mirror of
https://github.com/flucont/btcloud.git
synced 2025-10-14 22:47:11 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f81cd68e80 | ||
|
|
4c76ec2056 | ||
|
|
ef99d79f1a | ||
|
|
06bf42de98 | ||
|
|
3c66d2fc7b |
@@ -184,4 +184,44 @@ function errorlog($msg){
|
||||
$handle = fopen(app()->getRootPath()."record.txt", 'a');
|
||||
fwrite($handle, date('Y-m-d H:i:s')."\t".$msg."\r\n");
|
||||
fclose($handle);
|
||||
}
|
||||
|
||||
function licenseEncrypt($data, $key){
|
||||
$iv = substr($key, 0, 16);
|
||||
return openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);
|
||||
}
|
||||
|
||||
function licenseDecrypt($data, $key){
|
||||
$iv = substr($key, 0, 16);
|
||||
return openssl_decrypt($data, 'AES-256-CBC', $key, 0, $iv);
|
||||
}
|
||||
|
||||
function generateKeyPairs(){
|
||||
$pkey_dir = app()->getRootPath().'data/config/';
|
||||
$public_key_path = $pkey_dir.'public_key.pem';
|
||||
$private_key_path = $pkey_dir.'private_key.pem';
|
||||
if(file_exists($public_key_path) && file_exists($private_key_path)){
|
||||
return [file_get_contents($public_key_path), file_get_contents($private_key_path)];
|
||||
}
|
||||
$pkey_config = ['private_key_bits'=>4096];
|
||||
$pkey_res = openssl_pkey_new($pkey_config);
|
||||
$private_key = '';
|
||||
openssl_pkey_export($pkey_res, $private_key, null, $pkey_config);
|
||||
$pkey_details = openssl_pkey_get_details($pkey_res);
|
||||
if(!$pkey_details) return false;
|
||||
$public_key = $pkey_details['key'];
|
||||
file_put_contents($public_key_path, $public_key);
|
||||
file_put_contents($private_key_path, $private_key);
|
||||
return [$public_key, $private_key];
|
||||
}
|
||||
|
||||
function pemToBase64($pem){
|
||||
$lines = explode("\n", $pem);
|
||||
$encoded = '';
|
||||
foreach ($lines as $line) {
|
||||
if (trim($line) != '' && strpos($line, '-----BEGIN') === false && strpos($line, '-----END') === false) {
|
||||
$encoded .= trim($line);
|
||||
}
|
||||
}
|
||||
return $encoded;
|
||||
}
|
||||
@@ -10,7 +10,7 @@ class Api extends BaseController
|
||||
|
||||
//获取插件列表
|
||||
public function get_plugin_list(){
|
||||
if(!$this->checklist()) return '';
|
||||
if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
|
||||
$record = Db::name('record')->where('ip',$this->clientip)->find();
|
||||
if($record){
|
||||
Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
|
||||
@@ -24,7 +24,7 @@ class Api extends BaseController
|
||||
|
||||
//获取插件列表(win)
|
||||
public function get_plugin_list_win(){
|
||||
if(!$this->checklist()) return '';
|
||||
if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
|
||||
$record = Db::name('record')->where('ip',$this->clientip)->find();
|
||||
if($record){
|
||||
Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
|
||||
@@ -213,6 +213,17 @@ class Api extends BaseController
|
||||
return json($data);
|
||||
}
|
||||
|
||||
//宝塔云WAF最新版本
|
||||
public function btwaf_latest_version(){
|
||||
$data = [
|
||||
'version' => '2.5',
|
||||
'description' => '暂无更新日志',
|
||||
'create_time' => 1701252997,
|
||||
];
|
||||
$data = bin2hex(json_encode($data));
|
||||
return json(['status'=>true,'err_no'=>0,'msg'=>'获取成功','data'=>$data]);
|
||||
}
|
||||
|
||||
//获取内测版更新日志
|
||||
public function get_beta_logs(){
|
||||
return json(['beta_ps'=>'当前暂无内测版', 'list'=>[]]);
|
