数据库节点密码支持加密存储

2025-11-04 07:50:25 +08:00 · 2021-02-07 09:48:36 +08:00
parent 758b0b3399
commit 0b5a30aec9
2 changed files with 76 additions and 3 deletions
--- a/internal/db/models/db_node_dao.go
+++ b/internal/db/models/db_node_dao.go
@@ -1,11 +1,14 @@
 package models

 import (
+	"encoding/base64"
+	"github.com/TeaOSLab/EdgeAPI/internal/encrypt"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/types"
+	"strings"
 )

 const (
@@ -15,6 +18,8 @@ const (

 type DBNodeDAO dbs.DAO

+const DBNodePasswordEncodedPrefix = "EDGE_ENCODED:"
+
 func NewDBNodeDAO() *DBNodeDAO {
 	return dbs.NewDAO(&DBNodeDAO{
 		DAOObject: dbs.DAOObject{
@@ -61,7 +66,9 @@ func (this *DBNodeDAO) FindEnabledDBNode(tx *dbs.Tx, id int64) (*DBNode, error)
 	if result == nil {
 		return nil, err
 	}
-	return result.(*DBNode), err
+	node := result.(*DBNode)
+	node.Password = this.DecodePassword(node.Password)
+	return node, nil
 }

 // 根据主键查找名称
@@ -88,6 +95,9 @@ func (this *DBNodeDAO) ListEnabledNodes(tx *dbs.Tx, offset int64, size int64) (r
 		Slice(&result).
 		DescPk().
 		FindAll()
+	for _, node := range result {
+		node.Password = this.DecodePassword(node.Password)
+	}
 	return
 }

@@ -102,7 +112,7 @@ func (this *DBNodeDAO) CreateDBNode(tx *dbs.Tx, isOn bool, name string, descript
 	op.Port = port
 	op.Database = database
 	op.Username = username
-	op.Password = password
+	op.Password = this.EncodePassword(password)
 	op.Charset = charset
 	err := this.Save(tx, op)
 	if err != nil {
@@ -125,7 +135,7 @@ func (this *DBNodeDAO) UpdateNode(tx *dbs.Tx, nodeId int64, isOn bool, name stri
 	op.Port = port
 	op.Database = database
 	op.Username = username
-	op.Password = password
+	op.Password = this.EncodePassword(password)
 	op.Charset = charset
 	err := this.Save(tx, op)
 	return err
@@ -139,5 +149,30 @@ func (this *DBNodeDAO) FindAllEnabledAndOnDBNodes(tx *dbs.Tx) (result []*DBNode,
 		Slice(&result).
 		DescPk().
 		FindAll()
+	for _, node := range result {
+		node.Password = this.DecodePassword(node.Password)
+	}
 	return
 }
+
+// 加密密码
+func (this *DBNodeDAO) EncodePassword(password string) string {
+	if strings.HasPrefix(password, DBNodePasswordEncodedPrefix) {
+		return password
+	}
+	encodedString := base64.StdEncoding.EncodeToString(encrypt.MagicKeyEncode([]byte(password)))
+	return DBNodePasswordEncodedPrefix + encodedString
+}
+
+// 解密密码
+func (this *DBNodeDAO) DecodePassword(password string) string {
+	if !strings.HasPrefix(password, DBNodePasswordEncodedPrefix) {
+		return password
+	}
+	dataString := password[len(DBNodePasswordEncodedPrefix):]
+	data, err := base64.StdEncoding.DecodeString(dataString)
+	if err != nil {
+		return password
+	}
+	return string(encrypt.MagicKeyDecode(data))
+}
--- a/internal/db/models/db_node_dao_test.go
+++ b/internal/db/models/db_node_dao_test.go
@@ -2,4 +2,42 @@ package models

 import (
 	_ "github.com/go-sql-driver/mysql"
+	"testing"
 )
+
+func TestDBNodeDAO_EncodePassword(t *testing.T) {
+	dao := NewDBNodeDAO()
+	for _, password := range []string{
+		"123456",
+		"abcdefxyz",
+		"123abc$*&^%",
+		"$%#@!@(*))*&^&=]{|",
+		"中文",
+	} {
+		encoded := dao.EncodePassword(password)
+		decoded := dao.DecodePassword(encoded)
+		if decoded != password {
+			t.Fatal(decoded, password)
+		}
+	}
+}
+
+func TestDBNodeDAO_EncodePassword_Encoded(t *testing.T) {
+	dao := NewDBNodeDAO()
+	password := DBNodePasswordEncodedPrefix + "123456"
+	encoded := dao.EncodePassword(password)
+	if encoded != password {
+		t.Fatal()
+	}
+	t.Log(encoded)
+}
+
+func TestDBNodeDAO_EncodePassword_Decoded(t *testing.T) {
+	dao := NewDBNodeDAO()
+	password := "123456"
+	decoded := dao.DecodePassword(password)
+	if decoded != password {
+		t.Fatal()
+	}
+	t.Log(decoded)
+}