btcloud/app/controller/Api.php

<?php
namespace app\controller;

use think\facade\Db;
use think\facade\Cache;
use app\BaseController;
use app\lib\Plugins;

class Api extends BaseController
{

    //获取插件列表
    public function get_plugin_list(){
        if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
        $record = Db::name('record')->where('ip',$this->clientip)->find();
        if($record){
            Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
        }else{
            Db::name('record')->insert(['ip'=>$this->clientip, 'addtime'=>date("Y-m-d H:i:s"), 'usetime'=>date("Y-m-d H:i:s")]);
        }
        $json_arr = Plugins::get_plugin_list();
        if(!$json_arr) return json((object)[]);
        return json($json_arr);
    }

    //获取插件列表(win)
    public function get_plugin_list_win(){
        if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
        $record = Db::name('record')->where('ip',$this->clientip)->find();
        if($record){
            Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
        }else{
            Db::name('record')->insert(['ip'=>$this->clientip, 'addtime'=>date("Y-m-d H:i:s"), 'usetime'=>date("Y-m-d H:i:s")]);
        }
        $json_arr = Plugins::get_plugin_list('Windows');
        if(!$json_arr) return json((object)[]);
        return json($json_arr);
    }

    //获取插件列表(aapanel)
    public function get_plugin_list_en(){
        if(!$this->checklist()) return json('你的服务器被禁止使用此云端');
        $record = Db::name('record')->where('ip',$this->clientip)->find();
        if($record){
            Db::name('record')->where('id',$record['id'])->update(['usetime'=>date("Y-m-d H:i:s")]);
        }else{
            Db::name('record')->insert(['ip'=>$this->clientip, 'addtime'=>date("Y-m-d H:i:s"), 'usetime'=>date("Y-m-d H:i:s")]);
        }
        $json_arr = Plugins::get_plugin_list('en');
        if(!$json_arr) return json((object)[]);
        return json($json_arr);
    }

    //下载插件包
    public function download_plugin(){
        $plugin_name = input('post.name');
        $version = input('post.version');
        $os = input('post.os');
        if(!$plugin_name || !$version){
            return '参数不能为空';
        }
        if(!in_array($os,['Windows','Linux'])) $os = 'Linux';
        if(!preg_match('/^[a-zA-Z0-9_]+$/', $plugin_name) || !preg_match('/^[0-9.]+$/', $version)){
            return '参数不正确';
        }
        if(!$this->checklist()) return '你的服务器被禁止使用此云端';
        $filepath = get_data_dir($os).'plugins/package/'.$plugin_name.'-'.$version.'.zip';
        if(file_exists($filepath)){
            $filename = $plugin_name.'.zip';
            $this->output_file($filepath, $filename);
        }else{
            return '云端不存在该插件包';
        }
    }

    //下载插件包aapanel
    public function download_plugin_en(){
        $plugin_name = input('post.name');
        $version = input('post.version');
        if(!$plugin_name || !$version){
            return '参数不能为空';
        }
        if(!preg_match('/^[a-zA-Z0-9_]+$/', $plugin_name) || !preg_match('/^[0-9.]+$/', $version)){
            return '参数不正确';
        }
        if(!$this->checklist()) return '你的服务器被禁止使用此云端';
        $filepath = get_data_dir('en').'plugins/package/'.$plugin_name.'-'.$version.'.zip';
        if(file_exists($filepath)){
            $filename = $plugin_name.'.zip';
            $this->output_file($filepath, $filename);
        }else{
            return '云端不存在该插件包';
        }
    }

