perf: add encrypted key api

jumpserver · Dec 11, 2024 · 0c21bcc · 0c21bcc
1 parent 0f4a482
commit 0c21bcc
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 0 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -66,6 +66,8 @@ type Config struct {
 
 	DisableInputAsCommand bool `mapstructure:"DISABLE_INPUT_AS_COMMAND"`
 
+	SecretEncryptKey string `mapstructure:"SECRET_ENCRYPT_KEY"`
+
 	RootPath          string
 	DataFolderPath    string
 	LogDirPath        string
@@ -82,6 +84,10 @@ func (c *Config) EnsureConfigValid() {
 	}
 }
 
+func (c *Config) UpdateRedisPassword(val string) {
+	c.RedisPassword = val
+}
+
 func GetConf() Config {
 	if GlobalConfig == nil {
 		return getDefaultConfig()

diff --git a/pkg/jms-sdk-go/service/jms_terminal.go b/pkg/jms-sdk-go/service/jms_terminal.go
@@ -0,0 +1,14 @@
+package service
+
+func (s *JMService) GetEncryptedConfigValue(encryptKey, encryptedValue string) (resp ResultValue, err error) {
+	data := map[string]string{
+		"secret_encrypt_key": encryptKey,
+		"encrypted_value":    encryptedValue,
+	}
+	_, err = s.authClient.Post(TerminalEncryptedConfigURL, data, &resp)
+	return
+}
+
+type ResultValue struct {
+	Value string `json:"value"`
+}
diff --git a/pkg/jms-sdk-go/service/url.go b/pkg/jms-sdk-go/service/url.go
@@ -6,6 +6,8 @@ const (
 	TerminalRegisterURL  = "/api/v1/terminal/terminal-registrations/" // 注册
 	TerminalConfigURL    = "/api/v1/terminal/terminals/config/"       // 获取配置
 	TerminalHeartBeatURL = "/api/v1/terminal/terminals/status/"
+
+	TerminalEncryptedConfigURL = "/api/v1/terminal/encrypted-config/"
 )
 
 // 用户登陆认证使用的API

diff --git a/pkg/koko/koko.go b/pkg/koko/koko.go
@@ -40,6 +40,7 @@ func RunForever(confPath string) {
 	gracefulStop := make(chan os.Signal, 1)
 	signal.Notify(gracefulStop, syscall.SIGTERM, syscall.SIGINT, syscall.SIGQUIT)
 	jmsService := MustJMService()
+	bootstrapWithJMService(jmsService)
 	webSrv := httpd.NewServer(jmsService)
 	sshSrv := sshd.NewSSHServer(jmsService)
 	app := &Koko{
@@ -55,9 +56,31 @@ func RunForever(confPath string) {
 func bootstrap() {
 	i18n.Initial()
 	logger.Initial()
+}
+
+func bootstrapWithJMService(jmsService *service.JMService) {
+	updateEncryptConfigValue(jmsService)
 	exchange.Initial()
 }
 
+func updateEncryptConfigValue(jmsService *service.JMService) {
+	cfg := config.GlobalConfig
+	encryptKey := cfg.SecretEncryptKey
+	if encryptKey != "" {
+		redisPassword := cfg.RedisPassword
+		ret, err := jmsService.GetEncryptedConfigValue(encryptKey, redisPassword)
+		if err != nil {
+			logger.Error("Get encrypted config value failed: " + err.Error())
+			return
+		}
+		if ret.Value != "" {
+			cfg.UpdateRedisPassword(ret.Value)
+		} else {
+			logger.Error("Get encrypted config value failed: empty value")
+		}
+	}
+}
+
 func runTasks(jmsService *service.JMService) {
 	if config.GetConf().UploadFailedReplay {
 		go uploadRemainReplay(jmsService)