fix: 修复系统级授权无法查看密钥的bug

2024-12-26 23:15:35 +08:00 · 2024-12-26 23:15:35 +08:00 · 8644348fc4
parent 00dc226bd2
commit 8644348fc4
6 changed files with 55 additions and 18 deletions
--- a/packages/libs/lib-server/src/system/settings/service/models.ts
+++ b/packages/libs/lib-server/src/system/settings/service/models.ts
@ -112,6 +112,17 @@ export class SysSecretBackup extends BaseSettings {
  encryptSecret?: string;
 }
 /**
 * 不要修改
 */
 export class SysSecret extends BaseSettings {
  static __title__ = '密钥信息';
  static __key__ = 'sys.secret';
  static __access__ = 'private';
  siteId?: string;
  encryptSecret?: string;
 }
 export class SysSiteEnv {
  agent?: {
    enabled?: boolean;
--- a/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts
+++ b/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts
@ -1,25 +1,22 @@
-import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { Repository } from 'typeorm';
 import { SysSettingsEntity } from '../entity/sys-settings.js';
-import { CacheManager } from '@midwayjs/cache';
+import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecret, SysSecretBackup } from './models.js';
 import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, SysSecretBackup } from './models.js';
 import * as _ from 'lodash-es';
 import { BaseService } from '../../../basic/index.js';
-import { logger, setGlobalProxy } from '@certd/basic';
+import { cache, logger, setGlobalProxy } from '@certd/basic';
 import * as dns from 'node:dns';
 /**
 * 设置
 */
@Provide()
-@Scope(ScopeEnum.Request, { allowDowngrade: true })
+@Scope(ScopeEnum.Singleton)
 export class SysSettingsService extends BaseService<SysSettingsEntity> {
  @InjectEntityModel(SysSettingsEntity)
  repository: Repository<SysSettingsEntity>;
  @Inject()
  cache: CacheManager; // 依赖注入CacheManager
  getRepository() {
    return this.repository;
  }
@ -72,7 +69,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
  async getSetting<T>(type: any): Promise<T> {
    const key = type.__key__;
    const cacheKey = type.getCacheKey();
-    const settings: T = await this.cache.get(cacheKey);
+    const settings: T = cache.get(cacheKey);
    if (settings) {
      return settings;
    }
@ -80,7 +77,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
    const savedSettings = await this.getSettingByKey(key);
    newSetting = _.merge(newSetting, savedSettings);
    await this.saveSetting(newSetting);
-    await this.cache.set(cacheKey, newSetting);
+    cache.set(cacheKey, newSetting);
    return newSetting;
  }
@ -93,6 +90,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
    if (entity) {
      entity.setting = JSON.stringify(bean);
      entity.access = type.__access__;
      if (key === SysSecretBackup.__key__ || key === SysSecret.__key__) {
        //备份密钥不允许更新
        return;
      }
      await this.repository.save(entity);
    } else {
      const newEntity = new SysSettingsEntity();
@ -103,7 +106,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
      await this.repository.save(newEntity);
    }
-    await this.cache.set(cacheKey, bean);
+    cache.set(cacheKey, bean);
  }
  async getPublicSettings(): Promise<SysPublicSettings> {
@ -146,7 +149,7 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
    } else {
      throw new Error('该设置不存在');
    }
-    await this.cache.del(`settings.${key}`);
+    cache.delete(`settings.${key}`);
  }
  async backupSecret() {
@ -173,4 +176,20 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
      }
    }
  }
  async getSecret() {
    const sysSecret = await this.getSetting<SysSecret>(SysSecret);
    if (sysSecret.encryptSecret) {
      return sysSecret;
    }
    //从备份中读取
    const settings = await this.getSettingByKey(SysSecretBackup.__key__);
    if (settings == null || !settings.encryptSecret) {
      throw new Error('密钥备份不存在');
    }
    sysSecret.siteId = settings.siteId;
    sysSecret.encryptSecret = settings.encryptSecret;
    await this.saveSetting(sysSecret);
    logger.info('密钥恢复成功');
    return sysSecret;
  }
 }
--- a/packages/libs/lib-server/src/user/access/service/encrypt-service.ts
+++ b/packages/libs/lib-server/src/user/access/service/encrypt-service.ts
@ -1,6 +1,6 @@
 import { Init, Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import crypto from 'crypto';
-import { SysPrivateSettings, SysSettingsService } from '../../../system/index.js';
+import { SysSecret, SysSettingsService } from '../../../system/index.js';
 /**
 * 授权
@ -15,8 +15,8 @@ export class EncryptService {
  @Init()
  async init() {
-    const privateInfo: SysPrivateSettings = await this.sysSettingService.getSetting(SysPrivateSettings);
+    const secret: SysSecret = await this.sysSettingService.getSecret();
-    this.secretKey = Buffer.from(privateInfo.encryptSecret, 'base64');
+    this.secretKey = Buffer.from(secret.encryptSecret, 'base64');
  }
  // 加密函数
--- a/packages/ui/certd-server/src/controller/sys/access/access-controller.ts
+++ b/packages/ui/certd-server/src/controller/sys/access/access-controller.ts
@ -1,5 +1,5 @@
 import { ALL, Body, Controller, Inject, Post, Provide, Query } from '@midwayjs/core';
-import { AccessService } from '@certd/lib-server';
+import { AccessService, Constants } from '@certd/lib-server';
 import { AccessController } from '../../pipeline/access-controller.js';
 import { checkComm } from '@certd/plus-core';
@ -55,6 +55,12 @@ export class SysAccessController extends AccessController {
    return await super.define(type);
  }
  @Post('/getSecretPlain', { summary: Constants.per.authOnly })
  async getSecretPlain(@Body(ALL) body: { id: number; key: string }) {
    const value = await this.service.getById(body.id, 0);
    return this.ok(value[body.key]);
  }
  @Post('/accessTypeDict', { summary: 'sys:settings:view' })
  async getAccessTypeDict() {
    return await super.getAccessTypeDict();
--- a/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts
+++ b/packages/ui/certd-server/src/modules/auto/auto-a-init-site.ts
@ -45,6 +45,9 @@ export class AutoAInitSite {
    await this.sysSettingsService.backupSecret();
    //加载一次密钥
    await this.sysSettingsService.getSecret();
    await this.sysSettingsService.reloadPrivateSettings();
    // 授权许可
--- a/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts
+++ b/packages/ui/certd-server/src/modules/auto/auto-c-register-cron.ts
@ -14,8 +14,6 @@ export class AutoCRegisterCron {
  @Config('cron.onlyAdminUser')
  private onlyAdminUser: boolean;
  // @Inject()
  // echoPlugin: EchoPlugin;
  @Config('cron.immediateTriggerOnce')
  private immediateTriggerOnce = false;