Browse Source

update

tags/2.2.1
flucout 12 months ago
parent
commit
ef99d79f1a
  1. 40
      app/common.php
  2. 81
      app/controller/Api.php
  3. 5
      route/app.php

40
app/common.php

@ -185,3 +185,43 @@ function errorlog($msg){
fwrite($handle, date('Y-m-d H:i:s')."\t".$msg."\r\n");
fclose($handle);
}
function licenseEncrypt($data, $key){
$iv = substr($key, 0, 16);
return openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);
}
function licenseDecrypt($data, $key){
$iv = substr($key, 0, 16);
return openssl_decrypt($data, 'AES-256-CBC', $key, 0, $iv);
}
function generateKeyPairs(){
$pkey_dir = app()->getRootPath().'data/config/';
$public_key_path = $pkey_dir.'public_key.pem';
$private_key_path = $pkey_dir.'private_key.pem';
if(file_exists($public_key_path) && file_exists($private_key_path)){
return [file_get_contents($public_key_path), file_get_contents($private_key_path)];
}
$pkey_config = ['private_key_bits'=>4096];
$pkey_res = openssl_pkey_new($pkey_config);
$private_key = '';
openssl_pkey_export($pkey_res, $private_key, null, $pkey_config);
$pkey_details = openssl_pkey_get_details($pkey_res);
if(!$pkey_details) return false;
$public_key = $pkey_details['key'];
file_put_contents($public_key_path, $public_key);
file_put_contents($private_key_path, $private_key);
return [$public_key, $private_key];
}
function pemToBase64($pem){
$lines = explode("\n", $pem);
$encoded = '';
foreach ($lines as $line) {
if (trim($line) != '' && strpos($line, '-----BEGIN') === false && strpos($line, '-----END') === false) {
$encoded .= trim($line);
}
}
return $encoded;
}

81
app/controller/Api.php

@ -213,6 +213,17 @@ class Api extends BaseController
return json($data);
}
//宝塔云WAF最新版本
public function btwaf_latest_version(){
$data = [
'version' => '2.5',
'description' => '暂无更新日志',
'create_time' => 1701252997,
];
$data = bin2hex(json_encode($data));
return json(['status'=>true,'err_no'=>0,'msg'=>'获取成功','data'=>$data]);
}
//获取内测版更新日志
public function get_beta_logs(){
return json(['beta_ps'=>'当前暂无内测版', 'list'=>[]]);
@ -275,35 +286,67 @@ class Api extends BaseController
//绑定账号
public function get_auth_token(){
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin($_POST['data']);
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin(input('post.data'));
parse_str($reqData, $arr);
$serverid = $arr['serverid'];
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(32), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
$data = bin2hex(urlencode(json_encode($userinfo)));
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
$data = bin2hex(json_encode($userinfo));
return json(['status'=>true, 'msg'=>'登录成功!', 'data'=>$data]);
}
//绑定账号新
public function authorization_login(){
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin($_POST['data']);
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin(input('post.data'));
parse_str($reqData, $arr);
$serverid = $arr['serverid'];
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(32), 'secret_key'=>random(48)];
$data = bin2hex(urlencode(json_encode($userinfo)));
return json(['status'=>true, 'msg'=>'登录成功!', 'data'=>$data]);
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48)];
$data = bin2hex(json_encode($userinfo));
return json(['status'=>true, 'err_no'=>0, 'msg'=>'账号绑定成功', 'data'=>$data]);
}
//刷新授权信息
public function authorization_info(){
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin($_POST['data']);
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin(input('post.data'));
parse_str($reqData, $arr);
$id = isset($arr['id'])&&$arr['id']>0?$arr['id']:1;
$userinfo = ['id'=>$id, 'product'=>$arr['product'], 'status'=>2, 'clients'=>9999, 'durations'=>0, 'end_time'=>strtotime('+10 year')];
$data = bin2hex(urlencode(json_encode($userinfo)));
return json(['status'=>true, 'data'=>$data]);
$data = bin2hex(json_encode($userinfo));
return json(['status'=>true, 'err_no'=>0, 'data'=>$data]);
}
//刷新授权信息
public function update_license(){
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
$reqData = hex2bin(input('post.data'));
parse_str($reqData, $arr);
if(!isset($arr['product']) || !isset($arr['serverid'])) return json(['status'=>false, 'msg'=>'缺少参数']);
$license_data = ['product'=>$arr['product'], 'uid'=>random(32), 'phone'=>'138****8888', 'auth_id'=>random(32), 'server_id'=>substr($arr['serverid'], 0, 32), 'auth'=>['apis'=>[], 'menu'=>[], 'extra'=>['type'=>3,'location'=>-1,'smart_cc'=>-1,'site'=>0]], 'pages'=>[], 'end_time'=>strtotime('+10 year')];
$json = json_encode($license_data);
[$public_key, $private_key] = generateKeyPairs();
$public_key = pemToBase64($public_key);
$key1 = random(32);
$key2 = substr($public_key, 0, 32);
$encrypted1 = licenseEncrypt($json, $key1);
$encrypted2 = licenseEncrypt($key1, $key2);
$sign_data = $encrypted1.'.'.$encrypted2;
openssl_sign($sign_data, $signature, $private_key, OPENSSL_ALGO_SHA256);
$signature = base64_encode($signature);
$license = base64_encode($sign_data.'.'.$signature);
$data = bin2hex(json_encode(['public_key'=>$public_key, 'license'=>$license]));
return json(['status'=>true, 'err_no'=>0, 'msg'=>'授权获取成功', 'data'=>$data]);
}
public function is_obtained_btw_trial(){
$data = ['is_obtained'=>0];
$data = bin2hex(json_encode($data));
return json(['status'=>true, 'err_no'=>0, 'data'=>$data, 'msg'=>'检测成功']);
}
//一键部署列表
@ -391,4 +434,16 @@ class Api extends BaseController
fclose($handle);
exit;
}
public function logerror(){
$content = date('Y-m-d H:i:s')."\r\n";
$content.=$_SERVER['REQUEST_METHOD'].' '.$_SERVER['REQUEST_URI']."\r\n";
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$content.=file_get_contents('php://input')."\r\n";
}
$handle = fopen(app()->getRootPath()."record.txt", 'a');
fwrite($handle, $content."\r\n");
fclose($handle);
return json(['status'=>false, 'msg'=>'不支持当前操作']);
}
}

5
route/app.php

@ -17,11 +17,16 @@ Route::post('/Auth/GetAuthToken', 'api/get_auth_token');
Route::post('/Auth/GetBindCode', 'api/return_error');
Route::any('/bt_monitor/update_history', 'api/btm_update_history');
Route::any('/bt_monitor/latest_version', 'api/btm_latest_version');
Route::any('/bt_waf/get_malicious_ip', 'api/get_ssl_list');
Route::any('/bt_waf/daily_count_v2', 'api/get_ssl_list');
Route::any('/bt_waf/latest_version', 'api/btwaf_latest_version');
Route::group('authorization', function () {
Route::post('/login', 'api/authorization_login');
Route::post('/info', 'api/authorization_info');
Route::post('/info_v2', 'api/authorization_info');
Route::post('/update_license', 'api/update_license');
Route::post('/is_obtained_btw_trial', 'api/is_obtained_btw_trial');
Route::miss('api/return_error');
});

Loading…
Cancel
Save