||||
@@ -275,35 +286,67 @@ class Api extends BaseController
|
||||
|
||||
//绑定账号
|
||||
public function get_auth_token(){
|
||||
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin($_POST['data']);
|
||||
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin(input('post.data'));
|
||||
parse_str($reqData, $arr);
|
||||
$serverid = $arr['serverid'];
|
||||
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(32), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
|
||||
$data = bin2hex(urlencode(json_encode($userinfo)));
|
||||
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
|
||||
$data = bin2hex(json_encode($userinfo));
|
||||
return json(['status'=>true, 'msg'=>'登录成功!', 'data'=>$data]);
|
||||
}
|
||||
|
||||
//绑定账号新
|
||||
public function authorization_login(){
|
||||
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin($_POST['data']);
|
||||
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin(input('post.data'));
|
||||
parse_str($reqData, $arr);
|
||||
$serverid = $arr['serverid'];
|
||||
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(32), 'secret_key'=>random(48)];
|
||||
$data = bin2hex(urlencode(json_encode($userinfo)));
|
||||
return json(['status'=>true, 'msg'=>'登录成功!', 'data'=>$data]);
|
||||
$userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48)];
|
||||
$data = bin2hex(json_encode($userinfo));
|
||||
return json(['status'=>true, 'err_no'=>0, 'msg'=>'账号绑定成功', 'data'=>$data]);
|
||||
}
|
||||
|
||||
//刷新授权信息
|
||||
public function authorization_info(){
|
||||
if(!$_POST['data']) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin($_POST['data']);
|
||||
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin(input('post.data'));
|
||||
parse_str($reqData, $arr);
|
||||
$id = isset($arr['id'])&&$arr['id']>0?$arr['id']:1;
|
||||
$userinfo = ['id'=>$id, 'product'=>$arr['product'], 'status'=>2, 'clients'=>9999, 'durations'=>0, 'end_time'=>strtotime('+10 year')];
|
||||
$data = bin2hex(urlencode(json_encode($userinfo)));
|
||||
return json(['status'=>true, 'data'=>$data]);
|
||||
$data = bin2hex(json_encode($userinfo));
|
||||
return json(['status'=>true, 'err_no'=>0, 'data'=>$data]);
|
||||
}
|
||||
|
||||
//刷新授权信息
|
||||
public function update_license(){
|
||||
if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
|
||||
$reqData = hex2bin(input('post.data'));
|
||||
parse_str($reqData, $arr);
|
||||
if(!isset($arr['product']) || !isset($arr['serverid'])) return json(['status'=>false, 'msg'=>'缺少参数']);
|
||||
|
||||
$license_data = ['product'=>$arr['product'], 'uid'=>random(32), 'phone'=>'138****8888', 'auth_id'=>random(32), 'server_id'=>substr($arr['serverid'], 0, 32), 'auth'=>['apis'=>[], 'menu'=>[], 'extra'=>['type'=>3,'location'=>-1,'smart_cc'=>-1,'site'=>0]], 'pages'=>[], 'end_time'=>strtotime('+10 year')];
|
||||
$json = json_encode($license_data);
|
||||
|
||||
[$public_key, $private_key] = generateKeyPairs();
|
||||
$public_key = pemToBase64($public_key);
|
||||
|
||||
$key1 = random(32);
|
||||
$key2 = substr($public_key, 0, 32);
|
||||
$encrypted1 = licenseEncrypt($json, $key1);
|
||||
$encrypted2 = licenseEncrypt($key1, $key2);
|
||||
$sign_data = $encrypted1.'.'.$encrypted2;
|
||||
openssl_sign($sign_data, $signature, $private_key, OPENSSL_ALGO_SHA256);
|
||||
$signature = base64_encode($signature);
