_c = mysqli_errno($conn);
-			}
-
-			EchoHeader($errno_c);
-			if($errno_c > 0) {
-				echo GetBlock(mysqli_error($conn));
-			} elseif($_POST["actn"] == "C") {
-				EchoConnInfo($conn);
-			} elseif($_POST["actn"] == "Q") {
-				for($i=0;$i<count($_POST["q"]);$i++) {
-					$query = $_POST["q"][$i];
-					if($query == "") continue;
-					if (phpversion_int() < 50400){  
-						if(get_magic_quotes_gpc())
-							$query = stripslashes($query);
-					}
-					$res = mysqli_query($conn, $query);
-					$errno = mysqli_errno($conn);
-					$affectedrows = mysqli_affected_rows($conn);
-					$insertid = mysqli_insert_id($conn);				
-					if (false !== $res) {
-						$numfields = mysqli_field_count($conn);
-						$numrows = mysqli_num_rows($res);
-					}
-					else {
-						$numfields = 0;
-						$numrows = 0;
-					}
-					EchoResultSetHeader($errno, $affectedrows, $insertid, $numfields, $numrows);
-					if($errno > 0)
-						echo GetBlock(mysqli_error($conn));
-					else {
-						if($numfields > 0) {
-							EchoFieldsHeader($res, $numfields);
-							EchoData($res, $numfields, $numrows);
-						} else {
-							if(phpversion_int() >= 40300)
-								echo GetBlock(mysqli_info($conn));
-							else
-								echo GetBlock("");
-						}
-					}
-					if($i<(count($_POST["q"])-1))
-						echo "\x01";
-					else
-						echo "\x00";
-					if (false !== $res)
-						mysqli_free_result($res);
-				}
-			}
-		} else {
-			if( $_POST["port"] ) $hs .= ":".$_POST["port"];
-			$conn = mysql_connect($hs, $_POST["login"], $_POST["password"]);
-			$errno_c = mysql_errno();
-			if (phpversion_int() >= 50203){  // for unicode database name
-				mysql_set_charset('UTF8', $conn);
-			}
-			if(($errno_c <= 0) && ( $_POST["db"] != "" )) {
-				$res = mysql_select_db( $_POST["db"], $conn);
-				$errno_c = mysql_errno();
-			}
-			
-			EchoHeader($errno_c);
-			if($errno_c > 0) {
-				echo GetBlock(mysql_error());
-			} elseif($_POST["actn"] == "C") {
-				EchoConnInfo($conn);
-			} elseif($_POST["actn"] == "Q") {
-				for($i=0;$i<count($_POST["q"]);$i++) {
-					$query = $_POST["q"][$i];
-					if($query == "") continue;
-					if (phpversion_int() < 50400){  
-						if(get_magic_quotes_gpc())
-							$query = stripslashes($query);
-					}
-					$res = mysql_query($query, $conn);
-					$errno = mysql_errno();
-					$affectedrows = mysql_affected_rows($conn);
-					$insertid = mysql_insert_id($conn);
-					$numfields = mysql_num_fields($res);
-					$numrows = mysql_num_rows($res);
-					EchoResultSetHeader($errno, $affectedrows, $insertid, $numfields, $numrows);
-					if($errno > 0)
-						echo GetBlock(mysql_error());
-					else {
-						if($numfields > 0) {
-							EchoFieldsHeader($res, $numfields);
-							EchoData($res, $numfields, $numrows);
-						} else {
-							if(phpversion_int() >= 40300)
-								echo GetBlock(mysql_info($conn));
-							else
-								echo GetBlock("");
-						}
-					}
-					if($i<(count($_POST["q"])-1))
-						echo "\x01";
-					else
-						echo "\x00";
-					mysql_free_result($res);
-				}
-			}
-		}
-		exit();
-	}
-
-	header("Content-Type: text/html");
-////
-/////////////////////////////////////////////////////////////////////////////
-?>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-	<title>Navicat HTTP Tunnel Tester</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-	<style type="text/css">
-		body{
-			margin: 30px;
-			font-family: Tahoma;
-			font-weight: normal;
-			font-size: 14px;
-			color: #222222;
-		}
-		table{
-			width: 100%;
-			border: 0px;
-		}
-		input{
-			font-family:Tahoma,sans-serif;
-			border-style:solid;
-			border-color:#666666;
-			border-width:1px;
-		}
-		fieldset{
-			border-style:solid;
-			border-color:#666666;
-			border-width:1px;
-		}
-		.Title1{
-			font-size: 30px;
-			color: #003366;
-		}
-		.Title2{
-			font-size: 10px;
-			color: #999966;
-		}
-		.TestDesc{
-			width:70%
-		}
-		.TestSucc{
-			color: #00BB00;
-		}
-		.TestFail{
-			color: #DD0000;
-		}
-		.mysql{
-		}
-		.pgsql{
-			display:none;
-		}
-		.sqlite{
-			display:none;
-		}
-		#page{
-			max-width: 42em;
-			min-width: 36em;
-			border-width: 0px;
-			margin: auto auto;
-		}
-		#host, #dbfile{
-			width: 300px;
-		}
-		#port{
-			width: 75px;
-		}
-		#login, #password, #db{
