encrypt QQ avatar link

This commit is contained in:
spirit 2019-12-04 20:35:35 +08:00
parent 6bab1a43d0
commit 0d39a81fe4
4 changed files with 168 additions and 58 deletions

View File

@ -1616,11 +1616,17 @@ function output_comments_qq_columns( $column_name, $comment_id ){
*/ */
add_filter( 'get_avatar', 'change_avatar', 10, 3 ); add_filter( 'get_avatar', 'change_avatar', 10, 3 );
function change_avatar($avatar){ function change_avatar($avatar){
global $comment; global $comment,$sakura_pubkey;
if ($comment) { if ($comment) {
if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){ if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){
$qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true ); $qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true );
return '<img src="https://q2.qlogo.cn/headimg_dl?dst_uin='.$qq_number.'&spec=100" data-src="'.stripslashes($m[1]).'" class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">'; if(akina_option('qq_avatar_link')){
openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey));
$qq_number = urlencode(base64_encode($encrypted));
return '<img src="'.rest_url("sakura/v1/qqinfo/avatar").'?qq='.$qq_number.'"class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">';
}else{
return '<img src="https://q2.qlogo.cn/headimg_dl?dst_uin='.$qq_number.'&spec=100" data-src="'.stripslashes($m[1]).'" class="lazyload avatar avatar-24 photo" alt="😀" width="24" height="24" onerror="imgError(this,1)">';
}
}else{ }else{
return $avatar ; return $avatar ;
} }
@ -1728,20 +1734,39 @@ function create_sakura_table(){
PRIMARY KEY (`mate_key`) PRIMARY KEY (`mate_key`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;"); ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;");
//default data //default data
$manifest = array(
"mate_key" => "manifest_json",
"mate_value" => file_get_contents(get_template_directory()."/manifest/manifest.json")
);
$time = array(
"mate_key" => "json_time",
"mate_value" => date("Y-m-d H:i:s",time())
);
if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'manifest_json'") ){ if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'manifest_json'") ){
$manifest = array(
"mate_key" => "manifest_json",
"mate_value" => file_get_contents(get_template_directory()."/manifest/manifest.json")
);
$wpdb->insert($sakura_table_name,$manifest); $wpdb->insert($sakura_table_name,$manifest);
} }
if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'json_time'") ){ if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'json_time'") ){
$time = array(
"mate_key" => "json_time",
"mate_value" => date("Y-m-d H:i:s",time())
);
$wpdb->insert($sakura_table_name,$time); $wpdb->insert($sakura_table_name,$time);
} }
if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){
$privkey = array(
"mate_key" => "privkey",
"mate_value" => file_get_contents(get_template_directory()."/manifest/private.key")
);
$wpdb->insert($sakura_table_name,$privkey);
}
if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){
$pubkey = array(
"mate_key" => "pubkey",
"mate_value" => file_get_contents(get_template_directory()."/manifest/public.key")
);
$wpdb->insert($sakura_table_name,$pubkey);
}
//reduce sql query
global $sakura_image_array,$sakura_privkey,$sakura_pubkey;
$sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'");
$sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'");
$sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'");
} }
add_action( 'after_setup_theme', 'create_sakura_table' ); add_action( 'after_setup_theme', 'create_sakura_table' );

