chore: prepare v2.0.0-beta.29

2025-05-12 10:55:51 +02:00 · 2024-07-26 18:29:09 +08:00 · 2024-07-26 18:29:09 +08:00 · 40d6a07514
commit 40d6a07514
parent 11c733547f
4 changed files with 197 additions and 197 deletions
--- a/api/user/otp.go
+++ b/api/user/otp.go
@ -1,238 +1,238 @@
 package user
 import (
-    "bytes"
+	"bytes"
-    "crypto/sha1"
+	"crypto/sha1"
-    "encoding/base64"
+	"encoding/base64"
-    "encoding/hex"
+	"encoding/hex"
-    "fmt"
+	"fmt"
-    "github.com/0xJacky/Nginx-UI/api"
+	"github.com/0xJacky/Nginx-UI/api"
-    "github.com/0xJacky/Nginx-UI/internal/crypto"
+	"github.com/0xJacky/Nginx-UI/internal/crypto"
-    "github.com/0xJacky/Nginx-UI/internal/user"
+	"github.com/0xJacky/Nginx-UI/internal/user"
-    "github.com/0xJacky/Nginx-UI/query"
+	"github.com/0xJacky/Nginx-UI/query"
-    "github.com/0xJacky/Nginx-UI/settings"
+	"github.com/0xJacky/Nginx-UI/settings"
-    "github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin"
-    "github.com/pquerna/otp"
+	"github.com/pquerna/otp"
-    "github.com/pquerna/otp/totp"
+	"github.com/pquerna/otp/totp"
-    "image/jpeg"
+	"image/jpeg"
-    "net/http"
+	"net/http"
-    "strings"
+	"strings"
 )
 func GenerateTOTP(c *gin.Context) {
-    u := api.CurrentUser(c)
+	u := api.CurrentUser(c)
-    issuer := fmt.Sprintf("Nginx UI %s", settings.ServerSettings.Name)
+	issuer := fmt.Sprintf("Nginx UI %s", settings.ServerSettings.Name)
-    issuer = strings.TrimSpace(issuer)
+	issuer = strings.TrimSpace(issuer)
-    otpOpts := totp.GenerateOpts{
+	otpOpts := totp.GenerateOpts{
-        Issuer:      issuer,
+		Issuer:      issuer,
-        AccountName: u.Name,
+		AccountName: u.Name,
-        Period:      30, // seconds
+		Period:      30, // seconds
-        Digits:      otp.DigitsSix,
+		Digits:      otp.DigitsSix,
-        Algorithm:   otp.AlgorithmSHA1,
+		Algorithm:   otp.AlgorithmSHA1,
-    }
+	}
-    otpKey, err := totp.Generate(otpOpts)
+	otpKey, err := totp.Generate(otpOpts)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    ciphertext, err := crypto.AesEncrypt([]byte(otpKey.Secret()))
+	ciphertext, err := crypto.AesEncrypt([]byte(otpKey.Secret()))
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    qrCode, err := otpKey.Image(512, 512)
+	qrCode, err := otpKey.Image(512, 512)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    // Encode the image to a buffer
+	// Encode the image to a buffer
-    var buf []byte
+	var buf []byte
-    buffer := bytes.NewBuffer(buf)
+	buffer := bytes.NewBuffer(buf)
-    err = jpeg.Encode(buffer, qrCode, nil)
+	err = jpeg.Encode(buffer, qrCode, nil)
-    if err != nil {
+	if err != nil {
-        fmt.Println("Error encoding image:", err)
+		fmt.Println("Error encoding image:", err)
-        return
+		return
-    }
+	}
-    // Convert the buffer to a base64 string
+	// Convert the buffer to a base64 string
-    base64Str := "data:image/jpeg;base64," + base64.StdEncoding.EncodeToString(buffer.Bytes())
+	base64Str := "data:image/jpeg;base64," + base64.StdEncoding.EncodeToString(buffer.Bytes())
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "secret":  base64.StdEncoding.EncodeToString(ciphertext),
+		"secret":  base64.StdEncoding.EncodeToString(ciphertext),
-        "qr_code": base64Str,
+		"qr_code": base64Str,
-    })
+	})
 }
 func EnrollTOTP(c *gin.Context) {
-    cUser := api.CurrentUser(c)
+	cUser := api.CurrentUser(c)
-    if cUser.EnabledOTP() {
+	if cUser.EnabledOTP() {
-        c.JSON(http.StatusBadRequest, gin.H{
+		c.JSON(http.StatusBadRequest, gin.H{
-            "message": "User already enrolled",
+			"message": "User already enrolled",
-        })
+		})
-        return