-			width: 150px;
-		}
-		#Copyright{
-			text-align: right;
-			font-size: 10px;
-			color: #888888;
-		}
-	</style>
-	<script type="text/javascript">
-	function getInternetExplorerVersion(){
-		var ver = -1;
-		if (navigator.appName == "Microsoft Internet Explorer"){
-			var regex = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})");
-			if (regex.exec(navigator.userAgent))
-				ver = parseFloat(RegExp.$1);
-		}
-		return ver;
-	}
-	function setText(element, text, succ){
-		element.className = (succ)?"TestSucc":"TestFail";
-		element.innerHTML = text;
-	}
-	function getByteAt(str, offset){
-		return str.charCodeAt(offset) & 0xff;
-	}
-	function getIntAt(binStr, offset){
-		return (getByteAt(binStr, offset) << 24)+
-			(getByteAt(binStr, offset+1) << 16)+
-			(getByteAt(binStr, offset+2) << 8)+
-			(getByteAt(binStr, offset+3) >>> 0);
-	}
-	function getBlockStr(binStr, offset){
-		if (getByteAt(binStr, offset) < 254)
-			return binStr.substring(offset+1, offset+1+binStr.charCodeAt(offset));
-		else
-			return binStr.substring(offset+5, offset+5+getIntAt(binStr, offset+1));
-	}
-	function doServerTest(){
-		var version = getInternetExplorerVersion();
-		if (version==-1 || version>=9.0){
-			var xmlhttp = (window.XMLHttpRequest)? new XMLHttpRequest() : xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
-			
-			xmlhttp.onreadystatechange=function(){
-				var outputDiv = document.getElementById("ServerTest");
-				if (xmlhttp.readyState == 4){
-					if (xmlhttp.status == 200){
-						var errno = getIntAt(xmlhttp.responseText, 6);
-						if (errno == 0)
-							setText(outputDiv, "Connection Success!", true);
-						else
-							setText(outputDiv, parseInt(errno)+" - "+getBlockStr(xmlhttp.responseText, 16), false);
-					}else
-						setText(outputDiv, "HTTP Error - "+xmlhttp.status, false);
-				}
-			}
-			
-			var params = "";
-			var form = document.getElementById("TestServerForm");
-			for (var i=0; i<form.elements.length; i++){
-				if (i>0) params += "&";
-				params += form.elements[i].id+"="+form.elements[i].value.replace("&", "%26");
-			}
-			
-			document.getElementById("ServerTest").className = "";
-			document.getElementById("ServerTest").innerHTML = "Connecting...";
-			xmlhttp.open("POST", "", true);
-			xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-			xmlhttp.setRequestHeader("Content-length", params.length);
-			xmlhttp.setRequestHeader("Connection", "close");
-			xmlhttp.send(params);
-		}else{
-			document.getElementById("ServerTest").className = "";
-			document.getElementById("ServerTest").innerHTML = "Internet Explorer "+version+" is not supported, please use Internet explorer 9.0 or above, firefox, chrome or safari";
-		}
-	}
-	</script>
-</head>
-
-<body>
-<div id="page">
-<p>
-	<font class="Title1">Navicat&trade;</font><br>
-	<font class="Title2">The gateway to your database!</font>
-</p>
-<fieldset>
-	<legend>System Environment Test</legend>
-	<table>
-		<tr style="<?php echo "display:none"; ?>"><td width=70%>PHP installed properly</td><td class="TestFail">No</td></tr>
-		<?php echo doSystemTest();?>
-	</table>
-</fieldset>
-<br>
-<fieldset>
-	<legend>Server Test</legend>
-	<form id="TestServerForm" action="#" onSubmit="return false;">
-	<input type=hidden id="actn" value="C">
-	<table>
-		<tr class="mysql"><td width="35%">Hostname/IP Address:</td><td><input type=text id="host" placeholder="localhost"></td></tr>
-		<tr class="mysql"><td>Port:</td><td><input type=text id="port" placeholder="3306"></td></tr>
-		<tr class="pgsql"><td>Initial Database:</td><td><input type=text id="db" placeholder="template1"></td></tr>
-		<tr class="mysql"><td>Username:</td><td><input type=text id="login" placeholder="root"></td></tr>
-		<tr class="mysql"><td>Password:</td><td><input type=password id="password" placeholder=""></td></tr>
-		<tr class="sqlite"><td>Database File:</td><td><input type=text id="dbfile" placeholder="sqlite.db"></td></tr>
-		<tr><td></td><td><br><input id="TestButton" type="submit" value="Test Connection" onClick="doServerTest()"></td></tr>
-	</table>
-	</form>
-	<div id="ServerTest"><br></div>
-</fieldset>
-<p id="Copyright">Copyright &copy; PremiumSoft &trade; CyberTech Ltd. All Rights Reserved.</p>
-</div>
-</body>
-</html>

