feat: 实现加密存储部分数据

api/alibaba/controller.go

@@ -11,27 +11,28 @@ import (
 func apiProxy(c *gin.Context) {
 
 	rq := &vendor.FetchParam{
-		Id:     cast.ToUint(c.Param("id")),
-		UserId: c.GetUint("UserId"),
+		Id:       cast.ToUint(c.Param("id")),
+		UserId:   c.GetUint("UserId"),
+		StoreKey: c.GetString("appkey"),
 	}
 
 	if rq.Id == 0 {
 		c.Set("Error", "参数错误")
 		return
 	}
 
-	vendor, err := vendor.Fetch(rq)
+	vd, err := vendor.Fetch(rq)
 
-	if err != nil || vendor.Id == 0 {
+	if err != nil || vd.Id == 0 {
 		c.Set("Error", "厂商不存在")
 		return
 	}
 
 	// 构造参数
 
 	params := &alibaba.Params{
-		SecretId:  vendor.SecretId,
-		SecretKey: vendor.SecretKey,
+		SecretId:  vd.SecretId,
+		SecretKey: vd.SecretKey,
 	}
 
 	if err = c.ShouldBindJSON(params); err != nil {

api/cloudflare/controller.go

@@ -11,26 +11,27 @@ import (
 func apiProxy(c *gin.Context) {
 
 	rq := &vendor.FetchParam{
-		Id:     cast.ToUint(c.Param("id")),
-		UserId: c.GetUint("UserId"),
+		Id:       cast.ToUint(c.Param("id")),
+		UserId:   c.GetUint("UserId"),
+		StoreKey: c.GetString("appkey"),
 	}
 
 	if rq.Id == 0 {
 		c.Set("Error", "参数错误")
 		return
 	}
 
-	vendor, err := vendor.Fetch(rq)
+	vd, err := vendor.Fetch(rq)
 
-	if err != nil || vendor.Id == 0 {
+	if err != nil || vd.Id == 0 {
 		c.Set("Error", "厂商不存在")
 		return
 	}
 
 	// 构造参数
 
 	params := &cloudflare.Params{
-		Token: vendor.SecretKey,
+		Token: vd.SecretKey,
 	}
 
 	if err := c.ShouldBindJSON(params); err != nil {

api/keypair/controller.go

@@ -65,6 +65,7 @@ func create(c *gin.Context) {
 	}
 
 	rq.UserId = c.GetUint("UserId")
+	rq.StoreKey = c.GetString("appkey")
 
 	if id, err := keypair.Create(rq); err == nil {
 		c.Set("Payload", gin.H{"Id": id})
@@ -92,6 +93,7 @@ func update(c *gin.Context) {
 	}
 
 	rq.UserId = c.GetUint("UserId")
+	rq.StoreKey = c.GetString("appkey")
 
 	if err := keypair.Update(rq); err == nil {
 		c.Set("Message", "修改成功")

api/tencent/controller.go

@@ -14,27 +14,28 @@ import (
 func apiProxy(c *gin.Context) {
 
 	rq := &vendor.FetchParam{
-		Id:     cast.ToUint(c.Param("id")),
-		UserId: c.GetUint("UserId"),
+		Id:       cast.ToUint(c.Param("id")),
+		UserId:   c.GetUint("UserId"),
+		StoreKey: c.GetString("appkey"),
 	}
 
 	if rq.Id == 0 {
 		c.Set("Error", "参数错误")
 		return
 	}
 
-	vendor, err := vendor.Fetch(rq)
+	vd, err := vendor.Fetch(rq)
 
-	if err != nil || vendor.Id == 0 {
+	if err != nil || vd.Id == 0 {
 		c.Set("Error", "厂商不存在")
 		return
 	}
 
 	// 构造参数
 
 	params := &tencent.Params{
-		SecretId:  vendor.SecretId,
-		SecretKey: vendor.SecretKey,
+		SecretId:  vd.SecretId,
+		SecretKey: vd.SecretKey,
 	}
 
 	if err = c.ShouldBindJSON(params); err != nil {

api/terminal/controller.go

@@ -2,8 +2,10 @@ package terminal
 
 import (
 	"github.com/gin-gonic/gin"
+	"github.com/spf13/cast"
 