    //下载插件主文件
    public function download_plugin_main(){
        $plugin_name = input('post.name');
        $version = input('post.version');
        $os = input('post.os');
        if(!$plugin_name || !$version){
            return '参数不能为空';
        }
        if(!in_array($os,['Windows','Linux'])) $os = 'Linux';
        if(!preg_match('/^[a-zA-Z0-9_]+$/', $plugin_name) || !preg_match('/^[0-9.]+$/', $version)){
            return '参数不正确';
        }
        if(!$this->checklist()) return '你的服务器被禁止使用此云端';
        $filepath = get_data_dir($os).'plugins/package/'.$plugin_name.'-'.$version.'.zip';
        $mainfilepath = get_data_dir($os).'plugins/folder/'.$plugin_name.'-'.$version.'/'.$plugin_name.'/'.$plugin_name.'_main.py';
        if(file_exists($mainfilepath)){
            $filename = $plugin_name.'_main.py';
            $this->output_file($mainfilepath, $filename);
        }elseif(file_exists($filepath)){
            $zip = new \ZipArchive;
            if ($zip->open($filepath) === true){
                echo $zip->getFromName($plugin_name.'/'.$plugin_name.'_main.py');
            }else{
                return '插件包解压缩失败';
            }
        }else{
            return '云端不存在该插件主文件';
        }
    }

    //下载插件其他文件
    public function download_plugin_other(){
        $fname = input('get.fname');
        if(!$fname){
            $fname = input('get.filename');
            if(!$fname){
                return json(['status'=>false, 'msg'=>'参数不能为空']);
            }
        }
        if(strpos(dirname($fname),'.')!==false)return json(['status'=>false, 'msg'=>'参数不正确']);
        if(!$this->checklist()) return json(['status'=>false, 'msg'=>'你的服务器被禁止使用此云端']);
        $filepath = get_data_dir().'plugins/other/'.$fname;
        if(file_exists($filepath)){
            $filename = basename($fname);
            $this->output_file($filepath, $filename);
        }else{
            return json(['status'=>false, 'msg'=>'云端不存在该插件文件']);
        }
    }

    public function get_update_logs(){
        $type = input('get.type');
        if($type == 'Windows'){
            $version = config_get('new_version_win');
            $data = [
                [
                    'title' => 'Linux面板'.$version,
                    'body' => config_get('update_msg_win'),
                    'addtime' => config_get('update_date_win')
                ]
            ];
        }else{
            $version = config_get('new_version');
            $data = [
                [
                    'title' => 'Linux面板'.$version,
                    'body' => config_get('update_msg'),
                    'addtime' => config_get('update_date')
                ]
            ];
        }
        return jsonp($data);
    }

    public function get_version(){
        $version = config_get('new_version');
        return $version;
    }

    public function get_version_win(){
        $version = config_get('new_version_win');
        return $version;
    }

    public function get_version_en(){
        $version = config_get('new_version_en');
        return $version;
    }

    public function get_panel_version(){
        $version = config_get('new_version');
        $file = app()->getRootPath().'public/install/update/LinuxPanel-'.$version.'.zip';
        $hash = hash_file('sha256', $file);
        $data = [
            'version' => $version,
            'hash' => $hash,
            'update_time' => filemtime($file),
        ];
        return json($data);
    }

    public function get_panel_version_v2(){
        $version = config_get('new_version');
        $down_url = request()->root(true).'/install/update/LinuxPanel-'.$version.'.zip';
        $data = [
            'OfficialVersion' => [
                'version' => $version,
                'downUrl' => $down_url,
                'updateMsg' => config_get('update_msg'),
                'uptime' => config_get('update_date'),
            ],
            'OfficialVersionLatest' => [],
            'AccountVersion' => [],
        ];
        return json($data);
    }

    //安装统计
    public function setup_count(){
        return 'ok';
    }

    //检测更新
    public function check_update(){
        $version = config_get('new_version');
        $down_url = request()->root(true).'/install/update/LinuxPanel-'.$version.'.zip';
        $data = [
            'force' => false,
            'version' => $version,
            'downUrl' => $down_url,
            'updateMsg' => config_get('update_msg'),
            'uptime' => config_get('update_date'),
            'is_beta' => 0,
            'adviser' => -1,
            'btb' => '',
            'beta' => [
                'version' => $version,
                'downUrl' => $down_url,
                'updateMsg' => config_get('update_msg'),
                'uptime' => config_get('update_date'),
            ]
        ];
        return json($data);
    }

