You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

512 lines
19 KiB

1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
4 months ago
1 year ago
4 months ago
1 year ago
4 months ago
1 year ago
4 months ago
1 year ago
4 months ago
1 year ago
2 months ago
1 year ago
12 months ago
10 months ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
1 year ago
12 months ago
4 months ago
4 months ago
1 year ago
  1. <?php
  2. namespace app\controller;
  3. use think\facade\Db;
  4. use app\BaseController;
  5. use app\lib\Plugins;
  6. class Api extends BaseController
  7. {
  8. //获取插件列表
  9. public function get_plugin_list(){
  10. if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
  11. $record = Db::name('record')->where('ip',$this->clientip)->find();
  12. if($record){
  13. Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
  14. }else{
  15. Db::name('record')->insert(['ip'=>$this->clientip, 'addtime'=>date("Y-m-d H:i:s"), 'usetime'=>date("Y-m-d H:i:s")]);
  16. }
  17. $json_arr = Plugins::get_plugin_list();
  18. if(!$json_arr) return json((object)[]);
  19. return json($json_arr);
  20. }
  21. //获取插件列表(win)
  22. public function get_plugin_list_win(){
  23. if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
  24. $record = Db::name('record')->where('ip',$this->clientip)->find();
  25. if($record){
  26. Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
  27. }else{
  28. Db::name('record')->insert(['ip'=>$this->clientip, 'addtime'=>date("Y-m-d H:i:s"), 'usetime'=>date("Y-m-d H:i:s")]);
  29. }
  30. $json_arr = Plugins::get_plugin_list('Windows');
  31. if(!$json_arr) return json((object)[]);
  32. return json($json_arr);
  33. }
  34. //下载插件包
  35. public function download_plugin(){
  36. $plugin_name = input('post.name');
  37. $version = input('post.version');
  38. $os = input('post.os');
  39. if(!$plugin_name || !$version){
  40. return '参数不能为空';
  41. }
  42. if(!in_array($os,['Windows','Linux'])) $os = 'Linux';
  43. if(!preg_match('/^[a-zA-Z0-9_]+$/', $plugin_name) || !preg_match('/^[0-9.]+$/', $version)){
  44. return '参数不正确';
  45. }
  46. if(!$this->checklist()) return '你的服务器被禁止使用此云端';
  47. $filepath = get_data_dir($os).'plugins/package/'.$plugin_name.'-'.$version.'.zip';
  48. if(file_exists($filepath)){
  49. $filename = $plugin_name.'.zip';
  50. $this->output_file($filepath, $filename);
  51. }else{
  52. return '云端不存在该插件包';
  53. }
  54. }
  55. //下载插件主文件
  56. public function download_plugin_main(){
  57. $plugin_name = input('post.name');
  58. $version = input('post.version');
  59. $os = input('post.os');
  60. if(!$plugin_name || !$version){
  61. return '参数不能为空';
  62. }
  63. if(!in_array($os,['Windows','Linux'])) $os = 'Linux';
  64. if(!preg_match('/^[a-zA-Z0-9_]+$/', $plugin_name) || !preg_match('/^[0-9.]+$/', $version)){
  65. return '参数不正确';
  66. }
  67. if(!$this->checklist()) return '你的服务器被禁止使用此云端';
  68. $filepath = get_data_dir($os).'plugins/package/'.$plugin_name.'-'.$version.'.zip';
  69. $mainfilepath = get_data_dir($os).'plugins/folder/'.$plugin_name.'-'.$version.'/'.$plugin_name.'/'.$plugin_name.'_main.py';
  70. if(file_exists($mainfilepath)){
  71. $filename = $plugin_name.'_main.py';
  72. $this->output_file($mainfilepath, $filename);
  73. }elseif(file_exists($filepath)){
  74. $zip = new \ZipArchive;
  75. if ($zip->open($filepath) === true){
  76. echo $zip->getFromName($plugin_name.'/'.$plugin_name.'_main.py');
  77. }else{
  78. return '插件包解压缩失败';
