Merge commit '44998f21160d9286edeafff3948728d5d5795669' into release

Kuingsmile · Oct 18, 2023 · 3085acf · 3085acf
2 parents 7af7830 + 44998f2
commit 3085acf
Show file tree

Hide file tree

Showing 13 changed files with 255 additions and 133 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,24 @@
+## :tada: 2.6.5 (2023-10-18)
+
+
+### :sparkles: Features
+
+* **custom:** remove sensitive info in reponse field ([d9f25ac](https://github.com/Kuingsmile/piclist/commit/d9f25ac))
+* **custom:** upload api now return encrypted full result ([0189715](https://github.com/Kuingsmile/piclist/commit/0189715))
+
+
+### :bug: Bug Fixes
+
+* **custom:** fix an issue working with watt toolkit of github picbed ([10ec712](https://github.com/Kuingsmile/piclist/commit/10ec712)), closes [#106](https://github.com/Kuingsmile/piclist/issues/106)
+* **custom:** fix upload error when filename contains nested path of webdav sftp and local ([92284ac](https://github.com/Kuingsmile/piclist/commit/92284ac))
+
+
+### :pencil: Documentation
+
+* **custom:** update docs ([65cfe6e](https://github.com/Kuingsmile/piclist/commit/65cfe6e))
+
+
+
 ## :tada: 2.6.4 (2023-10-14)
 
 

diff --git a/currentVersion.md b/currentVersion.md
@@ -1,11 +1,8 @@
 ✨ Features
 
-- 现在当设置了内置服务器鉴权密钥时，图床设置界面复制api接口会自动添加密钥
-- 添加了`PicList`自身作为套娃图床，实现A电脑添加B电脑的`PicList`进行上传的功能
-- 新增上传耗时等统计功能
+- 现在上传接口不再明文返回`config`字段，而是经过加密的字符串，密钥可自行设置
 
 🐛 Bug Fixes
 
-- 修复了电脑间同步管理配置文件时，无法正常进入图床，需要重新保存一次配置的问题
-- 修复了arm mac平台缺失右键菜单的问题
-- 修复了跳过水印字体下载没有对文件上传情景生效的问题
+- 修复了文件名中含有二级目录时，webdav、local和sftp图床会上传失败的问题
+- 修复了使用watt toolkit加速时，github图床上传失败的问题
diff --git a/currentVersion_en.md b/currentVersion_en.md
@@ -1,11 +1,8 @@
 ✨ Features
 
-- Now when the built-in server authentication key is set, the copy API interface in the image bed setting interface will automatically add the key
-- Added `PicList` itself as a nested image bed, which realizes the function of A computer adding B computer's `PicList` for uploading
-- Added upload time consumption and other statistics functions
+- Now the upload interface no longer returns the `config` field in plain text, but an encrypted string, and the key can be set by yourself
 