    //检测更新(win)
    public function check_update_win(){
        $version = config_get('new_version_win');
        $down_url = request()->root(true).'/win/panel/panel_'.$version.'.zip';
        $data = [
            'force' => false,
            'version' => $version,
            'downUrl' => $down_url,
            'updateMsg' => config_get('update_msg_win'),
            'uptime' => config_get('update_date_win'),
            'is_beta' => 0,
            'py_version' => '3.8.6',
            'adviser' => -1,
            'is_rec' => -1,
            'btb' => '',
            'beta' => [
                'py_version' => '3.8.6',
                'version' => $version,
                'downUrl' => $down_url,
                'updateMsg' => config_get('update_msg_win'),
                'uptime' => config_get('update_date_win'),
            ]
        ];
        return json($data);
    }

    //检测更新(aapanel)
    public function check_update_en(){
        $version = config_get('new_version_en');
        $down_url = request()->root(true).'/install/update/LinuxPanel_EN-'.$version.'.zip';
        $data = [
            'force' => false,
            'version' => $version,
            'downUrl' => $down_url,
            'updateMsg' => config_get('update_msg_en'),
            'uptime' => config_get('update_date_en'),
            'is_beta' => 0,
            'btb' => '',
            'beta' => [
                'version' => $version,
                'downUrl' => $down_url,
                'updateMsg' => config_get('update_msg_en'),
                'uptime' => config_get('update_date_en'),
            ]
        ];
        return json($data);
    }

    //宝塔云监控获取最新版本
    public function btm_latest_version(){
        $data = [
            'version' => config_get('new_version_btm'),
            'description' => config_get('update_msg_btm'),
            'create_time' => config_get('update_date_btm')
        ];
        return json($data);
    }

    //宝塔云监控更新日志
    public function btm_update_history(){
        $data = [
            [
                'version' => config_get('new_version_btm'),
                'description' => config_get('update_msg_btm'),
                'create_time' => config_get('update_date_btm')
            ]
        ];
        return json($data);
    }

    //宝塔云WAF最新版本
    public function btwaf_latest_version(){
        $type = input('?post.type') ? input('post.type') : 0;
        if($type == 1){
            $data = [
                'version' => '1.1',
                'description' => '暂无更新日志',
                'create_time' => 1705315163,
            ];
        }else{
            $data = [
                'version' => '3.0',
                'description' => '暂无更新日志',
                'create_time' => 1705315163,
            ];
        }
        $data = bin2hex(json_encode($data));
        return json(['status'=>true,'err_no'=>0,'msg'=>'获取成功','data'=>$data]);
    }

    //获取内测版更新日志
    public function get_beta_logs(){
        return json(['beta_ps'=>'当前暂无内测版', 'list'=>[]]);
    }

    //检查用户绑定是否正确
    public function check_auth_key(){
        return '1';
    }

    //从云端验证域名是否可访问
    public function check_domain(){
        $domain = input('post.domain',null,'trim');
        $ssl = input('post.ssl/d');
        if(!$domain) return json(['status'=>false, 'msg'=>'域名不能为空']);
        if(!strpos($domain,'.')) return json(['status'=>false, 'msg'=>'域名格式不正确']);
        $domain = str_replace('*.','',$domain);
        $ip = gethostbyname($domain);
        if(!$ip || $ip == $domain){
            return json(['status'=>false, 'msg'=>'无法访问']);
        }else{
            return json(['status'=>true, 'msg'=>'访问正常']);
        }
    }

    //同步时间
    public function get_time(){
        return time();
    }

    //同步时间
    public function get_win_date(){
        return date("Y-m-d H:i:s");
    }

    //查询是否专业版（废弃）
    public function is_pro(){
        return json(['endtime'=>true, 'code'=>1]);
    }

