From 8b8268de92ad46eaa947a1d13e57f1fc718d83e0 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Thu, 11 Apr 2024 14:18:32 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=BC=BA=E5=8A=A0=E5=AF=86=E5=AF=86?=
 =?UTF-8?q?=E9=92=A5=E7=9A=84=E7=A8=B3=E5=AE=9A=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/utils/encrypt.go | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/internal/utils/encrypt.go b/internal/utils/encrypt.go
index 8f923f4..c1a245f 100644
--- a/internal/utils/encrypt.go
+++ b/internal/utils/encrypt.go
@@ -19,9 +19,12 @@ import (
 )
 
 var (
-	simpleEncryptMagicKey = rands.HexString(32)
+	defaultNodeEncryptKey    = rands.HexString(32)
+	defaultClusterEncryptKey = rands.HexString(32)
 )
 
+var encryptV2Suffix = []byte("$v2")
+
 func init() {
 	if !teaconst.IsMain {
 		return
@@ -30,7 +33,8 @@ func init() {
 	events.On(events.EventReload, func() {
 		nodeConfig, _ := nodeconfigs.SharedNodeConfig()
 		if nodeConfig != nil {
-			simpleEncryptMagicKey = stringutil.Md5(nodeConfig.NodeId + "@" + nodeConfig.Secret)
+			defaultNodeEncryptKey = stringutil.Md5(nodeConfig.NodeId + "@" + nodeConfig.Secret)
+			defaultClusterEncryptKey = stringutil.Md5(defaultClusterEncryptKey)
 		}
 	})
 }
@@ -38,7 +42,7 @@ func init() {
 // SimpleEncrypt 加密特殊信息
 func SimpleEncrypt(data []byte) []byte {
 	var method = &AES256CFBMethod{}
-	err := method.Init([]byte(simpleEncryptMagicKey), []byte(simpleEncryptMagicKey[:16]))
+	err := method.Init([]byte(defaultClusterEncryptKey), []byte(defaultClusterEncryptKey[:16]))
 	if err != nil {
 		logs.Println("[SimpleEncrypt]" + err.Error())
 		return data
@@ -49,13 +53,24 @@ func SimpleEncrypt(data []byte) []byte {
 		logs.Println("[SimpleEncrypt]" + err.Error())
 		return data
 	}
+	dst = append(dst, encryptV2Suffix...)
 	return dst
 }
 
 // SimpleDecrypt 解密特殊信息
 func SimpleDecrypt(data []byte) []byte {
+	if bytes.HasSuffix(data, encryptV2Suffix) {
+		data = data[:len(data)-len(encryptV2Suffix)]
+		return simpleDecrypt(data, defaultClusterEncryptKey)
+	}
+
+	// 兼容老的Key
+	return simpleDecrypt(data, defaultNodeEncryptKey)
+}
+
+func simpleDecrypt(data []byte, key string) []byte {
 	var method = &AES256CFBMethod{}
-	err := method.Init([]byte(simpleEncryptMagicKey), []byte(simpleEncryptMagicKey[:16]))
+	err := method.Init([]byte(key), []byte(key[:16]))
 	if err != nil {
 		logs.Println("[MagicKeyEncode]" + err.Error())
 		return data