mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-07-13 21:02:44 +08:00
refactor: rpc请求需要配置请求头:秘钥
This commit is contained in:
tongque
parent
c074adb3a9
commit
a30cd12249
@ -26,8 +26,7 @@ const (
|
|||||||
// 启动任务的请求
|
// 启动任务的请求
|
||||||
type StartScanRequest struct {
|
type StartScanRequest struct {
|
||||||
state protoimpl.MessageState `protogen:"open.v1"`
|
state protoimpl.MessageState `protogen:"open.v1"`
|
||||||
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"`
|
Arg string `protobuf:"bytes,1,opt,name=arg,proto3" json:"arg,omitempty"`
|
||||||
Arg string `protobuf:"bytes,2,opt,name=arg,proto3" json:"arg,omitempty"`
|
|
||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
}
|
}
|
||||||
@ -62,13 +61,6 @@ func (*StartScanRequest) Descriptor() ([]byte, []int) {
|
|||||||
return file_lib_rpc_proto_rawDescGZIP(), []int{0}
|
return file_lib_rpc_proto_rawDescGZIP(), []int{0}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *StartScanRequest) GetSecret() string {
|
|
||||||
if x != nil {
|
|
||||||
return x.Secret
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *StartScanRequest) GetArg() string {
|
func (x *StartScanRequest) GetArg() string {
|
||||||
if x != nil {
|
if x != nil {
|
||||||
return x.Arg
|
return x.Arg
|
||||||
@ -132,8 +124,7 @@ func (x *StartScanResponse) GetMessage() string {
|
|||||||
// 获取扫描结果的请求
|
// 获取扫描结果的请求
|
||||||
type TaskResultsRequest struct {
|
type TaskResultsRequest struct {
|
||||||
state protoimpl.MessageState `protogen:"open.v1"`
|
state protoimpl.MessageState `protogen:"open.v1"`
|
||||||
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` // 用于身份校验
|
Filter *Filter `protobuf:"bytes,1,opt,name=filter,proto3" json:"filter,omitempty"` // 筛选条件(如关键字、状态等)
|
||||||
Filter *Filter `protobuf:"bytes,2,opt,name=filter,proto3" json:"filter,omitempty"` // 筛选条件(如关键字、状态等)
|
|
||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
}
|
}
|
||||||
@ -168,13 +159,6 @@ func (*TaskResultsRequest) Descriptor() ([]byte, []int) {
|
|||||||
return file_lib_rpc_proto_rawDescGZIP(), []int{2}
|
return file_lib_rpc_proto_rawDescGZIP(), []int{2}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *TaskResultsRequest) GetSecret() string {
|
|
||||||
if x != nil {
|
|
||||||
return x.Secret
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *TaskResultsRequest) GetFilter() *Filter {
|
func (x *TaskResultsRequest) GetFilter() *Filter {
|
||||||
if x != nil {
|
if x != nil {
|
||||||
return x.Filter
|
return x.Filter
|
||||||
@ -384,16 +368,14 @@ var File_lib_rpc_proto protoreflect.FileDescriptor
|
|||||||
|
|
||||||
const file_lib_rpc_proto_rawDesc = "" +
|
const file_lib_rpc_proto_rawDesc = "" +
|
||||||
"\n" +
|
"\n" +
|
||||||
"\rlib/rpc.proto\x12\x03lib\x1a\x1cgoogle/api/annotations.proto\x1a\x1cgoogle/protobuf/struct.proto\"<\n" +
|
"\rlib/rpc.proto\x12\x03lib\x1a\x1cgoogle/api/annotations.proto\x1a\x1cgoogle/protobuf/struct.proto\"$\n" +
|
||||||
"\x10StartScanRequest\x12\x16\n" +
|
"\x10StartScanRequest\x12\x10\n" +
|
||||||
"\x06secret\x18\x01 \x01(\tR\x06secret\x12\x10\n" +
|
"\x03arg\x18\x01 \x01(\tR\x03arg\"F\n" +
|
||||||
"\x03arg\x18\x02 \x01(\tR\x03arg\"F\n" +
|
|
||||||
"\x11StartScanResponse\x12\x17\n" +
|
"\x11StartScanResponse\x12\x17\n" +
|
||||||
"\atask_id\x18\x01 \x01(\tR\x06taskId\x12\x18\n" +
|
"\atask_id\x18\x01 \x01(\tR\x06taskId\x12\x18\n" +
|
||||||
"\amessage\x18\x02 \x01(\tR\amessage\"Q\n" +
|
"\amessage\x18\x02 \x01(\tR\amessage\"9\n" +
|
||||||
"\x12TaskResultsRequest\x12\x16\n" +
|
"\x12TaskResultsRequest\x12#\n" +
|
||||||
"\x06secret\x18\x01 \x01(\tR\x06secret\x12#\n" +
|
"\x06filter\x18\x01 \x01(\v2\v.lib.FilterR\x06filter\"[\n" +
