From 966606afc27750bef147a6d303a98e8ca8c6b4b6 Mon Sep 17 00:00:00 2001 From: Yuan Si Date: Sun, 26 Mar 2023 22:19:06 +0800 Subject: [PATCH] 2023-03-27 Signed-off-by: Yuan Si --- assets/eventlist.json | 33 ++++++++++++++ assets/products.json | 20 +++++++++ database/redis.go | 28 ++++++++++++ handler/announce.go | 46 ++++++++++++++++++-- handler/api.go | 46 ++++++++++++++++++-- handler/download.go | 91 +++++++++++++++++++++++++++++++++++---- handler/event.go | 57 ++++++++++++++++++++++++ handler/gdpr.go | 51 +++++++++++++++++++--- handler/lbonus.go | 51 +++++++++++++++++++--- handler/login.go | 48 +++++++++++---------- handler/payment.go | 57 ++++++++++++++++++++++++ handler/personalnotice.go | 51 +++++++++++++++++++--- handler/scenario.go | 58 ++++++++++++++++++++----- handler/tos.go | 48 +++++++++++++++++++-- handler/user.go | 91 +++++++++++++++++++++++++++++++++++++-- handler/userinfo.go | 51 +++++++++++++++++++--- main.go | 3 ++ resp/resp.go | 1 + utils/utils.go | 50 +++++++++++++++++++++ 19 files changed, 804 insertions(+), 77 deletions(-) create mode 100644 assets/eventlist.json create mode 100644 assets/products.json create mode 100644 handler/event.go create mode 100644 handler/payment.go diff --git a/assets/eventlist.json b/assets/eventlist.json new file mode 100644 index 0000000..4769d99 --- /dev/null +++ b/assets/eventlist.json @@ -0,0 +1,33 @@ +{ + "response_data": { + "target_list": [ + { + "position": 1, + "is_displayable": false + }, + { + "position": 2, + "is_displayable": false + }, + { + "position": 3, + "is_displayable": false + }, + { + "position": 4, + "is_displayable": false + }, + { + "position": 5, + "is_displayable": false + }, + { + "position": 6, + "is_displayable": false + } + ], + "server_timestamp": 1679238229 + }, + "release_info": [], + "status_code": 200 +} \ No newline at end of file diff --git a/assets/products.json b/assets/products.json new file mode 100644 index 0000000..2b5522c --- /dev/null +++ b/assets/products.json @@ -0,0 +1,20 @@ +{ + "response_data": { + "restriction_info": { + "restricted": false + }, + "under_age_info": { + "birth_set": true, + "has_limit": false, + "limit_amount": null, + "month_used": 0 + }, + "sns_product_list": [], + "product_list": [], + "subscription_list": [], + "show_point_shop": true, + "server_timestamp": 1679238244 + }, + "release_info": [], + "status_code": 200 +} \ No newline at end of file diff --git a/database/redis.go b/database/redis.go index c6551e7..68647e1 100644 --- a/database/redis.go +++ b/database/redis.go @@ -2,7 +2,9 @@ package database import ( "context" + "errors" "honoka-chan/config" + "strconv" "github.com/redis/go-redis/v9" ) @@ -24,3 +26,29 @@ func init() { panic(err) } } + +func GetUid(key string) (int, error) { + uid, err := RedisCli.HGet(RedisCtx, "login_key_uid", key).Result() + if err != nil { + return 0, err + } + userId, err := strconv.Atoi(uid) + if err != nil { + return 0, err + } + + if userId == 0 { + return 0, errors.New("userId is 0") + } + + return userId, nil +} + +func MatchTokenUid(token, uid string) bool { + res, err := RedisCli.HGet(RedisCtx, "token_uid", token).Result() + if err != nil { + panic(err) + } + + return res == uid +} diff --git a/handler/announce.go b/handler/announce.go index 9077f51..435f787 100644 --- a/handler/announce.go +++ b/handler/announce.go @@ -1,9 +1,15 @@ package handler import ( + "encoding/base64" + "fmt" "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/resp" + "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) @@ -13,9 +19,43 @@ func AnnounceIndexHandler(ctx *gin.Context) { } func