    //获取产品推荐信息
    public function get_plugin_remarks(){
        return json(['list'=>[], 'pro_list'=>[], 'kfqq'=>'', 'kf'=>'', 'qun'=>'']);
    }

    //获取指定插件评分
    public function get_plugin_socre(){
        return json(['total'=>0, 'split'=>[0,0,0,0,0],'page'=>"<div><span class='Pcurrent'>1</span><span class='Pcount'>共计0条数据</span></div>",'data'=>[]]);
    }

    //提交插件评分
    public function plugin_score(){
        return json(['status'=>true, 'msg'=>'您的评分已成功提交，感谢您的支持!']);
    }

    //获取IP地址
    public function get_ip_address(){
        return $this->clientip;
    }

    //绑定账号
    public function get_auth_token(){
        if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
        $reqData = hex2bin(input('post.data'));
        parse_str($reqData, $arr);
        $serverid = $arr['serverid'];
        $userinfo = ['uid'=>1, 'username'=>'Administrator', 'address'=>'127.0.0.1', 'serverid'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48), 'ukey'=>md5(time()), 'state'=>1];
        $data = bin2hex(json_encode($userinfo));
        return json(['status'=>true, 'msg'=>'登录成功！', 'data'=>$data]);
    }

    //绑定账号新
    public function authorization_login(){
        if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
        $reqData = hex2bin(input('post.data'));
        parse_str($reqData, $arr);
        $serverid = $arr['serverid'];
        $userinfo = ['uid'=>1, 'username'=>'Administrator', 'ip'=>'127.0.0.1', 'server_id'=>$serverid, 'access_key'=>random(48), 'secret_key'=>random(48)];
        $data = bin2hex(json_encode($userinfo));
        return json(['status'=>true, 'err_no'=>0, 'msg'=>'账号绑定成功', 'data'=>$data]);
    }

    //刷新授权信息
    public function authorization_info(){
        if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
        $reqData = hex2bin(input('post.data'));
        parse_str($reqData, $arr);
        $id = isset($arr['id'])&&$arr['id']>0?$arr['id']:1;
        $userinfo = ['id'=>$id, 'product'=>$arr['product'], 'status'=>2, 'clients'=>9999, 'durations'=>0, 'end_time'=>strtotime('+10 year')];
        $data = bin2hex(json_encode($userinfo));
        return json(['status'=>true, 'err_no'=>0, 'data'=>$data]);
    }

    //刷新授权信息
    public function update_license(){
        if(!input('?post.data')) return json(['status'=>false, 'msg'=>'参数不能为空']);
        $reqData = hex2bin(input('post.data'));
        parse_str($reqData, $arr);
        if(!isset($arr['product']) || !isset($arr['serverid'])) return json(['status'=>false, 'msg'=>'缺少参数']);

        $license_data = ['product'=>$arr['product'], 'uid'=>random(32), 'phone'=>'138****8888', 'auth_id'=>random(32), 'server_id'=>substr($arr['serverid'], 0, 32), 'auth'=>['apis'=>[], 'menu'=>[], 'extra'=>['type'=>3,'location'=>-1,'smart_cc'=>-1,'site'=>0]], 'pages'=>[], 'end_time'=>strtotime('+10 year')];
        $json = json_encode($license_data);

        [$public_key, $private_key] = generateKeyPairs();
        $public_key = pemToBase64($public_key);

        $key1 = random(32);
        $key2 = substr($public_key, 0, 32);
        $encrypted1 = licenseEncrypt($json, $key1);
        $encrypted2 = licenseEncrypt($key1, $key2);
        $sign_data = $encrypted1.'.'.$encrypted2;
        openssl_sign($sign_data, $signature, $private_key, OPENSSL_ALGO_SHA256);
        $signature = base64_encode($signature);

