From 3879c3a4bccfaea5685a2d0a6a39f6324776e34b Mon Sep 17 00:00:00 2001 From: bjdgyc Date: Wed, 15 Nov 2023 11:57:12 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DBanner=E7=89=B9=E6=AE=8A?= =?UTF-8?q?=E5=AD=97=E7=AC=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/handler/dtls.go | 58 ++++++++----------------------------- server/handler/link_auth.go | 2 ++ 2 files changed, 14 insertions(+), 46 deletions(-) diff --git a/server/handler/dtls.go b/server/handler/dtls.go index 12667dca..f9f27a2b 100644 --- a/server/handler/dtls.go +++ b/server/handler/dtls.go @@ -18,32 +18,14 @@ import ( "github.com/pion/logging" ) -const ( - dtlsSigneRsa = 1 - dtlsSigneEcdsa = 2 -) - -var dtlsSigneType = dtlsSigneRsa - func startDtls() { if !base.Cfg.ServerDTLS { return } - var ( - err error - certificate tls.Certificate - ) - // rsa 兼容 open connect - if dtlsSigneType == dtlsSigneRsa { - priv, _ := rsa.GenerateKey(rand.Reader, 2048) - certificate, err = selfsign.SelfSign(priv) - } - // ecdsa - if dtlsSigneType == dtlsSigneEcdsa { - certificate, err = selfsign.GenerateSelfSigned() - } + priv, _ := rsa.GenerateKey(rand.Reader, 2048) + certificate, err := selfsign.SelfSign(priv) if err != nil { panic(err) } @@ -61,10 +43,8 @@ func startDtls() { ExtendedMasterSecret: dtls.DisableExtendedMasterSecret, CipherSuites: func() []dtls.CipherSuiteID { var cs = []dtls.CipherSuiteID{} - for _, v := range dtlsCipherSuites { - for _, vv := range v { - cs = append(cs, vv) - } + for _, vv := range dtlsCipherSuites { + cs = append(cs, vv) } return cs }(), @@ -131,35 +111,21 @@ func (ms *sessionStore) Del(key []byte) error { } // 客户端和服务端映射 X-DTLS12-CipherSuite -var dtlsCipherSuites = map[string]map[string]dtls.CipherSuiteID{ - "ECDSA": { - "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - }, - "RSA": { - "ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - "ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - }, +var dtlsCipherSuites = map[string]dtls.CipherSuiteID{ + // "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + // "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + "ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, } func checkDtls12Ciphersuite(ciphersuite string) string { - csArr := strings.Split(ciphersuite, ",") - // ECDSA - if dtlsSigneType == dtlsSigneEcdsa { - for _, v := range csArr { - if _, ok := dtlsCipherSuites["ECDSA"][v]; ok { - return v - } - } - // 返回默认值 - return "ECDHE-ECDSA-AES256-GCM-SHA384" - } + csArr := strings.Split(ciphersuite, ":") for _, v := range csArr { - if _, ok := dtlsCipherSuites["RSA"][v]; ok { + if _, ok := dtlsCipherSuites[v]; ok { return v } } // 返回默认值 - return "ECDHE-RSA-AES256-GCM-SHA384" + return "ECDHE-RSA-AES128-GCM-SHA256" } diff --git a/server/handler/link_auth.go b/server/handler/link_auth.go index ca43bdd7..e9794ad6 100644 --- a/server/handler/link_auth.go +++ b/server/handler/link_auth.go @@ -14,6 +14,7 @@ import ( "github.com/bjdgyc/anylink/base" "github.com/bjdgyc/anylink/dbdata" "github.com/bjdgyc/anylink/sessdata" + "golang.org/x/net/html" ) var profileHash = "" @@ -157,6 +158,7 @@ func tplRequest(typ int, w io.Writer, data RequestData) { if strings.Contains(data.Banner, "\n") { // 替换xml文件的换行符 data.Banner = strings.ReplaceAll(data.Banner, "\n", " ") + data.Banner = html.EscapeString(data.Banner) } t, _ := template.New("auth_complete").Parse(auth_complete) _ = t.Execute(w, data)