|
||||
|
||||
$license = base64_encode($sign_data.'.'.$signature);
|
||||
$data = bin2hex(json_encode(['public_key'=>$public_key, 'license'=>$license]));
|
||||
return json(['status'=>true, 'err_no'=>0, 'msg'=>'授权获取成功', 'data'=>$data]);
|
||||
}
|
||||
|
||||
public function is_obtained_btw_trial(){
|
||||
$data = ['is_obtained'=>0];
|
||||
$data = bin2hex(json_encode($data));
|
||||
return json(['status'=>true, 'err_no'=>0, 'data'=>$data, 'msg'=>'检测成功']);
|
||||
}
|
||||
|
||||
//一键部署列表
|
||||
@@ -344,6 +387,7 @@ class Api extends BaseController
|
||||
return json(['page'=>"<div><span class='Pcurrent'>1</span><span class='Pnumber'>1/0</span><span class='Pline'>从1-1000条</span><span class='Pcount'>共计0条数据</span></div>", 'data'=>[]]);
|
||||
}
|
||||
|
||||
//获取所有蜘蛛IP列表
|
||||
public function btwaf_getspiders(){
|
||||
try{
|
||||
$result = Plugins::btwaf_getspiders();
|
||||
@@ -353,6 +397,14 @@ class Api extends BaseController
|
||||
}
|
||||
}
|
||||
|
||||
//分类获取蜘蛛IP列表
|
||||
public function get_spider(){
|
||||
$type = input('get.spider/d');
|
||||
if(!$type) return json([]);
|
||||
$result = Plugins::get_spider($type);
|
||||
return json($result);
|
||||
}
|
||||
|
||||
//检查黑白名单
|
||||
private function checklist(){
|
||||
if(config_get('whitelist') == 1){
|
||||
@@ -391,4 +443,16 @@ class Api extends BaseController
|
||||
fclose($handle);
|
||||
exit;
|
||||
}
|
||||
|
||||
public function logerror(){
|
||||
$content = date('Y-m-d H:i:s')."\r\n";
|
||||
$content.=$_SERVER['REQUEST_METHOD'].' '.$_SERVER['REQUEST_URI']."\r\n";
|
||||
if($_SERVER['REQUEST_METHOD'] == 'POST'){
|
||||
$content.=file_get_contents('php://input')."\r\n";
|
||||
}
|
||||
$handle = fopen(app()->getRootPath()."record.txt", 'a');
|
||||
fwrite($handle, $content."\r\n");
|
||||
fclose($handle);
|
||||
return json(['status'=>false, 'msg'=>'不支持当前操作']);
|
||||
}
|
||||
}
|
||||
@@ -151,4 +151,18 @@ class Plugins
|
||||
return $result;
|
||||
}
|
||||
|
||||
//分类获取蜘蛛IP列表
|
||||
public static function get_spider($type){
|
||||
$result = cache('get_spider_'.$type);
|
||||
if($result){
|
||||
return $result;
|
||||
}
|
||||
$url = 'https://www.bt.cn/api/panel/get_spider?spider='.$type;
|
||||
$data = get_curl($url);
|
||||
$result = json_decode($data, true);
|
||||
if(!$result) return [];
|
||||
cache('get_spider_'.$type, $result, 3600 * 24);
|
||||
return $result;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
Linux_Version="8.0.2"
|
||||
Linux_Version="8.0.4"
|
||||
Windows_Version="7.9.0"
|
||||
Btm_Version="2.2.9"
|
||||
|
||||
|
||||
@@ -12,9 +12,9 @@ INSERT INTO `cloud_config` (`key`, `value`) VALUES
|
||||
('bt_key', ''),
|
||||
('whitelist', '0'),
|
||||
('download_page', '1'),
|
||||
('new_version', '8.0.2'),
|
||||
('new_version', '8.0.4'),
|
||||
('update_msg', '暂无更新日志'),
|
||||
('update_date', '2023-08-28'),
|
||||
('update_date', '2023-11-19'),
|
||||
('new_version_win', '7.9.0'),
|
||||
('update_msg_win', '暂无更新日志'),
|
||||
('update_date_win', '2023-07-20'),
|
||||
|
||||
@@ -30,6 +30,11 @@ if [ "${UbuntuCheck}" ] && [ "${UbuntuCheck}" -lt "16" ];then
|
||||
echo "Ubuntu ${UbuntuCheck}不支持安装宝塔面板,建议更换Ubuntu18/20安装宝塔面板"
|
||||
exit 1
|
||||
fi
|
||||
HOSTNAME_CHECK=$(cat /etc/hostname)
|
||||
if [ -z "${HOSTNAME_CHECK}" ];then
|
||||