AnnounceCheckStateHandler(ctx *gin.Context) { + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + xms := encrypt.RSA_Sign_SHA1([]byte(resp.AnnounceState), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679360075&version=1.1&token=4JM3w3i6FDXr4lHN4K2Q5ys7Fn56QMT5ytIzPLCZ0ItuouoraRlfCYPlnzqsFsE1v9Phd66Cw4bmjcKoxE52gd&nonce=12&requestTimeStamp=1679360075") - ctx.Header("X-Message-Sign", "CGfQ1rVjIRXxdq1zPyfp8aHDyekfCJ6PwzZ+a6JZkXJdyzGZXnFK6ZZ9lup5KLYLXKzSOmbzeOUbTV6lYdE5G+hoP+oVSpnKDGt1NKdoy5IeJihfXVbNjM5AC8NF7d8oMGk/zTVsVqHHENCX4bbMMIQuFP+K+iw2SiRRD1dbZPw=") + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) ctx.String(http.StatusOK, resp.AnnounceState) } diff --git a/handler/api.go b/handler/api.go index ca4f664..40ea9d8 100644 --- a/handler/api.go +++ b/handler/api.go @@ -1,17 +1,23 @@ package handler import ( + "encoding/base64" "encoding/json" "errors" "fmt" + "honoka-chan/config" "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/model" + "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func ApiHandler(ctx *gin.Context) { + reqTime := time.Now().Unix() // fmt.Println(ctx.PostForm("request_data")) var formdata []model.SifApi err := json.Unmarshal([]byte(ctx.PostForm("request_data")), &formdata) @@ -166,9 +172,41 @@ func ApiHandler(ctx *gin.Context) { } // fmt.Println(string(b)) - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1678640521&version=1.1&token=bS5G6TKTsw0aGxVQz8JWJTx8Tf73H0bF9Bq1PEw3UaxoEoUG8GcrrzaEbjOwEQJTrThgHpBlbwnMRl9ITGw1&nonce=9&requestTimeStamp=1678640521") - ctx.Header("X-Message-Sign", "bNuSClKqt20FoGduZJI4pB1Y8xUwrrarvfsq0soqU5U97x7kGLESNoXSQVZcFfa1Eo4kgntEktokmDHzCbxpsYFvrD1mhbn++UOmcwXXCQRdxbbfhTt7MVfXbcqXAuFKAfkE37n9dkn1U0RnNt5U4m3mbRhLYT5B16ZcPGIPn/E=") + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + xms := encrypt.RSA_Sign_SHA1(b, "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) ctx.String(http.StatusOK, string(b)) } diff --git a/handler/download.go b/handler/download.go index 1a29638..009b772 100644 --- a/handler/download.go +++ b/handler/download.go @@ -1,22 +1,97 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func DownloadBatchHandler(ctx *gin.Context) { - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236701&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=7&requestTimeStamp=1679236698") - ctx.Header("X-Message-Sign", "wlfzdWAcqk2B1wgZvJH+YOC64Zc2TcsKZAftPDwM0FLbzPaQnI2/qtdlzviays2redRCzQjePmJEKhDq8AQjUN0D+sX7lwNtlf5HnmCX7SICglYCPflMg+lsl36yppBNkTT8ZbIKu5znlWJVUIXMIS8k/uUwmfBqeOLna7IJNnI=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/batch.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/batch.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } func DownloadEventHandler(ctx *gin.Context) { - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236701&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=8&requestTimeStamp=1679236698") - ctx.Header("X-Message-Sign", "rFJdTYrGPvG9V/IESgiAZu4qod4VgVTe5/oj8/5fA2mzXhJkKAD7nE8IOI9MQmjwECFYRc4KLPjtqsxuosloIjxTk6pHiAPtGvzkajqBivbbaBIB2OdIZQarqMRURN5M0TGLOC0vzO9xP5fYKJzMHSskJsmMdunPWLkUz3eqoZU=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/event.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/event.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/handler/event.go b/handler/event.go new file mode 100644 index 0000000..4f6d854 --- /dev/null +++ b/handler/event.go @@ -0,0 +1,57 @@ +package handler + +import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" + "honoka-chan/utils" + "net/http" + "time" + + "github.com/gin-gonic/gin" +) + +func EventListHandler(ctx *gin.Context) { + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/eventlist.