  79. }
  80. }else{
  81. return '云端不存在该插件主文件';
  82. }
  83. }
  84. //下载插件其他文件
  85. public function download_plugin_other(){
  86. $fname = input('get.fname');
  87. if(!$fname){
  88. return json(['status'=>false, 'msg'=>'参数不能为空']);
  89. }
  90. if(strpos(dirname($fname),'.')!==false)return json(['status'=>false, 'msg'=>'参数不正确']);
  91. if(!$this->checklist()) return json(['status'=>false, 'msg'=>'你的服务器被禁止使用此云端']);
  92. $filepath = get_data_dir().'plugins/other/'.$fname;
  93. if(file_exists($filepath)){
  94. $filename = basename($fname);
  95. $this->output_file($filepath, $filename);
  96. }else{
  97. return json(['status'=>false, 'msg'=>'云端不存在该插件文件']);
  98. }
  99. }
  100. public function get_update_logs(){
  101. $type = input('get.type');
  102. if($type == 'Windows'){
  103. $version = config_get('new_version_win');
  104. $data = [
  105. [
  106. 'title' => 'Linux面板'.$version,
  107. 'body' => config_get('update_msg_win'),
  108. 'addtime' => config_get('update_date_win')
  109. ]
  110. ];
  111. }else{
  112. $version = config_get('new_version');
  113. $data = [
  114. [
  115. 'title' => 'Linux面板'.$version,
  116. 'body' => config_get('update_msg'),
  117. 'addtime' => config_get('update_date')
  118. ]
  119. ];
  120. }
  121. return jsonp($data);
  122. }
  123. public function get_version(){
  124. $version = config_get('new_version');
  125. return $version;
  126. }
  127. public function get_version_win(){
  128. $version = config_get('new_version_win');
  129. return $version;
  130. }
  131. public function get_panel_version(){
  132. $version = config_get('new_version');
  133. $file = app()->getRootPath().'public/install/update/LinuxPanel-'.$version.'.zip';
  134. $hash = hash_file('sha256', $file);
  135. $data = [
  136. 'version' => $version,
  137. 'hash' => $hash,
  138. 'update_time' => filemtime($file),
  139. ];
  140. return json($data);
  141. }
  142. //安装统计
  143. public function setup_count(){
  144. return 'ok';
  145. }
  146. //检测更新
  147. public function check_update(){
  148. $version = config_get('new_version');
  149. $down_url = request()->root(true).'/install/update/LinuxPanel-'.$version.'.zip';
  150. $data = [
  151. 'force' => false,
  152. 'version' => $version,
  153. 'downUrl' => $down_url,
  154. 'updateMsg' => config_get('update_msg'),
  155. 'uptime' => config_get('update_date'),
  156. 'is_beta' => 0,
  157. 'adviser' => -1,
  158. 'btb' => '',
  159. 'beta' => [
  160. 'version' => $version,
  161. 'downUrl' => $down_url,
  162. 'updateMsg' => config_get('update_msg'),
  163. 'uptime' => config_get('update_date'),
  164. ]
  165. ];
  166. return json($data);
  167. }
  168. //检测更新(win)
  169. public function check_update_win(){
  170. $version = config_get('new_version_win');
  171. $down_url = request()->root(true).'/win/panel/panel_'.$version.'.zip';
  172. $data = [
  173. 'force' => false,
  174. 'version' => $version,
  175. 'downUrl' => $down_url,
  176. 'updateMsg' => config_get('update_msg_win'),
  177. 'uptime' => config_get('update_date_win'),
  178. 'is_beta' => 0,
  179. 'py_version' => '3.8.6',
  180. 'adviser' => -1,
  181. 'is_rec' => -1,
  182. 'btb' => '',
  183. 'beta' => [
  184. 'py_version' => '3.8.6',
  185. 'version' => $version,
  186. 'downUrl' => $down_url,
  187. 'updateMsg' => config_get('update_msg_win'),
  188. 'uptime' => config_get('update_date_win'),
  189. ]
  190. ];
  191. return json($data);
  192. }
  193. //宝塔云监控获取最新版本