 🐛 Bug Fixes
 
-- Fixed the problem that when synchronizing and managing configuration files between computers, the image bed cannot be entered normally, and the configuration needs to be saved again
-- Fixed the problem that the right-click menu is missing on the arm mac platform
-- Fixed the problem that skipping the watermark font download does not take effect on file upload scenarios
+- Fix the problem that the webdav, local and sftp image beds will fail to upload when the file name contains a secondary directory
+- Fix the problem that the github image bed will fail to upload when using the watt toolkit acceleration
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "piclist",
- "version": "2.6.4",
+ "version": "2.6.5",
  "author": {
  "name": "Kuingsmile",
  "email": "[email protected]"
@@ -48,36 +48,36 @@
  "ali-oss": "^6.18.1",
  "axios": "^1.5.1",
  "compare-versions": "^4.1.3",
- "core-js": "^3.32.2",
+ "core-js": "^3.33.0",
  "cos-nodejs-sdk-v5": "^2.12.4",
  "dexie": "^3.2.4",
  "electron-updater": "^6.1.4",
- "element-plus": "2.4.0",
+ "element-plus": "2.4.1",
  "epipebomb": "^1.0.0",
  "fast-xml-parser": "^4.3.2",
  "form-data": "^4.0.0",
  "fs-extra": "^11.1.1",
  "got": "^12.6.0",
- "highlight.js": "^11.8.0",
+ "highlight.js": "^11.9.0",
  "hpagent": "^1.2.0",
  "keycode": "^2.2.0",
  "lowdb": "^1.0.0",
- "marked": "^8.0.0",
+ "marked": "^9.1.2",
  "mime-types": "^2.1.35",
  "mitt": "^3.0.1",
  "multer": "^1.4.5-lts.1",
  "node-ssh-no-cpu-features": "^1.0.1",
  "nodejs-file-downloader": "^4.12.1",
- "piclist": "^1.6.0",
+ "piclist": "^1.6.2",
  "pinia": "^2.1.7",
  "pinia-plugin-persistedstate": "^3.2.0",
- "qiniu": "^7.9.0",
+ "qiniu": "^7.10.0",
  "qrcode.vue": "^3.4.1",
  "querystring": "^0.2.1",
  "shell-path": "2.1.0",
  "ssh2-no-cpu-features": "^1.0.0",
  "upyun": "^3.4.6",
- "uuid": "^9.0.0",
+ "uuid": "^9.0.1",
  "video.js": "^8.5.2",
  "vue": "^3.3.4",
  "vue-router": "^4.2.5",
@@ -89,23 +89,23 @@
  "devDependencies": {
  "@babel/plugin-proposal-optional-chaining": "^7.21.0",
  "@electron/notarize": "^2.1.0",
- "@types/ali-oss": "^6.16.9",
- "@types/electron-devtools-installer": "^2.2.3",
+ "@types/ali-oss": "^6.16.10",
+ "@types/electron-devtools-installer": "^2.2.4",
  "@types/fs-extra": "^11.0.2",
  "@types/inquirer": "^6.5.0",
- "@types/js-yaml": "^4.0.6",
- "@types/lowdb": "^1.0.12",
- "@types/mime-types": "^2.1.2",
- "@types/multer": "^1.4.8",
+ "@types/js-yaml": "^4.0.8",
+ "@types/lowdb": "^1.0.13",
+ "@types/mime-types": "^2.1.3",
+ "@types/multer": "^1.4.9",
  "@types/node": "^16.10.2",
  "@types/request-promise-native": "^1.0.19",
  "@types/semver": "^7.5.3",
  "@types/tunnel": "^0.0.4",
  "@types/upyun": "^3.4.1",
- "@types/uuid": "^9.0.3",
+ "@types/uuid": "^9.0.5",
  "@types/write-file-atomic": "^4.0.1",
- "@typescript-eslint/eslint-plugin": "^6.7.5",
- "@typescript-eslint/parser": "^6.7.5",
+ "@typescript-eslint/eslint-plugin": "^6.8.0",
+ "@typescript-eslint/parser": "^6.8.0",
  "@vue/cli-plugin-babel": "^5.0.8",
  "@vue/cli-plugin-eslint": "^5.0.8",
  "@vue/cli-plugin-router": "^5.0.8",

diff --git a/public/i18n/en.yml b/public/i18n/en.yml
@@ -204,6 +204,7 @@ SETTINGS_SET_SERVER_KEY: Set Auth Key
 SETTINGS_TIP_PLACEHOLDER_HOST: Default:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: Default:36677
 SETTINGS_TIP_PLACEHOLDER_KEY: This key is used to avoid malicious requests, through urlParams '?key=xxx' to pass
+SETTINGS_SET_SERVER_AES_KEY: Set AES Key for server response
 SETTINGS_LOG_LEVEL_ALL: All
 SETTINGS_LOG_LEVEL_SUCCESS: Success
 SETTINGS_LOG_LEVEL_ERROR: Error

diff --git a/public/i18n/zh-CN.yml b/public/i18n/zh-CN.yml
@@ -206,6 +206,7 @@ SETTINGS_SET_SERVER_KEY: 设置鉴权密钥
 SETTINGS_TIP_PLACEHOLDER_HOST: 推荐默认地址:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: 推荐默认端口:36677
 SETTINGS_TIP_PLACEHOLDER_KEY: 用于接口鉴权, 通过url参数添加'?key=xxx'
+SETTINGS_SET_SERVER_AES_KEY: 设置接口数据加密密钥
 SETTINGS_LOG_LEVEL_ALL: 全部-All
 SETTINGS_LOG_LEVEL_SUCCESS: 成功-Success
 SETTINGS_LOG_LEVEL_ERROR: 错误-Error