echo "当前主机名hostname为空无法安装宝塔面板,请咨询服务器运营商设置好hostname后再重新安装"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd ~
|
||||
setup_path="/www"
|
||||
@@ -786,16 +791,14 @@ Set_Bt_Panel(){
|
||||
fi
|
||||
sleep 1
|
||||
admin_auth="/www/server/panel/data/admin_path.pl"
|
||||
if [ "${SAFE_PATH}" ];then
|
||||
auth_path=$SAFE_PATH
|
||||
echo "/${auth_path}" > ${admin_auth}
|
||||
fi
|
||||
if [ ! -f ${admin_auth} ];then
|
||||
auth_path=$(cat /dev/urandom | head -n 16 | md5sum | head -c 8)
|
||||
echo "/${auth_path}" > ${admin_auth}
|
||||
fi
|
||||
auth_path=$(cat /dev/urandom | head -n 16 | md5sum | head -c 8)
|
||||
echo "/${auth_path}" > ${admin_auth}
|
||||
if [ "${SAFE_PATH}" ];then
|
||||
auth_path=$SAFE_PATH
|
||||
echo "/${auth_path}" > ${admin_auth}
|
||||
fi
|
||||
chmod -R 700 $pyenv_path/pyenv/bin
|
||||
btpip install docxtpl==0.16.7
|
||||
/www/server/panel/pyenv/bin/pip3 install pymongo
|
||||
@@ -803,6 +806,7 @@ Set_Bt_Panel(){
|
||||
/www/server/panel/pyenv/bin/pip3 install flask -U
|
||||
/www/server/panel/pyenv/bin/pip3 install flask-sock
|
||||
btpip install simple-websocket==0.10.0
|
||||
btpip install natsort
|
||||
auth_path=$(cat ${admin_auth})
|
||||
cd ${setup_path}/server/panel/
|
||||
if [ "$SET_SSL" == true ]; then
|
||||
@@ -1034,7 +1038,7 @@ if [ "${PANEL_SSL}" == "True" ];then
|
||||
HTTP_S="https"
|
||||
else
|
||||
HTTP_S="http"
|
||||
fi
|
||||
fi
|
||||
|
||||
echo > /www/server/panel/data/bind.pl
|
||||
echo -e "=================================================================="
|
||||
@@ -1059,3 +1063,4 @@ endTime=`date +%s`
|
||||
echo -e "Time consumed:\033[32m $outTime \033[0mMinute!"
|
||||
|
||||
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -71,7 +71,7 @@ rm -f /www/server/panel/*.pyc
|
||||
rm -f /www/server/panel/class/*.pyc
|
||||
#pip install flask_sqlalchemy
|
||||
#pip install itsdangerous==0.24
|
||||
|
||||
btpip install natsort
|
||||
pip_list=$($mypip list)
|
||||
request_v=$(btpip list 2>/dev/null|grep "requests "|awk '{print $2}'|cut -d '.' -f 2)
|
||||
if [ "$request_v" = "" ] || [ "${request_v}" -gt "28" ];then
|
||||
|
||||
@@ -17,11 +17,17 @@ Route::post('/Auth/GetAuthToken', 'api/get_auth_token');
|
||||
Route::post('/Auth/GetBindCode', 'api/return_error');
|
||||
Route::any('/bt_monitor/update_history', 'api/btm_update_history');
|
||||
Route::any('/bt_monitor/latest_version', 'api/btm_latest_version');
|
||||
Route::any('/bt_waf/get_malicious_ip', 'api/get_ssl_list');
|
||||
Route::any('/bt_waf/daily_count_v2', 'api/get_ssl_list');
|
||||
Route::any('/bt_waf/latest_version', 'api/btwaf_latest_version');
|
||||
|
||||
Route::group('authorization', function () {
|
||||
Route::post('/login', 'api/authorization_login');
|
||||
Route::post('/info', 'api/authorization_info');
|
||||
Route::post('/info_v2', 'api/authorization_info');
|
||||
Route::post('/update_license', 'api/update_license');
|
||||
Route::post('/get_unactivated_licenses', 'api/get_ssl_list');
|
||||
Route::post('/is_obtained_btw_trial', 'api/is_obtained_btw_trial');
|
||||
Route::miss('api/return_error');
|
||||
});
|
||||
|
||||
@@ -91,6 +97,7 @@ Route::group('api', function () {
|
||||
Route::get('/panel/notpro', 'api/return_empty');
|
||||
Route::post('/Btdeployment/get_deplist', 'api/get_deplist');
|
||||
Route::post('/panel/get_deplist', 'api/get_deplist');
