refactor: ss2022 user pk generation

composer.lock

@@ -124,16 +124,16 @@
         },
         {
             "name": "aws/aws-sdk-php",
-            "version": "3.300.9",
+            "version": "3.300.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/aws/aws-sdk-php.git",
-                "reference": "2704b9b10b42d53066eb383f47541124296db77c"
+                "reference": "b1c05a5d3cb429aa5d9ffa69066ce46e3d7aca52"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/2704b9b10b42d53066eb383f47541124296db77c",
-                "reference": "2704b9b10b42d53066eb383f47541124296db77c",
+                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/b1c05a5d3cb429aa5d9ffa69066ce46e3d7aca52",
+                "reference": "b1c05a5d3cb429aa5d9ffa69066ce46e3d7aca52",
                 "shasum": ""
             },
             "require": {
@@ -213,9 +213,9 @@
             "support": {
                 "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
                 "issues": "https://github.com/aws/aws-sdk-php/issues",
-                "source": "https://github.com/aws/aws-sdk-php/tree/3.300.9"
+                "source": "https://github.com/aws/aws-sdk-php/tree/3.300.11"
             },
-            "time": "2024-03-01T19:04:32+00:00"
+            "time": "2024-03-05T19:08:14+00:00"
         },
         {
             "name": "bacon/bacon-qr-code",
@@ -747,16 +747,16 @@
         },
         {
             "name": "endroid/qr-code",
-            "version": "5.0.4",
+            "version": "5.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/endroid/qr-code.git",
-                "reference": "0efd071a3640af323e23c94122fe92cfd5199833"
+                "reference": "739fc545bfade2470765219dc2a615a6f1e94987"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/endroid/qr-code/zipball/0efd071a3640af323e23c94122fe92cfd5199833",
-                "reference": "0efd071a3640af323e23c94122fe92cfd5199833",
+                "url": "https://api.github.com/repos/endroid/qr-code/zipball/739fc545bfade2470765219dc2a615a6f1e94987",
+                "reference": "739fc545bfade2470765219dc2a615a6f1e94987",
                 "shasum": ""
             },
             "require": {
@@ -810,7 +810,7 @@
             ],
             "support": {
                 "issues": "https://github.com/endroid/qr-code/issues",
-                "source": "https://github.com/endroid/qr-code/tree/5.0.4"
+                "source": "https://github.com/endroid/qr-code/tree/5.0.5"
             },
             "funding": [
                 {
@@ -818,7 +818,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-12-24T13:47:07+00:00"
+            "time": "2024-03-03T18:17:54+00:00"
         },
         {
             "name": "geoip2/geoip2",
@@ -1201,16 +1201,16 @@
         },
         {
             "name": "illuminate/collections",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/collections.git",
-                "reference": "dd0c652dfac0901c17bcfac94fe792e615b56e12"
+                "reference": "7bc2e907285b6a38acb3b386dcc577b185bf3d73"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/collections/zipball/dd0c652dfac0901c17bcfac94fe792e615b56e12",
-                "reference": "dd0c652dfac0901c17bcfac94fe792e615b56e12",
+                "url": "https://api.github.com/repos/illuminate/collections/zipball/7bc2e907285b6a38acb3b386dcc577b185bf3d73",
+                "reference": "7bc2e907285b6a38acb3b386dcc577b185bf3d73",
                 "shasum": ""
             },
             "require": {
@@ -1252,11 +1252,11 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2024-02-21T14:18:14+00:00"
+            "time": "2024-03-04T18:11:18+00:00"
         },
         {
             "name": "illuminate/conditionable",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/conditionable.git",
@@ -1302,7 +1302,7 @@
         },
         {
             "name": "illuminate/container",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/container.git",
@@ -1353,7 +1353,7 @@
         },
         {
             "name": "illuminate/contracts",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/contracts.git",
@@ -1401,16 +1401,16 @@
         },
         {
             "name": "illuminate/database",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/database.git",
-                "reference": "d756278a38541ec2f25c75e2553398b37a6d4e42"
+                "reference": "385a67f5351be38c5c6f28d58f7d76cbaffcaa02"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/database/zipball/d756278a38541ec2f25c75e2553398b37a6d4e42",
-                "reference": "d756278a38541ec2f25c75e2553398b37a6d4e42",
+                "url": "https://api.github.com/repos/illuminate/database/zipball/385a67f5351be38c5c6f28d58f7d76cbaffcaa02",
+                "reference": "385a67f5351be38c5c6f28d58f7d76cbaffcaa02",
                 "shasum": ""
             },
             "require": {
@@ -1470,11 +1470,11 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2024-02-26T16:14:36+00:00"
+            "time": "2024-03-04T21:32:24+00:00"
         },
         {
             "name": "illuminate/macroable",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/macroable.git",
@@ -1520,7 +1520,7 @@
         },
         {
             "name": "illuminate/pagination",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/pagination.git",
@@ -1570,16 +1570,16 @@
         },
         {
             "name": "illuminate/support",
-            "version": "v10.46.0",
+            "version": "v10.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/support.git",
-                "reference": "96d4512df39bee8cb60d50783f944a48242ea862"
+                "reference": "a98f849a2a0f36fbcbec77d07cae680e240ccdc1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/support/zipball/96d4512df39bee8cb60d50783f944a48242ea862",
-                "reference": "96d4512df39bee8cb60d50783f944a48242ea862",
+                "url": "https://api.github.com/repos/illuminate/support/zipball/a98f849a2a0f36fbcbec77d07cae680e240ccdc1",
+                "reference": "a98f849a2a0f36fbcbec77d07cae680e240ccdc1",
                 "shasum": ""
             },
             "require": {
@@ -1637,7 +1637,7 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2024-02-26T22:20:06+00:00"
+            "time": "2024-03-02T00:22:09+00:00"
         },
         {
             "name": "irazasyed/telegram-bot-sdk",
@@ -4602,16 +4602,16 @@
         },
         {
             "name": "symfony/http-client",
-            "version": "v7.0.4",
+            "version": "v7.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-client.git",
-                "reference": "8384876f49a2316a63f88a9cd12436de6936bee6"
+                "reference": "425f462a59d8030703ee04a9e1c666575ed5db3b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-client/zipball/8384876f49a2316a63f88a9cd12436de6936bee6",
-                "reference": "8384876f49a2316a63f88a9cd12436de6936bee6",
+                "url": "https://api.github.com/repos/symfony/http-client/zipball/425f462a59d8030703ee04a9e1c666575ed5db3b",
+                "reference": "425f462a59d8030703ee04a9e1c666575ed5db3b",
                 "shasum": ""
             },
             "require": {
@@ -4674,7 +4674,7 @@
                 "http"
             ],
             "support": {
-                "source": "https://github.com/symfony/http-client/tree/v7.0.4"
+                "source": "https://github.com/symfony/http-client/tree/v7.0.5"
             },
             "funding": [
                 {
@@ -4690,7 +4690,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-02-15T11:33:06+00:00"
+            "time": "2024-03-02T12:46:12+00:00"
         },
         {
             "name": "symfony/http-client-contracts",

