From 237e88fe237405c2c6df13907aec388efed5abdd Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sun, 19 Mar 2023 17:48:43 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=9B=E5=BB=BASSH=E8=AE=A4=E8=AF=81?=
 =?UTF-8?q?=E7=A7=81=E9=92=A5=E6=97=B6=E6=A0=A1=E9=AA=8C=E7=A7=81=E9=92=A5?=
 =?UTF-8?q?=E5=86=85=E5=AE=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/actions/default/clusters/grants/create.go   | 13 +++++++++++++
 .../actions/default/clusters/grants/createPopup.go  | 13 +++++++++++++
 .../web/actions/default/clusters/grants/update.go   | 13 +++++++++++++
 .../actions/default/clusters/grants/updatePopup.go  | 13 +++++++++++++
 4 files changed, 52 insertions(+)

diff --git a/internal/web/actions/default/clusters/grants/create.go b/internal/web/actions/default/clusters/grants/create.go
index 54d7e29d..5725fcc8 100644
--- a/internal/web/actions/default/clusters/grants/create.go
+++ b/internal/web/actions/default/clusters/grants/create.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"golang.org/x/crypto/ssh"
 )
 
 type CreateAction struct {
@@ -50,6 +51,18 @@ func (this *CreateAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
diff --git a/internal/web/actions/default/clusters/grants/createPopup.go b/internal/web/actions/default/clusters/grants/createPopup.go
index 49d8f171..cefa7aba 100644
--- a/internal/web/actions/default/clusters/grants/createPopup.go
+++ b/internal/web/actions/default/clusters/grants/createPopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )
 
 type CreatePopupAction struct {
@@ -51,6 +52,18 @@ func (this *CreatePopupAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
diff --git a/internal/web/actions/default/clusters/grants/update.go b/internal/web/actions/default/clusters/grants/update.go
index 00eb4b4b..15abdd01 100644
--- a/internal/web/actions/default/clusters/grants/update.go
+++ b/internal/web/actions/default/clusters/grants/update.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )
 
 type UpdateAction struct {
@@ -83,6 +84,18 @@ func (this *UpdateAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
diff --git a/internal/web/actions/default/clusters/grants/updatePopup.go b/internal/web/actions/default/clusters/grants/updatePopup.go
index 184757ae..763553e2 100644
--- a/internal/web/actions/default/clusters/grants/updatePopup.go
+++ b/internal/web/actions/default/clusters/grants/updatePopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )
 
 type UpdatePopupAction struct {
@@ -83,6 +84,18 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}