|
||||||
"\x06filter\x18\x02 \x01(\v2\v.lib.FilterR\x06filter\"[\n" +
|
|
||||||
"\x06Filter\x12\x17\n" +
|
"\x06Filter\x12\x17\n" +
|
||||||
"\atask_id\x18\x01 \x01(\tR\x06taskId\x12\x1d\n" +
|
"\atask_id\x18\x01 \x01(\tR\x06taskId\x12\x1d\n" +
|
||||||
"\n" +
|
"\n" +
|
||||||
|
|||||||
@ -34,8 +34,7 @@ service FscanService {
|
|||||||
|
|
||||||
// 启动任务的请求
|
// 启动任务的请求
|
||||||
message StartScanRequest {
|
message StartScanRequest {
|
||||||
string secret = 1;
|
string arg= 1;
|
||||||
string arg= 2;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// 启动任务的响应
|
// 启动任务的响应
|
||||||
@ -46,8 +45,7 @@ message StartScanResponse {
|
|||||||
|
|
||||||
// 获取扫描结果的请求
|
// 获取扫描结果的请求
|
||||||
message TaskResultsRequest {
|
message TaskResultsRequest {
|
||||||
string secret = 1; // 用于身份校验
|
Filter filter = 1; // 筛选条件(如关键字、状态等)
|
||||||
Filter filter = 2; // 筛选条件(如关键字、状态等)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
message Filter {
|
message Filter {
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
|
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
|
||||||
"github.com/shadow1ng/fscan/Common"
|
"github.com/shadow1ng/fscan/Common"
|
||||||
@ -13,11 +14,16 @@ import (
|
|||||||
"google.golang.org/grpc/credentials/insecure"
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var internalSecretKey string
|
||||||
|
|
||||||
// 启动 gRPC + HTTP Gateway 服务(仅当设置了 API 地址时)
|
// 启动 gRPC + HTTP Gateway 服务(仅当设置了 API 地址时)
|
||||||
func StartApiServer() error {
|
func StartApiServer() error {
|
||||||
if Common.ApiAddr == "" {
|
if Common.ApiAddr == "" {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
if Common.SecretKey == "" {
|
||||||
|
internalSecretKey = time.Now().Format("20060102150405")
|
||||||
|
}
|
||||||
|
|
||||||
grpcAddr := "127.0.0.1:50051"
|
grpcAddr := "127.0.0.1:50051"
|
||||||
httpAddr := validateHTTPAddr(Common.ApiAddr, ":8088")
|
httpAddr := validateHTTPAddr(Common.ApiAddr, ":8088")
|
||||||
@ -61,7 +67,8 @@ func runHTTPGateway(httpAddr, grpcAddr string) error {
|
|||||||
// 使用中间件包装 mux
|
// 使用中间件包装 mux
|
||||||
handler := applyMiddlewares(mux)
|
handler := applyMiddlewares(mux)
|
||||||
|
|
||||||
Common.LogSuccess("✅ HTTP Gateway 已启动,地址: " + httpAddr)
|
Common.LogSuccess("✅ HTTP Gateway 已启动,地址: http://" + httpAddr)
|
||||||
|
Common.LogSuccess("✅ API Secret: " + internalSecretKey)
|
||||||
return http.ListenAndServe(httpAddr, handler)
|
return http.ListenAndServe(httpAddr, handler)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -77,6 +84,13 @@ func applyMiddlewares(handler http.Handler) http.Handler {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
secret := r.Header.Get("Fscan-API-SECRET")
|
||||||
|
if secret == "" || secret != internalSecretKey {
|
||||||
|
http.Error(w, `无效的 API Secret,请通过请求头 Fscan-API-SECRET 提供正确的密钥。
|
||||||
|
如果你未手动配置 SecretKey,服务会在启动时自动生成一个随机密钥,并输出到日志中。`, http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
handler.ServeHTTP(w, r)
|
handler.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,7 +36,7 @@ func (s *FscanService) StartScan(ctx context.Context, req *pb.StartScanRequest)
|
|||||||
s.scanMutex.Lock()
|
s.scanMutex.Lock()
|
||||||
defer s.scanMutex.Unlock()
|
defer s.scanMutex.Unlock()
|
||||||
|
|
||||||
Common.LogDebug("异步执行扫描请求,目标: " + req.Arg + ", " + req.Secret)
|
Common.LogDebug("异步执行扫描请求,目标: " + req.Arg)
|
||||||
|
|
||||||
var info Common.HostInfo
|
var info Common.HostInfo
|
||||||
if err := Common.FlagFromRemote(&info, req.Arg); err != nil {
|
if err := Common.FlagFromRemote(&info, req.Arg); err != nil {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user