  194. public function btm_latest_version(){
  195. $data = [
  196. 'version' => config_get('new_version_btm'),
  197. 'description' => config_get('update_msg_btm'),
  198. 'create_time' => config_get('update_date_btm')
  199. ];
  200. return json($data);
  201. }
  202. //宝塔云监控更新日志
  203. public function btm_update_history(){
  204. $data = [
  205. [
  206. 'version' => config_get('new_version_btm'),
  207. 'description' => config_get('update_msg_btm'),
  208. 'create_time' => config_get('update_date_btm')
  209. ]
  210. ];
  211. return json($data);
  212. }
  213. //宝塔云WAF最新版本
  214. public function btwaf_latest_version(){
  215. $type = input('?post.type') ? input('post.type') : 0;
  216. if($type == 1){
  217. $data = [
  218. 'version' => '1.1',
  219. 'description' => '暂无更新日志',
  220. 'create_time' => 1705315163,
  221. ];
  222. }else{
  223. $data = [
  224. 'version' => '3.0',
  225. 'description' => '暂无更新日志',
  226. 'create_time' => 1705315163,
  227. ];
  228. }
  229. $data = bin2hex(json_encode($data));
  230. return json(['status'=>true,'err_no'=>0,'msg'=>'获取成功','data'=>$data]);
  231. }
  232. //获取内测版更新日志
  233. public function get_beta_logs(){
  234. return json(['beta_ps'=>'当前暂无内测版', 'list'=>[]]);
  235. }
  236. //检查用户绑定是否正确
  237. public function check_auth_key(){
  238. return '1';
  239. }
  240. //从云端验证域名是否可访问
  241. public function check_domain(){
  242. $domain = input('post.domain',null,'trim');
  243. $ssl = input('post.ssl/d');
  244. if(!$domain) return json(['status'=>false, 'msg'=>'域名不能为空']);
  245. if(!strpos($domain,'.')) return json(['status'=>false, 'msg'=>'域名格式不正确']);
  246. $domain = str_replace('*.','',$domain);
  247. $ip = gethostbyname($domain);
  248. if(!$ip || $ip == $domain){
  249. return json(['status'=>false, 'msg'=>'无法访问']);
  250. }else{
  251. return json(['status'=>true, 'msg'=>'访问正常']);
  252. }
  253. }
  254. //同步时间
  255. public function get_time(){
  256. return time();
  257. }
  258. //同步时间
  259. public function get_win_date(){
  260. return date("Y-m-d H:i:s");
  261. }
  262. //查询是否专业版(废弃)
  263. public function is_pro(){
  264. return json(['endtime'=>true, 'code'=>1]);
  265. }
  266. //获取产品推荐信息
  267. public function get_plugin_remarks(){
  268. return json(['list'=>[], 'pro_list'=>[], 'kfqq'=>'', 'kf'=>'', 'qun'=>'']);
  269. }
  270. //获取指定插件评分
  271. public function get_plugin_socre(){
  272. return json(['total'=>0, 'split'=>[0,0,0,0,0],'page'=>"<div><span class='Pcurrent'>1</span><span class='Pcount'>共计0条数据</span></div>",'data'=>[]]);
  273. }
  274. //提交插件评分
  275. public function plugin_score(){
  276. return json(['status'=>true, 'msg'=>'您的评分已成功提交,感谢您的支持!']);
  277. }
  278. //获取IP地址
  279. public function get_ip_address(){
  280. return $this->clientip;
  281. }
  282. //绑定账号
  283. public function get_auth_token(){
  284. if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
  285. $reqData = hex2bin(input('post.data'));
  286. parse_str($reqData, $arr);
  287. $serverid = $arr['serverid'];
  288. $userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
  289. $data = bin2hex(json_encode($userinfo));
  290. return json(['status'=>true, 'msg'=>'登录成功!', 'data'=>$data]);
  291. }
  292. //绑定账号新
  293. public function authorization_login(){
  294. if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
  295. $reqData = hex2bin(input('post.data'));
  296. parse_str($reqData, $arr);
  297. $serverid = $arr['serverid'];
