版本库下载参数加密 gitlab添加解密功能

2016-12-20 16:33:26 +08:00 · 2016-12-20 16:33:26 +08:00 · ff34ec6de8
parent d304555044
commit ff34ec6de8
2 changed files with 33 additions and 6 deletions
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@ -35,7 +35,7 @@ class RepositoriesController < ApplicationController
  before_filter :find_project_by_project_id, :only => [:new, :create, :newrepo, :stats, :quality_analysis]
  before_filter :find_repository, :only => [:edit, :update, :destroy, :committers]

-  before_filter :find_project_repository, :except => [:new, :create, :newcreate, :edit, :update, :destroy, :committers, :newrepo, :to_gitlab, :forked, :project_archive, :export_rep_static]
+  before_filter :find_project_repository, :except => [:new, :create, :newcreate, :edit, :update, :destroy, :committers, :newrepo, :to_gitlab, :forked, :export_rep_static]
  # 连接gitlab
  # before_filter :connect_gitlab, :only => [:quality_analysis, :commit_diff]

@ -121,9 +121,15 @@ class RepositoriesController < ApplicationController

  # 一键ZIP下载
  def project_archive
-    g = Gitlab.client
-    g.get()
-    # g.project_archive(params[:gpid].to_i, params[:rev])
+    token = Gitlab.private_token
+    token = aes_encrypt(token, "abcd")
+    # g = Gitlab.client
+    # g.project_archive(@project.gpid, @rev)
+    # 'git archive --format zip --output /path/to/file.zip master' # 将 master 以zip格式打包到指定文件
+    #
+    # zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + Gitlab.private_token
+    # f = open(zip_path).read
+    # send_file "/path/to/file.zip"
  end

  # 判断用户是否已经fork过该项目
@ -409,8 +415,12 @@ update

        @creator = @project.owner.to_s
        gitlab_address = Redmine::Configuration['gitlab_address']
-        # REDO:需优化，仅测试用
-        @zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + Gitlab.private_token
+        gitlab_token = Gitlab.private_token
+        # token值加密解密
+        token = aes_encrypt("priEn3UwXfJs3Pmy", gitlab_token)
+        # token值解密
+        # gitlab_token = aes_dicrypt("priEn3UwXfJs3Pmy", token)
+        @zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + token
      end

      @creator = @project.owner.to_s
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -37,6 +37,23 @@ module ApplicationHelper
  #   super
  # end

+  # 字符串加密
+  def aes_encrypt(key, encrypted_string)
+    aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
+    aes.encrypt
+    aes.key = key
+    txt = aes.update(encrypted_string) << aes.final
+    txt.unpack('H*')[0].upcase
+  end
+
+  # 字符串解密
+  def aes_dicrypt(key, dicrypted_string)
+    aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
+    aes.decrypt
+    aes.key = key
+    aes.update([dicrypted_string].pack('H*')) << aes.final
+  end
+
  # 获取多种类型的user用户名
  def user_message_username user
    user.try(:show_name)