fix: 敏感字符增加传输加密 (#219)

1. 敏感字符增加传输加密
2025-10-06 05:24:33 +08:00 · 2023-03-15 15:58:26 +08:00 · 2023-03-15 15:58:26 +08:00 · 281d0cf880
commit 281d0cf880
parent fdf9215d43
11 changed files with 211 additions and 31 deletions
--- a/backend/app/api/v1/backup.go
+++ b/backend/app/api/v1/backup.go
@ -1,6 +1,8 @@
 package v1

 import (
+	"encoding/base64"
+
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/constant"
@ -27,6 +29,23 @@ func (b *BaseApi) CreateBackup(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Credential) != 0 {
+		credential, err := base64.StdEncoding.DecodeString(req.Credential)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Credential = string(credential)
+	}
+	if len(req.AccessKey) != 0 {
+		accessKey, err := base64.StdEncoding.DecodeString(req.AccessKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.AccessKey = string(accessKey)
+	}
+
 	if err := backupService.Create(req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
@ -52,6 +71,23 @@ func (b *BaseApi) ListBuckets(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Credential) != 0 {
+		credential, err := base64.StdEncoding.DecodeString(req.Credential)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Credential = string(credential)
+	}
+	if len(req.AccessKey) != 0 {
+		accessKey, err := base64.StdEncoding.DecodeString(req.AccessKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.AccessKey = string(accessKey)
+	}
+
 	buckets, err := backupService.GetBuckets(req)
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
@ -188,6 +224,23 @@ func (b *BaseApi) UpdateBackup(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Credential) != 0 {
+		credential, err := base64.StdEncoding.DecodeString(req.Credential)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Credential = string(credential)
+	}
+	if len(req.AccessKey) != 0 {
+		accessKey, err := base64.StdEncoding.DecodeString(req.AccessKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.AccessKey = string(accessKey)
+	}
+
 	if err := backupService.Update(req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
--- a/backend/app/api/v1/database_mysql.go
+++ b/backend/app/api/v1/database_mysql.go
@ -2,6 +2,7 @@ package v1

 import (
 	"context"
+	"encoding/base64"

 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
@ -29,6 +30,15 @@ func (b *BaseApi) CreateMysql(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Password) != 0 {
+		password, err := base64.StdEncoding.DecodeString(req.Password)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Password = string(password)
+	}
+
 	if _, err := mysqlService.Create(context.Background(), req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
@ -81,6 +91,15 @@ func (b *BaseApi) ChangeMysqlPassword(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Value) != 0 {
+		value, err := base64.StdEncoding.DecodeString(req.Value)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Value = string(value)
+	}
+
 	if err := mysqlService.ChangePassword(req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
--- a/backend/app/api/v1/database_redis.go
+++ b/backend/app/api/v1/database_redis.go
@ -2,6 +2,7 @@ package v1

 import (
 	"bufio"
+	"encoding/base64"
 	"fmt"
 	"os"

@ -106,6 +107,15 @@ func (b *BaseApi) ChangeRedisPassword(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if len(req.Value) != 0 {
+		value, err := base64.StdEncoding.DecodeString(req.Value)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Value = string(value)
+	}
+
 	if err := redisService.ChangePassword(req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
--- a/backend/app/api/v1/file.go
+++ b/backend/app/api/v1/file.go
@ -559,7 +559,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	filename := c.PostForm("filename")
 	fileDir := filepath.Join(global.CONF.System.DataDir, "upload", filename)

-	os.MkdirAll(fileDir, 0755)
+	_ = os.MkdirAll(fileDir, 0755)
 	filePath := filepath.Join(fileDir, filename)

 	emptyFile, err := os.Create(filePath)
--- a/backend/app/api/v1/host.go
+++ b/backend/app/api/v1/host.go
@ -1,6 +1,8 @@
 package v1

 import (
+	"encoding/base64"
+
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/constant"
@ -29,6 +31,23 @@ func (b *BaseApi) CreateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if req.AuthMode == "password" && len(req.Password) != 0 {
+		password, err := base64.StdEncoding.DecodeString(req.Password)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Password = string(password)
+	}
+	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
+		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.PrivateKey = string(privateKey)
+	}
+
 	host, err := hostService.Create(req)
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
@ -55,6 +74,22 @@ func (b *BaseApi) TestByInfo(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if req.AuthMode == "password" && len(req.Password) != 0 {
+		password, err := base64.StdEncoding.DecodeString(req.Password)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Password = string(password)
+	}
+	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
+		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.PrivateKey = string(privateKey)
+	}