  298. $userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48)];
  299. $data = bin2hex(json_encode($userinfo));
  300. return json(['status'=>true, 'err_no'=>0, 'msg'=>'账号绑定成功', 'data'=>$data]);
  301. }
  302. //刷新授权信息
  303. public function authorization_info(){
  304. if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
  305. $reqData = hex2bin(input('post.data'));
  306. parse_str($reqData, $arr);
  307. $id = isset($arr['id'])&&$arr['id']>0?$arr['id']:1;
  308. $userinfo = ['id'=>$id, 'product'=>$arr['product'], 'status'=>2, 'clients'=>9999, 'durations'=>0, 'end_time'=>strtotime('+10 year')];
  309. $data = bin2hex(json_encode($userinfo));
  310. return json(['status'=>true, 'err_no'=>0, 'data'=>$data]);
  311. }
  312. //刷新授权信息
  313. public function update_license(){
  314. if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
  315. $reqData = hex2bin(input('post.data'));
  316. parse_str($reqData, $arr);
  317. if(!isset($arr['product']) || !isset($arr['serverid'])) return json(['status'=>false, 'msg'=>'缺少参数']);
  318. $license_data = ['product'=>$arr['product'], 'uid'=>random(32), 'phone'=>'138****8888', 'auth_id'=>random(32), 'server_id'=>substr($arr['serverid'], 0, 32), 'auth'=>['apis'=>[], 'menu'=>[], 'extra'=>['type'=>3,'location'=>-1,'smart_cc'=>-1,'site'=>0]], 'pages'=>[], 'end_time'=>strtotime('+10 year')];
  319. $json = json_encode($license_data);
  320. [$public_key, $private_key] = generateKeyPairs();
  321. $public_key = pemToBase64($public_key);
  322. $key1 = random(32);
  323. $key2 = substr($public_key, 0, 32);
  324. $encrypted1 = licenseEncrypt($json, $key1);
  325. $encrypted2 = licenseEncrypt($key1, $key2);
  326. $sign_data = $encrypted1.'.'.$encrypted2;
  327. openssl_sign($sign_data, $signature, $private_key, OPENSSL_ALGO_SHA256);
  328. $signature = base64_encode($signature);
  329. $license = base64_encode($sign_data.'.'.$signature);
  330. $data = bin2hex(json_encode(['public_key'=>$public_key, 'license'=>$license]));
  331. return json(['status'=>true, 'err_no'=>0, 'msg'=>'授权获取成功', 'data'=>$data]);
  332. }
  333. public function is_obtained_btw_trial(){
  334. $data = ['is_obtained'=>0];
  335. $data = bin2hex(json_encode($data));
  336. return json(['status'=>true, 'err_no'=>0, 'data'=>$data, 'msg'=>'检测成功']);
  337. }
  338. //一键部署列表
  339. public function get_deplist(){
  340. $os = input('post.os');
  341. $json_arr = Plugins::get_deplist($os);
  342. if(!$json_arr) return json([]);
  343. return json($json_arr);
  344. }
  345. //获取宝塔SSL列表
  346. public function get_ssl_list(){
  347. $data = bin2hex('[]');
  348. return json(['status'=>true, 'msg'=>'', 'data'=>$data]);
  349. }
  350. public function return_success(){
  351. return json(['status'=>true, 'msg'=>1, 'data'=>(object)[]]);
  352. }
  353. public function return_error(){
  354. return json(['status'=>false, 'msg'=>'不支持当前操作']);
  355. }
  356. public function return_error2(){
  357. return json(['success'=>false, 'res'=>'不支持当前操作']);
  358. }
  359. public function return_empty(){
  360. return '';
  361. }
  362. public function return_empty_array(){
  363. return json([]);
  364. }
  365. public function return_page_data(){
  366. return json(['page'=>"<div><span class='Pcurrent'>1</span><span class='Pnumber'>1/0</span><span class='Pline'>从1-1000条</span><span class='Pcount'>共计0条数据</span></div>", 'data'=>[]]);
  367. }
  368. //获取所有蜘蛛IP列表
  369. public function btwaf_getspiders(){
  370. try{
  371. $result = Plugins::btwaf_getspiders();