diff --git a/public/i18n/zh-TW.yml b/public/i18n/zh-TW.yml
@@ -204,6 +204,7 @@ SETTINGS_SET_SERVER_KEY: 設定鑒權密鑰
 SETTINGS_TIP_PLACEHOLDER_HOST: 推薦預設地址:127.0.0.1
 SETTINGS_TIP_PLACEHOLDER_PORT: 推薦預設端口:36677
 SETTINGS_TIP_PLACEHOLDER_KEY: 用於接口鑒權, 通過url參數添加'?key=xxx'
+SETTINGS_SET_SERVER_AES_KEY: 設定AES加密密鑰
 SETTINGS_LOG_LEVEL_ALL: 全部-All
 SETTINGS_LOG_LEVEL_SUCCESS: 成功-Success
 SETTINGS_LOG_LEVEL_ERROR: 錯誤-Error

diff --git a/src/main/server/routerManager.ts b/src/main/server/routerManager.ts
@@ -11,6 +11,7 @@ import picgo from '@core/picgo'
 import { changeCurrentUploader } from '../utils/handleUploaderConfig'
 import { app } from 'electron'
 import fs from 'fs-extra'
+import { AESHelper } from '../utils/aesHelper'
 
 const appPath = app.getPath('userData')
 const serverTempDir = path.join(appPath, 'serverTemp')
@@ -76,12 +77,18 @@ router.post('/upload', async ({
  const fullResult = result.fullResult
  logger.info('[PicList Server] upload result:', res)
  if (res) {
+ const treatedFullResult = {
+ isEncrypted: 1,
+ EncryptedData: new AESHelper().encrypt(JSON.stringify(fullResult)),
+ ...fullResult
+ }
+ delete treatedFullResult.config
  handleResponse({
  response,
  body: {
  success: true,
  result: [res],
- fullResult: [fullResult]
+ fullResult: [treatedFullResult]
  }
  })
  } else {
@@ -107,7 +114,13 @@ router.post('/upload', async ({
  return item.url
  })
  const fullResult = result.map((item: any) => {
- return item.fullResult
+ const treatedItem = {
+ isEncrypted: 1,
+ EncryptedData: new AESHelper().encrypt(JSON.stringify(item.fullResult)),
+ ...item.fullResult
+ }
+ delete treatedItem.config
+ return treatedItem
  })
  logger.info('[PicList Server] upload result', res.join(' ; '))
  if (res.length) {
@@ -163,7 +176,17 @@ router.post('/delete', async ({
  return
  }
  try {
- const result = await deleteChoosedFiles(list)
+ // 区分是否是加密的数据，如果不是直接传入list，如果是，解密后再传入
+ const treatList = list.map(item => {
+ if (item.isEncrypted) {
+ const aesHelper = new AESHelper()
+ const data = aesHelper.decrypt(item.EncryptedData)
+ return JSON.parse(data)
+ } else {
+ return item
+ }
+ })
+ const result = await deleteChoosedFiles(treatList)
  const successCount = result.filter(item => item).length
  const failCount = result.filter(item => !item).length
  if (successCount) {