db/migrations/2024030300-update_node_ip.php

@@ -9,8 +9,8 @@ return new class() implements MigrationInterface {
     public function up(): int
     {
         DB::getPdo()->exec("
-            ALTER TABLE node ADD COLUMN IF NOT EXISTS `ipv4` INET4 NOT NULL DEFAULT '127.0.0.1' COMMENT 'IPv4地址';
-            ALTER TABLE node ADD COLUMN IF NOT EXISTS `ipv6` INET6 NOT NULL DEFAULT '::1' COMMENT 'IPv6地址';
+            ALTER TABLE node ADD COLUMN IF NOT EXISTS `ipv4` inet4 NOT NULL DEFAULT '127.0.0.1' COMMENT 'IPv4地址';
+            ALTER TABLE node ADD COLUMN IF NOT EXISTS `ipv6` inet6 NOT NULL DEFAULT '::1' COMMENT 'IPv6地址';
             ALTER TABLE node DROP COLUMN IF EXISTS `node_ip`;
         ");
 

resources/views/tabler/admin/user/edit.tpl

@@ -223,7 +223,7 @@
                             <div class="form-group mb-3 row">
                                 <label class="form-label col-3 col-form-label">密码</label>
                                 <div class="col">
-                                    <input id="passwd" type="text" class="form-control" value="{$edit_user->passwd}">
+                                    <input id="passwd" type="text" class="form-control" value="{$edit_user->passwd}" disabled/>
                                 </div>
                             </div>
                             <div class="form-group mb-3 row">

