修复squid_passwd明文存储问题

2025-07-29 13:36:03 +08:00 · 2025-07-29 13:36:03 +08:00 · 7261b2d2a5
commit 7261b2d2a5
parent 72d03723cd
1 changed files with 40 additions and 7 deletions
--- a/app.py
+++ b/app.py
@ -77,7 +77,7 @@ def read_squid_file():
                if len(parts) == 2:
                    # 从users.json中获取明文密码
                    users_data = load_users_data()
-                    plain_password = next((u['password'] for u in users_data if u['username'] == parts[0]), parts[1])
+                    plain_password = next((u['password'] for u in users_data if u['username'] == parts[0]), None)
                    users.append(User(parts[0], plain_password, is_active))
    except FileNotFoundError:
        pass
@ -85,14 +85,47 @@ def read_squid_file():


 def write_squid_file(users):
-    with open(SQUID_PASSWD_FILE, 'w') as f:
-        for user in users:
-            line = f"{'#' if not user.is_active else ''}{user.name}:{user.password}\n"
-            f.write(line)
+    """只更新squid_passwd文件的状态（是否注释），不修改密码内容"""
+    try:
+        # 读取现有加密密码
+        with open(SQUID_PASSWD_FILE, 'r') as f:
+            existing_lines = f.readlines()
+        
+        # 创建用户名到密码的映射
+        existing_passwords = {}
+        for line in existing_lines:
+            line = line.strip()
+            if not line:
+                continue
+            active = not line.startswith('#')
+            if not active:
+                line = line[1:]
+            parts = line.split(':', 1)
+            if len(parts) == 2:
+                existing_passwords[parts[0]] = parts[1]
+
+        # 写入新文件，保持加密密码不变
+        with open(SQUID_PASSWD_FILE, 'w') as f:
+            for user in users:
+                encrypted_password = existing_passwords.get(user.name, user.password)
+                line = f"{'#' if not user.is_active else ''}{user.name}:{encrypted_password}\n"
+                f.write(line)
+    except FileNotFoundError:
+        # 如果文件不存在，创建新文件
+        with open(SQUID_PASSWD_FILE, 'w') as f:
+            for user in users:
+                # 首次创建时需要使用htpasswd命令生成加密密码
+                subprocess.run(['htpasswd', '-b', SQUID_PASSWD_FILE, user.name, user.password], check=True)
+                # 如果不是活跃用户，需要添加注释
+                if not user.is_active:
+                    with open(SQUID_PASSWD_FILE, 'r') as f_read:
+                        content = f_read.read()
+                    with open(SQUID_PASSWD_FILE, 'w') as f_write:
+                        f_write.write(f"#{content}")


 def load_users_data():
-    """加载用户数据"""
+    """加载用户明文数据"""
    try:
        with open(USERS_FILE, 'r') as f:
            return json.load(f)
@ -101,7 +134,7 @@ def load_users_data():


 def save_users_to_json(users):
-    """保存用户信息到JSON文件"""
+    """保存用户明文信息到JSON文件"""
    users_data = [{'username': u.name, 'password': u.password, 'active': u.is_active} for u in users]
    with open(USERS_FILE, 'w') as f:
        json.dump(users_data, f, indent=4)