diff --git a/src/main/utils/aesHelper.ts b/src/main/utils/aesHelper.ts
@@ -0,0 +1,39 @@
+import crypto from 'crypto'
+import picgo from '@core/picgo'
+
+function getDerivedKey (): Buffer {
+ const userPassword = picgo.getConfig<string>('settings.aesPassword') || 'PicList-aesPassword'
+ const fixedSalt = Buffer.from('a8b3c4d2e4f5098712345678feedc0de', 'hex')
+ const fixedIterations = 100000
+ const keyLength = 32
+ return crypto.pbkdf2Sync(userPassword, fixedSalt, fixedIterations, keyLength, 'sha512')
+}
+
+export class AESHelper {
+ key: Buffer
+ constructor () {
+ this.key = getDerivedKey()
+ }
+
+ encrypt (plainText: string) {
+ const iv = crypto.randomBytes(16)
+ const cipher = crypto.createCipheriv('aes-256-cbc', this.key, iv)
+ let encrypted = cipher.update(plainText, 'utf8', 'hex')
+ encrypted += cipher.final('hex')
+ const encryptedData = `${iv.toString('hex')}:${encrypted}`
+ return encryptedData
+ }
+
+ decrypt (encryptedData: string) {
+ const parts = encryptedData.split(':')
+ if (parts.length !== 2) {
+ return '{}'
+ }
+ const iv = Buffer.from(parts[0], 'hex')
+ const encryptedText = parts[1]
+ const decipher = crypto.createDecipheriv('aes-256-cbc', this.key, iv)
+ let decrypted = decipher.update(encryptedText, 'hex', 'utf8')
+ decrypted += decipher.final('utf8')
+ return decrypted
+ }
+}
diff --git a/src/renderer/pages/PicGoSetting.vue b/src/renderer/pages/PicGoSetting.vue
@@ -598,6 +598,18 @@
  {{ $T('SETTINGS_CLICK_TO_SET') }}
  </el-button>
  </el-form-item>
+ <el-form-item
+ :label="$T('SETTINGS_SET_SERVER_AES_KEY')"
+ >
+ <el-input
+ v-model.trim="form.aesPassword"
+ type="input"
+ :placeholder="$T('SETTINGS_SET_SERVER_AES_KEY')"
+ size="small"
+ style="width: 50%"
+ @change="handleAesPasswordChange"
+ />
+ </el-form-item>
  </el-form>
  </el-row>
  </el-col>
@@ -1702,7 +1714,8 @@ const form = reactive<ISettingForm>({
  yourlsDomain: '',
  yourlsSignature: '',
  deleteLocalFile: false,
- serverKey: ''
+ serverKey: '',
+ aesPassword: ''
 })
 
 const languageList = i18nManager.languageList.map(item => ({
@@ -1860,6 +1873,7 @@ async function initData () {
  form.yourlsSignature = settings.yourlsSignature || ''
  form.deleteLocalFile = settings.deleteLocalFile || false
  form.serverKey = settings.serverKey || ''
+ form.aesPassword = settings.aesPassword || 'PicList-aesPassword'
  currentLanguage.value = settings.language ?? 'zh-CN'
  currentStartMode.value = settings.startMode || 'quiet'
  customLink.value = settings.customLink || '![$fileName]($url)'
@@ -2210,6 +2224,10 @@ function handleYourlsSignatureChange (val: string) {
  saveConfig('settings.yourlsSignature', val)
 }
 
+function handleAesPasswordChange (val: string) {
+ saveConfig('settings.aesPassword', val || 'PicList-aesPassword')
+}
+
 function confirmLogLevelSetting () {
  if (form.logLevel.length === 0) {
  return $message.error($T('TIPS_PLEASE_CHOOSE_LOG_LEVEL'))

diff --git a/src/universal/types/i18n.d.ts b/src/universal/types/i18n.d.ts
@@ -199,6 +199,7 @@ interface ILocales {
  SETTINGS_TIP_PLACEHOLDER_HOST: string
  SETTINGS_TIP_PLACEHOLDER_PORT: string
  SETTINGS_TIP_PLACEHOLDER_KEY: string
+ SETTINGS_SET_SERVER_AES_KEY: string
  SETTINGS_LOG_LEVEL_ALL: string
  SETTINGS_LOG_LEVEL_SUCCESS: string
  SETTINGS_LOG_LEVEL_ERROR: string

diff --git a/src/universal/types/view.d.ts b/src/universal/types/view.d.ts
@@ -28,7 +28,8 @@ interface ISettingForm {
  yourlsDomain: string,
  yourlsSignature: string,
  deleteLocalFile: boolean,
- serverKey: string
+ serverKey: string,
+ aesPassword: string
 }
 
 interface IShortKeyMap {