feat: encrypt login and install request #852

api/crypto/crypto.go

@@ -0,0 +1,22 @@
+package crypto
+
+import (
+	"net/http"
+
+	"github.com/0xJacky/Nginx-UI/api"
+	"github.com/0xJacky/Nginx-UI/internal/sign"
+	"github.com/gin-gonic/gin"
+)
+
+// GetPublicKey generates a new ED25519 key pair and registers it in the cache
+func GetPublicKey(c *gin.Context) {
+	sign, err := sign.GetCryptoParams()
+	if err != nil {
+		api.ErrHandler(c, err)
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"public_key": sign.PublicKey,
+	})
+}

api/crypto/router.go

@@ -0,0 +1,10 @@
+package crypto
+
+import "github.com/gin-gonic/gin"
+
+func InitPublicRouter(r *gin.RouterGroup) {
+	g := r.Group("/crypto")
+	{
+		g.GET("public_key", GetPublicKey)
+	}
+}

api/system/router.go

@@ -1,12 +1,13 @@
 package system
 
 import (
+	"github.com/0xJacky/Nginx-UI/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
 
 func InitPublicRouter(r *gin.RouterGroup) {
 	r.GET("install", InstallLockCheck)
-	r.POST("install", InstallNginxUI)
+	r.POST("install", middleware.EncryptedParams(), InstallNginxUI)
 	r.GET("translation/:code", GetTranslation)
 }
 

api/user/router.go

@@ -1,11 +1,12 @@
 package user
 
 import (
+	"github.com/0xJacky/Nginx-UI/internal/middleware"
 	"github.com/gin-gonic/gin"
 )
 
 func InitAuthRouter(r *gin.RouterGroup) {
-	r.POST("/login", Login)
+	r.POST("/login", middleware.EncryptedParams(), Login)
 	r.DELETE("/logout", Logout)
 
 	r.GET("/begin_passkey_login", BeginPasskeyLogin)