add:完善控制中心授权信息部分内容提取待完善接口相关信息

samwafgo · Jul 8, 2024 · fb89dcf · fb89dcf
1 parent d69f59f
commit fb89dcf
Show file tree

Hide file tree

Showing 20 changed files with 699 additions and 59 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,5 @@
 /data/local_log.db-shm
 /data/local_log.db-wal
 /data/local_stats.db-shm
-/data/local_stats.db-wal
+/data/local_stats.db-wal
+registration_data.bin
diff --git a/api/center_api.go b/api/center_api.go
@@ -73,3 +73,43 @@ func (w *CenterApi) GetListApi(c *gin.Context) {
 		response.FailWithMessage("解析失败", c)
 	}
 }
+
+/*
+*
+TODO 获取授权信息
+*/
+func (w *CenterApi) GetRegInfoApi(c *gin.Context) {
+	var req request.CenterClientSearchReq
+	err := c.ShouldBindJSON(&req)
+	if err == nil {
+		beans, total, _ := CenterService.GetListApi(req)
+		response.OkWithDetailed(response.PageResult{
+			List:      beans,
+			Total:     total,
+			PageIndex: req.PageIndex,
+			PageSize:  req.PageSize,
+		}, "获取成功", c)
+	} else {
+		response.FailWithMessage("解析失败", c)
+	}
+}
+
+/*
+*
+TODO 设置授权信息，此时用户上传注册信息注册文件，并保存在当前目录下
+*/
+func (w *CenterApi) SetRegInfoApi(c *gin.Context) {
+	var req request.CenterClientSearchReq
+	err := c.ShouldBindJSON(&req)
+	if err == nil {
+		beans, total, _ := CenterService.GetListApi(req)
+		response.OkWithDetailed(response.PageResult{
+			List:      beans,
+			Total:     total,
+			PageIndex: req.PageIndex,
+			PageSize:  req.PageSize,
+		}, "获取成功", c)
+	} else {
+		response.FailWithMessage("解析失败", c)
+	}
+}
diff --git a/exedata/public_key.pem b/exedata/public_key.pem
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs1/PB/2s9tsFKkDKQPfY
+JcLGVY+GqRCCixOe+Nj7r8hbC4KmdP3HlRjhhp2rz200QWP8mhX3hIzOltfu3/ln
+bPAAROH+sZaPM5EcFo0OiXA4pynWniUAreS5GW+oOaUE+4ZPfxB8MX8io/2oAZ33
+zFyj+sXwiyg96OaxppRVzMDYuodaE3YyUDVqMBDpHhR+gkln6xh/fAb2jvw7CiKn
+VO/ntsohj5h9OfdtAd1rkZ6S45P49ILgcj3fBDrAhGkkXrFS7koV1fqPKaE9EjuH
+lARTJdG6XqjwI8p6HKPOIUW0Scg55YsxV0cS0ZC1dCCnwe6sQnNT8Rd5e7kREhzY
+nkkoius8+veptOfwDBfnAglrO/FgAttRN3RK21bEjDCMaYMMuVKLpj4OemNYIxnB
+XB+aPT3q8FBIsbzqmdmyxf47HW7i4yE6W3P6Cergchl3vv9ofJboyGHsMVjSCQXh
+St2kzg0YcszwUibYVREFpl6CRymlaYfhHHMD/bK138p6br+N63q3m9KEa7M9MJZd
+9xWzCwrHOdmzFinrvuYwsBgb+0QWuoKECaDBgFmF4+peoag6TBAZQ+9q2jVW4dsu
+dYXMkkmxawGOtynnIi1kkYCYkQLGyQDN3yg6o6X0WlEEOvC1zJg5aRPpA644DZKF
+vaNfDS6mkM78J4Dlu2yJ8mMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/global/global.go b/global/global.go
@@ -122,8 +122,12 @@ var (
 	/**
 	中心管控部分
 	*/
-	GWAF_CENTER_ENABLE string = "false"                  //中心管控激活状态
-	GWAF_CENTER_URL    string = "http://127.0.0.1:26666" //中心管控默认URL
+	GWAF_CENTER_ENABLE  string                 = "false"                    //中心管控激活状态
+	GWAF_CENTER_URL     string                 = "http://127.0.0.1:26666"   //中心管控默认URL
+	GWAF_REG_INFO       model.RegistrationInfo                              //当前注册信息
+	GWAF_REG_VERSION                           = "v1"                       //注册信息版本
+	GWAF_REG_KEY                               = []byte("5F!vion$k@a7QZ&)") //注册信息加密密钥
+	GWAF_REG_PUBLIC_KEY string                 = ""                         //注册信息加密公钥
 )
 
 func GetCurrentVersionInt() int {

diff --git a/localwaf/src/utils/usuallytool.ts b/localwaf/src/utils/usuallytool.ts
@@ -23,29 +23,52 @@ export function getBaseUrl(){
 export function getOnlineUrl(){
   return "https://doc.samwaf.com"
 }
-//解密数据
-export function AesDecrypt( text ){
-  let key = CryptoJS.enc.Utf8.parse("7E@u*has$d*@s5YX");
 