src/Command/Tool.php

@@ -45,7 +45,8 @@ final class Tool extends Command
 │ ├─ resetNodeBandwidth      - 重置所有节点流量
 │ ├─ resetPort               - 重置所有用户端口
 │ ├─ resetBandwidth          - 重置所有用户流量
-│ ├─ resetPassword           - 重置所有用户密码
+│ ├─ resetPassword           - 重置所有用户登录密码
+│ ├─ resetPasswd             - 重置所有用户连接密码
 │ ├─ clearSubToken           - 清除用户 Sub Token
 │ ├─ generateUUID            - 为所有用户生成新的 UUID
 │ ├─ generateGa              - 为所有用户生成新的 Ga Secret
@@ -240,7 +241,7 @@ EOL;
     }
 
     /**
-     * 重置所有用户密码
+     * 重置所有用户登录密码
      */
     public function resetPassword(): void
     {
@@ -251,7 +252,22 @@ EOL;
             $user->save();
         }
 
-        echo '已重置所有用户密码' . PHP_EOL;
+        echo '已重置所有用户登录密码' . PHP_EOL;
+    }
+
+    /**
+     * 重置所有用户连接密码
+     */
+    public function resetPasswd(): void
+    {
+        $users = ModelsUser::all();
+
+        foreach ($users as $user) {
+            $user->passwd = Tools::genRandomChar(16);
+            $user->save();
+        }
+
+        echo '已重置所有用户连接密码' . PHP_EOL;
     }
 
     /**

src/Controllers/Admin/UserController.php

@@ -201,7 +201,6 @@ final class UserController extends BaseController
         $user->node_speedlimit = $request->getParam('node_speedlimit');
         $user->node_iplimit = $request->getParam('node_iplimit');
         $user->port = $request->getParam('port');
-        $user->passwd = $request->getParam('passwd');
         $user->method = $request->getParam('method');
         $user->forbidden_ip = str_replace(PHP_EOL, ',', $request->getParam('forbidden_ip'));
         $user->forbidden_port = str_replace(PHP_EOL, ',', $request->getParam('forbidden_port'));

src/Controllers/WebAPI/UserController.php

@@ -110,13 +110,11 @@ final class UserController extends BaseController
 
             if ($node->sort === 1) {
                 $method = json_decode($node->custom_config)->method ?? '2022-blake3-aes-128-gcm';
+                $user_raw->passwd = Tools::genSs2022UserPk($user_raw->passwd, $method);
 
-                $pk_len = match ($method) {
-                    '2022-blake3-aes-128-gcm' => 16,
-                    default => 32,
-                };
-
-                $user_raw->passwd = Tools::genSs2022UserPk($user_raw->passwd, $pk_len);
+                if (! $user_pk) {
+                    continue;
+                }
             }
 
             foreach ($keys_unset as $key) {

src/Models/Node.php

@@ -78,6 +78,7 @@ final class Node extends Model
             0 => 'Shadowsocks',
             1 => 'Shadowsocks2022',
             2 => 'TUIC',
+            3 => 'WireGuard',
             11 => 'Vmess',
             14 => 'Trojan',
             default => '未知',

src/Services/Subscribe/Clash.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Services\Subscribe;
 
 use App\Services\Subscribe;
+use App\Utils\Tools;
 use function array_merge;
 use function json_decode;
 use function yaml_emit;
@@ -47,13 +48,13 @@ final class Clash extends Base
                     $ss_2022_port = $node_custom_config['offset_port_user'] ??
                         ($node_custom_config['offset_port_node'] ?? 443);
                     $method = $node_custom_config['method'] ?? '2022-blake3-aes-128-gcm';
+                    $user_pk = Tools::genSs2022UserPk($user->passwd, $method);
 
-                    $pk_len = match ($method) {
-                        '2022-blake3-aes-128-gcm' => 16,
-                        default => 32,
-                    };
+                    if (! $user_pk) {
+                        $node = [];
+                        break;
+                    }
 
