test jwt pass.

escape on AppModel.Prefix()
This commit is contained in:
w-mj 2023-02-25 12:43:49 +08:00
parent 04b7361df7
commit a6bf064d63
No known key found for this signature in database
GPG Key ID: 3A2CB5BE2F835897
4 changed files with 32 additions and 10 deletions

View File

@ -1,4 +1,4 @@
IMAGE_TAG ?= docker.educg.net/cg/k8s-manager:v1.0.4 IMAGE_TAG ?= docker.educg.net/cg/k8s-manager:v1.0.7
build: export CGO_ENABLED=0 build: export CGO_ENABLED=0
build: export GOOS=linux build: export GOOS=linux

25
main.go
View File

@ -70,7 +70,6 @@ func ParseCGToken(token string) (string, error) {
token = strings.ReplaceAll(token, "-", "+") token = strings.ReplaceAll(token, "-", "+")
token = strings.ReplaceAll(token, "_", "/") token = strings.ReplaceAll(token, "_", "/")
token = token + []string{"", "===", "==", "="}[len(token)%4] token = token + []string{"", "===", "==", "="}[len(token)%4]
fmt.Println(token)
aesEncrypt, err := base64.StdEncoding.DecodeString(token) aesEncrypt, err := base64.StdEncoding.DecodeString(token)
if err != nil { if err != nil {
log.WithError(err).Error("Parse CG Token 1") log.WithError(err).Error("Parse CG Token 1")
@ -80,7 +79,7 @@ func ParseCGToken(token string) (string, error) {
jwtString := AesDecryptECB(aesEncrypt, []byte(aseKey)) jwtString := AesDecryptECB(aesEncrypt, []byte(aseKey))
jwtResult, err := jwt.ParseWithClaims(string(jwtString), &CGJWTClaim{}, func(token *jwt.Token) (i interface{}, err error) { jwtResult, err := jwt.ParseWithClaims(string(jwtString), &CGJWTClaim{}, func(token *jwt.Token) (i interface{}, err error) {
return jwtKey, nil return []byte(jwtKey), nil
// return hmac.New(sha256.New, []byte(jwtKey)), nil // return hmac.New(sha256.New, []byte(jwtKey)), nil
}) })
if err != nil { if err != nil {
@ -104,7 +103,13 @@ func generateKey(key []byte) (genKey []byte) {
return genKey return genKey
} }
func AesDecryptECB(encrypted []byte, key []byte) (decrypted []byte) { func AesDecryptECB(encrypted []byte, key []byte) (decrypted []byte) {
c, _ := aes.NewCipher(key) sh := sha1.New()
sh.Write(key)
realKey := sh.Sum(nil)
c, err := aes.NewCipher(realKey[:16])
if err != nil {
log.WithError(err).Error(AesDecryptECB)
}
decrypted = make([]byte, len(encrypted)) decrypted = make([]byte, len(encrypted))
// //
for bs, be := 0, c.BlockSize(); bs < len(encrypted); bs, be = bs+c.BlockSize(), be+c.BlockSize() { for bs, be := 0, c.BlockSize(); bs < len(encrypted); bs, be = bs+c.BlockSize(), be+c.BlockSize() {
@ -142,8 +147,11 @@ func AesDecrypt(data []byte, key []byte) ([]byte, error) {
} }
func Test(c *gin.Context) { func Test(c *gin.Context) {
//username := c.Param("username") username := c.Request.URL.Query().Get("username")
username, err := ParseCGToken(c.Request.URL.Query().Get("cgtoken")) var err error
if username == "" {
username, err = ParseCGToken(c.Request.URL.Query().Get("cgtoken"))
}
if username == "" || err != nil { if username == "" || err != nil {
c.JSON(http.StatusNotFound, gin.H{ c.JSON(http.StatusNotFound, gin.H{
"code": http.StatusNotFound, "code": http.StatusNotFound,
@ -159,7 +167,12 @@ func Test(c *gin.Context) {
c.SetCookie("Authorization", "Bearer "+token, 0, "", "", false, false) c.SetCookie("Authorization", "Bearer "+token, 0, "", "", false, false)
c.Header("Authorization", "Bearer "+token) c.Header("Authorization", "Bearer "+token)
c.Header("Cache-Control", "no-store") c.Header("Cache-Control", "no-store")
redirectUrl := fmt.Sprintf("/%s/index", os.Getenv("URL_PREFIX")) redirectUrl := ""
if os.Getenv("URL_PREFIX") == "" {
redirectUrl = "/index"
} else {
redirectUrl = fmt.Sprintf("/%s/index", os.Getenv("URL_PREFIX"))
}
c.Redirect(http.StatusTemporaryRedirect, redirectUrl) c.Redirect(http.StatusTemporaryRedirect, redirectUrl)
} }
} }

View File

@ -63,7 +63,16 @@ func (a *AppModel) Delete() error {
} }
func (a *AppModel) NamePrefix() string { func (a *AppModel) NamePrefix() string {
return fmt.Sprintf("%s-%s", a.UserName, a.AppName) prefix := fmt.Sprintf("%s-%s", a.UserName, a.AppName)
ans := strings.Builder{}
for _, c := range prefix {
if (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || c == '-' {
ans.WriteRune(c)
} else {
ans.WriteString(fmt.Sprintf("-%d-", c))
}
}
return ans.String()
} }
func (a *AppModel) PodName() string { func (a *AppModel) PodName() string {

View File

@ -17,7 +17,7 @@
<br/> <br/>
<div class="d-flex"> <div class="d-flex">
<!-- <div class="align-self-start">用户名:{{ .Username }}</div>--> <div class="align-self-start">用户名:{{ username }}</div>
<div class="ms-auto align-self-end"> <div class="ms-auto align-self-end">
<button class="btn btn-success" @click="showModal(null)">添加应用</button> <button class="btn btn-success" @click="showModal(null)">添加应用</button>
</div> </div>
@ -49,7 +49,7 @@
<td> {{ item.Command }}</td> <td> {{ item.Command }}</td>
<td> {{ item.Env }}</td> <td> {{ item.Env }}</td>
<td> {{ item.Status }}</td> <td> {{ item.Status }}</td>
<td> {{ item.ServiceDisplayName }}</td> <td> <a :href="'/' + item.ServiceDisplayName + '/'" target="_blank">{{ item.ServiceDisplayName }}</a></td>
<td> {{ item.Ports }}</td> <td> {{ item.Ports }}</td>
<td> <td>
<div class="btn-group"> <div class="btn-group">