From 8644348fc41ae2e1672f946ca37e5d3a674e0218 Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Thu, 26 Dec 2024 23:15:35 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=B3=BB=E7=BB=9F?= =?UTF-8?q?=E7=BA=A7=E6=8E=88=E6=9D=83=E6=97=A0=E6=B3=95=E6=9F=A5=E7=9C=8B?= =?UTF-8?q?=E5=AF=86=E9=92=A5=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/system/settings/service/models.ts | 11 +++++ .../settings/service/sys-settings-service.ts | 43 +++++++++++++------ .../user/access/service/encrypt-service.ts | 6 +-- .../sys/access/access-controller.ts | 8 +++- .../src/modules/auto/auto-a-init-site.ts | 3 ++ .../src/modules/auto/auto-c-register-cron.ts | 2 - 6 files changed, 55 insertions(+), 18 deletions(-) diff --git a/packages/libs/lib-server/src/system/settings/service/models.ts b/packages/libs/lib-server/src/system/settings/service/models.ts index 67d346e5..0ceabb90 100644 --- a/packages/libs/lib-server/src/system/settings/service/models.ts +++ b/packages/libs/lib-server/src/system/settings/service/models.ts @@ -112,6 +112,17 @@ export class SysSecretBackup extends BaseSettings { encryptSecret?: string; } +/** + * 不要修改 + */ +export class SysSecret extends BaseSettings { + static __title__ = '密钥信息'; + static __key__ = 'sys.secret'; + static __access__ = 'private'; + siteId?: string; + encryptSecret?: string; +} + export class SysSiteEnv { agent?: { enabled?: boolean; diff --git a/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts b/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts index 6fb8e001..57af88e7 100644 --- a/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts +++ b/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts @@ -1,25 +1,22 @@ -import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core'; +import { Provide, Scope, ScopeEnum } from '@midwayjs/core'; import { InjectEntityModel } from '@midwayjs/typeorm'; import { Repository } from 'typeorm'; import { SysSettingsEntity } from '../entity/sys-settings.js'; -import { CacheManager } from '@midwayjs/cache'; -import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecretBackup } from './models.js'; +import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js'; import * as _ from 'lodash-es'; import { BaseService } from '../../../basic/index.js'; -import { logger, setGlobalProxy } from '@certd/basic'; +import { cache, logger, setGlobalProxy } from '@certd/basic'; import * as dns from 'node:dns'; + /** * 设置 */ @Provide() -@Scope(ScopeEnum.Request, { allowDowngrade: true }) +@Scope(ScopeEnum.Singleton) export class SysSettingsService extends BaseService { @InjectEntityModel(SysSettingsEntity) repository: Repository; - @Inject() - cache: CacheManager; // 依赖注入CacheManager - getRepository() { return this.repository; } @@ -72,7 +69,7 @@ export class SysSettingsService extends BaseService { async getSetting(type: any): Promise { const key = type.__key__; const cacheKey = type.getCacheKey(); - const settings: T = await this.cache.get(cacheKey); + const settings: T = cache.get(cacheKey); if (settings) { return settings; } @@ -80,7 +77,7 @@ export class SysSettingsService extends BaseService { const savedSettings = await this.getSettingByKey(key); newSetting = _.merge(newSetting, savedSettings); await this.saveSetting(newSetting); - await this.cache.set(cacheKey, newSetting); + cache.set(cacheKey, newSetting); return newSetting; } @@ -93,6 +90,12 @@ export class SysSettingsService extends BaseService { if (entity) { entity.setting = JSON.stringify(bean); entity.access = type.__access__; + + if (key === SysSecretBackup.__key__ || key === SysSecret.__key__) { + //备份密钥不允许更新 + return; + } + await this.repository.save(entity); } else { const newEntity = new SysSettingsEntity(); @@ -103,7 +106,7 @@ export class SysSettingsService extends BaseService { await this.repository.save(newEntity); } - await this.cache.set(cacheKey, bean); + cache.set(cacheKey, bean); } async getPublicSettings(): Promise { @@ -146,7 +149,7 @@ export class SysSettingsService extends BaseService { } else { throw new Error('该设置不存在'); } - await this.cache.del(`settings.