codes/agent/game-docker/docker/nginx/default.conf.template

@@ -10,6 +10,14 @@ upstream wxserver_service {
     server wxserver:3000;
 }
 
+# ── 限速区域定义（在 http 块级别，此处用 geo 标记 + limit_req_zone）──
+# 登录接口：每个 IP 每秒最多 5 次请求，突发缓冲 10 次
+limit_req_zone $binary_remote_addr zone=login_limit:10m rate=5r/s;
+# 通用 API：每个 IP 每秒最多 30 次请求
+limit_req_zone $binary_remote_addr zone=api_limit:10m rate=30r/s;
+# 连接数限制：每个 IP 同时最多 20 个连接
+limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
+
 # =============================================
 # 域名路由模式 + SSL（Let's Encrypt 自动证书）
 #
@@ -108,10 +116,45 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/${API_DOMAIN}/privkey.pem;
     include /etc/nginx/snippets/ssl-params.conf;
 
+    # 隐藏服务器版本信息
+    server_tokens off;
+
+    # 请求体大小限制（防止大请求攻击）
+    client_max_body_size 10m;
+    client_body_timeout 30s;
+    client_header_timeout 30s;
+
+    # 连接数限制
+    limit_conn conn_limit 20;
+
+    # ── 屏蔽敏感文件（直接返回 404，不暴露文件存在）──
+    location ~* \.(env|sh|bak|sql|log|git|svn|htaccess|htpasswd|ini|conf)$ {
+        return 404;
+    }
+    location ~* /(ntunnel_mysql|phpMyAdmin|phpmyadmin|adminer|debug)\.php$ {
+        return 404;
+    }
+    location ~ /\. {
+        return 404;
+    }
+
+    # ── 登录接口限速（防爆破）──
+    location ~* /source/login/ {
+        limit_req zone=login_limit burst=10 nodelay;
+        limit_req_status 429;
+        proxy_pass http://api_service;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+
     # wxserver 路由：/wx/ 前缀转发给 wxserver 容器，自动去除 /wx 前缀
     # 例：/wx/auth/oa/callback → wxserver:/auth/oa/callback
     # 例：/wx/api/login        → wxserver:/api/login
     location /wx/ {
+        limit_req zone=api_limit burst=50 nodelay;
         proxy_pass http://wxserver_service/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -132,6 +175,7 @@ server {
 
     # PHP API（所有其他请求）
     location / {
+        limit_req zone=api_limit burst=50 nodelay;
         proxy_pass http://api_service;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -151,7 +195,30 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/${DLWEB_DOMAIN}/privkey.pem;
     include /etc/nginx/snippets/ssl-params.conf;
 
+    # 隐藏服务器版本信息
+    server_tokens off;
+
+    # 请求体大小限制
+    client_max_body_size 10m;
+    client_body_timeout 30s;
+    client_header_timeout 30s;
+
+    # 连接数限制
+    limit_conn conn_limit 20;
+
+    # ── 屏蔽敏感文件 ──
+    location ~* \.(env|sh|bak|sql|log|git|svn|htaccess|htpasswd|ini|conf)$ {
+        return 404;
+    }
+    location ~* /(ntunnel_mysql|phpMyAdmin|phpmyadmin|adminer|debug)\.php$ {
+        return 404;
+    }
+    location ~ /\. {
+        return 404;
+    }
+
     location / {
+        limit_req zone=api_limit burst=50 nodelay;
         proxy_pass http://dlweb_service;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;

codes/agent/game-docker/docker/nginx/ssl-params.conf

@@ -5,8 +5,8 @@ ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 ssl_prefer_server_ciphers off;
 