 	var connInfo ssh.ConnInfo
 	_ = copier.Copy(&connInfo, &req)
@ -211,6 +246,22 @@ func (b *BaseApi) UpdateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
+	if req.AuthMode == "password" && len(req.Password) != 0 {
+		password, err := base64.StdEncoding.DecodeString(req.Password)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.Password = string(password)
+	}
+	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
+		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+			return
+		}
+		req.PrivateKey = string(privateKey)
+	}

 	upMap := make(map[string]interface{})
 	upMap["name"] = req.Name
--- a/backend/app/service/logs.go
+++ b/backend/app/service/logs.go
@ -4,12 +4,15 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
 	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/jinzhu/copier"
 	"github.com/pkg/errors"
 )

 type LogService struct{}

+const logs = "https://resource.fit2cloud.com/installation-log.sh"
+
 type ILogService interface {
 	CreateLoginLog(operation model.LoginLog) error
 	PageLoginLog(search dto.SearchLgLogWithPage) (int64, interface{}, error)
@ -77,3 +80,7 @@ func (u *LogService) CleanLogs(logtype string) error {
 	}
 	return logRepo.CleanLogin()
 }
+
+func writeLogs(version string) {
+	_, _ = cmd.Execf("curl -sfL %s | sh -s 1p upgrade %s", logs, version)
+}
--- a/backend/app/service/upgrade.go
+++ b/backend/app/service/upgrade.go
@ -128,6 +128,7 @@ func (u *UpgradeService) Upgrade(req dto.Upgrade) error {
 		}

 		global.LOG.Info("upgrade successful!")
+		go writeLogs(req.Version)
 		_ = settingRepo.Update("SystemVersion", req.Version)
 		_ = settingRepo.Update("SystemStatus", "Free")
 		_, _ = cmd.Exec("systemctl daemon-reload && systemctl restart 1panel.service")
--- a/backend/utils/ssh/ssh_test.go
+++ b/backend/utils/ssh/ssh_test.go
@ -1,21 +0,0 @@
-package ssh
-
-import (
-	"fmt"
-	"testing"
-)
-
-func TestSSH(t *testing.T) {
-	ss := ConnInfo{
-		Addr:     "172.16.10.111",
-		Port:     22,
-		User:     "root",
-		AuthMode: "password",
-		Password: "Calong@2015",
-	}
-	_, err := ss.NewClient()
-	if err != nil {
-		fmt.Println(err)
-	}
-	fmt.Println(ss.Run("ip a"))
-}
--- a/frontend/src/api/modules/database.ts
+++ b/frontend/src/api/modules/database.ts
@ -1,4 +1,6 @@
 import http from '@/api';
+import { deepCopy } from '@/utils/util';
+import { Base64 } from 'js-base64';
 import { SearchWithPage, ResPage, DescriptionUpdate } from '../interface';
 import { Database } from '../interface/database';

@ -7,13 +9,21 @@ export const searchMysqlDBs = (params: SearchWithPage) => {
 };

 export const addMysqlDB = (params: Database.MysqlDBCreate) => {
-    return http.post(`/databases`, params);
+    let reqest = deepCopy(params) as Database.MysqlDBCreate;
+    if (reqest.password) {
+        reqest.password = Base64.encode(reqest.password);
+    }
+    return http.post(`/databases`, reqest);
 };
 export const updateMysqlAccess = (params: Database.ChangeInfo) => {
    return http.post(`/databases/change/access`, params);
 };
 export const updateMysqlPassword = (params: Database.ChangeInfo) => {
-    return http.post(`/databases/change/password`, params);
+    let reqest = deepCopy(params) as Database.ChangeInfo;
+    if (reqest.value) {
+        reqest.value = Base64.encode(reqest.value);
+    }
+    return http.post(`/databases/change/password`, reqest);
 };
 export const updateMysqlDescription = (params: DescriptionUpdate) => {
    return http.post(`/databases/description/update`, params);
@ -58,7 +68,11 @@ export const redisPersistenceConf = () => {
    return http.get<Database.RedisPersistenceConf>(`/databases/redis/persistence/conf`);
 };
 export const changeRedisPassword = (params: Database.ChangeInfo) => {
-    return http.post(`/databases/redis/password`, params);
+    let reqest = deepCopy(params) as Database.ChangeInfo;
+    if (reqest.value) {
+        reqest.value = Base64.encode(reqest.value);
+    }
+    return http.post(`/databases/redis/password`, reqest);
 };
 export const updateRedisPersistenceConf = (params: Database.RedisConfPersistenceUpdate) => {
    return http.post(`/databases/redis/persistence/update`, params);
--- a/frontend/src/api/modules/host.ts
+++ b/frontend/src/api/modules/host.ts
@ -3,6 +3,8 @@ import { ResPage } from '../interface';
 import { Command } from '../interface/command';
 import { Group } from '../interface/group';
 import { Host } from '../interface/host';
+import { Base64 } from 'js-base64';
+import { deepCopy } from '@/utils/util';

