feat/encrypt-request (#854)

* feat: encrypt login and install request #852 * fix: user curd panic after install * chore: update error definations
0xJacky · Feb 7, 2025 · 9cbbd42 · 9cbbd42
2 parents fb532b6 + 7bb8cb5
commit 9cbbd42
Show file tree

Hide file tree

Showing 33 changed files with 1,108 additions and 768 deletions.
diff --git a/api/crypto/crypto.go b/api/crypto/crypto.go
@@ -0,0 +1,22 @@
+package crypto
+
+import (
+	"net/http"
+
+	"github.com/0xJacky/Nginx-UI/api"
+	"github.com/0xJacky/Nginx-UI/internal/crypto"
+	"github.com/gin-gonic/gin"
+)
+
+// GetPublicKey generates a new ED25519 key pair and registers it in the cache
+func GetPublicKey(c *gin.Context) {
+	sign, err := crypto.GetCryptoParams()
+	if err != nil {
+		api.ErrHandler(c, err)
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"public_key": sign.PublicKey,
+	})
+}
diff --git a/api/crypto/router.go b/api/crypto/router.go
@@ -0,0 +1,10 @@
+package crypto
+
+import "github.com/gin-gonic/gin"
+
+func InitPublicRouter(r *gin.RouterGroup) {
+	g := r.Group("/crypto")
+	{
+		g.GET("public_key", GetPublicKey)
+	}
+}
diff --git a/api/system/router.go b/api/system/router.go
@@ -1,12 +1,13 @@
 package system
 
 import (
+	"github.com/0xJacky/Nginx-UI/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
 
 func InitPublicRouter(r *gin.RouterGroup) {
 	r.GET("install", InstallLockCheck)
-	r.POST("install", InstallNginxUI)
+	r.POST("install", middleware.EncryptedParams(), InstallNginxUI)
 	r.GET("translation/:code", GetTranslation)
 }
 

diff --git a/api/user/router.go b/api/user/router.go
@@ -1,11 +1,12 @@
 package user
 
 import (
+	"github.com/0xJacky/Nginx-UI/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
 
 func InitAuthRouter(r *gin.RouterGroup) {
-	r.POST("/login", Login)
+	r.POST("/login", middleware.EncryptedParams(), Login)
 	r.DELETE("/logout", Logout)
 
 	r.GET("/begin_passkey_login", BeginPasskeyLogin)

diff --git a/app/package.json b/app/package.json
@@ -30,6 +30,7 @@
     "axios": "^1.7.9",
     "dayjs": "^1.11.13",
     "highlight.js": "^11.11.1",
+    "jsencrypt": "^3.3.2",
     "lodash": "^4.17.21",
     "marked": "^15.0.6",
     "marked-highlight": "^2.2.1",

diff --git a/app/pnpm-lock.yaml b/app/pnpm-lock.yaml
diff --git a/app/src/api/auth.ts b/app/src/api/auth.ts
@@ -19,7 +19,7 @@ const auth = {
       password,
       otp,
       recovery_code: recoveryCode,
-    })
+    }, { crypto: true })
   },
   async casdoor_login(code?: string, state?: string) {
     await http.post('/casdoor_callback', {

diff --git a/app/src/api/install.ts b/app/src/api/install.ts
@@ -12,7 +12,7 @@ const install = {
     return http.get('/install')
   },
   install_nginx_ui(data: InstallRequest) {
-    return http.post('/install', data)
+    return http.post('/install', data, { crypto: true })
   },
 }
 

diff --git a/app/src/constants/errors/crypto.ts b/app/src/constants/errors/crypto.ts
@@ -1,4 +1,5 @@
 export default {
   50001: () => $gettext('Plain text is empty'),
   50002: () => $gettext('Cipher text is too short'),
+  40401: () => $gettext('Request timeout'),
 }
diff --git a/app/src/constants/errors/middleware.ts b/app/src/constants/errors/middleware.ts
@@ -0,0 +1,4 @@
+export default {
+  40000: () => $gettext('Invalid request format'),
+  40001: () => $gettext('Decryption failed'),
+}