-  let decryptedData = CryptoJS.AES.decrypt(text, key, {
-    iv: key,
-    mode: CryptoJS.mode.CBC,
-    padding: CryptoJS.pad.Pkcs7
-  });
+// 生成随机的IV
+function generateRandomIV() {
+  return CryptoJS.lib.WordArray.random(16);
+}
+
+// 解密数据
+export function AesDecrypt(encryptedText: string) {
+  const key = CryptoJS.enc.Utf8.parse("7E@u*has$d*@s5YX");
 
-  return decryptedData.toString(CryptoJS.enc.Utf8);
+  // 分离加密数据和IV
+  const encryptedDataWithIV = CryptoJS.enc.Base64.parse(encryptedText);
+  const iv = CryptoJS.lib.WordArray.create(
+    encryptedDataWithIV.words.slice(0, 4)
+  ); // IV为前16字节
+  const encryptedData = CryptoJS.lib.WordArray.create(
+    encryptedDataWithIV.words.slice(4)
+  ); // 剩余为加密数据
+
+  const decrypted = CryptoJS.AES.decrypt(
+    { ciphertext: encryptedData },
+    key,
+    {
+      iv: iv,
+      mode: CryptoJS.mode.CBC,
+      padding: CryptoJS.pad.Pkcs7,
+    }
+  );
+
+  return decrypted.toString(CryptoJS.enc.Utf8);
 }
-//加密数据
-export function AesEncrypt( text ){
-  let key = CryptoJS.enc.Utf8.parse("7E@u*has$d*@s5YX");
 
-  let encryptedData = CryptoJS.AES.encrypt(text, key, {
-    iv: key, // 使用相同的 IV 和密钥
+// 加密数据
+export function AesEncrypt( plainText: string) {
+  const key = CryptoJS.enc.Utf8.parse("7E@u*has$d*@s5YX");
+  const iv = generateRandomIV();
+
+  const encrypted = CryptoJS.AES.encrypt(plainText, key, {
+    iv: iv,
     mode: CryptoJS.mode.CBC,
-    padding: CryptoJS.pad.Pkcs7
+    padding: CryptoJS.pad.Pkcs7,
   });
 
-  return encryptedData.toString();
+  // 将IV和加密数据一起编码为Base64字符串
+  const encryptedDataWithIV = iv.concat(encrypted.ciphertext);
+  return CryptoJS.enc.Base64.stringify(encryptedDataWithIV);
 }
 /**
  * 判断是否是对象

diff --git a/main.go b/main.go
@@ -15,6 +15,7 @@ import (
 	"SamWaf/wafdb"
 	"SamWaf/wafenginecore"
 	"SamWaf/wafmangeweb"
+	"SamWaf/wafreg"
 	"SamWaf/wafsafeclear"
 	"SamWaf/wafsnowflake"
 	"SamWaf/waftask"
@@ -46,6 +47,10 @@ var Ip2regionBytes []byte // 当前目录，解析为[]byte类型
 
 //go:embed exedata/ldpconfig.yml
 var ldpConfig string //隐私防护ldp
+
+//go:embed exedata/public_key.pem
+var publicKey string //公钥key
+
 // wafSystenService 实现了 service.Service 接口
 type wafSystenService struct{}
 
@@ -96,6 +101,7 @@ func (m *wafSystenService) run() {
 
 	global.GCACHE_IP_CBUFF = Ip2regionBytes
 	global.GWAF_DLP_CONFIG = ldpConfig
+	global.GWAF_REG_PUBLIC_KEY = publicKey
 
 	/*// 启动一个 goroutine 来处理信号
 	go func() {
@@ -279,6 +285,26 @@ func (m *wafSystenService) run() {
 
 	}
 
+	/*withEncrypt, err :=wafreg.GenClientMachineInfoWithEncrypt()
+	if err != nil {
+		fmt.Println("获取机器码失败")
+	} else {
+		fmt.Println("机器码: ", withEncrypt)
+	}*/
+	//加载授权信息
+	verifyResult, info, err := wafreg.VerifyServerReg()
+	if verifyResult {
+		global.GWAF_REG_INFO = info
+		zlog.Debug("授权信息 调试信息", info)
+		expiryDay, isExpiry := wafreg.CheckExpiry(info.ExpiryDate)
+		if isExpiry {
+			zlog.Info("授权信息已经过期")
+		} else {
+			zlog.Info("授权信息还剩余:" + strconv.Itoa(expiryDay) + "天")
+		}
+	} else {
+		zlog.Info("授权信息无效", err)
+	}
 	// 上传客户端信息到中心节点
 	globalobj.GWAF_RUNTIME_OBJ_WAF_CRON.Every(1).Minutes().Do(func() {
 		go waftask.TaskClientToCenter()

diff --git a/middleware/center_api_middleware.go b/middleware/center_api_middleware.go
@@ -4,7 +4,6 @@ import (
 	"SamWaf/service/waf_service"
 	"SamWaf/utils/zlog"
 	"bytes"
-	"fmt"
 	"github.com/gin-gonic/gin"
 	"io/ioutil"
 	"net/http"
@@ -18,12 +17,12 @@ var (
 // 中心管控 鉴权中间件
 func CenterApi() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		for key, values := range c.Request.Header {
+		/*for key, values := range c.Request.Header {
 			fmt.Printf("Header key: %s\n", key)
 			for _, value := range values {
 				fmt.Printf("  Value: %s\n", value)
 			}
-		}
+		}*/
 
