From 26dfe5c62b34f6818e6f734cfccc0cd7091f5f72 Mon Sep 17 00:00:00 2001 From: cosmo Date: Sun, 24 Nov 2024 11:12:41 +0800 Subject: [PATCH 1/2] beta509 --- config/config.go | 23 +++++++++++++++++++++++ idmap/service.go | 34 +++++++++++++++++----------------- images/upload_api.go | 18 +++++++++--------- oss/baidu.go | 6 +++--- server/uploadpic.go | 4 ++-- url/shorturl.go | 4 ++-- 6 files changed, 56 insertions(+), 33 deletions(-) diff --git a/config/config.go b/config/config.go index 09b5ffbc..56965925 100644 --- a/config/config.go +++ b/config/config.go @@ -2471,3 +2471,26 @@ func GetNoRetMsg() bool { } return instance.Settings.NoRetMsg } + +func GetForceSsl() bool { + mu.RLock() + defer mu.RUnlock() + + if instance == nil { + fmt.Println("Warning: instance is nil when trying to ForceSSL value.") + return false + } + return instance.Settings.ForceSSL +} + +func GetHttpPortAfterSsl() string { + mu.RLock() + defer mu.RUnlock() + + if instance == nil { + fmt.Println("Warning: instance is nil when trying to get HttpPortAfterSSL.") + return "444" // 或者返回一个默认的 ImageLimit 值 + } + + return instance.Settings.HttpPortAfterSSL +} diff --git a/idmap/service.go b/idmap/service.go index 0c0ae205..1dbe49a8 100644 --- a/idmap/service.go +++ b/idmap/service.go @@ -456,7 +456,7 @@ func SimplifiedStoreIDv2(id string) (int64, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" || config.GetForceSsl(){ protocol = "https" } @@ -553,7 +553,7 @@ func StoreIDv2(id string) (int64, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -603,7 +603,7 @@ func StoreCachev2(id string) (int64, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -653,7 +653,7 @@ func StoreIDv2Pro(id string, subid string) (int64, int64, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -746,7 +746,7 @@ func RetrieveRowByIDv2Pro(newRowID string, newSubRowID string) (string, string, // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -817,7 +817,7 @@ func RetrieveRowByIDv2(rowid string) (string, error) { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } if config.GetLotusGrpc() && config.GetLotusValue() { @@ -866,7 +866,7 @@ func RetrieveRowByCachev2(rowid string) (string, error) { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } if config.GetLotusGrpc() && config.GetLotusValue() { @@ -947,7 +947,7 @@ func WriteConfigv2(sectionName, keyName, value string) error { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1023,7 +1023,7 @@ func DeleteConfigv2(sectionName, keyName string) error { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1072,7 +1072,7 @@ func ReadConfigv2(sectionName, keyName string) (string, error) { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } if config.GetLotusGrpc() && config.GetLotusValue() { @@ -1236,7 +1236,7 @@ func UpdateVirtualValuev2(oldRowValue, newRowValue int64) error { serverDir := config.GetServer_dir() portValue := config.GetPortValue() protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } url := fmt.Sprintf("%s://%s:%s/getid?type=5&oldRowValue=%d&newRowValue=%d", protocol, serverDir, portValue, oldRowValue, newRowValue) @@ -1272,7 +1272,7 @@ func RetrieveRealValuev2(virtualValue int64) (string, string, error) { serverDir := config.GetServer_dir() portValue := config.GetPortValue() protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } url := fmt.Sprintf("%s://%s:%s/getid?type=6&virtualValue=%d", protocol, serverDir, portValue, virtualValue) @@ -1320,7 +1320,7 @@ func RetrieveVirtualValuev2(realValue string) (string, string, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1374,7 +1374,7 @@ func RetrieveVirtualValuev2Pro(realValue string, realValueSub string) (string, s // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1499,7 +1499,7 @@ func RetrieveRealValuesv2Pro(virtualValue int64, virtualValueSub int64) (string, // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1593,7 +1593,7 @@ func UpdateVirtualValuev2Pro(oldVirtualValue1, newVirtualValue1, oldVirtualValue serverDir := config.GetServer_dir() portValue := config.GetPortValue() protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -1695,7 +1695,7 @@ func FindSubKeysByIdPro(id string) ([]string, error) { // 根据portValue确定协议 protocol := "http" - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } diff --git a/images/upload_api.go b/images/upload_api.go index 67705aa6..913f00bc 