+		return
-    }
+	}
-    if settings.ServerSettings.Demo {
+	if settings.ServerSettings.Demo {
-        c.JSON(http.StatusBadRequest, gin.H{
+		c.JSON(http.StatusBadRequest, gin.H{
-            "message": "This feature is disabled in demo mode",
+			"message": "This feature is disabled in demo mode",
-        })
+		})
-        return
+		return
-    }
+	}
-    var json struct {
+	var json struct {
-        Secret   string `json:"secret" binding:"required"`
+		Secret   string `json:"secret" binding:"required"`
-        Passcode string `json:"passcode" binding:"required"`
+		Passcode string `json:"passcode" binding:"required"`
-    }
+	}
-    if !api.BindAndValid(c, &json) {
+	if !api.BindAndValid(c, &json) {
-        return
+		return
-    }
+	}
-    secret, err := base64.StdEncoding.DecodeString(json.Secret)
+	secret, err := base64.StdEncoding.DecodeString(json.Secret)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    decrypted, err := crypto.AesDecrypt(secret)
+	decrypted, err := crypto.AesDecrypt(secret)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    if ok := totp.Validate(json.Passcode, string(decrypted)); !ok {
+	if ok := totp.Validate(json.Passcode, string(decrypted)); !ok {
-        c.JSON(http.StatusNotAcceptable, gin.H{
+		c.JSON(http.StatusNotAcceptable, gin.H{
-            "message": "Invalid passcode",
+			"message": "Invalid passcode",
-        })
+		})
-        return
+		return
-    }
+	}
-    ciphertext, err := crypto.AesEncrypt(decrypted)
+	ciphertext, err := crypto.AesEncrypt(decrypted)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    u := query.Auth
+	u := query.Auth
-    _, err = u.Where(u.ID.Eq(cUser.ID)).Update(u.OTPSecret, ciphertext)
+	_, err = u.Where(u.ID.Eq(cUser.ID)).Update(u.OTPSecret, ciphertext)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    recoveryCode := sha1.Sum(ciphertext)
+	recoveryCode := sha1.Sum(ciphertext)
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "message":       "ok",
+		"message":       "ok",
-        "recovery_code": hex.EncodeToString(recoveryCode[:]),
+		"recovery_code": hex.EncodeToString(recoveryCode[:]),
-    })
+	})
 }
 func ResetOTP(c *gin.Context) {
-    var json struct {
+	var json struct {
-        RecoveryCode string `json:"recovery_code"`
+		RecoveryCode string `json:"recovery_code"`
-    }
+	}
-    if !api.BindAndValid(c, &json) {
+	if !api.BindAndValid(c, &json) {
-        return
+		return
-    }
+	}
-    recoverCode, err := hex.DecodeString(json.RecoveryCode)
+	recoverCode, err := hex.DecodeString(json.RecoveryCode)
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    cUser := api.CurrentUser(c)
+	cUser := api.CurrentUser(c)
-    k := sha1.Sum(cUser.OTPSecret)
+	k := sha1.Sum(cUser.OTPSecret)
-    if !bytes.Equal(k[:], recoverCode) {
+	if !bytes.Equal(k[:], recoverCode) {
-        c.JSON(http.StatusBadRequest, gin.H{
+		c.JSON(http.StatusBadRequest, gin.H{
-            "message": "Invalid recovery code",
+			"message": "Invalid recovery code",
-        })
+		})
-        return
+		return
-    }
+	}
-    u := query.Auth
+	u := query.Auth
-    _, err = u.Where(u.ID.Eq(cUser.ID)).UpdateSimple(u.OTPSecret.Null())
+	_, err = u.Where(u.ID.Eq(cUser.ID)).UpdateSimple(u.OTPSecret.Null())
-    if err != nil {
+	if err != nil {
-        api.ErrHandler(c, err)
+		api.ErrHandler(c, err)
-        return
+		return
-    }
+	}
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "message": "ok",
+		"message": "ok",
-    })
+	})
 }
 func OTPStatus(c *gin.Context) {
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "status": len(api.CurrentUser(c).OTPSecret) > 0,
+		"status": len(api.CurrentUser(c).OTPSecret) > 0,