-# HSTS (取消注释以启用，请确认所有子域都支持 HTTPS 后再启用)
-# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+# HSTS：强制浏览器只用 HTTPS 连接（去掉 includeSubDomains，避免影响其他未配置 HTTPS 的子域名）
+add_header Strict-Transport-Security "max-age=31536000" always;
 
 # OCSP Stapling
 ssl_stapling on;
@@ -21,3 +21,17 @@ ssl_session_tickets off;
 
 # DH 参数 (如果生成了 dhparam.pem)
 # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+# ── 安全响应头 ──────────────────────────────────────────────────────
+# 防点击劫持：禁止页面被嵌入 iframe
+add_header X-Frame-Options "SAMEORIGIN" always;
+# 防 MIME 类型嗅探
+add_header X-Content-Type-Options "nosniff" always;
+# 启用浏览器内置 XSS 过滤（旧浏览器兼容）
+add_header X-XSS-Protection "1; mode=block" always;
+# 限制 Referer 信息泄露
+add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+# 隐藏 nginx 版本号（在 nginx.conf 中配合 server_tokens off 使用）
+# Content Security Policy：按需调整，当前允许同源 + 必要的外部资源
+# frame-ancestors 额外放开微信支付收银台来源，避免微信 H5 支付 iframe 被拦截
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' res.wx.qq.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' https://wx.tenpay.com https://*.weixin.qq.com https://*.qq.com;" always;

codes/yunhost/htdocs/1.txt

@@ -0,0 +1 @@
+1

codes/yunhost/htdocs/mysql.php

@@ -0,0 +1,147 @@
+<?php
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE");
+header("Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With");
+header("Access-Control-Allow-Credentials: true");
+header("Content-Type: textml; charset=utf-8");
+
+///////////////////////////// 全局常量 /////////////////////////////
+//mysql数据库连接
+$G_MySql = array(
+	"host" => "rm-bp1749tfxu2rpq670lo.mysql.rds.aliyuncs.com",
+	"name" => "game_db",
+	"user" => "games",
+	"pwd"  => "Games0791!!",
+	"port" => "3306"
+	// "host" => "120.25.60.74",
+	// "name" => "youle_games",
+	// "user" => "root",
+	// "pwd"  => "root",
+	// "port" => "3333"
+);
+
+//错误编码及提示
+$G_Error = array(
+	"condb"   => array("code" => 81, "msg" => "连接数据库失败"),
+	"execsql" => array("code" => 82, "msg" => "操作数据库失败"),
+	"d_wrong" => array("code" => 83, "msg" => "data参数错误"),
+	"m_wrong" => array("code" => 84, "msg" => "m参数错误"),
+	"s_wrong" => array("code" => 85, "msg" => "s参数错误"),
+	"p_wrong" => array("code" => 86, "msg" => "p参数错误"),
+);
+
+///////////////////////////// 全局变量 /////////////////////////////
+//接口函数返回的json对象
+$G_Result = array(
+	"state" => 0,      //0:成功 <>0:错误编码
+	"error" => "",     //错误时的描述
+	"param" => "",     //接收的参数
+	"data"  => array() //成功时的数据
+);
+
+//返回结果$G_G_Result
+function do_return(){
+	global $G_Result;
+	// if (count($G_Result["data"]) == 0) {
+	// 	$G_Result["data"] = new stdClass;
+	// }
+	echo json_encode($G_Result);
+	exit();
+}
+
+////////////////////////// 连接MYSQL数据库 /////////////////////////
+$PDO = null;
+try 
+{	
+	$PDO = new PDO("mysql:host=".$G_MySql["host"].";port=".$G_MySql["port"].";dbname=".$G_MySql["name"], $G_MySql["user"], $G_MySql["pwd"]);
+	$PDO->exec("set names utf8;");
+	$PDO->exec("use ".$G_MySql["name"].";");	
+} 
+catch (Exception $e) 
+{	
+	$G_Result['state'] = $G_Error["condb"]["code"];
+	$G_Result['error'] = $G_Error["condb"]["msg"]; 
+	do_return();
+}
+
+//////////////////////////// 读取参数 ////////////////////////////
+//读取data参数
+$str_data = GetRequest("data");
+$str_data = stripslashes($str_data); //解决表单POST传参数时，自动加转义字符的问题
+$str_data = str_replace("^","=",$str_data);
+$str_data = str_replace("#","+",$str_data);
+$str_data = str_replace("!","&",$str_data);
+$G_Result['param'] = $str_data;
+
+//检查data是否为空
+if ($str_data == "") {
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+//检查data是否能转成json
+$json_para = json_decode($str_data);
+if ($json_para == null) {	
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+$m = $json_para->m;
+$s = $json_para->s;
+$p = $json_para->p;
+
+//检查m值
+if (($m == null) || ($m == "") || (!function_exists($m))) {	
+	$G_Result['state'] = $G_Error["m_wrong"]["code"];
+	$G_Result['error'] = $G_Error["m_wrong"]["msg"]; 
+	do_return();
+}
+//检查s值
+if (($s == null) || ($s == "")) {	
+	$G_Result['state'] = $G_Error["s_wrong"]["code"];
+	$G_Result['error'] = $G_Error["s_wrong"]["msg"]; 
+	do_return();
+}
+//检查p值
+if (($p != null) && (!is_array($p))) {	
+	$G_Result['state'] = $G_Error["p_wrong"]["code"];
+	$G_Result['error'] = $G_Error["p_wrong"]["msg"]; 
+	do_return();
+}
+
+$m($s, $p);
+do_return();
+
+//根据参数名获取参数 
+function GetRequest($name) {
+	return isset($_REQUEST[$name])?$_REQUEST[$name]:'';
+}
+
+//执行sql语句返回结果
+function opensql($sql, $para) {
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{
+		while ($aryData = $stmt->fetch(PDO::FETCH_NAMED)) {
+			$G_Result["data"][] = $aryData;
+		}
+	} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+
+//执行sql语句无返回结果
+function execsql($sql, $para){
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+?>