 	"tdp-cloud/helper/webssh"
+	"tdp-cloud/module/model/keypair"
 )
 
 func ssh(c *gin.Context) {
@@ -17,6 +19,19 @@ func ssh(c *gin.Context) {
 		return
 	}
 
+	if id := cast.ToUint(c.Param("id")); id > 0 {
+		kp, err := keypair.Fetch(&keypair.FetchParam{
+			Id:       id,
+			UserId:   c.GetUint("UserId"),
+			StoreKey: c.GetString("AppKey"),
+		})
+		if err != nil || kp.Id == 0 {
+			c.Set("Error", "密钥不存在")
+			return
+		}
+		rq.PrivateKey = kp.PrivateKey
+	}
+
 	// 创建 SSH 连接
 
 	err := webssh.Connect(&webssh.ConnectParam{

api/terminal/router.go

@@ -13,7 +13,7 @@ func Socket(wsi *gin.RouterGroup) {
 	rg.Use(midware.AuthGuard())
 
 	{
-		rg.GET("/ssh", ssh)
+		rg.GET("/ssh/:id", ssh)
 	}
 
 }

api/vendor/controller.go

@@ -3,7 +3,6 @@ package vendor
 import (
 	"github.com/gin-gonic/gin"
 
-	"tdp-cloud/helper/strutil"
 	"tdp-cloud/module/model/vendor"
 )
 
@@ -66,14 +65,7 @@ func create(c *gin.Context) {
 	}
 
 	rq.UserId = c.GetUint("UserId")
-
-	//加密存储
-	appkey := c.GetString("appkey")
-	secret, err := strutil.Des3Encrypt(rq.SecretKey, appkey)
-	if err != nil {
-		rq.SecretKey = secret
-		rq.Status = "encode"
-	}
+	rq.StoreKey = c.GetString("appkey")
 
 	if id, err := vendor.Create(rq); err == nil {
 		c.Set("Payload", gin.H{"Id": id})
@@ -101,14 +93,7 @@ func update(c *gin.Context) {
 	}
 
 	rq.UserId = c.GetUint("UserId")
-
-	//加密存储
-	appkey := c.GetString("appkey")
-	secret, err := strutil.Des3Encrypt(rq.SecretKey, appkey)
-	if err != nil {
-		rq.SecretKey = secret
-		rq.Status = "encode"
-	}
+	rq.StoreKey = c.GetString("appkey")
 
 	if err := vendor.Update(rq); err == nil {
 		c.Set("Message", "修改成功")

module/certbot/main.go

@@ -33,11 +33,11 @@ func RunJobs() {
 
 func NewByJob(job *dborm.Certjob) error {
 
-	vendor, err := vendor.Fetch(&vendor.FetchParam{
+	vd, err := vendor.Fetch(&vendor.FetchParam{
 		Id: job.VendorId, UserId: job.UserId,
 	})
 
-	if err != nil || vendor.Id == 0 {
+	if err != nil || vd.Id == 0 {
 		logman.Error("Certjob Ignore Domain:", job.Domain)
 		return err
 	}
@@ -50,9 +50,9 @@ func NewByJob(job *dborm.Certjob) error {
 		Email:     job.Email,
 		Domain:    job.Domain,
 		CaType:    job.CaType,
-		Provider:  vendor.Provider,
-		SecretId:  vendor.SecretId,
-		SecretKey: vendor.SecretKey,
+		Provider:  vd.Provider,
+		SecretId:  vd.SecretId,
+		SecretKey: vd.SecretKey,
 		EabKeyId:  job.EabKeyId,
 		EabMacKey: job.EabMacKey,
 	})

module/model/keypair/model.go

@@ -1,6 +1,7 @@
 package keypair
 
 import (
+	"tdp-cloud/helper/strutil"
 	"tdp-cloud/module/dborm"
 )
 