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) +} diff --git a/handler/gdpr.go b/handler/gdpr.go index 2ae37b4..2812d38 100644 --- a/handler/gdpr.go +++ b/handler/gdpr.go @@ -1,16 +1,57 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func GdprHandler(ctx *gin.Context) { - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236700&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=4&requestTimeStamp=1679236697") - ctx.Header("X-Message-Sign", "El2L/coKTfbHF8shto7SjxnukwicN1BtIMhvD21uKy+9ISwH0G2fI4aCemKn77o54H2zv+mVN4osDK0N0Zi86lGyx0rFXMlQ75D7XKX5KbWAhHcgn+W8t6tk2R0PVUyEeo1gtHgjNauT1asNK+PDJ7h3WWINPFgfVSnldCUnYLk=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/gdpr.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/gdpr.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/handler/lbonus.go b/handler/lbonus.go index f0d9bde..4006407 100644 --- a/handler/lbonus.go +++ b/handler/lbonus.go @@ -1,16 +1,57 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func LBonusExecuteHandler(ctx *gin.Context) { - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236701&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=9&requestTimeStamp=1679236698") - ctx.Header("X-Message-Sign", "pV5H3WfRtj2zpDYuYwt9BuB8jMUJiXrGXQbsemJA+8sX7/c9s4mnbMFTKDD3cxK1mSeCLNhJVtR1M6QKZVgbCjyQGSVPR1EG1cTumR9T5LFF6ighJWV7EEYxbeYgJjAEcjVHOgB3d2hy7SK7u4oCatEgXhbJMQYGV5lH2gdwEpw=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/lbonus.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/lbonus.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/handler/login.go b/handler/login.go index e1da0c0..40f9944 100644 --- a/handler/login.go +++ b/handler/login.go @@ -9,8 +9,6 @@ import ( "honoka-chan/model" "honoka-chan/utils" "net/http" - "net/url" - "strconv" "time" "github.com/gin-gonic/gin" @@ -18,17 +16,19 @@ import ( func AuthKeyHandler(ctx *gin.Context) { reqTime := time.Now().Unix() + authReq := model.AuthKeyReq{} err := json.Unmarshal([]byte(ctx.PostForm("request_data")), &authReq) if err != nil { panic(err) } + dummyToken64, err := base64.StdEncoding.DecodeString(authReq.DummyToken) if err != nil { panic(err) } dummyTokenDecrypted := encrypt.RSA_Decrypt(dummyToken64, "privatekey.pem") - clientToken := base64.RawStdEncoding.EncodeToString(dummyTokenDecrypted) + aesKey := dummyTokenDecrypted[0:16] data64, err := base64.StdEncoding.DecodeString(authReq.AuthData) if err != nil { @@ -44,10 +44,10 @@ func AuthKeyHandler(ctx *gin.Context) { nonce++ + clientToken := base64.RawStdEncoding.EncodeToString(dummyTokenDecrypted) authData := map[string]interface{}{ "client_token": clientToken, "server_token": serverToken, - "nonce": nonce, } _, err = database.RedisCli.HSet(database.RedisCtx, authorizeToken, authData).Result() if err != nil { @@ -79,29 +79,21 @@ func AuthKeyHandler(ctx *gin.Context) { func LoginHandler(ctx *gin.Context) { reqTime := time.Now().Unix() + authorizeStr := ctx.Request.Header["Authorize"] - if len(authorizeStr) == 0 { - ctx.String(http.StatusForbidden, "Fuck you!") - return - } - fmt.Println(authorizeStr[0]) - urlParams, err := url.ParseQuery(authorizeStr[0]) + authToken, err := utils.GetAuthorizeToken(authorizeStr) if err != nil { - panic(err) - } - fmt.Println(urlParams) - authToken := urlParams["token"] - if len(authToken) == 0 { ctx.String(http.StatusForbidden, "Fuck you!") return } - authData, err := database.RedisCli.HGetAll(database.RedisCtx, authToken[0]).Result() + + authData, err := database.RedisCli.HGetAll(database.RedisCtx, authToken).Result() if err != nil { panic(err) } fmt.Println(authData) - clientToken, serverToken, clientNonce := authData["client_token"], authData["server_token"], authData["nonce"] - fmt.Println(clientToken) + + clientToken, serverToken := authData["client_token"], authData["server_token"] clientToken64, err := base64.RawStdEncoding.DecodeString(clientToken) if err != nil { panic(err) @@ -110,9 +102,10 @@ func LoginHandler(ctx *gin.Context) { if err != nil { panic(err) } + xmcKey := utils.SliceXor([]byte(clientToken64), []byte(serverToken64)) - fmt.Println(xmcKey) aesKey := xmcKey[0:16] + loginReq := model.LoginReq{} err = json.Unmarshal([]byte(ctx.PostForm("request_data")), &loginReq) if err != nil { @@ -131,16 +124,25 @@ func LoginHandler(ctx *gin.Context) { passDescrypted := utils.Sub16(encrypt.AES_CBC_Decrypt(pass64, aesKey)) fmt.Println(string(passDescrypted)) - nonce, _ = strconv.Atoi(clientNonce) + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } nonce++ - authorizeToken := utils.RandomBase64Token(32) - uid, err := database.RedisCli.HGet(database.RedisCtx, "login_key_uid", string(keyDescrypted)).Result() + userId, err := database.GetUid(string(keyDescrypted)) if err != nil { ctx.String(http.StatusForbidden, "Fuck you!") return } - userId, _ := strconv.Atoi(uid) + authorizeToken := utils.RandomBase64Token(32) + + _, err = database.RedisCli.HSet(database.RedisCtx, "token_uid", authorizeToken, userId).Result() + if err != nil { + panic(err) + } loginResp := model.LoginResp{} loginResp.ResponseData.AuthorizeToken = authorizeToken diff --git a/handler/payment.go b/handler/payment.go new file mode 100644 index 0000000..9bdf1da --- /dev/null +++ b/handler/payment.go @@ -0,0 +1,57 @@ +package handler + +import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" + "honoka-chan/utils" + "net/http" + "time" + + "github.com/gin-gonic/gin" +) + +func ProductListHandler(ctx *gin.Context) { + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/products.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) +} diff --git a/handler/personalnotice.go b/handler/personalnotice.go index 085a0fb..64a481e 100644 --- a/handler/personalnotice.go +++ b/handler/personalnotice.go @@ -1,16 +1,57 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func PersonalNoticeHandler(ctx *gin.Context) { - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236701&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=5&requestTimeStamp=1679236697") - ctx.Header("X-Message-Sign", "mTvY9EUM4LAomFxHQPINslVF8KBJ/nWZvCmVzYYyFln+M23/T05cuT/E6FUt9ExwmGMFy6TqtbZwcoomFWaEm38uJH2nQy/3RDjS0L26AsyFOHDIUOK11a4qHxv309sRjb04KhckTmzJERTooCnRturTYcNYet0g01vz2Geu4Ew=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/personalnotice.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/personalnotice.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/handler/scenario.go b/handler/scenario.go index 9e134c6..9503119 100644 --- a/handler/scenario.go +++ b/handler/scenario.go @@ -1,22 +1,58 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" + "honoka-chan/resp" + "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func ScenarioStartupHandler(ctx *gin.Context) { - ctx.Header("Content-Type", "application/json") - ctx.Header("X-Powered-By", "KLab Native APP