codes/yunhost/htdocs/mysql_agent.php

@@ -0,0 +1,147 @@
+<?php
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE");
+header("Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With");
+header("Access-Control-Allow-Credentials: true");
+header("Content-Type: textml; charset=utf-8");
+
+///////////////////////////// 全局常量 /////////////////////////////
+//mysql数据库连接
+$G_MySql = array(
+	"host" => "rm-bp1btyuwq77591x0jpo.mysql.rds.aliyuncs.com",
+	"name" => "agent_db",
+	"user" => "games",
+	"pwd"  => "Games0791!!",
+	"port" => "3306"
+	// "host" => "120.92.140.132",
+	// "name" => "game_db",
+	// "user" => "root",
+	// "pwd"  => "root_root",
+	// "port" => "3309"
+);
+
+//错误编码及提示
+$G_Error = array(
+	"condb"   => array("code" => 81, "msg" => "连接数据库失败"),
+	"execsql" => array("code" => 82, "msg" => "操作数据库失败"),
+	"d_wrong" => array("code" => 83, "msg" => "data参数错误"),
+	"m_wrong" => array("code" => 84, "msg" => "m参数错误"),
+	"s_wrong" => array("code" => 85, "msg" => "s参数错误"),
+	"p_wrong" => array("code" => 86, "msg" => "p参数错误"),
+);
+
+///////////////////////////// 全局变量 /////////////////////////////
+//接口函数返回的json对象
+$G_Result = array(
+	"state" => 0,      //0:成功 <>0:错误编码
+	"error" => "",     //错误时的描述
+	"param" => "",     //接收的参数
+	"data"  => array() //成功时的数据
+);
+
+//返回结果$G_G_Result
+function do_return(){
+	global $G_Result;
+	// if (count($G_Result["data"]) == 0) {
+	// 	$G_Result["data"] = new stdClass;
+	// }
+	echo json_encode($G_Result);
+	exit();
+}
+
+////////////////////////// 连接MYSQL数据库 /////////////////////////
+$PDO = null;
+try 
+{	
+	$PDO = new PDO("mysql:host=".$G_MySql["host"].";port=".$G_MySql["port"].";dbname=".$G_MySql["name"], $G_MySql["user"], $G_MySql["pwd"]);
+	$PDO->exec("set names utf8;");
+	$PDO->exec("use ".$G_MySql["name"].";");	
+} 
+catch (Exception $e) 
+{	
+	$G_Result['state'] = $G_Error["condb"]["code"];
+	$G_Result['error'] = $G_Error["condb"]["msg"]; 
+	do_return();
+}
+
+//////////////////////////// 读取参数 ////////////////////////////
+//读取data参数
+$str_data = GetRequest("data");
+$str_data = stripslashes($str_data); //解决表单POST传参数时，自动加转义字符的问题
+$str_data = str_replace("^","=",$str_data);
+$str_data = str_replace("#","+",$str_data);
+$str_data = str_replace("!","&",$str_data);
+$G_Result['param'] = $str_data;
+
+//检查data是否为空
+if ($str_data == "") {
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+//检查data是否能转成json
+$json_para = json_decode($str_data);
+if ($json_para == null) {	
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+$m = $json_para->m;
+$s = $json_para->s;
+$p = $json_para->p;
+
+//检查m值
+if (($m == null) || ($m == "") || (!function_exists($m))) {	
+	$G_Result['state'] = $G_Error["m_wrong"]["code"];
+	$G_Result['error'] = $G_Error["m_wrong"]["msg"]; 
+	do_return();
+}
+//检查s值
+if (($s == null) || ($s == "")) {	
+	$G_Result['state'] = $G_Error["s_wrong"]["code"];
+	$G_Result['error'] = $G_Error["s_wrong"]["msg"]; 
+	do_return();
+}
+//检查p值
+if (($p != null) && (!is_array($p))) {	
+	$G_Result['state'] = $G_Error["p_wrong"]["code"];
+	$G_Result['error'] = $G_Error["p_wrong"]["msg"]; 
+	do_return();
+}
+
+$m($s, $p);
+do_return();
+
+//根据参数名获取参数 
+function GetRequest($name) {
+	return isset($_REQUEST[$name])?$_REQUEST[$name]:'';
+}
+
+//执行sql语句返回结果
+function opensql($sql, $para) {
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{
+		while ($aryData = $stmt->fetch(PDO::FETCH_NAMED)) {
+			$G_Result["data"][] = $aryData;
+		}
+	} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+
+//执行sql语句无返回结果
+function execsql($sql, $para){
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+?>