100644 --- a/images/upload_api.go +++ b/images/upload_api.go @@ -177,7 +177,7 @@ func originalUploadBehavior(base64Image string) (string, error) { // 原有的UploadBase64ImageToServer函数的实现 protocol := "http" serverPort := config.GetPortValue() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -194,9 +194,9 @@ func originalUploadBehavior(base64Image string) (string, error) { } serverDir := config.GetServer_dir() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "http" - serverPort = "444" + serverPort = config.GetHttpPortAfterSsl() } if isPublicAddress(serverDir) { @@ -227,7 +227,7 @@ func UploadBehaviorV3(base64Image string) (string, int, int, error) { } else { protocol := "http" serverPort := config.GetPortValue() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -241,9 +241,9 @@ func UploadBehaviorV3(base64Image string) (string, int, int, error) { } return resp, width, height, nil } else { - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "http" - serverPort = "444" + serverPort = config.GetHttpPortAfterSsl() } url = fmt.Sprintf("%s://127.0.0.1:%s/uploadpicv3", protocol, serverPort) @@ -261,7 +261,7 @@ func originalUploadBehaviorRecord(base64Image string) (string, error) { // 根据serverPort确定协议 protocol := "http" serverPort := config.GetPortValue() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -278,9 +278,9 @@ func originalUploadBehaviorRecord(base64Image string) (string, error) { serverDir := config.GetServer_dir() // 当端口是443时,使用HTTP和444端口 - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "http" - serverPort = "444" + serverPort = config.GetHttpPortAfterSsl() } if isPublicAddress(serverDir) { diff --git a/oss/baidu.go b/oss/baidu.go index 36165d3e..05a5beec 100644 --- a/oss/baidu.go +++ b/oss/baidu.go @@ -133,7 +133,7 @@ func originalUploadBehavior(base64Image string) (string, error) { // 原有的UploadBase64ImageToServer函数的实现 protocol := "http" serverPort := config.GetPortValue() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -149,9 +149,9 @@ func originalUploadBehavior(base64Image string) (string, error) { } serverDir := config.GetServer_dir() - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "http" - serverPort = "444" + serverPort = config.GetHttpPortAfterSsl() } if isPublicAddress(serverDir) { diff --git a/server/uploadpic.go b/server/uploadpic.go index cd515af0..3c539d42 100644 --- a/server/uploadpic.go +++ b/server/uploadpic.go @@ -112,7 +112,7 @@ func UploadBase64ImageHandler(rateLimiter *RateLimiter) gin.HandlerFunc { } // 根据serverPort确定协议 protocol := "http" - if serverPort == "443" { + if serverPort == "443"||config.GetForceSsl() { protocol = "https" } stun, err := idmap.ReadConfigv2("stun", "addr") @@ -277,7 +277,7 @@ func UploadBase64RecordHandler(rateLimiter *RateLimiter) gin.HandlerFunc { // 根据serverPort确定协议 protocol := "http" - if serverPort == "443" { + if serverPort == "443" ||config.GetForceSsl(){ protocol = "https" } diff --git a/url/shorturl.go b/url/shorturl.go index 0d8381ad..a9726707 100644 --- a/url/shorturl.go +++ b/url/shorturl.go @@ -126,7 +126,7 @@ func GenerateShortURL(longURL string) string { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } @@ -242,7 +242,7 @@ func getLongURLFromDB(shortURL string) (string, error) { // 根据portValue确定协议 protocol := "http" portValue := config.GetPortValue() - if portValue == "443" { + if portValue == "443" ||config.GetForceSsl(){ protocol = "https" } From 5b57e0d04b04a2b657b6f529b02e4d8aeba9065b Mon Sep 17 00:00:00 2001 From: cosmo Date: Mon, 25 Nov 2024 16:42:03 +0800 Subject: [PATCH 2/2] beta510 --- main.go | 6 +-- server/webhook.go | 85 ++----------------------------------- template/config_template.go | 1 - 3 files changed, 5 insertions(+), 87 deletions(-) diff --git a/main.go b/main.go index d72a8c9e..ae8070ed 100644 --- a/main.go +++ b/main.go @@ -459,11 +459,7 @@ func main() { r.POST("/uploadrecord", server.UploadBase64RecordHandler(rateLimiter)) // 使用 CreateHandleValidation,传入 WebhookHandler 实例 server.InitPrivateKey(conf.Settings.ClientSecret) - if len(conf.Settings.WebhookPrefixIp) == 0 { - r.POST("/"+conf.Settings.WebhookPath, server.CreateHandleValidationSafe(webhookHandler)) - } else { - r.POST("/"+conf.Settings.WebhookPath, server.CreateHandleValidation(webhookHandler, conf.Settings.WebhookPrefixIp)) - } + r.POST("/"+conf.Settings.WebhookPath, server.CreateHandleValidationSafe(webhookHandler)) r.Static("/channel_temp", "./channel_temp") if