-                    $user_pk = $user->getSs2022Pk($pk_len);
                     // Clash 特定配置
                     $udp = $node_custom_config['udp'] ?? true;
 

src/Services/Subscribe/SingBox.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Services\Subscribe;
 
 use App\Services\Subscribe;
+use App\Utils\Tools;
 use function array_filter;
 use function array_merge;
 use function json_decode;
@@ -37,13 +38,13 @@ final class SingBox extends Base
                     $ss_2022_port = $node_custom_config['offset_port_user'] ??
                         ($node_custom_config['offset_port_node'] ?? 443);
                     $method = $node_custom_config['method'] ?? '2022-blake3-aes-128-gcm';
+                    $user_pk = Tools::genSs2022UserPk($user->passwd, $method);
 
-                    $pk_len = match ($method) {
-                        '2022-blake3-aes-128-gcm' => 16,
-                        default => 32,
-                    };
+                    if (! $user_pk) {
+                        $node = [];
+                        break;
+                    }
 
-                    $user_pk = $user->getSs2022Pk($pk_len);
                     $server_key = $node_custom_config['server_key'] ?? '';
 
                     $node = [

src/Services/Subscribe/V2RayJson.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Services\Subscribe;
 
 use App\Services\Subscribe;
+use App\Utils\Tools;
 use function array_filter;
 use function array_merge;
 use function json_decode;
@@ -38,13 +39,12 @@ final class V2RayJson extends Base
                 case 1:
                     $ss_2022_port = $node_custom_config['offset_port_user'] ?? ($node_custom_config['offset_port_node'] ?? 443);
                     $method = $node_custom_config['method'] ?? '2022-blake3-aes-128-gcm';
+                    $user_pk = Tools::genSs2022UserPk($user->passwd, $method);
 
-                    $pk_len = match ($method) {
-                        '2022-blake3-aes-128-gcm' => 16,
-                        default => 32,
-                    };
-
-                    $user_pk = $user->getSs2022Pk($pk_len);
+                    if (! $user_pk) {
+                        $node = [];
+                        break;
+                    }
 
                     $node = [
                         'protocol' => 'shadowsocks2022',

src/Utils/Tools.php

@@ -189,14 +189,25 @@ final class Tools
         return bin2hex(openssl_random_pseudo_bytes($length / 2));
     }
 
-    public static function genSs2022UserPk($passwd, $len): string
+    public static function genSs2022UserPk(string $passwd, string $method): string|false
     {
-        $passwd_hash = hash('sha256', $passwd);
+        $ss2022_methods = [
+            '2022-blake3-aes-128-gcm',
+            '2022-blake3-aes-256-gcm',
+            '2022-blake3-chacha8-poly1305',
+            '2022-blake3-chacha12-poly1305',
+            '2022-blake3-chacha20-poly1305',
+        ];
+
+        if (! in_array($method, $ss2022_methods)) {
+            return false;
+        }
+
+        $passwd_hash = hash('sha3-256', $passwd);
 
-        $pk = match ($len) {
-            16 => mb_strcut($passwd_hash, 0, 16),
-            32 => mb_strcut($passwd_hash, 0, 32),
-            default => $passwd_hash,
+        $pk = match ($method) {
+            '2022-blake3-aes-128-gcm' => mb_strcut($passwd_hash, 0, 16),
+            default => mb_strcut($passwd_hash, 0, 32),
         };
 
         return base64_encode($pk);

tests/App/Utils/ToolsTest.php

@@ -119,10 +119,17 @@ class ToolsTest extends TestCase
     public function testGenSs2022UserPk()
     {
         $passwd = 'password';
-        $length = 16;
-        $pk = Tools::genSs2022UserPk($passwd, $length);
+        $method = '2022-blake3-aes-128-gcm';
+        $pk = Tools::genSs2022UserPk($passwd, $method);
         $this->assertIsString($pk);
-        $this->assertEquals('NWU4ODQ4OThkYTI4MDQ3MQ==', $pk);
+        $this->assertEquals('YzAwNjdkNGFmNGU4N2YwMA==', $pk);
+        $method = '2022-blake3-aes-256-gcm';
+        $pk = Tools::genSs2022UserPk($passwd, $method);
+        $this->assertIsString($pk);
+        $this->assertEquals('YzAwNjdkNGFmNGU4N2YwMGRiYWM2M2I2MTU2ODI4MjM=', $pk);
+        $method = 'bomb_three_gorges_dam';
+        $pk = Tools::genSs2022UserPk($passwd, $method);
+        $this->assertFalse($pk);
     }
 
     /**