codes/yunhost/htdocs/mysql_grade.php

@@ -0,0 +1,147 @@
+<?php
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE");
+header("Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With");
+header("Access-Control-Allow-Credentials: true");
+header("Content-Type: textml; charset=utf-8");
+
+///////////////////////////// 全局常量 /////////////////////////////
+//mysql数据库连接
+$G_MySql = array(
+	"host" => "rm-bp1749tfxu2rpq670lo.mysql.rds.aliyuncs.com",
+	"name" => "grade_db",
+	"user" => "games",
+	"pwd"  => "Games0791!!",
+	"port" => "3306"
+	// "host" => "120.25.60.74",
+	// "name" => "youle_games",
+	// "user" => "root",
+	// "pwd"  => "root",
+	// "port" => "3333"
+);
+
+//错误编码及提示
+$G_Error = array(
+	"condb"   => array("code" => 81, "msg" => "连接数据库失败"),
+	"execsql" => array("code" => 82, "msg" => "操作数据库失败"),
+	"d_wrong" => array("code" => 83, "msg" => "data参数错误"),
+	"m_wrong" => array("code" => 84, "msg" => "m参数错误"),
+	"s_wrong" => array("code" => 85, "msg" => "s参数错误"),
+	"p_wrong" => array("code" => 86, "msg" => "p参数错误"),
+);
+
+///////////////////////////// 全局变量 /////////////////////////////
+//接口函数返回的json对象
+$G_Result = array(
+	"state" => 0,      //0:成功 <>0:错误编码
+	"error" => "",     //错误时的描述
+	"param" => "",     //接收的参数
+	"data"  => array() //成功时的数据
+);
+
+//返回结果$G_G_Result
+function do_return(){
+	global $G_Result;
+	// if (count($G_Result["data"]) == 0) {
+	// 	$G_Result["data"] = new stdClass;
+	// }
+	echo json_encode($G_Result);
+	exit();
+}
+
+////////////////////////// 连接MYSQL数据库 /////////////////////////
+$PDO = null;
+try 
+{	
+	$PDO = new PDO("mysql:host=".$G_MySql["host"].";port=".$G_MySql["port"].";dbname=".$G_MySql["name"], $G_MySql["user"], $G_MySql["pwd"]);
+	$PDO->exec("set names utf8;");
+	$PDO->exec("use ".$G_MySql["name"].";");	
+} 
+catch (Exception $e) 
+{	
+	$G_Result['state'] = $G_Error["condb"]["code"];
+	$G_Result['error'] = $G_Error["condb"]["msg"]; 
+	do_return();
+}
+
+//////////////////////////// 读取参数 ////////////////////////////
+//读取data参数
+$str_data = GetRequest("data");
+$str_data = stripslashes($str_data); //解决表单POST传参数时，自动加转义字符的问题
+$str_data = str_replace("^","=",$str_data);
+$str_data = str_replace("#","+",$str_data);
+$str_data = str_replace("!","&",$str_data);
+$G_Result['param'] = $str_data;
+
+//检查data是否为空
+if ($str_data == "") {
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+//检查data是否能转成json
+$json_para = json_decode($str_data);
+if ($json_para == null) {	
+	$G_Result['state'] = $G_Error["d_wrong"]["code"];
+	$G_Result['error'] = $G_Error["d_wrong"]["msg"]; 
+	do_return();
+}
+
+$m = $json_para->m;
+$s = $json_para->s;
+$p = $json_para->p;
+
+//检查m值
+if (($m == null) || ($m == "") || (!function_exists($m))) {	
+	$G_Result['state'] = $G_Error["m_wrong"]["code"];
+	$G_Result['error'] = $G_Error["m_wrong"]["msg"]; 
+	do_return();
+}
+//检查s值
+if (($s == null) || ($s == "")) {	
+	$G_Result['state'] = $G_Error["s_wrong"]["code"];
+	$G_Result['error'] = $G_Error["s_wrong"]["msg"]; 
+	do_return();
+}
+//检查p值
+if (($p != null) && (!is_array($p))) {	
+	$G_Result['state'] = $G_Error["p_wrong"]["code"];
+	$G_Result['error'] = $G_Error["p_wrong"]["msg"]; 
+	do_return();
+}
+
+$m($s, $p);
+do_return();
+
+//根据参数名获取参数 
+function GetRequest($name) {
+	return isset($_REQUEST[$name])?$_REQUEST[$name]:'';
+}
+
+//执行sql语句返回结果
+function opensql($sql, $para) {
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{
+		while ($aryData = $stmt->fetch(PDO::FETCH_NAMED)) {
+			$G_Result["data"][] = $aryData;
+		}
+	} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+
+//执行sql语句无返回结果
+function execsql($sql, $para){
+	global $G_Result, $G_Error, $PDO;
+	$stmt = $PDO->prepare($sql.";");
+	if ($stmt->execute($para))
+	{} else {
+		$G_Result['state'] = $G_Error["execsql"]["code"];
+		$G_Result['error'] = $G_Error["execsql"]["msg"]; 		
+	}
+}
+?>