config.GetFrpPort() == "0" && !config.GetDisableWebui() { diff --git a/server/webhook.go b/server/webhook.go index 2ddcb917..d1967154 100644 --- a/server/webhook.go +++ b/server/webhook.go @@ -13,6 +13,7 @@ import ( "sync/atomic" "github.com/gin-gonic/gin" + "github.com/hoshinonyaruko/gensokyo/mylog" "github.com/tencent-connect/botgo/dto" "github.com/tencent-connect/botgo/event" "github.com/tencent-connect/botgo/websocket/client" @@ -71,84 +72,6 @@ func InitPrivateKey(botSecret string) { publicKey = pkey } -// CreateHandleValidation 创建用于签名验证和消息入队的处理函数 -func CreateHandleValidation(wh *WebhookHandler, allowedPrefixes []string) gin.HandlerFunc { - return func(c *gin.Context) { - // 提取客户端 IP - clientIP := c.ClientIP() - - // 检查是否匹配任意一个允许的前缀 - allowed := false - for _, prefix := range allowedPrefixes { - if strings.HasPrefix(clientIP, prefix) { - allowed = true - break - } - } - - if !allowed { - log.Printf("Request from unauthorized IP: %s", clientIP) - c.JSON(http.StatusForbidden, gin.H{"error": "Access denied"}) - return - } - - // 读取 HTTP Body - httpBody, err := io.ReadAll(c.Request.Body) - if err != nil { - log.Println("Failed to read HTTP body:", err) - c.JSON(http.StatusBadRequest, gin.H{"error": "Failed to read request body"}) - return - } - - // 解析请求数据 - var payload Payload - if err := json.Unmarshal(httpBody, &payload); err != nil { - log.Println("Failed to parse HTTP payload:", err) - c.JSON(http.StatusBadRequest, gin.H{"error": "Failed to parse payload"}) - return - } - - // 判断 Op 类型 - switch payload.Op { - case 13: - // 签名验证逻辑 - var msg bytes.Buffer - msg.WriteString(payload.D.EventTs) - msg.WriteString(payload.D.PlainToken) - signature := hex.EncodeToString(ed25519.Sign(privateKey, msg.Bytes())) - - // 返回签名验证响应 - c.JSON(http.StatusOK, gin.H{ - "plain_token": payload.D.PlainToken, - "signature": signature, - }) - - default: - // 异步推送消息到队列 - go func(httpBody []byte, payload Payload) { - webhookPayload := &WebhookPayload{ - PlainToken: payload.D.PlainToken, - EventTs: payload.D.EventTs, - RawMessage: httpBody, - } - - // 尝试写入队列 - select { - case wh.messageQueue <- webhookPayload: - log.Println("Message enqueued successfully") - default: - log.Println("Message queue is full, dropping message") - } - }(httpBody, payload) - - // 返回 HTTP Callback ACK 响应 - c.JSON(http.StatusOK, gin.H{ - "op": 12, - }) - } - } -} - func CreateHandleValidationSafe(wh *WebhookHandler) gin.HandlerFunc { return func(c *gin.Context) { // 读取 HTTP Body @@ -204,7 +127,7 @@ func CreateHandleValidationSafe(wh *WebhookHandler) gin.HandlerFunc { // 尝试写入队列 select { case wh.messageQueue <- webhookPayload: - log.Println("Message enqueued successfully") + mylog.Println("Message enqueued successfully") default: log.Println("Message queue is full, dropping message") } @@ -265,7 +188,7 @@ func validateSignature(req *http.Request, publicKey ed25519.PublicKey) error { func (wh *WebhookHandler) ListenAndProcessMessages() { for payload := range wh.messageQueue { go func(p *WebhookPayload) { - log.Printf("Processing Webhook event with token: %s", p.PlainToken) + mylog.Printf("Processing Webhook event with token: %s", p.PlainToken) // 业务逻辑处理的地方 payload := &dto.WSPayload{} if err := json.Unmarshal(p.RawMessage, payload); err != nil { @@ -276,7 +199,7 @@ func (wh *WebhookHandler) ListenAndProcessMessages() { atomic.StoreInt64(&client.Global_s, payload.S) payload.RawMessage = p.RawMessage - log.Printf("%s receive %s message, %s", p.EventTs, dto.OPMeans(payload.OPCode), string(p.RawMessage)) + mylog.Printf("%s receive %s message, %s", p.EventTs, dto.OPMeans(payload.OPCode), string(p.RawMessage)) // 性能不够 报错也没用 就扬了 go event.ParseAndHandle(payload) diff --git a/template/config_template.go b/template/config_template.go index 14da86b4..0a9eb8b7 100644 --- a/template/config_template.go +++ b/template/config_template.go @@ -86,7 +86,6 @@ settings: crt : "" #证书路径 从你的域名服务商或云服务商申请签发SSL证书(qq要求SSL) key : "" #密钥路径 Apache(crt文件、key文件)示例: "C:\\123.key" \需要双写成\\ webhook_path : "webhook" #webhook监听的地址,默认\webhook - webhook_prefix_ip : [] #默认为空,通过webhook进行签名验证来源,设置时,只允许ip前缀的请求,不验证签名. 2024年11月22日最近的webhookip都是 183.47.105. 开始的. force_ssl : false #默认当port设置为443时启用ssl,true可以在其他port设置下强制启用ssl. http_port_after_ssl : "444" # 指定启动SSL之后的备用HTTP服务器的端口号,默认为444