[feat] use fingerprint-based verification for both default and self-hosted servers

2026-03-26 03:07:30 +08:00 · 2025-12-10 03:46:03 +08:00
parent 8f8e415262
commit b2654ea9db
3 changed files with 84 additions and 4 deletions
--- a/src/config_center/config_center.cpp
+++ b/src/config_center/config_center.cpp
@@ -93,6 +93,24 @@ int ConfigCenter::Load() {
    cert_fingerprint_server_host_ = "";
  }

+  const char* default_cert_fingerprint_value =
+      ini_.GetValue(section_, "default_cert_fingerprint", nullptr);
+  if (default_cert_fingerprint_value != nullptr &&
+      strlen(default_cert_fingerprint_value) > 0) {
+    default_cert_fingerprint_ = default_cert_fingerprint_value;
+  } else {
+    default_cert_fingerprint_ = "";
+  }
+  const char* default_cert_fingerprint_server_host_value =
+      ini_.GetValue(section_, "default_cert_fingerprint_server_host", nullptr);
+  if (default_cert_fingerprint_server_host_value != nullptr &&
+      strlen(default_cert_fingerprint_server_host_value) > 0) {
+    default_cert_fingerprint_server_host_ =
+        default_cert_fingerprint_server_host_value;
+  } else {
+    default_cert_fingerprint_server_host_ = "";
+  }
+
  if (enable_self_hosted_ && !cert_fingerprint_.empty() &&
      !cert_fingerprint_server_host_.empty() &&
      signal_server_host_ != cert_fingerprint_server_host_) {
@@ -105,6 +123,19 @@ int ConfigCenter::Load() {
    ini_.SaveFile(config_path_.c_str());
  }

+  if (!enable_self_hosted_ && !default_cert_fingerprint_.empty() &&
+      !default_cert_fingerprint_server_host_.empty() &&
+      signal_server_host_default_ != default_cert_fingerprint_server_host_) {
+    LOG_INFO(
+        "Default server IP changed from {} to {}, clearing old fingerprint",
+        default_cert_fingerprint_server_host_, signal_server_host_default_);
+    default_cert_fingerprint_.clear();
+    default_cert_fingerprint_server_host_.clear();
+    ini_.Delete(section_, "default_cert_fingerprint", false);
+    ini_.Delete(section_, "default_cert_fingerprint_server_host", false);
+    ini_.SaveFile(config_path_.c_str());
+  }
+
  enable_autostart_ =
      ini_.GetBoolValue(section_, "enable_autostart", enable_autostart_);
  enable_daemon_ = ini_.GetBoolValue(section_, "enable_daemon", enable_daemon_);
@@ -142,6 +173,13 @@ int ConfigCenter::Save() {
    }
  }

+  if (!default_cert_fingerprint_.empty()) {
+    ini_.SetValue(section_, "default_cert_fingerprint",
+                  default_cert_fingerprint_.c_str());
+    ini_.SetValue(section_, "default_cert_fingerprint_server_host",
+                  default_cert_fingerprint_server_host_.c_str());
+  }
+
  ini_.SetBoolValue(section_, "enable_autostart", enable_autostart_);
  ini_.SetBoolValue(section_, "enable_daemon", enable_daemon_);
  ini_.SetBoolValue(section_, "enable_minimize_to_tray",
@@ -284,7 +322,6 @@ int ConfigCenter::SetCertFilePath(const std::string& cert_file_path) {

 int ConfigCenter::SetCertFingerprint(const std::string& fingerprint) {
  cert_fingerprint_ = fingerprint;
-  // 保存指纹时，同时保存当前的服务器IP
  cert_fingerprint_server_host_ = signal_server_host_;
  ini_.SetValue(section_, "cert_fingerprint", cert_fingerprint_.c_str());
  ini_.SetValue(section_, "cert_fingerprint_server_host",
@@ -296,6 +333,20 @@ int ConfigCenter::SetCertFingerprint(const std::string& fingerprint) {
  return 0;
 }

+int ConfigCenter::SetDefaultCertFingerprint(const std::string& fingerprint) {
+  default_cert_fingerprint_ = fingerprint;
+  default_cert_fingerprint_server_host_ = signal_server_host_default_;
+  ini_.SetValue(section_, "default_cert_fingerprint",
+                default_cert_fingerprint_.c_str());
+  ini_.SetValue(section_, "default_cert_fingerprint_server_host",
+                default_cert_fingerprint_server_host_.c_str());
+  SI_Error rc = ini_.SaveFile(config_path_.c_str());
+  if (rc < 0) {
+    return -1;
+  }
+  return 0;
+}
+
 int ConfigCenter::ClearCertFingerprint() {
  cert_fingerprint_.clear();
  cert_fingerprint_server_host_.clear();
@@ -308,6 +359,18 @@ int ConfigCenter::ClearCertFingerprint() {
  return 0;
 }

+int ConfigCenter::ClearDefaultCertFingerprint() {
+  default_cert_fingerprint_.clear();
+  default_cert_fingerprint_server_host_.clear();
+  ini_.Delete(section_, "default_cert_fingerprint", false);
+  ini_.Delete(section_, "default_cert_fingerprint_server_host", false);
+  SI_Error rc = ini_.SaveFile(config_path_.c_str());
+  if (rc < 0) {
+    return -1;
+  }
+  return 0;
+}
+
 int ConfigCenter::SetSelfHosted(bool enable_self_hosted) {
  enable_self_hosted_ = enable_self_hosted;
  ini_.SetBoolValue(section_, "enable_self_hosted", enable_self_hosted_);
@@ -466,6 +529,10 @@ std::string ConfigCenter::GetCertFingerprint() const {
  return cert_fingerprint_;
 }

+std::string ConfigCenter::GetDefaultCertFingerprint() const {
+  return default_cert_fingerprint_;
+}
+
 std::string ConfigCenter::GetDefaultServerHost() const {
  return signal_server_host_default_;
 }