codes/yunhost/htdocs/zhuye.html

@@ -0,0 +1,106 @@
+<!DOCTYPE html>
+
+<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+   <meta http-equiv="pragma" content="no-cache">
+<meta http-equiv="cache-control" content="no-cache">
+<meta http-equiv="expires" content="0">
+    <meta charset="utf-8" />
+    <title>领先的云计算服务提供商-中国万网(www.net.cn)</title>    
+    <style type="text/css">
+        body {width:100%; margin:0 auto;font-family:'Microsoft YaHei';color:#5d5d5d;font-size:12px; }
+        .host-top {width: 800px; height: 60px; margin: 0 auto; vertical-align: middle;padding:10px 0; }        
+        .host-top-title{float: left; font-size: 14px;margin-left:12px;padding-top:22px;}
+        .host-top-right {  float: right; margin-right: 5px; line-height: 25px; margin-top: 35px;}
+        .host-top-right a {color:#5d5d5d;text-decoration:none;font-size:12px;}
+        .host-middle {background-color:#f0fbff;border-bottom:1px solid #c0c0c0;border-top:2px solid #c0c0c0; height:auto;  }
+        .host-content{width: 800px; margin: 0 auto;padding:40px 0 30px 0;}
+
+        .host-operation-title{font-size:16px;text-align:center;padding:10px 0; }
+        .host-line { border-bottom: 1px solid #c0c0c0; margin-bottom: 10px; height: 15px;  }
+        .host-step{background:url(http://gtms01.alicdn.com/tps/i1/TB1GnvVFVXXXXbMXVXXMak49XXX-799-72.gif) no-repeat; height:70px;padding:20px 0;}
+        .host-step-one { position:relative;float:left;left:60px;width:205px;   }
+        .host-step-two { position:relative;float:right;width:375px;right:35px;  }
+        .host-middle a {color:#0f79bb;text-decoration:underline;font-size:12px;}
+        .host-open-title{font-size:16px;padding:5px 10px 10px 10px;}
+        .host-open-content{padding-left: 10px; text-align: left;font-size:12px;}
+
+        .host-bottom{width: 800px;line-height: 60px; margin: 0 auto; text-align:center;}
+    </style>
+</head>
+<body>
+    <div>        
+        <div class="host-top">
+            <div style="float: left;">
+                <img src="http://gtms04.alicdn.com/tps/i4/TB1j6r2FVXXXXcwXXXX79lWFFXX-144-60.gif" border="0" />
+            </div>
+            <div class="host-top-title">
+                领先的云计算服务提供商
+            </div>
+            <div class="host-top-right"><a href="http://wanwang.aliyun.com/" target="_blank">万网首页</a> | <a href="http://help.aliyun.com" target="_blank">帮助中心</a></div>
+        </div>
+        <div class="host-middle">
+            <div class="host-content">
+                <div style="height:140px;">
+                    <div style="float: left;">
+                        <img src="http://gtms02.alicdn.com/tps/i2/TB1f5r6FVXXXXc7XpXXkTnU2pXX-190-116.gif" border="0" />
+                    </div>
+                    <div style="float: left; padding:28px 35px;">
+                        <div style="font-size:25px;">您已正式开通主机服务</div>                            
+                        <div style="font-size:18px;line-height:32px;">这是万网主机提供的测试访问页，您可以随时进行删除或替换</div>
+                    </div>
+                </div>
+                <div class="host-operation-title">
