From 3163f425971012ea2bcfa0eb604fd2bf64c5a05e Mon Sep 17 00:00:00 2001 From: withchao <993506633@qq.com> Date: Thu, 13 Jul 2023 19:26:17 +0800 Subject: [PATCH] fix: rpc mw mismatch key --- pkg/common/mw/check.go | 80 ------------------------- pkg/common/mw/check_test.go | 41 ------------- pkg/common/mw/rpc_client_interceptor.go | 2 - pkg/common/mw/rpc_server_interceptor.go | 7 --- 4 files changed, 130 deletions(-) delete mode 100644 pkg/common/mw/check.go delete mode 100644 pkg/common/mw/check_test.go diff --git a/pkg/common/mw/check.go b/pkg/common/mw/check.go deleted file mode 100644 index 81ea7e017..000000000 --- a/pkg/common/mw/check.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright © 2023 OpenIM. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package mw - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/md5" - "encoding/base64" - "errors" - "fmt" - "math/rand" - "strings" - "sync" - "time" - - "github.com/OpenIMSDK/Open-IM-Server/pkg/common/config" -) - -var ( - once sync.Once - block cipher.Block -) - -func init() { - rand.Seed(time.Now().UnixNano()) -} - -func initAesKey() { - once.Do(func() { - key := md5.Sum([]byte("openim:" + config.Config.Secret)) - var err error - block, err = aes.NewCipher(key[:]) - if err != nil { - panic(err) - } - }) -} - -func genReqKey(args []string) string { - initAesKey() - plaintext := md5.Sum([]byte(strings.Join(args, ":"))) - iv := make([]byte, aes.BlockSize, aes.BlockSize+md5.Size) - if _, err := rand.Read(iv); err != nil { - panic(err) - } - ciphertext := make([]byte, md5.Size) - cipher.NewCBCEncrypter(block, iv).CryptBlocks(ciphertext, plaintext[:]) - return base64.StdEncoding.EncodeToString(append(iv, ciphertext...)) -} - -func verifyReqKey(args []string, key string) error { - initAesKey() - k, err := base64.StdEncoding.DecodeString(key) - if err != nil { - return fmt.Errorf("invalid key %v", err) - } - if len(k) != aes.BlockSize+md5.Size { - return errors.New("invalid key") - } - plaintext := make([]byte, md5.Size) - cipher.NewCBCDecrypter(block, k[:aes.BlockSize]).CryptBlocks(plaintext, k[aes.BlockSize:]) - sum := md5.Sum([]byte(strings.Join(args, ":"))) - if string(plaintext) != string(sum[:]) { - return errors.New("mismatch key") - } - return nil -} diff --git a/pkg/common/mw/check_test.go b/pkg/common/mw/check_test.go deleted file mode 100644 index b893d7e4e..000000000 --- a/pkg/common/mw/check_test.go +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright © 2023 OpenIM. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package mw - -import ( - "fmt" - "testing" -) - -func TestCheck(t *testing.T) { - // config.Config.TokenPolicy.Secret = "123456" - - args := []string{"1", "2", "3"} - - key := genReqKey(args) - fmt.Println("key:", key) - err := verifyReqKey(args, key) - - fmt.Println(err) - - args = []string{"4", "5", "6"} - - key = genReqKey(args) - fmt.Println("key:", key) - err = verifyReqKey(args, key) - - fmt.Println(err) - -} diff --git a/pkg/common/mw/rpc_client_interceptor.go b/pkg/common/mw/rpc_client_interceptor.go index ebfcda99d..91a166c32 100644 --- a/pkg/common/mw/rpc_client_interceptor.go +++ b/pkg/common/mw/rpc_client_interceptor.go @@ -75,7 +75,6 @@ func RpcClientInterceptor( } func getRpcContext(ctx context.Context, method string) (context.Context, error) { - // ctx, _ = context.WithTimeout(ctx, time.Second*5) md := metadata.Pairs() if keys, _ := ctx.Value(constant.RpcCustomHeader).([]string); len(keys) > 0 { for _, key := range keys { @@ -111,6 +110,5 @@ func getRpcContext(ctx context.Context, method string) (context.Context, error) if ok { md.Set(constant.ConnID, connID) } - md.Set(constant.CheckKey, genReqKey(checkArgs)) return metadata.NewOutgoingContext(ctx, md), nil } diff --git a/pkg/common/mw/rpc_server_interceptor.go b/pkg/common/mw/rpc_server_interceptor.go index da99275fd..ec43069da 100644 --- a/pkg/common/mw/rpc_server_interceptor.go +++ b/pkg/common/mw/rpc_server_interceptor.go @@ -106,13 +106,6 @@ func RpcServerInterceptor( if opts := md.Get(constant.ConnID); len(opts) == 1 { ctx = context.WithValue(ctx, constant.ConnID, opts[0]) } - if opts := md.Get(constant.CheckKey); len(opts) != 1 || opts[0] == "" { - return nil, status.New(codes.InvalidArgument, "check key empty").Err() - } else { - if err := verifyReqKey(args, opts[0]); err != nil { - return nil, status.New(codes.InvalidArgument, err.Error()).Err() - } - } log.ZInfo(ctx, "rpc server req", "funcName", funcName, "req", rpcString(req)) resp, err = func() (interface{}, error) { if err := checker.Validate(req); err != nil {