pref: 安全特性支持，站点隐藏功能

2026-04-20 09:50:50 +08:00 · 2025-04-14 17:40:23 +08:00
parent 251b0c58de
commit d76d56fcce
37 changed files with 1028 additions and 349 deletions
@@ -0,0 +1,66 @@
+import {Body, Controller, Get, Inject, Post, Provide} from '@midwayjs/core';
+import {Constants, NotFoundException, ParamException, SysInstallInfo, SysSettingsService} from '@certd/lib-server';
+import {utils} from "@certd/basic";
+import {hiddenStatus, SafeService} from "../../modules/sys/settings/safe-service.js";
+import {IMidwayKoaContext} from "@midwayjs/koa";
+
+const unhiddenHtml = `
+<html lang="en">
+<head>
+<title>certd解除站点隐藏</title>
+</head>
+<body>
+<div style="margin:50px;width:500px">
+<h3>解除站点隐藏</h3>
+<form method="post">
+请输入解除密码： <input type="password" name="password" /> <button type="submit">确定</button>
+</form>
+</div>
+</body>
+</html>
+
+`
+
+@Provide()
+@Controller('/api/unhidden')
+export class HnhiddenController {
+    @Inject()
+    ctx: IMidwayKoaContext;
+    @Inject()
+    safeService: SafeService;
+    @Inject()
+    sysSettingsService: SysSettingsService;
+
+
+    @Post('/:randomPath', {summary: Constants.per.guest})
+    async randomPath(@Body("password") password: any) {
+        await this.checkUnhiddenPath()
+        const hiddenSetting = await this.safeService.getHiddenSetting()
+        if (utils.hash.md5(password) === hiddenSetting.openPassword) {
+            //解锁
+            hiddenStatus.isHidden = false;
+            const setting = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo)
+            const bindUrl = setting.bindUrl
+            //解锁成功,跳转回首页,redirect
+            this.ctx.response.redirect(bindUrl || "/");
+            return
+        } else {
+            //密码错误
+            throw new ParamException('解锁密码错误');
+        }
+    }
+
+    @Get('/:randomPath', {summary: Constants.per.guest})
+    async unhiddenGet() {
+        await this.checkUnhiddenPath()
+        this.ctx.response.body = unhiddenHtml
+    }
+
+    async checkUnhiddenPath() {
+        const hiddenSetting = await this.safeService.getHiddenSetting()
+        if (this.ctx.path != `/api/unhidden/${hiddenSetting.openPath}`) {
+            this.ctx.res.statusCode = 404
+            throw new NotFoundException("Page not found")
+        }
+    }
+}