mirror of
https://github.com/bjdgyc/anylink.git
synced 2025-08-07 23:04:17 +08:00
bjdgyc
GitHub
@@ -214,6 +214,7 @@ type userAccountMailData struct {
|
||||
PinCode string
|
||||
OtpImg string
|
||||
OtpImgBase64 string
|
||||
DisableOtp bool
|
||||
}
|
||||
|
||||
func userAccountMail(user *dbdata.User) error {
|
||||
@@ -265,6 +266,7 @@ func userAccountMail(user *dbdata.User) error {
|
||||
PinCode: user.PinCode,
|
||||
OtpImg: fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
|
||||
OtpImgBase64: "data:image/png;base64," + otpData,
|
||||
DisableOtp: user.DisableOtp,
|
||||
}
|
||||
w := bytes.NewBufferString("")
|
||||
t, _ := template.New("auth_complete").Parse(htmlBody)
|
||||
@@ -273,12 +275,18 @@ func userAccountMail(user *dbdata.User) error {
|
||||
return err
|
||||
}
|
||||
// fmt.Println(w.String())
|
||||
imgData, _ := userOtpQr(user.Id, false)
|
||||
attach := &mail.File{
|
||||
MimeType: "image/png",
|
||||
Name: "userOtpQr.png",
|
||||
Data: []byte(imgData),
|
||||
Inline: true,
|
||||
|
||||
var attach *mail.File
|
||||
if user.DisableOtp {
|
||||
attach = nil
|
||||
} else {
|
||||
imgData, _ := userOtpQr(user.Id, false)
|
||||
attach = &mail.File{
|
||||
MimeType: "image/png",
|
||||
Name: "userOtpQr.png",
|
||||
Data: []byte(imgData),
|
||||
Inline: true,
|
||||
}
|
||||
}
|
||||
|
||||
return SendMail(base.Cfg.Issuer, user.Email, w.String(), attach)
|
||||
|
||||
@@ -111,12 +111,6 @@ func StartAdmin() {
|
||||
selectedCipherSuites = append(selectedCipherSuites, s.ID)
|
||||
}
|
||||
|
||||
if tlscert, _, err := dbdata.ParseCert(); err != nil {
|
||||
base.Fatal("证书加载失败", err)
|
||||
} else {
|
||||
dbdata.LoadCertificate(tlscert)
|
||||
}
|
||||
|
||||
// 设置tls信息
|
||||
tlsConfig := &tls.Config{
|
||||
NextProtos: []string{"http/1.1"},
|
||||
|
||||
@@ -174,6 +174,9 @@ func CheckErrNotFound(err error) bool {
|
||||
return err == ErrNotFound
|
||||
}
|
||||
|
||||
// base64 图片
|
||||
// 用户动态码(请妥善保存):<br/>
|
||||
// <img src="{{.OtpImgBase64}}"/><br/>
|
||||
const accountMail = `<p>您好:</p>
|
||||
<p> 您的{{.Issuer}}账号已经审核开通。</p>
|
||||
<p>
|
||||
@@ -181,17 +184,18 @@ const accountMail = `<p>您好:</p>
|
||||
用户组: <b>{{.Group}}</b> <br/>
|
||||
用户名: <b>{{.Username}}</b> <br/>
|
||||
用户PIN码: <b>{{.PinCode}}</b> <br/>
|
||||
{{if .DisableOtp}}
|
||||
<!-- nothing -->
|
||||
{{else}}
|
||||
|
||||
<!--
|
||||
用户动态码(3天后失效):<br/>
|
||||
<img src="{{.OtpImg}}"/><br/>
|
||||
|
||||
用户动态码(请妥善保存):<br/>
|
||||
<img src="{{.OtpImgBase64}}"/><br/>
|
||||
|
||||
下面是兼容 gmail 的写法
|
||||
-->
|
||||
用户动态码(请妥善保存):<br/>
|
||||
<img src="cid:userOtpQr.png" alt="userOtpQr" /><br/>
|
||||
|
||||
{{end}}
|
||||
</p>
|
||||
<div>
|
||||
使用说明:
|
||||
|
||||
@@ -17,7 +17,10 @@ import (
|
||||
"github.com/bjdgyc/anylink/sessdata"
|
||||
)
|
||||
|
||||
var profileHash = ""
|
||||
var (
|
||||
profileHash = ""
|
||||
certHash = ""
|
||||
)
|
||||
|
||||
func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
// TODO 调试信息输出
|
||||
@@ -138,7 +141,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
other := &dbdata.SettingOther{}
|
||||
_ = dbdata.SettingGet(other)
|
||||
rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
|
||||
Banner: other.Banner, ProfileName: base.Cfg.ProfileName, ProfileHash: profileHash}
|
||||
Banner: other.Banner, ProfileName: base.Cfg.ProfileName, ProfileHash: profileHash, CertHash: certHash}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
tplRequest(tpl_complete, w, rd)
|
||||
base.Info("login", cr.Auth.Username, userAgent)
|
||||
@@ -178,6 +181,7 @@ type RequestData struct {
|
||||
Banner string
|
||||
ProfileName string
|
||||
ProfileHash string
|
||||
CertHash string
|
||||
}
|
||||
|
||||
var auth_request = `<?xml version="1.0" encoding="UTF-8"?>
|
||||
@@ -223,7 +227,7 @@ var auth_complete = `<?xml version="1.0" encoding="UTF-8"?>
|
||||
</capabilities>
|
||||
<config client="vpn" type="private">
|
||||
<vpn-base-config>
|
||||
<server-cert-hash>240B97A685B2BFA66AD699B90AAC49EA66495D69</server-cert-hash>
|
||||
<server-cert-hash>{{.CertHash}}</server-cert-hash>
|
||||
</vpn-base-config>
|
||||
<opaque is-for="vpn-client"></opaque>
|
||||
<vpn-profile-manifest>
|
||||
|
||||
@@ -1,13 +1,16 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"crypto/sha1"
|
||||
"crypto/tls"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/bjdgyc/anylink/base"
|
||||
@@ -36,6 +39,19 @@ func startTls() {
|
||||
// certs[0], err = tls.LoadX509KeyPair(certFile, keyFile)
|
||||
// }
|
||||
|
||||
tlscert, _, err := dbdata.ParseCert()
|
||||
if err != nil {
|
||||
base.Fatal("证书加载失败", err)
|
||||
}
|
||||
dbdata.LoadCertificate(tlscert)
|
||||
|
||||
// 计算证书hash值
|
||||
s1 := sha1.New()
|
||||
s1.Write(tlscert.Certificate[0])
|
||||
h2s := hex.EncodeToString(s1.Sum(nil))
|
||||
certHash = strings.ToUpper(h2s)
|
||||
base.Info("certHash", certHash)
|
||||
|
||||
// 修复 CVE-2016-2183
|
||||
// https://segmentfault.com/a/1190000038486901
|
||||
// nmap -sV --script ssl-enum-ciphers -p 443 www.example.com
|
||||
|
||||
Reference in New Issue
Block a user