urlencode db password

WeBankPartners · Mar 20, 2023 · 03498ae · 03498ae
1 parent c5235e8
commit 03498ae
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/api/terminal/terminal/server/base.py b/api/terminal/terminal/server/base.py
@@ -13,6 +13,8 @@
 from Crypto import Random
 from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
 from Crypto.PublicKey import RSA
+from urllib.parse import quote_plus
+
 from talos.core import config
 
 from terminal.common import utils as plugin_utils
@@ -28,11 +30,12 @@ def decrypt_rsa(secret_key, encrypt_text):
     return text.decode('utf-8')
 
 
-@config.intercept('db_username', 'db_password', 'db_hostip', 'db_hostport', 'db_schema', 'gateway_url', 'asset_type',
+@config.intercept('db_username', 'db_hostip', 'db_hostport', 'db_schema', 'gateway_url', 'asset_type',
                   'asset_field_name', 'asset_field_ip', 'asset_field_user', 'asset_field_password', 'asset_field_port',
                   'asset_field_desc', 'jwt_signing_key', 'boxes_check', 'sub_system_code', 'sub_system_key',
                   'websocket_url', 'session_timeout', 'platform_timezone', 'check_itsdangerous', 'download_max_size',
-                  'platform_encrypt_seed', 's3_server_url', 's3_access_key', 's3_secret_key', 's3_bucket', 'mode', 'log_level')
+                  'platform_encrypt_seed', 's3_server_url', 's3_access_key', 's3_secret_key', 's3_bucket', 'mode',
+                  'log_level')
 def get_env_value(value, origin_value):
     prefix = 'ENV@'
     encrypt_prefix = 'RSA@'
@@ -48,3 +51,23 @@ def get_env_value(value, origin_value):
                 raise ValueError('keys with "RSA@", but rsa_key file not exists')
         return new_value
     return value
+
+
+@config.intercept('db_password')
+def get_env_value(value, origin_value):
+    prefix = 'ENV@'
+    encrypt_prefix = 'RSA@'
+    if value.startswith(prefix):
+        env_name = value[len(prefix):]
+        new_value = os.getenv(env_name, default='')
+        if new_value.startswith(encrypt_prefix):
+            certs_path = RSA_KEY_PATH
+            if os.path.exists(certs_path) and os.path.isfile(certs_path):
+                with open(certs_path) as f:
+                    new_value = decrypt_rsa(f.read(), new_value[len(encrypt_prefix):])
+            else:
+                raise ValueError('keys with "RSA@", but rsa_key file not exists')
+        new_value = quote_plus(new_value)
+        return new_value
+    value = quote_plus(value)
+    return value