 export const searchHosts = (params: Host.SearchWithPage) => {
    return http.post<ResPage<Host.Host>>(`/hosts/search`, params);
@ -14,16 +16,37 @@ export const getHostInfo = (id: number) => {
    return http.get<Host.Host>(`/hosts/` + id);
 };
 export const addHost = (params: Host.HostOperate) => {
-    return http.post<Host.HostOperate>(`/hosts`, params);
+    let reqest = deepCopy(params) as Host.HostOperate;
+    if (reqest.password) {
+        reqest.password = Base64.encode(reqest.password);
+    }
+    if (reqest.privateKey) {
+        reqest.privateKey = Base64.encode(reqest.privateKey);
+    }
+    return http.post<Host.HostOperate>(`/hosts`, reqest);
 };
 export const testByInfo = (params: Host.HostConnTest) => {
-    return http.post<boolean>(`/hosts/test/byinfo`, params);
+    let reqest = deepCopy(params) as Host.HostOperate;
+    if (reqest.password) {
+        reqest.password = Base64.encode(reqest.password);
+    }
+    if (reqest.privateKey) {
+        reqest.privateKey = Base64.encode(reqest.privateKey);
+    }
+    return http.post<boolean>(`/hosts/test/byinfo`, reqest);
 };
 export const testByID = (id: number) => {
    return http.post<boolean>(`/hosts/test/byid/${id}`);
 };
 export const editHost = (params: Host.HostOperate) => {
-    return http.post(`/hosts/update`, params);
+    let reqest = deepCopy(params) as Host.HostOperate;
+    if (reqest.password) {
+        reqest.password = Base64.encode(reqest.password);
+    }
+    if (reqest.privateKey) {
+        reqest.privateKey = Base64.encode(reqest.privateKey);
+    }
+    return http.post(`/hosts/update`, reqest);
 };
 export const editHostGroup = (params: Host.GroupChange) => {
    return http.post(`/hosts/update/group`, params);
--- a/frontend/src/api/modules/setting.ts
+++ b/frontend/src/api/modules/setting.ts
@ -1,4 +1,6 @@
 import http from '@/api';
+import { deepCopy } from '@/utils/util';
+import { Base64 } from 'js-base64';
 import { ResPage, SearchWithPage, DescriptionUpdate } from '../interface';
 import { Backup } from '../interface/backup';
 import { Setting } from '../interface/setting';
@ -77,16 +79,37 @@ export const getFilesFromBackup = (type: string) => {
    return http.post<Array<any>>(`/settings/backup/search/files`, { type: type });
 };
 export const addBackup = (params: Backup.BackupOperate) => {
-    return http.post<Backup.BackupOperate>(`/settings/backup`, params);
+    let reqest = deepCopy(params) as Backup.BackupOperate;
+    if (reqest.accessKey) {
+        reqest.accessKey = Base64.encode(reqest.accessKey);
+    }
+    if (reqest.credential) {
+        reqest.credential = Base64.encode(reqest.credential);
+    }
+    return http.post<Backup.BackupOperate>(`/settings/backup`, reqest);
 };
 export const editBackup = (params: Backup.BackupOperate) => {
-    return http.post(`/settings/backup/update`, params);
+    let reqest = deepCopy(params) as Backup.BackupOperate;
+    if (reqest.accessKey) {
+        reqest.accessKey = Base64.encode(reqest.accessKey);
+    }
+    if (reqest.credential) {
+        reqest.credential = Base64.encode(reqest.credential);
+    }
+    return http.post(`/settings/backup/update`, reqest);
 };
 export const deleteBackup = (params: { ids: number[] }) => {
    return http.post(`/settings/backup/del`, params);
 };
 export const listBucket = (params: Backup.ForBucket) => {
-    return http.post(`/settings/backup/buckets`, params);
+    let reqest = deepCopy(params) as Backup.BackupOperate;
+    if (reqest.accessKey) {
+        reqest.accessKey = Base64.encode(reqest.accessKey);
+    }
+    if (reqest.credential) {
+        reqest.credential = Base64.encode(reqest.credential);
+    }
+    return http.post(`/settings/backup/buckets`, reqest);
 };

 // snapshot