View File

@ -20,18 +20,23 @@ add_action('rest_api_init', function () {
'methods' => 'GET', 'methods' => 'GET',
'callback' => 'feature_gallery', 'callback' => 'feature_gallery',
)); ));
register_rest_route('sakura/v1', '/image/manifest', array( register_rest_route('sakura/v1', '/database/update', array(
'methods' => 'POST', 'methods' => 'POST',
'callback' => 'update_manifest_json', 'callback' => 'update_database',
)); ));
register_rest_route('sakura/v1', '/qqinfo/json', array( register_rest_route('sakura/v1', '/qqinfo/json', array(
'methods' => 'GET', 'methods' => 'GET',
'callback' => 'get_qq_info', 'callback' => 'get_qq_info',
)); ));
register_rest_route('sakura/v1', '/qqinfo/avatar', array(
'methods' => 'GET',
'callback' => 'get_qq_avatar',
));
}); });
/** /**
* QQ info * QQ info
* https://sakura.2heng.xin/wp-json/sakura/v1/qqinfo/json
*/ */
function get_qq_info(WP_REST_Request $request) function get_qq_info(WP_REST_Request $request)
{ {
@ -337,8 +342,8 @@ EOS;
* @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/image/cover * @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/image/cover
*/ */
function cover_gallery() { function cover_gallery() {
global $wpdb; global $wpdb,$sakura_image_array;
$img_array = json_decode($wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"), true); $img_array = json_decode($sakura_image_array, true);
$img = array_rand($img_array); $img = array_rand($img_array);
$img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri(); $img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri();
if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) { if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) {
@ -358,8 +363,8 @@ function cover_gallery() {
* @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/image/feature * @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/image/feature
*/ */
function feature_gallery() { function feature_gallery() {
global $wpdb; global $wpdb,$sakura_image_array;
$img_array = json_decode($wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"), true); $img_array = json_decode($sakura_image_array, true);
$img = array_rand($img_array); $img = array_rand($img_array);
$img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri(); $img_domain = akina_option('cover_cdn') ? akina_option('cover_cdn') : get_template_directory_uri();
if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) { if(strpos($_SERVER['HTTP_ACCEPT'], 'image/webp')) {
@ -375,10 +380,10 @@ function feature_gallery() {
} }
/* /*
* update manifest.json rest api * update database rest api
* @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/image/json * @rest api接口路径https://sakura.2heng.xin/wp-json/sakura/v1/database/update
*/ */
function update_manifest_json() { function update_database() {
$username = $_SERVER['PHP_AUTH_USER']; $username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW']; $password = $_SERVER['PHP_AUTH_PW'];
$user = wp_authenticate($username, $password); $user = wp_authenticate($username, $password);
@ -386,24 +391,45 @@ function update_manifest_json() {
if (in_array('administrator', (array) $user->roles)) { if (in_array('administrator', (array) $user->roles)) {
global $wpdb; global $wpdb;
$sakura_table_name = $wpdb->base_prefix.'sakura'; $sakura_table_name = $wpdb->base_prefix.'sakura';
$manifest = array( if(isset($_FILES["manifest"])) {
"key" => "manifest_json", $manifest = array(
"value" => file_get_contents($_FILES["manifest"]["tmp_name"]) "key" => "manifest_json",
); "value" => file_get_contents($_FILES["manifest"]["tmp_name"])
$time = array( );
"key" => "json_time", $time = array(
"value" => date("Y-m-d H:i:s",time()) "key" => "json_time",
); "value" => date("Y-m-d H:i:s",time())
);
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='manifest_json'");
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='json_time'");
$wpdb->insert($sakura_table_name,$manifest);
$wpdb->insert($sakura_table_name,$time);
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='manifest_json'");
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='json_time'");
$wpdb->insert($sakura_table_name,$manifest);
$wpdb->insert($sakura_table_name,$time);
$message = "manifest.json has been stored into database.";
}
if(isset($_FILES["rsa"])){
if($_FILES["rsa"]["name"]=="public.key"){
$pubkey = array(
"mate_key" => "pubkey",
"mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
);
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'");
$wpdb->insert($sakura_table_name,$pubkey);
}
if($_FILES["rsa"]["name"]=="private.key"){
$privkey = array(
"mate_key" => "privkey",
"mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
);
$wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'");
$wpdb->insert($sakura_table_name,$privkey);
}
$message = "key pairs has been stored into database.";
}
$output = array( $output = array(
'status' => 200, 'status' => 200,
'success' => true, 'success' => true,
'message' => 'manifest.json has been stored into database' 'message' => $message
); );
$result = new WP_REST_Response($output, 200); $result = new WP_REST_Response($output, 200);
$result->set_headers(array('Content-Type' => 'application/json')); $result->set_headers(array('Content-Type' => 'application/json'));
@ -420,3 +446,19 @@ function update_manifest_json() {
return $result; return $result;
} }
} }
/**
* QQ头像链接解密
*/
function get_qq_avatar(){
global $sakura_privkey;
$qq_number=$_GET["qq"];
$encrypted = urldecode(base64_decode($qq_number));
openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey));
preg_match('/^\d{3,}$/', $qq_number, $matches);
$imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100';
$response = new WP_REST_Response();
$response->set_status(302);
$response->header('Location', $imgurl);
return $response;
}