|
||||
Route::get('/ip/info_json', 'api/return_empty_array');
|
||||
|
||||
Route::post('/LinuxBeta', 'api/return_error');
|
||||
Route::post('/panel/apple_beta', 'api/return_error');
|
||||
@@ -103,11 +110,13 @@ Route::group('api', function () {
|
||||
Route::get('/wpanel/get_beta_logs', 'api/get_beta_logs');
|
||||
|
||||
Route::post('/v2/common_v1_authorization/get_pricing', 'api/return_error2');
|
||||
Route::post('/v2/common_v2_authorization/get_pricing', 'api/return_error2');
|
||||
|
||||
Route::any('/bt_waf/getSpiders', 'api/btwaf_getspiders');
|
||||
Route::post('/bt_waf/addSpider', 'api/return_empty');
|
||||
Route::post('/bt_waf/getVulScanInfoList', 'api/return_empty');
|
||||
Route::post('/bt_waf/reportInterceptFail', 'api/return_empty');
|
||||
Route::any('/panel/get_spider', 'api/get_spider');
|
||||
|
||||
Route::miss('api/return_error');
|
||||
});
|
||||
|
||||
@@ -16,7 +16,11 @@ def get_plugin_list(force = 0):
|
||||
except Exception as ex:
|
||||
raise public.error_conn_cloud(str(ex))
|
||||
softList = json.loads(jsonData)
|
||||
if type(softList)!=dict or 'list' not in softList: raise Exception('云端插件列表获取失败')
|
||||
if type(softList)!=dict or 'list' not in softList:
|
||||
if type(softList)==str:
|
||||
raise Exception(softList)
|
||||
else:
|
||||
raise Exception('云端插件列表获取失败')
|
||||
public.writeFile(cache_file, jsonData)
|
||||
return softList
|
||||
|
||||
|
||||
@@ -16,7 +16,11 @@ def get_plugin_list(force = 0):
|
||||
except Exception as ex:
|
||||
raise public.error_conn_cloud(str(ex))
|
||||
softList = json.loads(jsonData)
|
||||
if type(softList)!=dict or 'list' not in softList: raise Exception('云端插件列表获取失败')
|
||||
if type(softList)!=dict or 'list' not in softList:
|
||||
if type(softList)==str:
|
||||
raise Exception(softList)
|
||||
else:
|
||||
raise Exception('云端插件列表获取失败')
|
||||
public.writeFile(cache_file, jsonData)
|
||||
return softList
|
||||
|
||||
|
||||
@@ -16,9 +16,11 @@
|
||||
|
||||
- 全局搜索替换 https://www.bt.cn/api/ => http://www.example.com/api/(需排除clearModel.py、scanningModel.py、ipsModel.py)
|
||||
|
||||
- 全局搜索替换 http://www.bt.cn/api/ => http://www.example.com/api/(需排除js文件)
|
||||
|
||||
- 全局搜索替换 https://download.bt.cn/install/update6.sh => http://www.example.com/install/update6.sh
|
||||
|
||||
- class/ajax.py 文件 \#是否执行升级程序 下面的 public.get_url() 改成 public.GetConfigValue('home')
|
||||
- class/ajax.py 文件 \# 是否执行升级程序 下面的 public.get_url() 改成 public.GetConfigValue('home')
|
||||
|
||||
class/jobs.py 文件 \#尝试升级到独立环境 下面的 public.get_url() 改成 public.GetConfigValue('home')
|
||||
|
||||
@@ -63,6 +65,8 @@
|
||||
|
||||
- class/plugin_deployment.py 文件,SetupPackage方法内替换 public.GetConfigValue('home') => 'https://www.bt.cn'
|
||||
|
||||
- script/flush_plugin.py 文件,删除clear_hosts()一行
|
||||
|
||||
- install/install_soft.sh 在bash执行之前加入以下代码
|
||||
|
||||
```shell
|
||||
@@ -97,11 +101,11 @@
|
||||
|
||||
- [可选]去除创建网站自动创建的垃圾文件:在class/panelSite.py,分别删除
|
||||
|
||||
htaccess = self.sitePath+'/.htaccess'
|
||||
htaccess = self.sitePath + '/.htaccess'
|
||||
|
||||
index = self.sitePath+'/index.html'
|
||||
index = self.sitePath + '/index.html'
|
||||
|
||||
doc404 = self.sitePath+'/404.html'
|
||||
doc404 = self.sitePath + '/404.html'
|
||||
|
||||
这3行及分别接下来的4行代码
|
||||
|
||||
|
||||
Reference in New Issue
Block a user