@@ -14,10 +15,19 @@ type CreateParam struct {
 	Cipher      string
 	Status      string
 	Description string `binding:"required"`
+	StoreKey    string // 存储密钥
 }
 
 func Create(data *CreateParam) (uint, error) {
 
+	if data.PrivateKey != "" && data.StoreKey != "" {
+		secret, err := strutil.Des3Encrypt(data.PrivateKey, data.StoreKey)
+		if err != nil {
+			data.PrivateKey = secret
+			data.Cipher = "appkey"
+		}
+	}
+
 	item := &dborm.Keypair{
 		UserId:      data.UserId,
 		PublicKey:   data.PublicKey,
@@ -45,10 +55,19 @@ type UpdateParam struct {
 	Cipher      string
 	Status      string
 	Description string
+	StoreKey    string // 存储密钥
 }
 
 func Update(data *UpdateParam) error {
 
+	if data.PrivateKey != "" && data.StoreKey != "" {
+		secret, err := strutil.Des3Encrypt(data.PrivateKey, data.StoreKey)
+		if err != nil {
+			data.PrivateKey = secret
+			data.Cipher = "appkey"
+		}
+	}
+
 	result := dborm.Db.
 		Where(&dborm.Keypair{
 			Id:     data.Id,
@@ -90,8 +109,9 @@ func Delete(data *DeleteParam) error {
 // 获取密钥
 
 type FetchParam struct {
-	Id     uint
-	UserId uint
+	Id       uint
+	UserId   uint
+	StoreKey string // 存储密钥
 }
 
 func Fetch(data *FetchParam) (*dborm.Keypair, error) {
@@ -105,6 +125,10 @@ func Fetch(data *FetchParam) (*dborm.Keypair, error) {
 		}).
 		First(&item)
 
+	if item.Cipher != "" && data.StoreKey != "" {
+		item.PrivateKey, _ = strutil.Des3Decrypt(item.PrivateKey, data.StoreKey)
+	}
+
 	return item, result.Error
 
 }

module/model/passport/user.go

@@ -3,7 +3,6 @@ package passport
 import (
 	"errors"
 
-	"tdp-cloud/helper/strutil"
 	"tdp-cloud/module/midware"
 	"tdp-cloud/module/model/user"
 )
@@ -28,6 +27,7 @@ func Login(data *LoginParam) (*LoginResult, error) {
 
 	item, _ := user.Fetch(&user.FetchParam{
 		Username: data.Username,
+		StoreKey: data.Password,
 	})
 
 	// 验证账号
@@ -50,18 +50,10 @@ func Login(data *LoginParam) (*LoginResult, error) {
 		}
 	}
 
-	// 获取密钥
-
-	skey, err := strutil.Des3Decrypt(item.AppKey, data.Password)
-
-	if err != nil {
-		return nil, err
-	}
-
 	// 创建令牌
 
 	token, err := midware.CreateToken(&midware.UserInfo{
-		AppKey:    skey,
+		AppKey:    item.AppKey,
 		UserId:    item.Id,
 		UserLevel: item.Level,
 	})

module/model/user/model.go

@@ -3,6 +3,7 @@ package user
 import (
 	"github.com/google/uuid"
 
+	"tdp-cloud/helper/strutil"
 	"tdp-cloud/module/dborm"
 )
 
@@ -105,6 +106,7 @@ type FetchParam struct {
 	Username string
 	AppId    string
 	Email    string
+	StoreKey string // 存储密钥
 }
 
 func Fetch(data *FetchParam) (*dborm.User, error) {
@@ -120,6 +122,10 @@ func Fetch(data *FetchParam) (*dborm.User, error) {
 		}).
 		First(&item)
 
+	if item.AppKey != "" && data.StoreKey != "" {
+		item.AppKey, _ = strutil.Des3Decrypt(item.AppKey, data.StoreKey)
+	}
+
 	return item, result.Error
 
 }