  372. return json($result);
  373. }catch(\Exception $e){
  374. return json(['status'=>false, 'msg'=>$e->getMessage()]);
  375. }
  376. }
  377. //分类获取蜘蛛IP列表
  378. public function get_spider(){
  379. $type = input('get.spider/d');
  380. if(!$type) return json([]);
  381. $result = Plugins::get_spider($type);
  382. return json($result);
  383. }
  384. //检查黑白名单
  385. private function checklist(){
  386. if(config_get('whitelist') == 1){
  387. if(Db::name('white')->where('ip', $this->clientip)->where('enable', 1)->find()){
  388. return true;
  389. }
  390. return false;
  391. }else{
  392. if(Db::name('black')->where('ip', $this->clientip)->where('enable', 1)->find()){
  393. return false;
  394. }
  395. return true;
  396. }
  397. }
  398. //下载大文件
  399. private function output_file($filepath, $filename){
  400. $filesize = filesize($filepath);
  401. $filemd5 = md5_file($filepath);
  402. ob_clean();
  403. header("Content-Type: application/octet-stream");
  404. header("Content-Disposition: attachment; filename={$filename}.zip");
  405. header("Content-Length: {$filesize}");
  406. header("File-size: {$filesize}");
  407. header("Content-md5: {$filemd5}");
  408. $read_buffer = 1024 * 100;
  409. $handle = fopen($filepath, 'rb');
  410. $sum_buffer = 0;
  411. while(!feof($handle) && $sum_buffer<$filesize) {
  412. echo fread($handle, min($read_buffer, ($filesize - $sum_buffer) + 1));
  413. $sum_buffer += $read_buffer;
  414. flush();
  415. }
  416. fclose($handle);
  417. exit;
  418. }
  419. public function logerror(){
  420. $content = date('Y-m-d H:i:s')."\r\n";
  421. $content.=$_SERVER['REQUEST_METHOD'].' '.$_SERVER['REQUEST_URI']."\r\n";
  422. if($_SERVER['REQUEST_METHOD'] == 'POST'){
  423. $content.=file_get_contents('php://input')."\r\n";
  424. }
  425. $handle = fopen(app()->getRootPath()."record.txt", 'a');
  426. fwrite($handle, $content."\r\n");
  427. fclose($handle);
  428. return json(['status'=>false, 'msg'=>'不支持当前操作']);
  429. }
  430. //生成自签名SSL证书
  431. public function bt_cert(){
  432. $data = input('post.data');
  433. $param = json_decode($data, true);
  434. if(!$param || !isset($param['action']) || !isset($param['domain'])) return json(['status'=>false, 'msg'=>'参数错误']);
  435. $dir = app()->getBasePath().'script/';
  436. $ssl_path = app()->getRootPath().'public/ssl/baota_root.pfx';
  437. $isca = file_exists($dir.'ca.crt') && file_exists($dir.'ca.key') && file_exists($ssl_path);
  438. if(!$isca) return json(['status'=>false, 'msg'=>'CA证书不存在']);
  439. if($param['action'] == 'get_domain_cert'){
  440. if(!$this->checklist()) return json(['status'=>false, 'msg'=>'你的服务器被禁止使用此云端']);
  441. $domain = $param['domain'];
  442. if(empty($domain)) return json(['status'=>false, 'msg'=>'域名不能为空']);
  443. $domain_list = explode(',', $domain);
  444. foreach($domain_list as $d){
  445. if(!checkDomain($d)) return json(['status'=>false, 'msg'=>'域名或IP格式不正确:'.$d]);
  446. }
  447. $common_name = $domain_list[0];
  448. $validity = 3650;
  449. $result = makeSelfSignSSL($common_name, $domain_list, $validity);
  450. if(!$result){
  451. return json(['status'=>false, 'msg'=>'生成证书失败']);
  452. }
  453. $ca_pfx = base64_encode(file_get_contents($ssl_path));
  454. return json(['status'=>true, 'msg'=>'生成证书成功', 'cert'=>$result['cert'], 'key'=>$result['key'], 'pfx'=>$ca_pfx, 'password'=>'']);
  455. }else{
  456. return json(['status'=>false, 'msg'=>'不支持当前操作']);
  457. }
  458. }
  459. }