feat: 对部分密码进行加密

2026-02-04 22:07:16 +08:00 · 2024-11-07 00:25:09 +08:00
parent 020a4ad870
commit f2eb3a180c
6 changed files with 84 additions and 6 deletions
--- a/internal/app/global.go
+++ b/internal/app/global.go
@@ -37,6 +37,7 @@ const (

 // 面板全局变量
 var (
+	Key     string
 	Root    string
 	Version string
 	Locale  string
--- a/internal/biz/database.go
+++ b/internal/biz/database.go
@@ -1,6 +1,13 @@
 package biz

-import "time"
+import (
+	"time"
+
+	"github.com/go-rat/utils/crypt"
+	"gorm.io/gorm"
+
+	"github.com/TheTNB/panel/internal/app"
+)

 type Database struct {
 	ID        uint      `gorm:"primaryKey" json:"id"`
@@ -14,3 +21,32 @@ type Database struct {
 	CreatedAt time.Time `json:"created_at"`
 	UpdatedAt time.Time `json:"updated_at"`
 }
+
+func (r *Database) BeforeSave(tx *gorm.DB) error {
+	crypter, err := crypt.NewXChacha20Poly1305([]byte(app.Key))
+	if err != nil {
+		return err
+	}
+
+	r.Password, err = crypter.Encrypt([]byte(r.Password))
+	if err != nil {
+		return err
+	}
+
+	return nil
+
+}
+
+func (r *Database) AfterFind(tx *gorm.DB) error {
+	crypter, err := crypt.NewXChacha20Poly1305([]byte(app.Key))
+	if err != nil {
+		return err
+	}
+
+	password, err := crypter.Decrypt(r.Password)
+	if err == nil {
+		r.Password = string(password)
+	}
+
+	return nil
+}
--- a/internal/biz/firewall.go
+++ b/internal/biz/firewall.go
@@ -1,4 +0,0 @@
-package biz
-
-type FirewallRepo interface {
-}
--- a/internal/biz/ssh.go
+++ b/internal/biz/ssh.go
@@ -3,6 +3,10 @@ package biz
 import (
 	"time"

+	"github.com/go-rat/utils/crypt"
+	"gorm.io/gorm"
+
+	"github.com/TheTNB/panel/internal/app"
 	"github.com/TheTNB/panel/internal/http/request"
 	"github.com/TheTNB/panel/pkg/ssh"
 )
@@ -18,6 +22,43 @@ type SSH struct {
 	UpdatedAt time.Time        `json:"updated_at"`
 }

+func (r *SSH) BeforeSave(tx *gorm.DB) error {
+	crypter, err := crypt.NewXChacha20Poly1305([]byte(app.Key))
+	if err != nil {
+		return err
+	}
+
+	r.Config.Key, err = crypter.Encrypt([]byte(r.Config.Key))
+	if err != nil {
+		return err
+	}
+	r.Config.Password, err = crypter.Encrypt([]byte(r.Config.Password))
+	if err != nil {
+		return err
+	}
+
+	return nil
+
+}
+
+func (r *SSH) AfterFind(tx *gorm.DB) error {
+	crypter, err := crypt.NewXChacha20Poly1305([]byte(app.Key))
+	if err != nil {
+		return err
+	}
+
+	key, err := crypter.Decrypt(r.Config.Key)
+	if err == nil {
+		r.Config.Key = string(key)
+	}
+	password, err := crypter.Decrypt(r.Config.Password)
+	if err == nil {
+		r.Config.Password = string(password)
+	}
+
+	return nil
+}
+
 type SSHRepo interface {
 	List(page, limit uint) ([]*SSH, int64, error)
 	Get(id uint) (*SSH, error)
--- a/internal/bootstrap/conf.go
+++ b/internal/bootstrap/conf.go
@@ -25,6 +25,10 @@ func initConf() {
 }

 func initGlobal() {
+	app.Key = app.Conf.MustString("app.key")
+	if len(app.Key) != 32 {
+		log.Fatalf("app key must be 32 characters")
+	}
 	app.Root = app.Conf.MustString("app.root")
 	app.Version = "2.3.17"
 	app.Locale = app.Conf.MustString("app.locale")
--- a/internal/bootstrap/session.go
+++ b/internal/bootstrap/session.go
@@ -12,7 +12,7 @@ import (
 func initSession() {
 	// initialize session manager
 	manager, err := sessions.NewManager(&sessions.ManagerOptions{
-		Key:                  app.Conf.String("app.key"),
+		Key:                  app.Key,
 		Lifetime:             120,
 		GcInterval:           30,
 		DisableDefaultDriver: true,