-    })
+	})
 }
 func SecureSessionStatus(c *gin.Context) {
-    cUser := api.CurrentUser(c)
+	cUser := api.CurrentUser(c)
-    if !cUser.EnabledOTP() {
+	if !cUser.EnabledOTP() {
-        c.JSON(http.StatusOK, gin.H{
+		c.JSON(http.StatusOK, gin.H{
-            "status": false,
+			"status": false,
-        })
+		})
-        return
+		return
-    }
+	}
-    ssid := c.GetHeader("X-Secure-Session-ID")
+	ssid := c.GetHeader("X-Secure-Session-ID")
-    if ssid == "" {
+	if ssid == "" {
-        ssid = c.Query("X-Secure-Session-ID")
+		ssid = c.Query("X-Secure-Session-ID")
-    }
+	}
-    if ssid == "" {
+	if ssid == "" {
-        c.JSON(http.StatusOK, gin.H{
+		c.JSON(http.StatusOK, gin.H{
-            "status": false,
+			"status": false,
-        })
+		})
-        return
+		return
-    }
+	}
-    if user.VerifySecureSessionID(ssid, cUser.ID) {
+	if user.VerifySecureSessionID(ssid, cUser.ID) {
-        c.JSON(http.StatusOK, gin.H{
+		c.JSON(http.StatusOK, gin.H{
-            "status": true,
+			"status": true,
-        })
+		})
-        return
+		return
-    }
+	}
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "status": false,
+		"status": false,
-    })
+	})
 }
 func StartSecure2FASession(c *gin.Context) {
-    var json struct {
+	var json struct {
-        OTP          string `json:"otp"`
+		OTP          string `json:"otp"`
-        RecoveryCode string `json:"recovery_code"`
+		RecoveryCode string `json:"recovery_code"`
-    }
+	}
-    if !api.BindAndValid(c, &json) {
+	if !api.BindAndValid(c, &json) {
-        return
+		return
-    }
+	}
-    u := api.CurrentUser(c)
+	u := api.CurrentUser(c)
-    if !u.EnabledOTP() {
+	if !u.EnabledOTP() {
-        c.JSON(http.StatusBadRequest, gin.H{
+		c.JSON(http.StatusBadRequest, gin.H{
-            "message": "User not configured with 2FA",
+			"message": "User not configured with 2FA",
-        })
+		})
-        return
+		return
-    }
+	}
-    if json.OTP == "" && json.RecoveryCode == "" {
+	if json.OTP == "" && json.RecoveryCode == "" {
-        c.JSON(http.StatusBadRequest, LoginResponse{
+		c.JSON(http.StatusBadRequest, LoginResponse{
-            Message: "The user has enabled 2FA",
+			Message: "The user has enabled 2FA",
-        })
+		})
-        return
+		return
-    }
+	}
-    if err := user.VerifyOTP(u, json.OTP, json.RecoveryCode); err != nil {
+	if err := user.VerifyOTP(u, json.OTP, json.RecoveryCode); err != nil {
-        c.JSON(http.StatusBadRequest, LoginResponse{
+		c.JSON(http.StatusBadRequest, LoginResponse{
-            Message: "Invalid 2FA or recovery code",
+			Message: "Invalid 2FA or recovery code",
-        })
+		})
-        return
+		return
-    }
+	}
-    sessionId := user.SetSecureSessionID(u.ID)
+	sessionId := user.SetSecureSessionID(u.ID)
-    c.JSON(http.StatusOK, gin.H{
+	c.JSON(http.StatusOK, gin.H{
-        "session_id": sessionId,
+		"session_id": sessionId,
-    })
+	})
 }
--- a/app/package.json
+++ b/app/package.json
@ -1,6 +1,6 @@
 {
  "name": "nginx-ui-app-next",
-  "version": "2.0.0-beta.28",
+  "version": "2.0.0-beta.29",
  "type": "module",
  "scripts": {
    "dev": "vite --host",
--- a/app/src/version.json
+++ b/app/src/version.json
@ -1 +1 @@
-{"version":"2.0.0-beta.28","build_id":149,"total_build":353}
+{"version":"2.0.0-beta.29","build_id":150,"total_build":354}
--- a/app/version.json
+++ b/app/version.json
@ -1 +1 @@
-{"version":"2.0.0-beta.28","build_id":149,"total_build":353}
+{"version":"2.0.0-beta.29","build_id":150,"total_build":354}
		`@ -1 +1 @@`
			`{"version":"2.0.0-beta.28","build_id":149,"total_build":353}`				`{"version":"2.0.0-beta.29","build_id":150,"total_build":354}`