        $license = base64_encode($sign_data.'.'.$signature);
        $data = bin2hex(json_encode(['public_key'=>$public_key, 'license'=>$license]));
        return json(['status'=>true, 'err_no'=>0, 'msg'=>'授权获取成功', 'data'=>$data]);
    }

    public function is_obtained_btw_trial(){
        $data = ['is_obtained'=>0];
        $data = bin2hex(json_encode($data));
        return json(['status'=>true, 'err_no'=>0, 'data'=>$data, 'msg'=>'检测成功']);
    }

    //一键部署列表
    public function get_deplist(){
        $os = input('post.os');
        $json_arr = Plugins::get_deplist($os);
        if(!$json_arr) return json([]);
        return json($json_arr);
    }

    //获取宝塔SSL列表
    public function get_ssl_list(){
        $data = bin2hex('[]');
        return json(['status'=>true, 'msg'=>'', 'data'=>$data]);
    }

    //获取堡塔云WAF恶意IP库
    public function get_malicious_ip_list()
    {
        $cacheKey = 'malicious_ip_list';
    
        // 尝试从缓存获取
        if (Cache::has($cacheKey)) {
            return json(json_decode(Cache::get($cacheKey), true));
        }
        $url = 'https://api.bt.cn/bt_waf/get_malicious_ip';
        $postData = json_encode([
            'x_bt_token' => 'MzI3YjAzOGQ3Yjk3NjUxYjVlMDkyMGFm'
        ]);

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'Content-Type: application/json',
            'Content-Length: ' . strlen($postData)
        ]);

        $response = curl_exec($ch);
        if (curl_errno($ch)) {
            return json(['status'=>true, 'msg'=>'', 'data'=>$data]);
        }
        curl_close($ch);
        Cache::set($cacheKey, $response, 86400); //缓存一天

        return json(json_decode($response, true));
    }

    public function return_success(){
        return json(['status'=>true, 'msg'=>1, 'data'=>(object)[]]);
    }

    public function return_error(){
        return json(['status'=>false, 'msg'=>'不支持当前操作']);
    }

    public function return_error2(){
        return json(['success'=>false, 'res'=>'不支持当前操作']);
    }
    
    public function return_empty(){
        return '';
    }

    public function return_empty_array(){
        return json([]);
    }

    public function return_page_data(){
        return json(['page'=>"<div><span class='Pcurrent'>1</span><span class='Pnumber'>1/0</span><span class='Pline'>从1-1000条</span><span class='Pcount'>共计0条数据</span></div>", 'data'=>[]]);
    }

    public function nps_check(){
        return json(['err_no'=>0, 'success'=>true, 'res'=>true, 'nonce'=>time()]);
    }

    public function nps_questions(){
        return json(['err_no'=>0, 'success'=>true, 'res'=>[], 'nonce'=>time()]);
    }

    public function nps_submit(){
        return json(['err_no'=>0, 'success'=>true, 'res'=>'Success', 'nonce'=>time()]);
    }

    public function get_user_give_away(){
        return json(['no_exceed_limit'=>false, 'user_give'=>true]);
    }

    //获取所有蜘蛛IP列表
    public function btwaf_getspiders(){
        try{
            $result = Plugins::btwaf_getspiders();
            return json($result);
        }catch(\Exception $e){
            return json(['status'=>false, 'msg'=>$e->getMessage()]);
        }
    }

    //分类获取蜘蛛IP列表
    public function get_spider(){
        $type = input('get.spider/d');
        if(!$type) return json([]);
        $result = Plugins::get_spider($type);
        return json($result);
    }
    
    //获取堡塔恶意情报IP库
    public function btwaf_getmalicious(){
        try{
            $result = Plugins::btwaf_getmalicious();
            return json($result);
        }catch(\Exception $e){
            return json(['success'=>false, 'res'=>$e->getMessage()]);
        }
    }

    //检查是否国内IP
    public function check_cnip(){
        $clientip = bindec(decbin(ip2long($this->clientip)));
        $json_file = app()->getBasePath().'lib/cn.json';
        $arr = json_decode(file_get_contents($json_file), true);
        if(!$arr) return 'False';
        foreach($arr as $ip_arr){
            if($clientip >= $ip_arr[0] && $clientip <= $ip_arr[1]){
                return 'True';
            }
        }
        return 'False';
    }

