From 5e38c8be7c8879c87289b49a51cbd0c168add2be Mon Sep 17 00:00:00 2001
From: Eric <xplzv@126.com>
Date: Tue, 21 May 2024 13:02:36 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E8=8E=B7=E5=8F=96=E5=8A=A0=E5=AF=86?=
 =?UTF-8?q?=E7=9A=84=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 main.go                                | 18 ++++++++++++++++++
 pkg/config/config.go                   |  6 ++++++
 pkg/jms-sdk-go/service/jms_terminal.go | 14 ++++++++++++++
 pkg/jms-sdk-go/service/url.go          |  2 ++
 4 files changed, 40 insertions(+)
 create mode 100644 pkg/jms-sdk-go/service/jms_terminal.go

diff --git a/main.go b/main.go
index 64ccbaf..883476e 100644
--- a/main.go
+++ b/main.go
@@ -306,6 +306,7 @@ func registerRouter(jmsService *service.JMService, tunnelService *tunnel.Guacamo
 }
 
 func bootstrap(jmsService *service.JMService) {
+	updateEncryptConfigValue(jmsService)
 	replayDir := config.GlobalConfig.RecordPath
 	ftpFilePath := config.GlobalConfig.FTPFilePath
 	allRemainFiles := scanRemainReplay(jmsService, replayDir)
@@ -313,6 +314,23 @@ func bootstrap(jmsService *service.JMService) {
 	go uploadRemainFTPFile(jmsService, ftpFilePath)
 }
 
+func updateEncryptConfigValue(jmsService *service.JMService) {
+	cfg := config.GlobalConfig
+	encryptKey := cfg.SecretEncryptKey
+	if encryptKey != "" {
+		redisPassword := cfg.RedisPassword
+		ret, err := jmsService.GetEncryptedConfigValue(encryptKey, redisPassword)
+		if err != nil {
+			logger.Error("Get encrypted config value failed: " + err.Error())
+			return
+		}
+		if ret.Value != "" {
+			cfg.UpdateRedisPassword(ret.Value)
+		} else {
+			logger.Error("Get encrypted config value failed: empty value")
+		}
+	}
+}
 func uploadRemainFTPFile(jmsService *service.JMService, fileStoreDir string) {
 	err := config.EnsureDirExist(fileStoreDir)
 	if err != nil {
diff --git a/pkg/config/config.go b/pkg/config/config.go
index af2c484..e9ac7f3 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -56,6 +56,12 @@ type Config struct {
 	IgnoreVerifyCerts bool   `mapstructure:"IGNORE_VERIFY_CERTS"`
 	PandaHost         string `mapstructure:"PANDA_HOST"`
 	EnablePanda       bool   `mapstructure:"ENABLE_PANDA"`
+
+	SecretEncryptKey string `mapstructure:"SECRET_ENCRYPT_KEY"`
+}
+
+func (c *Config) UpdateRedisPassword(val string) {
+	c.RedisPassword = val
 }
 
 func (c *Config) SelectGuacdAddr() string {
diff --git a/pkg/jms-sdk-go/service/jms_terminal.go b/pkg/jms-sdk-go/service/jms_terminal.go
new file mode 100644
index 0000000..9b67bde
--- /dev/null
+++ b/pkg/jms-sdk-go/service/jms_terminal.go
@@ -0,0 +1,14 @@
+package service
+
+func (s *JMService) GetEncryptedConfigValue(encryptKey, encryptedValue string) (resp ResultValue, err error) {
+	data := map[string]string{
+		"secret_encrypt_key": encryptKey,
+		"encrypted_value":    encryptedValue,
+	}
+	_, err = s.authClient.Post(TerminalEncryptedConfigURL, data, &resp)
+	return
+}
+
+type ResultValue struct {
+	Value string `json:"value"`
+}
diff --git a/pkg/jms-sdk-go/service/url.go b/pkg/jms-sdk-go/service/url.go
index 5c81783..af481b7 100644
--- a/pkg/jms-sdk-go/service/url.go
+++ b/pkg/jms-sdk-go/service/url.go
@@ -6,6 +6,8 @@ const (
 	TerminalRegisterURL  = "/api/v1/terminal/terminal-registrations/" // 注册
 	TerminalConfigURL    = "/api/v1/terminal/terminals/config/"       // 获取配置
 	TerminalHeartBeatURL = "/api/v1/terminal/terminals/status/"
+
+	TerminalEncryptedConfigURL = "/api/v1/terminal/encrypted-config/"
 )
 
 // 用户登陆认证使用的API