🔒 内核接口 api/system/getConf 脱敏处理 Fix https://github.com/siyuan-note/siyuan/issues/6088

2025-12-16 22:50:13 +01:00 · 2022-10-08 10:57:20 +08:00 · 2022-10-08 10:57:20 +08:00 · c048bde330
commit c048bde330
parent 2fa3944459
2 changed files with 35 additions and 1 deletions
--- a/kernel/api/system.go
+++ b/kernel/api/system.go
@ -146,8 +146,15 @@ func getConf(c *gin.Context) {
 	ret := gulu.Ret.NewResult()
 	defer c.JSON(http.StatusOK, ret)

+	maskedConf, err := model.GetMaskedConf()
+	if nil != err {
+		ret.Code = -1
+		ret.Msg = "get conf failed: " + err.Error()
+		return
+	}
+
 	ret.Data = map[string]interface{}{
-		"conf":  model.Conf,
+		"conf":  maskedConf,
 		"start": start,
 	}

@ -193,6 +200,10 @@ func setAccessAuthCode(c *gin.Context) {
 	}

 	aac := arg["accessAuthCode"].(string)
+	if model.MaskedAccessAuthCode == aac {
+		aac = model.Conf.AccessAuthCode
+	}
+
 	model.Conf.AccessAuthCode = aac
 	model.Conf.Save()

--- a/kernel/model/conf.go
+++ b/kernel/model/conf.go
@ -582,6 +582,29 @@ func IsSubscriber() bool {
 	return nil != Conf.User && (-1 == Conf.User.UserSiYuanProExpireTime || 0 < Conf.User.UserSiYuanProExpireTime) && 0 == Conf.User.UserSiYuanSubscriptionStatus
 }

+const (
+	MaskedUserData       = ""
+	MaskedAccessAuthCode = "*******"
+)
+
+func GetMaskedConf() (ret *AppConf, err error) {
+	// 脱敏处理
+	data, err := gulu.JSON.MarshalIndentJSON(Conf, "", "  ")
+	if nil != err {
+		logging.LogErrorf("marshal conf failed: %s", err)
+		return
+	}
+	ret = &AppConf{}
+	if err = gulu.JSON.UnmarshalJSON(data, ret); nil != err {
+		logging.LogErrorf("unmarshal conf failed: %s", err)
+		return
+	}
+
+	ret.UserData = MaskedUserData
+	ret.AccessAuthCode = MaskedAccessAuthCode
+	return
+}
+
 func clearWorkspaceTemp() {
 	os.RemoveAll(filepath.Join(util.TempDir, "bazaar"))
 	os.RemoveAll(filepath.Join(util.TempDir, "export"))