    //邮件配额
    public function email_user_surplus(){
        $data = [
            'free' => ['surplus' => '120000', 'total' => '120000', 'used' => '0'],
            'period' => ['surplus' => '2000000', 'total' => '2000000', 'used' => '0'],
        ];
        return json(['success'=>true, 'msg'=>'获取成功', 'res'=>$data]);
    }

    //检查黑白名单
    private function checklist(){
        if(config_get('whitelist') == 1){
            if(Db::name('white')->where('ip', $this->clientip)->where('enable', 1)->find()){
                return true;
            }
            return false;
        }else{
            if(Db::name('black')->where('ip', $this->clientip)->where('enable', 1)->find()){
                return false;
            }
            return true;
        }
    }

    //下载大文件
    private function output_file($filepath, $filename){
        $filesize = filesize($filepath);
        $filemd5 = md5_file($filepath);

        ob_clean();
        header("Content-Type: application/octet-stream");
        header("Content-Disposition: attachment; filename={$filename}.zip");
        header("Content-Length: {$filesize}");
        header("File-size: {$filesize}");
        header("Content-md5: {$filemd5}");

        $read_buffer = 1024 * 100;
        $handle = fopen($filepath, 'rb');
        $sum_buffer = 0;
        while(!feof($handle) && $sum_buffer<$filesize) {
            echo fread($handle, min($read_buffer, ($filesize - $sum_buffer) + 1));
            $sum_buffer += $read_buffer;
            flush();
        }
        fclose($handle);
        exit;
    }

    public function logerror(){
        $content = date('Y-m-d H:i:s')."\r\n";
        $content.=$_SERVER['REQUEST_METHOD'].' '.$_SERVER['REQUEST_URI']."\r\n";
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            $content.=file_get_contents('php://input')."\r\n";
        }
        $handle = fopen(app()->getRootPath()."record.txt", 'a');
        fwrite($handle, $content."\r\n");
        fclose($handle);
        return json(['status'=>false, 'msg'=>'不支持当前操作']);
    }

    //生成自签名SSL证书
    public function bt_cert(){
        $data = input('post.data');
        $param = json_decode($data, true);
        if(!$param || !isset($param['action']) || !isset($param['domain'])) return json(['status'=>false, 'msg'=>'参数错误']);

        $dir = app()->getBasePath().'script/';
        $ssl_path = app()->getRootPath().'public/ssl/baota_root.pfx';
        $isca = file_exists($dir.'ca.crt') && file_exists($dir.'ca.key') && file_exists($ssl_path);
        if(!$isca) return json(['status'=>false, 'msg'=>'CA证书不存在']);

        if($param['action'] == 'get_domain_cert'){
            if(!$this->checklist()) return json(['status'=>false, 'msg'=>'你的服务器被禁止使用此云端']);
            $domain = $param['domain'];
            if(empty($domain)) return json(['status'=>false, 'msg'=>'域名不能为空']);
            $domain_list = explode(',', $domain);
            foreach($domain_list as $d){
                if(!checkDomain($d)) return json(['status'=>false, 'msg'=>'域名或IP格式不正确:'.$d]);
            }
            $common_name = $domain_list[0];
            $validity = 3650;
            $result = makeSelfSignSSL($common_name, $domain_list, $validity);
            if(!$result){
                return json(['status'=>false, 'msg'=>'生成证书失败']);
            }
            $ca_pfx = base64_encode(file_get_contents($ssl_path));
            return json(['status'=>true, 'msg'=>'生成证书成功', 'cert'=>$result['cert'], 'key'=>$result['key'], 'pfx'=>$ca_pfx, 'password'=>'']);
        }else{
            return json(['status'=>false, 'msg'=>'不支持当前操作']);
        }
    }
}