Platform") - ctx.Header("server_version", "20120129") - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("version_up", "0") - ctx.Header("status_code", "200") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1678786443&version=1.1&token=2gjbstqCHAlIv600Pk0AJN5uvfPYgLvfSKB418sMIoclOy1M9UP7LUC1CG14tPicVzOq2MBOXLvpmNRwyWIi9Qf&nonce=17&requestTimeStamp=1678786443") - ctx.Header("X-Message-Sign", "L+cK2fiaDxkRwJCmT6lpMu9RM/emmUye32RtS8C36I7OpBhGiZLbiPN30dPXITWDIUjUyPsVCqvLVzEy484Q+NHvQfDEUuS5SnKOtoNxW9Zk6kjyckjJKFIbsdH61cbb4pfzmSptcaByZ6ieNIpbHTzsvpu54JFOXb84g859Pxs=") + reqTime := time.Now().Unix() - res := `{"response_data":{"scenario_id":1,"scenario_adjustment":50,"server_timestamp":1678785161},"release_info":[],"status_code":200}` - ctx.String(http.StatusOK, res) + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + xms := encrypt.RSA_Sign_SHA1([]byte(resp.ScenarioStartup), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + + ctx.String(http.StatusOK, resp.ScenarioStartup) } diff --git a/handler/tos.go b/handler/tos.go index 8142958..7e804ad 100644 --- a/handler/tos.go +++ b/handler/tos.go @@ -1,15 +1,55 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func TosCheckHandler(ctx *gin.Context) { - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236701&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=6&requestTimeStamp=1679236698") - ctx.Header("X-Message-Sign", "3OYeXseR08OvVJfG9cEU6CbEXwbjAhL93vTEL6G4i3FqCY5wpELp0XR8FVZeHo7wsO9UI3+5JJZylnlWvaPgaXej2oefsk5cWHO2rKvrPxaqWRfz5YeGZBvXQejY81KgRRZBWZaQBlHEacH+aILl608xwQGQ98wGtyyMYfOf4Ss=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/toscheck.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/toscheck.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/handler/user.go b/handler/user.go index f5a427e..ec68c8c 100644 --- a/handler/user.go +++ b/handler/user.go @@ -1,16 +1,99 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/resp" + "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func SetNotificationTokenHandler(ctx *gin.Context) { - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1678891478&version=1.1&token=cTMEyAfIDErcKUyCgBM6ZuJv8UBRgSzG4z4MfqYhR7xSHBYhIA9ofaVKtSefeiP2LTKIfbnCfE5dppYw8Af&nonce=18&requestTimeStamp=1678891478") - ctx.Header("X-Message-Sign", "bNZj/YjRADDccb5vcF/NHI9Kin3bkM3ECBQdxttXvCBqzoSBX6yWuEn9Fsjx+Yp3g2D9CcONZzqJlAvXbatGHJkbClSXuomLXVOcNmQYgidjyUvC7CceoSvCbL8U4Ge12tyGd8V2EMHVZfxqPKdHsJSGaOFbUpmo7wAhKVfuEjg=") + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + xms := encrypt.RSA_Sign_SHA1([]byte(resp.NotificationToken), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp.NotificationToken) +} + +func ChangeNaviHandler(ctx *gin.Context) { + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + xms := encrypt.RSA_Sign_SHA1([]byte(resp.NotificationToken), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) ctx.String(http.StatusOK, resp.NotificationToken) } diff --git a/handler/userinfo.go b/handler/userinfo.go index 14bc03c..0cf23ba 100644 --- a/handler/userinfo.go +++ b/handler/userinfo.go @@ -1,16 +1,57 @@ package handler import ( + "encoding/base64" + "fmt" + "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/encrypt" "honoka-chan/utils" "net/http" + "time" "github.com/gin-gonic/gin" ) func UserInfoHandler(ctx *gin.Context) { - ctx.Header("Server-Version", "97.4.6") - ctx.Header("user_id", "3241988") - ctx.Header("authorize", "consumerKey=lovelive_test&timeStamp=1679236700&version=1.1&token=cHPoOHP5dAs2dh30EkOW8FndO07xlpKHrDRdVOtT7Whlo1opiEMXSwk1JJdAFd4cSeKQvGVRwH2Z7sFh1gnz3gd&nonce=3&requestTimeStamp=1679236697") - ctx.Header("X-Message-Sign", "mGcmcvrm22pt5zJw1CJxe/6Y9R4aZPb6znja4jxioWHlinjWU5nEq61qyslW0bX6uVWTifz17eSDdidlJHccusbQaKXOyoFfbQC1hpArv97b3RJGrnDK7iShPOTz3+mwYiUhtXrJ3oohRGH1siEG0G3H4pSK3JHnAbPlF84cR4w=") - ctx.String(http.StatusOK, utils.ReadAllText("assets/userinfo.json")) + reqTime := time.Now().Unix() + + authorizeStr := ctx.Request.Header["Authorize"] + authToken, err := utils.GetAuthorizeToken(authorizeStr) + if err != nil { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) == 0 { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + if !database.MatchTokenUid(authToken, userId[0]) { + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + + nonce, err := utils.GetAuthorizeNonce(authorizeStr) + if err != nil { + fmt.Println(err) + ctx.String(http.StatusForbidden, "Fuck you!") + return + } + nonce++ + + respTime := time.Now().Unix() + newAuthorizeStr := fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", respTime, authToken, nonce, userId[0], reqTime) + // fmt.Println(newAuthorizeStr) + + resp := utils.ReadAllText("assets/userinfo.json") + xms := encrypt.RSA_Sign_SHA1([]byte(resp), "privatekey.pem") + xms64 := base64.RawStdEncoding.EncodeToString(xms) + + ctx.Header("Server-Version", config.Conf.Server.VersionNumber) + ctx.Header("user_id", userId[0]) + ctx.Header("authorize", newAuthorizeStr) + ctx.Header("X-Message-Sign", xms64) + ctx.String(http.StatusOK, resp) } diff --git a/main.go b/main.go index b288770..a8dd2f7 100644 --- a/main.go +++ b/main.go @@ -43,6 +43,9 @@ func main() { r.POST("/main.php/announce/checkState", handler.AnnounceCheckStateHandler) r.POST("/main.php/scenario/startup", handler.ScenarioStartupHandler) r.POST("/main.php/user/setNotificationToken", handler.SetNotificationTokenHandler) + r.POST("/main.php/user/changeNavi", handler.SetNotificationTokenHandler) + r.POST("/main.php/event/eventList", handler.EventListHandler) + r.POST("/main.php/payment/productList", handler.ProductListHandler) r.Run(":8080") // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080") } diff --git a/resp/resp.go b/resp/resp.go index c515e05..5b0c181 100644 --- a/resp/resp.go +++ b/resp/resp.go @@ -3,4 +3,5 @@ package resp var ( AnnounceState = `{"response_data":{"has_unread_announce":false,"server_timestamp":1679360075},"release_info":[],"status_code":200}` NotificationToken = `{"response_data":[],"release_info":[],"status_code":200}` + ScenarioStartup = `{"response_data":{"scenario_id":1,"scenario_adjustment":50,"server_timestamp":1678785161},"release_info":[],"status_code":200}` ) diff --git a/utils/utils.go b/utils/utils.go index bd137b1..3bf40dc 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -6,8 +6,11 @@ package utils import ( "encoding/base64" "encoding/hex" + "errors" "math/rand" + "net/url" "os" + "strconv" "time" ) @@ -58,3 +61,50 @@ func RandomBase64Token(len int) string { return base64.RawStdEncoding.EncodeToString([]byte(mRandStr)) } + +func ParseAuthorizeStr(authorize []string) (url.Values, error) { + if len(authorize) == 0 { + return nil, errors.New("authorize is null") + } + urlParams, err := url.ParseQuery(authorize[0]) + if err != nil { + return nil, err + } + + return urlParams, nil +} + +func GetAuthorizeToken(authorize []string) (string, error) { + params, err := ParseAuthorizeStr(authorize) + if err != nil { + return "", err + } + token := params["token"] + if len(token) == 0 { + return "", errors.New("token is null") + } + + return token[0], nil +} + +func GetAuthorizeNonce(authorize []string) (int, error) { + params, err := ParseAuthorizeStr(authorize) + if err != nil { + return 0, err + } + nonce := params["nonce"] + if len(nonce) == 0 { + return 0, errors.New("nonce is null") + } + + n_nonce, err := strconv.Atoi(nonce[0]) + if err != nil { + return 0, err + } + + if n_nonce == 0 { + return 0, errors.New("nonce is 0") + } + + return n_nonce, nil +}