${key}`); + cache.delete(`settings.${key}`); } async backupSecret() { @@ -173,4 +176,20 @@ export class SysSettingsService extends BaseService { } } } + async getSecret() { + const sysSecret = await this.getSetting(SysSecret); + if (sysSecret.encryptSecret) { + return sysSecret; + } + //从备份中读取 + const settings = await this.getSettingByKey(SysSecretBackup.__key__); + if (settings == null || !settings.encryptSecret) { + throw new Error('密钥备份不存在'); + } + sysSecret.siteId = settings.siteId; + sysSecret.encryptSecret = settings.encryptSecret; + await this.saveSetting(sysSecret); + logger.info('密钥恢复成功'); + return sysSecret; + } } diff --git a/packages/libs/lib-server/src/user/access/service/encrypt-service.ts b/packages/libs/lib-server/src/user/access/service/encrypt-service.ts index 5e787ec2..409984df 100644 --- a/packages/libs/lib-server/src/user/access/service/encrypt-service.ts +++ b/packages/libs/lib-server/src/user/access/service/encrypt-service.ts @@ -1,6 +1,6 @@ import { Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core'; import crypto from 'crypto'; -import { SysPrivateSettings, SysSettingsService } from '../../../system/index.js'; +import { SysSecret, SysSettingsService } from '../../../system/index.js'; /** * 授权 @@ -15,8 +15,8 @@ export class EncryptService { @Init() async init() { - const privateInfo: SysPrivateSettings = await this.sysSettingService.getSetting(SysPrivateSettings); - this.secretKey = Buffer.from(privateInfo.encryptSecret, 'base64'); + const secret: SysSecret = await this.sysSettingService.getSecret(); + this.secretKey = Buffer.from(secret.encryptSecret, 'base64'); } // 加密函数 diff --git a/packages/ui/certd-server/src/controller/sys/access/access-controller.ts b/packages/ui/certd-server/src/controller/sys/access/access-controller.ts index 03ed3108..e4c9c5b4 100644 --- a/packages/ui/certd-server/src/controller/sys/access/access-controller.ts +++ b/packages/ui/certd-server/src/controller/sys/access/access-controller.ts @@ -1,5 +1,5 @@ import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core'; -import { AccessService } from '@certd/lib-server'; +import { AccessService, Constants } from '@certd/lib-server'; import { AccessController } from '../../pipeline/access-controller.js'; import { checkComm } from '@certd/plus-core'; @@ -55,6 +55,12 @@ export class SysAccessController extends AccessController { return await super.define(type); } + @Post('/getSecretPlain', { summary: Constants.per.authOnly }) + async getSecretPlain(@Body(ALL) body: { id: number; key: string }) { + const value = await this.service.getById(body.id, 0); + return this.ok(value[body.key]); + } + @Post('/accessTypeDict', { summary: 'sys:settings:view' }) async getAccessTypeDict() { return await super.getAccessTypeDict(); diff --git a/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts b/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts index 55c4c743..052aa9b1 100644 --- a/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts +++ b/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts @@ -45,6 +45,9 @@ export class AutoAInitSite { await this.sysSettingsService.backupSecret(); + //加载一次密钥 + await this.sysSettingsService.getSecret(); + await this.sysSettingsService.reloadPrivateSettings(); // 授权许可 diff --git a/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts b/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts index b6d7b9fb..e3ff67bd 100644 --- a/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts +++ b/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts @@ -14,8 +14,6 @@ export class AutoCRegisterCron { @Config('cron.onlyAdminUser') private onlyAdminUser: boolean; - // @Inject() - // echoPlugin: EchoPlugin; @Config('cron.immediateTriggerOnce') private immediateTriggerOnce = false;