Go: default public key (#16265)

### What problem does this PR solve? Provider default public key for CLI ### Type of change - [x] Refactoring Signed-off-by: Jin Hai <haijin.chn@gmail.com>
2026-06-29 23:41:12 +08:00 · 2026-06-23 17:43:26 +08:00
parent dec2ce4a60
commit e15130534f
5 changed files with 65 additions and 11 deletions
--- a/internal/cli/admin_command.go
+++ b/internal/cli/admin_command.go
@@ -517,8 +517,13 @@ func (c *CLI) AdminCreateUserCommand(cmd *Command) (ResponseIf, error) {
 		return nil, fmt.Errorf("password not provided")
 	}

+	publicKey, err := c.GetPublicKeyPEM()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get public key: %w", err)
+	}
+
 	// Encrypt password using RSA
-	encryptedPassword, err := EncryptPassword(password)
+	encryptedPassword, err := EncryptPassword(password, publicKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to encrypt password: %w", err)
 	}
@@ -658,8 +663,13 @@ func (c *CLI) AdminAlterUserPassword(cmd *Command) (ResponseIf, error) {
 		return nil, fmt.Errorf("password not provided")
 	}

+	publicKey, err := c.GetPublicKeyPEM()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get public key: %w", err)
+	}
+
 	// Encrypt password using RSA
-	encryptedPassword, err := EncryptPassword(password)
+	encryptedPassword, err := EncryptPassword(password, publicKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to encrypt password: %w", err)
 	}
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -38,6 +38,7 @@ type APIServerConfig struct {
 	UserName     *string `yaml:"user_name"`
 	UserPassword *string `yaml:"password"`
 	ApiToken     *string `yaml:"api_token"`
+	KeyFile      *string `yaml:"key_file"`
 	IP           string
 	Port         int
 }
@@ -86,6 +87,7 @@ type AdminModeConfig struct {
 	AdminPort     int
 	AdminName     *string
 	AdminPassword *string
+	KeyFile       *string
 	//AdminCommand  *string
 }

@@ -217,6 +219,11 @@ func ParseArgs(args []string) (*CommandLineConfig, error) {
 					}
 					i++
 				}
+			case "-k", "--key":
+				if i+1 < len(args) && !strings.HasPrefix(args[i+1], "-") {
+					defaultApiServerConfig.KeyFile = &args[i+1]
+					i++
+				}
 			default:
 				// Non-flag argument (command)
 				if !strings.HasPrefix(arg, "-") {
@@ -333,6 +340,11 @@ func ParseArgs(args []string) (*CommandLineConfig, error) {
 					AdminConfig.AdminName = &args[i+1]
 					i++
 				}
+			case "-k", "--key":
+				if i+1 < len(args) && !strings.HasPrefix(args[i+1], "-") {
+					AdminConfig.KeyFile = &args[i+1]
+					i++
+				}
 			case "-p", "--password":
 				if i+1 < len(args) && !strings.HasPrefix(args[i+1], "-") {
 					AdminConfig.AdminPassword = &args[i+1]
@@ -853,6 +865,27 @@ func (c *CLI) VerifyAuth(username, password string) error {
 	return err
 }

+func (c *CLI) GetPublicKeyPEM() ([]byte, error) {
+
+	var publicKeyFile *string = nil
+	switch c.Config.CLIMode {
+	case AdminMode:
+		publicKeyFile = c.Config.AdminClientConfig.KeyFile
+	case APIMode:
+		publicKeyFile = c.Config.APIClientConfig.APIServerMap[c.Config.APIClientConfig.CurrentAPIServer].KeyFile
+	}
+	if publicKeyFile == nil {
+		result := "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq9XTUSeYr2+N1h3Afl/\nz8Dse/2yD0ZGrKwx+EEEcdsBLca9Ynmx3nIB5obmLlSfmskLpBo0UACBmB5rEjBp\n2Q2f3AG3Hjd4B+gNCG6BDaawuDlgANIhGnaTLrIqWrrcm4EMzJOnAOI1fgzJRsOO\nUEfaS318Eq9OVO3apEyCCt0lOQK6PuksduOjVxtltDav+guVAA068NrPYmRNabVK\nRNLJpL8w4D44sfth5RvZ3q9t+6RTArpEtc5sh5ChzvqPOzKGMXW83C95TxmXqpbK\n6olN4RevSfVjEAgCydH6HN6OhtOQEcnrU97r9H0iZOWwbw3pVrZiUkuRD1R56Wzs\n2wIDAQAB\n-----END PUBLIC KEY-----"
+		return []byte(result), nil
+	}
+
+	publicKeyPEM, err := os.ReadFile(*publicKeyFile)
+	if err != nil {
+		return []byte(""), fmt.Errorf("failed to read public key: %w", err)
+	}
+	return publicKeyPEM, nil
+}
+
 // printSearchHelp prints help for the search command
 func printSearchHelp() {
 	help := `Search command usage: search <query> [path] [-n number]
--- a/internal/cli/common_command.go
+++ b/internal/cli/common_command.go
@@ -160,8 +160,14 @@ func (c *CLI) PingServer(iterations int) (ResponseIf, error) {

 // loginUser performs the actual login request
 func (c *CLI) loginUser(email, password string) (string, error) {
-	// Encrypt password using scrypt (same as Python implementation)
-	encryptedPassword, err := EncryptPassword(password)
+	publicKey, err := c.GetPublicKeyPEM()
+	if err != nil {
+		return "", fmt.Errorf("failed to get public key: %w", err)
+	}
+
+	// Encrypt password using RSA
+	encryptedPassword, err := EncryptPassword(password, publicKey)
+
 	if err != nil {
 		return "", fmt.Errorf("failed to encrypt password: %w", err)
 	}
--- a/internal/cli/crypt.go
+++ b/internal/cli/crypt.go
@@ -29,13 +29,13 @@ import (

 // EncryptPassword encrypts a password using RSA public key
 // This matches the Python implementation in api/utils/crypt.py
-func EncryptPassword(password string) (string, error) {
+func EncryptPassword(password string, publicKeyPEM []byte) (string, error) {
 	// Read public key from conf/public.pem
-	publicKeyPath := filepath.Join(getProjectBaseDirectory(), "conf", "public.pem")
-	publicKeyPEM, err := os.ReadFile(publicKeyPath)
-	if err != nil {
-		return "", fmt.Errorf("failed to read public key: %w", err)
-	}
+	//publicKeyPath := filepath.Join(getProjectBaseDirectory(), "conf", "public.pem")
+	//publicKeyPEM, err := os.ReadFile(publicKeyPath)
+	//if err != nil {
+	//	return "", fmt.Errorf("failed to read public key: %w", err)
+	//}

 	// Parse public key
 	block, _ := pem.Decode(publicKeyPEM)
--- a/internal/cli/user_command.go
+++ b/internal/cli/user_command.go
@@ -283,8 +283,13 @@ func (c *CLI) RegisterUser(cmd *Command) (ResponseIf, error) {
 		return nil, fmt.Errorf("no password")
 	}

+	publicKey, err := c.GetPublicKeyPEM()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get public key: %w", err)
+	}
+
 	// Encrypt password using RSA
-	encryptedPassword, err := EncryptPassword(password)
+	encryptedPassword, err := EncryptPassword(password, publicKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to encrypt password: %w", err)
 	}