 		remoteWafUserId := c.Request.Header.Get("Remote-Waf-User-Id") //tencent@usercode
 		if remoteWafUserId != "" {

diff --git a/middleware/sec_api_middleware.go b/middleware/sec_api_middleware.go
@@ -4,7 +4,6 @@ import (
 	"SamWaf/global"
 	"SamWaf/wafsec"
 	"bytes"
-	"encoding/base64"
 	"github.com/gin-gonic/gin"
 	"io/ioutil"
 	"net/http"
@@ -31,12 +30,11 @@ func SecApi() gin.HandlerFunc {
 		if c.Request.Header.Get("Content-Type") == "application/x-www-form-urlencoded" {
 			// Modify the bodyBytes if necessary
 			// ...
-			base64Bytes, _ := base64.StdEncoding.DecodeString(string(bodyBytes))
-			deBytes := wafsec.AesDecrypt(base64Bytes, global.GWAF_COMMUNICATION_KEY)
+			decryptBytes, _ := wafsec.AesDecrypt(string(bodyBytes), global.GWAF_COMMUNICATION_KEY)
 
 			//fmt.Println("Raw body解密:", string(deBytes))
 			// Store the modified body back in the request
-			c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(deBytes))
+			c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(decryptBytes))
 		}
 		c.Next()
 	}

diff --git a/model/common/response/response.go b/model/common/response/response.go
@@ -22,10 +22,11 @@ const (
 
 func Result(code int, data interface{}, msg string, c *gin.Context) {
 	result, _ := json.Marshal(data) //将数据转换为json
+	encryptStr, _ := wafsec.AesEncrypt(result, global.GWAF_COMMUNICATION_KEY)
 	// 开始时间
 	c.JSON(http.StatusOK, Response{
 		code,
-		wafsec.AesEncrypt(result, global.GWAF_COMMUNICATION_KEY),
+		encryptStr,
 		msg,
 	})
 }

diff --git a/model/reginfo.go b/model/reginfo.go
@@ -0,0 +1,28 @@
+package model
+
+import "time"
+
+/*
+*
+注册信息
+*/
+type RegistrationInfo struct {
+	Version    string    `json:"version"`
+	Username   string    `json:"username"`
+	MemberType string    `json:"member_type"`
+	MachineID  string    `json:"machine_id"`
+	ExpiryDate time.Time `json:"expiry_date"`
+}
+
+/*
+*
+机器信息
+*/
+type MachineInfo struct {
+	Version          string `json:"version"`
+	MachineID        string `json:"machine_id"`
+	ClientServerName string `json:"client_server_name"` // 客户端-自定义名称
+	ClientTenantId   string `json:"client_tenant_id"`   // 客户端-租户ID
+	ClientUserCode   string `json:"client_user_code"`   // 客户端-用户码
+	OtherFeature     string `json:"other_feature"`      // 预留其他特征
+}
diff --git a/wafenginecore/dequeengine.go b/wafenginecore/dequeengine.go
@@ -125,11 +125,11 @@ func ProcessDequeEngine() {
 								MessageDateTime:     time.Now().Format("2006-01-02 15:04:05"),
 								MessageUnReadStatus: true,
 							})
-
+							encryptStr, _ := wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY)
 							//写入ws数据
 							msgBytes, err := json.Marshal(model.MsgPacket{
 								MsgCode:       "200",
-								MsgDataPacket: wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY),
+								MsgDataPacket: encryptStr,
 								MsgCmdType:    "Info",
 							})
 							err = ws.WriteMessage(1, msgBytes)
@@ -159,10 +159,11 @@ func ProcessDequeEngine() {
 							MessageDateTime:     time.Now().Format("2006-01-02 15:04:05"),
 							MessageUnReadStatus: true,
 						})
+						encryptStr, _ := wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY)
 						//写入ws数据
 						msgBytes, err := json.Marshal(model.MsgPacket{
 							MsgCode:       "200",
-							MsgDataPacket: wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY),
+							MsgDataPacket: encryptStr,
 							MsgCmdType:    "Info",
 						})
 						err = ws.WriteMessage(1, msgBytes)
@@ -188,10 +189,11 @@ func ProcessDequeEngine() {
 							MessageDateTime:     time.Now().Format("2006-01-02 15:04:05"),
 							MessageUnReadStatus: true,
 						})
+						encryptStr, _ := wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY)
 						//写入ws数据
 						msgBytes, err := json.Marshal(model.MsgPacket{
 							MsgCode:       "200",
-							MsgDataPacket: wafsec.AesEncrypt(msgBody, global.GWAF_COMMUNICATION_KEY),
+							MsgDataPacket: encryptStr,
 							MsgCmdType:    "Info",
 						})
 						err = ws.WriteMessage(1, msgBytes)