Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
DiDi
nightingale
提交
ee612908
N
nightingale
项目概览
DiDi
/
nightingale
9 个月 前同步成功
通知
46
Star
7053
Fork
1161
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
N
nightingale
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
ee612908
编写于
7月 06, 2023
作者:
水淹萌龙
提交者:
GitHub
7月 06, 2023
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat(Login): add rsa to password (#1604)
上级
be25adf9
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
114 addition
and
6 deletion
+114
-6
center/center.go
center/center.go
+3
-1
center/router/router.go
center/router/router.go
+3
-2
center/router/router_login.go
center/router/router_login.go
+31
-3
etc/config.toml
etc/config.toml
+10
-0
pkg/httpx/httpx.go
pkg/httpx/httpx.go
+29
-0
pkg/secu/rsa.go
pkg/secu/rsa.go
+38
-0
未找到文件。
center/center.go
浏览文件 @
ee612908
...
...
@@ -79,8 +79,10 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
writers
:=
writer
.
NewWriters
(
config
.
Pushgw
)
httpx
.
InitRSAConfig
(
&
config
.
HTTP
.
RSA
)
alertrtRouter
:=
alertrt
.
New
(
config
.
HTTP
,
config
.
Alert
,
alertMuteCache
,
targetCache
,
busiGroupCache
,
alertStats
,
ctx
,
externalProcessors
)
centerRouter
:=
centerrt
.
New
(
config
.
HTTP
,
config
.
Center
,
cconf
.
Operations
,
dsCache
,
notifyConfigCache
,
promClients
,
redis
,
sso
,
ctx
,
metas
,
idents
,
targetCache
)
centerRouter
:=
centerrt
.
New
(
config
.
HTTP
,
config
.
Center
,
cconf
.
Operations
,
dsCache
,
notifyConfigCache
,
promClients
,
redis
,
sso
,
ctx
,
metas
,
idents
,
targetCache
)
pushgwRouter
:=
pushgwrt
.
New
(
config
.
HTTP
,
config
.
Pushgw
,
targetCache
,
busiGroupCache
,
idents
,
writers
,
ctx
)
r
:=
httpx
.
GinEngine
(
config
.
Global
.
RunMode
,
config
.
HTTP
)
...
...
center/router/router.go
浏览文件 @
ee612908
...
...
@@ -18,8 +18,8 @@ import (
"github.com/ccfos/nightingale/v6/pkg/ctx"
"github.com/ccfos/nightingale/v6/pkg/httpx"
"github.com/ccfos/nightingale/v6/prom"
"github.com/ccfos/nightingale/v6/storage"
"github.com/ccfos/nightingale/v6/pushgw/idents"
"github.com/ccfos/nightingale/v6/storage"
"github.com/gin-gonic/gin"
"github.com/rakyll/statik/fs"
...
...
@@ -36,7 +36,7 @@ type Router struct {
PromClients
*
prom
.
PromClientMap
Redis
storage
.
Redis
MetaSet
*
metas
.
Set
IdentSet
*
idents
.
Set
IdentSet
*
idents
.
Set
TargetCache
*
memsto
.
TargetCacheType
Sso
*
sso
.
SsoClient
Ctx
*
ctx
.
Context
...
...
@@ -170,6 +170,7 @@ func (rt *Router) Config(r *gin.Engine) {
pages
.
GET
(
"/auth/ifshowcaptcha"
,
rt
.
ifShowCaptcha
)
pages
.
GET
(
"/auth/sso-config"
,
rt
.
ssoConfigNameGet
)
pages
.
GET
(
"/auth/rsa-config"
,
rt
.
rsaConfigGet
)
pages
.
GET
(
"/auth/redirect"
,
rt
.
loginRedirect
)
pages
.
GET
(
"/auth/redirect/cas"
,
rt
.
loginRedirectCas
)
pages
.
GET
(
"/auth/redirect/oauth"
,
rt
.
loginRedirectOAuth
)
...
...
center/router/router_login.go
浏览文件 @
ee612908
package
router
import
(
"encoding/base64"
"fmt"
"net/http"
"strconv"
...
...
@@ -12,6 +13,7 @@ import (
"github.com/ccfos/nightingale/v6/pkg/ldapx"
"github.com/ccfos/nightingale/v6/pkg/oauth2x"
"github.com/ccfos/nightingale/v6/pkg/oidcx"
"github.com/ccfos/nightingale/v6/pkg/secu"
"github.com/pelletier/go-toml/v2"
"github.com/dgrijalva/jwt-go"
...
...
@@ -38,13 +40,23 @@ func (rt *Router) loginPost(c *gin.Context) {
return
}
}
user
,
err
:=
models
.
PassLogin
(
rt
.
Ctx
,
f
.
Username
,
f
.
Password
)
authPassWord
:=
f
.
Password
// need decode
if
rt
.
HTTP
.
RSA
.
OpenRSA
{
decPassWord
,
err
:=
secu
.
Decrypt
(
f
.
Password
,
rt
.
HTTP
.
RSA
.
RSAPrivateKey
,
rt
.
HTTP
.
RSA
.
RSAPassWord
)
if
err
!=
nil
{
logger
.
Errorf
(
"RSA Decrypt failed: %v username: %s"
,
err
,
f
.
Username
)
ginx
.
NewRender
(
c
)
.
Message
(
err
)
return
}
authPassWord
=
decPassWord
}
user
,
err
:=
models
.
PassLogin
(
rt
.
Ctx
,
f
.
Username
,
authPassWord
)
if
err
!=
nil
{
// pass validate fail, try ldap
if
rt
.
Sso
.
LDAP
.
Enable
{
roles
:=
strings
.