View File

@ -10,6 +10,7 @@ import json
import requests import requests
import base64 import base64
import hashlib import hashlib
from Crypto.PublicKey import RSA
from PIL import Image from PIL import Image
class Single(object): class Single(object):
@ -43,45 +44,80 @@ class Single(object):
'webp': [self.webp, self.webp_th] 'webp': [self.webp, self.webp_th]
} }
#这个最好新建一个类 def main(self):
def upload_manifest(self): self.hash()
username = input('Enter your username: ') # if os.path.exists(self.jpeg) and os.path.exists(self.webp):
password = input('Enter your password: ') self.optimize()
url = input('Enter your rest api url: ') self.manifest()
data_string = username + ':' + password return self.mani
class Upload2Wordpress:
def __init__(self, username, password, url):
self.username = username
self.password = password
self.url = url
def upload(self, file, field):
data_string = self.username + ':' + self.password
token = base64.b64encode(data_string.encode()).decode('utf-8') token = base64.b64encode(data_string.encode()).decode('utf-8')
headers = { headers = {
'Authorization': 'Basic ' + token, 'Authorization': 'Basic ' + token,
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97" "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97"
} }
files = {'manifest': open('manifest.json', mode="rb")} files = {field: open(file, mode="rb")}
reply = requests.post(url, headers=headers, files=files) reply = requests.post(self.url, headers=headers, files=files)
print(json.loads(reply.content)['message']) print(json.loads(reply.content)['message'])
def main(self): def upload_manifest(self):
self.hash() print('start uploading `manifest.json`...')
# if os.path.exists(self.jpeg) and os.path.exists(self.webp): self.upload('manifest.json', 'manifest')
self.optimize()
self.thumbnail()
self.manifest()
return self.mani
def main(): def upload_key(self):
print('start uploading `private.key`...')
self.upload('private.key', 'rsa')
print('start uploading `public.key`...')
self.upload('public.key', 'rsa')
def main(self):
self.upload_manifest()
self.upload_key()
def gen_manifest_json():
onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))] onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))]
id = 1 id = 1
Manifest = {} Manifest = {}
for f in onlyfiles: for f in onlyfiles:
worker = Single(f, Manifest) worker = Single(f, Manifest)
Manifest = worker.main() Manifest = worker.main()
print(str(id) + '/' + str(len(onlyfiles))) print(str(id) + '/' + str(len(onlyfiles)))
id += 1 id += 1
with open('manifest.json', 'w+') as json_file: with open('manifest.json', 'w+') as json_file:
json.dump(Manifest, json_file) json.dump(Manifest, json_file)
up_json = Single(f, Manifest)
up_json.upload_manifest() def gen_key_pairs():
key = RSA.generate(1024)
pv_key_string = key.exportKey()
with open("private.key", "w+") as prv_file:
print("{}".format(pv_key_string.decode()), file=prv_file)
pb_key_string = key.publickey().exportKey()
with open("public.key", "w+") as pub_file:
print("{}".format(pb_key_string.decode()), file=pub_file)
def main():
gen_manifest_json()
if not os.path.exists("public.key") or not os.path.exists("private.key"):
print("start generating key pairs...")
gen_key_pairs()
username = input('Enter your username: ')
password = input('Enter your password: ')
url = input('Enter your rest api url: ')
upload = Upload2Wordpress(username, password, url)
upload.main()
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View File

@ -1135,6 +1135,13 @@ function optionsframework_options() {
'std' => '0', 'std' => '0',
'type' => 'checkbox'); 'type' => 'checkbox');
$options[] = array(
'name' => __('QQ avatar link encryption', 'sakura'),/*QQ头像链接加密*/
'desc' => __('Check to enable, do not display the user\'s qq avatar links directly.', 'sakura'),/*勾选开启不直接暴露用户qq头像链接*/
'id' => 'qq_avatar_link',
'std' => '0',
'type' => 'checkbox');
$options[] = array( $options[] = array(
'name' => __('Comment UA infomation', 'sakura'),/*评论UA信息*/ 'name' => __('Comment UA infomation', 'sakura'),/*评论UA信息*/
'desc' => __('Check to enable, display the user\'s browser, operating system information', 'sakura'),/*勾选开启,显示用户的浏览器,操作系统信息*/ 'desc' => __('Check to enable, display the user\'s browser, operating system information', 'sakura'),/*勾选开启,显示用户的浏览器,操作系统信息*/