+                    <table width="100%" cellspacing="0" cellpadding="0" style="line-height: 32px;text-align:center;">
+                        <tr>
+                            <td style="width: 240px;">
+                                <div class="host-line"></div>
+                            </td>
+                            <td>如需访问到您的网站，请按照以下步骤操作</td>
+                            <td style="width: 240px;">
+                                <div class="host-line"></div>
+                            </td>
+                        </tr>
+                    </table>
+                </div>
+                <div class="host-step">
+                    <div class="host-step-one">
+                        您的首页文件及网站程序需上传至FTP下的HTDOCS目录下</div>
+                    <div class="host-step-two">
+                        您自行设定的首页文件名，需要添加至<a href="http://cp.aliyun.com/" target="_blank">控制面板</a>默认首页设置的列表中<a href="http://help.aliyun.com/knowledge_detail/6555122.html" target="_blank">操作帮助</a> </div>
+                </div>
+                <div class="host-open-title">
+                    站点开通流程
+                </div>
+                <div style="margin-bottom:20px;">
+                    <table width="100%" cellspacing="0" cellpadding="0">
+                        <tr>
+                            <td class="host-open-content">1、<a href="http://help.aliyun.com/knowledge_detail/6563876.html" target="_blank">获取FTP/数据库信息</a></td>
+                            <td>
+                                <img src="http://gtms03.alicdn.com/tps/i3/TB12J61FVXXXXXfXpXX_YiWFVXX-30-26.gif" border="0" />
+                            </td>
+                            <td class="host-open-content">2、<a href="http://help.aliyun.com/knowledge_detail/5974952.html" target="_blank">网站备案(或申请接入)</a></td>
+                            <td>
+                                <img src="http://gtms03.alicdn.com/tps/i3/TB12J61FVXXXXXfXpXX_YiWFVXX-30-26.gif" border="0" />
+                            </td>
+                            <td class="host-open-content">3、<a href="http://help.aliyun.com/knowledge_detail/6555034.html" target="_blank">上传网站程序</a></td>
+                            <td>
+                                <img src="http://gtms03.alicdn.com/tps/i3/TB12J61FVXXXXXfXpXX_YiWFVXX-30-26.gif" border="0" />
+                            </td>
+                            <td class="host-open-content">4、<a href="http://help.aliyun.com/knowledge_detail/6554963.html" target="_blank">网站调试</a></td>
+                            <td>
+                                <img src="http://gtms03.alicdn.com/tps/i3/TB12J61FVXXXXXfXpXX_YiWFVXX-30-26.gif" border="0" />
+                            </td>
+                            <td class="host-open-content">5、<a href="http://help.aliyun.com/knowledge_detail/6563877.html" target="_blank">域名绑定</a></td>
+                        </tr>
+                    </table>
+                </div>
+            </div>
+            
+        </div>
+        <div class="host-bottom">
+            Copyright &copy; 1998 - 2014 中国万网 版权所有
+        </div>
+    </div>
+</body>
+</html>