diff --git a/src/main/modules/sync/server/auth.ts b/src/main/modules/sync/server/auth.ts index 1dcd2db9..b2a2616f 100644 --- a/src/main/modules/sync/server/auth.ts +++ b/src/main/modules/sync/server/auth.ts @@ -18,49 +18,54 @@ export const authCode = async(req: http.IncomingMessage, res: http.ServerRespons let ip = req.socket.remoteAddress // console.log(req.headers) - if (typeof req.headers.m == 'string' && ip && (requestIps.get(ip) ?? 0) < 10) { - if (req.headers.m) { - label: - if (req.headers.i) { // key验证 - if (typeof req.headers.i != 'string') break label - const keyInfo = getClientKeyInfo(req.headers.i) - if (!keyInfo) break label - let text - try { - text = aesDecrypt(req.headers.m, keyInfo.key) - } catch (err) { - break label - } - // console.log(text) - if (text.startsWith(SYNC_CODE.authMsg)) { - code = 200 - const deviceName = text.replace(SYNC_CODE.authMsg, '') || 'Unknown' - if (deviceName != keyInfo.deviceName) { - keyInfo.deviceName = deviceName - setClientKeyInfo(keyInfo) + if (typeof req.headers.m == 'string') { + if (ip && (requestIps.get(ip) ?? 0) < 10) { + if (req.headers.m) { + label: + if (req.headers.i) { // key验证 + if (typeof req.headers.i != 'string') break label + const keyInfo = getClientKeyInfo(req.headers.i) + if (!keyInfo) break label + let text + try { + text = aesDecrypt(req.headers.m, keyInfo.key) + } catch (err) { + break label + } + // console.log(text) + if (text.startsWith(SYNC_CODE.authMsg)) { + code = 200 + const deviceName = text.replace(SYNC_CODE.authMsg, '') || 'Unknown' + if (deviceName != keyInfo.deviceName) { + keyInfo.deviceName = deviceName + setClientKeyInfo(keyInfo) + } + msg = aesEncrypt(SYNC_CODE.helloMsg, keyInfo.key) + } + } else { // 连接码验证 + let key = ''.padStart(16, Buffer.from(authCode).toString('hex')) + // const iv = Buffer.from(key.split('').reverse().join('')).toString('base64') + key = Buffer.from(key).toString('base64') + // console.log(req.headers.m, authCode, key) + let text + try { + text = aesDecrypt(req.headers.m, key) + } catch (err) { + break label + } + // console.log(text) + if (text.startsWith(SYNC_CODE.authMsg)) { + code = 200 + const data = text.split('\n') + const publicKey = `-----BEGIN PUBLIC KEY-----\n${data[1]}\n-----END PUBLIC KEY-----` + const deviceName = data[2] || 'Unknown' + msg = rsaEncrypt(Buffer.from(JSON.stringify(createClientKeyInfo(deviceName))), publicKey) } - msg = aesEncrypt(SYNC_CODE.helloMsg, keyInfo.key) - } - } else { // 连接码验证 - let key = ''.padStart(16, Buffer.from(authCode).toString('hex')) - // const iv = Buffer.from(key.split('').reverse().join('')).toString('base64') - key = Buffer.from(key).toString('base64') - // console.log(req.headers.m, authCode, key) - let text - try { - text = aesDecrypt(req.headers.m, key) - } catch (err) { - break label - } - // console.log(text) - if (text.startsWith(SYNC_CODE.authMsg)) { - code = 200 - const data = text.split('\n') - const publicKey = `-----BEGIN PUBLIC KEY-----\n${data[1]}\n-----END PUBLIC KEY-----` - const deviceName = data[2] || 'Unknown' - msg = rsaEncrypt(Buffer.from(JSON.stringify(createClientKeyInfo(deviceName))), publicKey) } } + } else { + code = 403 + msg = SYNC_CODE.msgBlockedIp } } res.writeHead(code) diff --git a/src/main/modules/sync/server/config.ts b/src/main/modules/sync/server/config.ts index 84342dc9..8618c132 100644 --- a/src/main/modules/sync/server/config.ts +++ b/src/main/modules/sync/server/config.ts @@ -3,5 +3,6 @@ export const SYNC_CODE = { idPrefix: 'OjppZDo6', authMsg: 'lx-music auth::', msgAuthFailed: 'Auth failed', + msgBlockedIp: 'Blocked IP', msgConnect: 'lx-music connect', } as const