Join
(
rt
.
Sso
.
LDAP
.
DefaultRoles
,
" "
)
user
,
err
=
models
.
LdapLogin
(
rt
.
Ctx
,
f
.
Username
,
f
.
Passw
ord
,
roles
,
rt
.
Sso
.
LDAP
)
user
,
err
=
models
.
LdapLogin
(
rt
.
Ctx
,
f
.
Username
,
authPassW
ord
,
roles
,
rt
.
Sso
.
LDAP
)
if
err
!=
nil
{
logger
.
Debugf
(
"ldap login failed: %v username: %s"
,
err
,
f
.
Username
)
ginx
.
NewRender
(
c
)
.
Message
(
err
)
...
...
@@ -548,3 +560,19 @@ func (rt *Router) ssoConfigUpdate(c *gin.Context) {
ginx
.
NewRender
(
c
)
.
Message
(
nil
)
}
type
RSAConfigOutput
struct
{
OpenRSA
bool
RSAPublicKey
string
}
func
(
rt
*
Router
)
rsaConfigGet
(
c
*
gin
.
Context
)
{
publicKey
:=
""
if
rt
.
HTTP
.
RSA
.
OpenRSA
{
publicKey
=
base64
.
StdEncoding
.
EncodeToString
(
rt
.
HTTP
.
RSA
.
RSAPublicKey
)
}
ginx
.
NewRender
(
c
)
.
Data
(
RSAConfigOutput
{
OpenRSA
:
rt
.
HTTP
.
RSA
.
OpenRSA
,
RSAPublicKey
:
publicKey
,
},
nil
)
}
etc/config.toml
浏览文件 @
ee612908
...
...
@@ -70,6 +70,16 @@ Enable = false
HeaderUserNameKey
=
"X-User-Name"
DefaultRoles
=
["Standard"]
[HTTP.RSA]
# open RSA
OpenRSA
=
false
# RSA public key
RSAPublicKeyPath
=
"/etc/n9e/public.pem"
# RSA private key
RSAPrivateKeyPath
=
"/etc/n9e/private.pem"
# RSA private key password
RSAPassWord
=
""
[DB]
# postgres: host=%s port=%s user=%s dbname=%s password=%s sslmode=%s
DSN="root:1234@tcp(127.0.0.1:3306)/n9e_v6?charset=utf8mb4&parseTime=True&loc=Local&allowNativePasswords
=
true
"
...
...
pkg/httpx/httpx.go
浏览文件 @
ee612908
...
...
@@ -34,6 +34,16 @@ type Config struct {
ShowCaptcha
ShowCaptcha
APIForAgent
BasicAuths
APIForService
BasicAuths
RSA
RSAConfig
}
type
RSAConfig
struct
{
OpenRSA
bool
RSAPublicKey
[]
byte
RSAPublicKeyPath
string
RSAPrivateKey
[]
byte
RSAPrivateKeyPath
string
RSAPassWord
string
}
type
ShowCaptcha
struct
{
...
...
@@ -150,3 +160,22 @@ func Init(cfg Config, handler http.Handler) func() {
}
}
}
func
InitRSAConfig
(
rsaConfig
*
RSAConfig
)
{
if
!
rsaConfig
.
OpenRSA
{
return
}
// 读取公钥配置文件
//获取文件内容
publicBuf
,
err
:=
os
.
ReadFile
(
rsaConfig
.
RSAPublicKeyPath
)
if
err
!=
nil
{
panic
(
fmt
.
Errorf
(
"could not read RSAPublicKeyPath %q: %v"
,
rsaConfig
.
RSAPublicKeyPath
,
err
))
}
rsaConfig
.
RSAPublicKey
=
publicBuf
// 读取私钥配置文件
privateBuf
,
err
:=
os
.
ReadFile
(
rsaConfig
.
RSAPrivateKeyPath
)
if
err
!=
nil
{
panic
(
fmt
.
Errorf
(
"could not read RSAPrivateKeyPath %q: %v"
,
rsaConfig
.
RSAPrivateKeyPath
,
err
))
}
rsaConfig
.
RSAPrivateKey
=
privateBuf
}
pkg/secu/rsa.go
0 → 100644
浏览文件 @
ee612908
package
secu
import
(
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"github.com/toolkits/pkg/logger"
)
func
Decrypt
(
cipherText
string
,
privateKeyByte
[]
byte
,
password
string
)
(
decrypted
string
,
err
error
)
{
decodeCipher
,
_
:=
base64
.
StdEncoding
.
DecodeString
(
cipherText
)
//pem解码
block
,
_
:=
pem
.
Decode
(
privateKeyByte
)
var
privateKey
*
rsa
.
PrivateKey
if
password
!=
""
{
decryptedPrivateKeyBytes
,
err
:=
x509
.
DecryptPEMBlock
(
block
,
[]
byte
(
password
))
if
err
!=
nil
{
logger
.
Error
(
"Failed to DecryptPEMBlock:"
,
err
)
return
""
,
err
}
privateKey
,
err
=
x509
.
ParsePKCS1PrivateKey
(
decryptedPrivateKeyBytes
)
}
else
{
privateKey
,
err
=
x509
.
ParsePKCS1PrivateKey
(
block
.
Bytes
)
}
if
err
!=
nil
{
logger
.
Error
(
"Failed to parse private key:"
,
err
)
return
""
,
err
}
decryptedByte
,
err
:=
rsa
.
DecryptPKCS1v15
(
rand
.
Reader
,
privateKey
,
decodeCipher
)
if
err
!=
nil
{
logger
.
Error
(
"Failed to decrypt data:"
,
err
)
return
""
,
err
}
return
string
(
decryptedByte
),
err
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录