mirror of https://github.com/certd/certd
fix: 修复系统级授权无法查看密钥的bug
parent
00dc226bd2
commit
8644348fc4
|
@ -112,6 +112,17 @@ export class SysSecretBackup extends BaseSettings {
|
|||
encryptSecret?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* 不要修改
|
||||
*/
|
||||
export class SysSecret extends BaseSettings {
|
||||
static __title__ = '密钥信息';
|
||||
static __key__ = 'sys.secret';
|
||||
static __access__ = 'private';
|
||||
siteId?: string;
|
||||
encryptSecret?: string;
|
||||
}
|
||||
|
||||
export class SysSiteEnv {
|
||||
agent?: {
|
||||
enabled?: boolean;
|
||||
|
|
|
@ -1,25 +1,22 @@
|
|||
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import { InjectEntityModel } from '@midwayjs/typeorm';
|
||||
import { Repository } from 'typeorm';
|
||||
import { SysSettingsEntity } from '../entity/sys-settings.js';
|
||||
import { CacheManager } from '@midwayjs/cache';
|
||||
import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecretBackup } from './models.js';
|
||||
import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';
|
||||
import * as _ from 'lodash-es';
|
||||
import { BaseService } from '../../../basic/index.js';
|
||||
import { logger, setGlobalProxy } from '@certd/basic';
|
||||
import { cache, logger, setGlobalProxy } from '@certd/basic';
|
||||
import * as dns from 'node:dns';
|
||||
|
||||
/**
|
||||
* 设置
|
||||
*/
|
||||
@Provide()
|
||||
@Scope(ScopeEnum.Request, { allowDowngrade: true })
|
||||
@Scope(ScopeEnum.Singleton)
|
||||
export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
||||
@InjectEntityModel(SysSettingsEntity)
|
||||
repository: Repository<SysSettingsEntity>;
|
||||
|
||||
@Inject()
|
||||
cache: CacheManager; // 依赖注入CacheManager
|
||||
|
||||
getRepository() {
|
||||
return this.repository;
|
||||
}
|
||||
|
@ -72,7 +69,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
async getSetting<T>(type: any): Promise<T> {
|
||||
const key = type.__key__;
|
||||
const cacheKey = type.getCacheKey();
|
||||
const settings: T = await this.cache.get(cacheKey);
|
||||
const settings: T = cache.get(cacheKey);
|
||||
if (settings) {
|
||||
return settings;
|
||||
}
|
||||
|
@ -80,7 +77,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
const savedSettings = await this.getSettingByKey(key);
|
||||
newSetting = _.merge(newSetting, savedSettings);
|
||||
await this.saveSetting(newSetting);
|
||||
await this.cache.set(cacheKey, newSetting);
|
||||
cache.set(cacheKey, newSetting);
|
||||
return newSetting;
|
||||
}
|
||||
|
||||
|
@ -93,6 +90,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
if (entity) {
|
||||
entity.setting = JSON.stringify(bean);
|
||||
entity.access = type.__access__;
|
||||
|
||||
if (key === SysSecretBackup.__key__ || key === SysSecret.__key__) {
|
||||
//备份密钥不允许更新
|
||||
return;
|
||||
}
|
||||
|
||||
await this.repository.save(entity);
|
||||
} else {
|
||||
const newEntity = new SysSettingsEntity();
|
||||
|
@ -103,7 +106,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
await this.repository.save(newEntity);
|
||||
}
|
||||
|
||||
await this.cache.set(cacheKey, bean);
|
||||
cache.set(cacheKey, bean);
|
||||
}
|
||||
|
||||
async getPublicSettings(): Promise<SysPublicSettings> {
|
||||
|
@ -146,7 +149,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
} else {
|
||||
throw new Error('该设置不存在');
|
||||
}
|
||||
await this.cache.del(`settings.${key}`);
|
||||
cache.delete(`settings.${key}`);
|
||||
}
|
||||
|
||||
async backupSecret() {
|
||||
|
@ -173,4 +176,20 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
|
|||
}
|
||||
}
|
||||
}
|
||||
async getSecret() {
|
||||
const sysSecret = await this.getSetting<SysSecret>(SysSecret);
|
||||
if (sysSecret.encryptSecret) {
|
||||
return sysSecret;
|
||||
}
|
||||
//从备份中读取
|
||||
const settings = await this.getSettingByKey(SysSecretBackup.__key__);
|
||||
if (settings == null || !settings.encryptSecret) {
|
||||
throw new Error('密钥备份不存在');
|
||||
}
|
||||
sysSecret.siteId = settings.siteId;
|
||||
sysSecret.encryptSecret = settings.encryptSecret;
|
||||
await this.saveSetting(sysSecret);
|
||||
logger.info('密钥恢复成功');
|
||||
return sysSecret;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import { Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import crypto from 'crypto';
|
||||
import { SysPrivateSettings, SysSettingsService } from '../../../system/index.js';
|
||||
import { SysSecret, SysSettingsService } from '../../../system/index.js';
|
||||
|
||||
/**
|
||||
* 授权
|
||||
|
@ -15,8 +15,8 @@ export class EncryptService {
|
|||
|
||||
@Init()
|
||||
async init() {
|
||||
const privateInfo: SysPrivateSettings = await this.sysSettingService.getSetting(SysPrivateSettings);
|
||||
this.secretKey = Buffer.from(privateInfo.encryptSecret, 'base64');
|
||||
const secret: SysSecret = await this.sysSettingService.getSecret();
|
||||
this.secretKey = Buffer.from(secret.encryptSecret, 'base64');
|
||||
}
|
||||
|
||||
// 加密函数
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
|
||||
import { AccessService } from '@certd/lib-server';
|
||||
import { AccessService, Constants } from '@certd/lib-server';
|
||||
import { AccessController } from '../../pipeline/access-controller.js';
|
||||
import { checkComm } from '@certd/plus-core';
|
||||
|
||||
|
@ -55,6 +55,12 @@ export class SysAccessController extends AccessController {
|
|||
return await super.define(type);
|
||||
}
|
||||
|
||||
@Post('/getSecretPlain', { summary: Constants.per.authOnly })
|
||||
async getSecretPlain(@Body(ALL) body: { id: number; key: string }) {
|
||||
const value = await this.service.getById(body.id, 0);
|
||||
return this.ok(value[body.key]);
|
||||
}
|
||||
|
||||
@Post('/accessTypeDict', { summary: 'sys:settings:view' })
|
||||
async getAccessTypeDict() {
|
||||
return await super.getAccessTypeDict();
|
||||
|
|
|
@ -45,6 +45,9 @@ export class AutoAInitSite {
|
|||
|
||||
await this.sysSettingsService.backupSecret();
|
||||
|
||||
//加载一次密钥
|
||||
await this.sysSettingsService.getSecret();
|
||||
|
||||
await this.sysSettingsService.reloadPrivateSettings();
|
||||
|
||||
// 授权许可
|
||||
|
|
|
@ -14,8 +14,6 @@ export class AutoCRegisterCron {
|
|||
@Config('cron.onlyAdminUser')
|
||||
private onlyAdminUser: boolean;
|
||||
|
||||
// @Inject()
|
||||
// echoPlugin: EchoPlugin;
|
||||
@Config('cron.immediateTriggerOnce')
|
||||
private immediateTriggerOnce = false;
|
||||
|
||||
|
|
Loading…
Reference in New Issue