feat(api): encrypting webhook configurations (#255)

2025-08-07 16:20:56 +08:00 · 2023-11-07 17:15:24 +08:00
parent 2ae4aeee67
commit c711c3d3fd
3 changed files with 91 additions and 10 deletions
--- a/cmdb-api/api/lib/database.py
+++ b/cmdb-api/api/lib/database.py
@@ -10,14 +10,18 @@ from api.lib.exception import CommitException

 class FormatMixin(object):
    def to_dict(self):
-        res = dict([(k, getattr(self, k) if not isinstance(
-            getattr(self, k), (datetime.datetime, datetime.date, datetime.time)) else str(
-            getattr(self, k))) for k in getattr(self, "__mapper__").c.keys()])
-        # FIXME: getattr(cls, "__table__").columns  k.name
+        res = dict()
+        for k in getattr(self, "__mapper__").c.keys():
+            if k in {'password', '_password', 'secret', '_secret'}:
+                continue

-        res.pop('password', None)
-        res.pop('_password', None)
-        res.pop('secret', None)
+            if k.startswith('_'):
+                k = k[1:]
+
+            if not isinstance(getattr(self, k), (datetime.datetime, datetime.date, datetime.time)):
+                res[k] = getattr(self, k)
+            else:
+                res[k] = str(getattr(self, k))

        return res
    
--- a/cmdb-api/api/lib/utils.py
+++ b/cmdb-api/api/lib/utils.py
@@ -12,6 +12,9 @@ from Crypto.Cipher import AES
 from elasticsearch import Elasticsearch
 from flask import current_app

+from api.lib.secrets.inner import InnerCrypt
+from api.lib.secrets.inner import KeyManage
+

 class BaseEnum(object):
    _ALL_ = set()  # type: Set[str]
@@ -286,3 +289,33 @@ class AESCrypto(object):
        text_decrypted = cipher.decrypt(encode_bytes)

        return cls.unpad(text_decrypted).decode('utf8')
+
+
+class Crypto(AESCrypto):
+    @classmethod
+    def encrypt(cls, data):
+        from api.lib.secrets.secrets import InnerKVManger
+
+        if not KeyManage(backend=InnerKVManger()).is_seal():
+            res, status = InnerCrypt().encrypt(data)
+            if status:
+                return res
+
+        return AESCrypto().encrypt(data)
+
+    @classmethod
+    def decrypt(cls, data):
+        from api.lib.secrets.secrets import InnerKVManger
+
+        if not KeyManage(backend=InnerKVManger()).is_seal():
+            try:
+                res, status = InnerCrypt().decrypt(data)
+                if status:
+                    return res
+            except:
+                pass
+
+        try:
+            return AESCrypto().decrypt(data)
+        except:
+            return data