From a6bf064d63c8a9b7574aeed4989d02047cb4828a Mon Sep 17 00:00:00 2001 From: w-mj Date: Sat, 25 Feb 2023 12:43:49 +0800 Subject: [PATCH] test jwt pass. escape on AppModel.Prefix() --- Makefile | 2 +- main.go | 25 +++++++++++++++++++------ src/app_model.go | 11 ++++++++++- template/app_view.html | 4 ++-- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index fb12727..d737aa4 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -IMAGE_TAG ?= docker.educg.net/cg/k8s-manager:v1.0.4 +IMAGE_TAG ?= docker.educg.net/cg/k8s-manager:v1.0.7 build: export CGO_ENABLED=0 build: export GOOS=linux diff --git a/main.go b/main.go index 6ebbcea..f6814a2 100644 --- a/main.go +++ b/main.go @@ -70,7 +70,6 @@ func ParseCGToken(token string) (string, error) { token = strings.ReplaceAll(token, "-", "+") token = strings.ReplaceAll(token, "_", "/") token = token + []string{"", "===", "==", "="}[len(token)%4] - fmt.Println(token) aesEncrypt, err := base64.StdEncoding.DecodeString(token) if err != nil { log.WithError(err).Error("Parse CG Token 1") @@ -80,7 +79,7 @@ func ParseCGToken(token string) (string, error) { jwtString := AesDecryptECB(aesEncrypt, []byte(aseKey)) jwtResult, err := jwt.ParseWithClaims(string(jwtString), &CGJWTClaim{}, func(token *jwt.Token) (i interface{}, err error) { - return jwtKey, nil + return []byte(jwtKey), nil // return hmac.New(sha256.New, []byte(jwtKey)), nil }) if err != nil { @@ -104,7 +103,13 @@ func generateKey(key []byte) (genKey []byte) { return genKey } func AesDecryptECB(encrypted []byte, key []byte) (decrypted []byte) { - c, _ := aes.NewCipher(key) + sh := sha1.New() + sh.Write(key) + realKey := sh.Sum(nil) + c, err := aes.NewCipher(realKey[:16]) + if err != nil { + log.WithError(err).Error(AesDecryptECB) + } decrypted = make([]byte, len(encrypted)) // for bs, be := 0, c.BlockSize(); bs < len(encrypted); bs, be = bs+c.BlockSize(), be+c.BlockSize() { @@ -142,8 +147,11 @@ func AesDecrypt(data []byte, key []byte) ([]byte, error) { } func Test(c *gin.Context) { - //username := c.Param("username") - username, err := ParseCGToken(c.Request.URL.Query().Get("cgtoken")) + username := c.Request.URL.Query().Get("username") + var err error + if username == "" { + username, err = ParseCGToken(c.Request.URL.Query().Get("cgtoken")) + } if username == "" || err != nil { c.JSON(http.StatusNotFound, gin.H{ "code": http.StatusNotFound, @@ -159,7 +167,12 @@ func Test(c *gin.Context) { c.SetCookie("Authorization", "Bearer "+token, 0, "", "", false, false) c.Header("Authorization", "Bearer "+token) c.Header("Cache-Control", "no-store") - redirectUrl := fmt.Sprintf("/%s/index", os.Getenv("URL_PREFIX")) + redirectUrl := "" + if os.Getenv("URL_PREFIX") == "" { + redirectUrl = "/index" + } else { + redirectUrl = fmt.Sprintf("/%s/index", os.Getenv("URL_PREFIX")) + } c.Redirect(http.StatusTemporaryRedirect, redirectUrl) } } diff --git a/src/app_model.go b/src/app_model.go index 396660c..a1ed78b 100644 --- a/src/app_model.go +++ b/src/app_model.go @@ -63,7 +63,16 @@ func (a *AppModel) Delete() error { } func (a *AppModel) NamePrefix() string { - return fmt.Sprintf("%s-%s", a.UserName, a.AppName) + prefix := fmt.Sprintf("%s-%s", a.UserName, a.AppName) + ans := strings.Builder{} + for _, c := range prefix { + if (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-' { + ans.WriteRune(c) + } else { + ans.WriteString(fmt.Sprintf("-%d-", c)) + } + } + return ans.String() } func (a *AppModel) PodName() string { diff --git a/template/app_view.html b/template/app_view.html index 09754ae..f85c4d1 100644 --- a/template/app_view.html +++ b/template/app_view.html @@ -17,7 +17,7 @@
- +
用户名:{{ username }}
@@ -49,7 +49,7 @@ {{ item.Command }} {{ item.Env }} {{ item.Status }} - {{ item.ServiceDisplayName }} + {{ item.ServiceDisplayName }} {{ item.Ports }}