Skip to content

Commit

Permalink
[fix] fix copy not encrypt password bug
Browse files Browse the repository at this point in the history
  • Loading branch information
jiashu1024 committed Nov 21, 2023
1 parent 222c540 commit fa7234f
Show file tree
Hide file tree
Showing 14 changed files with 175 additions and 17 deletions.
Binary file added .DS_Store
Binary file not shown.
82 changes: 71 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,27 +1,87 @@
# Alfred-sshutil
# Alfred-SSH-Util

1. 唤出搜索框,输入ssh
[中文文档](./README_CN.md) | README in English

![image-20230512092929388](https://tc.mustache.top/picGo/202305120929435.png)
---

2. 回车

![image-20230512093149832](https://tc.mustache.top/picGo/202305120931853.png)

​ 通过mysql配置服务器的账号密码等信息,python脚本获取数据库信息,通过shell脚本使用expect连接服务器.
An alfred workflow for one-click connections to servers

## 环境要求
![view](./assets/view.mp4)

![image-20231121170634065](./assets/image-20231121170634065.png)

Execute python scripts to read the server configuration information in the mysql database by triggering actions, and connect to the server with one click through the expect shell

## Function

- One-click connection to the server

- Copy the ip address of the server to the clipboard
- Copy the server password to the clipboard

* The database password supports AES encryption and can be decrypted locally by setting AES key alfred environment variable to ensure data security from the client to the MYSQL server

## Environment

* Python3

```shell
pip3 install pymysql
# for connect mysql
pip3 install pycryptodome
# for AES encrypt and decrypt
```

环境变量配置
## How to use

Download the latest version of the installation package from realeases, drag it to alfred's workflow, and set the environment variables

![image-20231121182433445](./assets/image-20231121182433445.png)

![image-20231121182852543](./assets/image-20231121182852543.png)

The configuration items are as follows:

1. AES encryption key
2. Name of the MYSQL database
3. Address of the database server
4. Password for connecting to the database
5. Database port
6. Username for connecting to the database



The common.sql under this warehouse can be imported into the database you created, and the server information can be filled in according to the fields

Type ssh to get the list of servers by calling up the alfred input box

Select the corresponding server press enter to connect to the server

Select the corresponding server command and press Enter to copy the server ip address to the clipboard

Select the corresponding server option + Press Enter to copy the server password to the clipboard

### Encryption needs

If encryption is not enabled, the encrypt field in the database defaults to 0

If encryption is enabled, encry keyword trigger is also set in this workflow. All passwords in the database are encrypted according to the AES environment variable configuration configured by alfred as the encryption key

**Encryption method**

The ECB mode of AES is used for encryption, because AES requires the number of bytes of plaintext and key to be a multiple of 16, so the data needs to be filled. Because there are various algorithms for filling, it is recommended to directly use workflow to encrypt the data in the database. Alternatively, manually encrypt the store via encryptUtil.py under the repository.

This workflow uses the pkcs7 filling algorithm to fill plaintext or keys that do not meet the 16 multiples

---



**If you encounter any problem, start alfred debug mode to troubleshoot it yourself. If you can't solve it, take a screenshot and issue privacy code**

![image-20231121190259545](./assets/image-20231121190259545.png)

<img src="https://tc.mustache.top/picGo/202305120912772.png" alt="image-20230512091231754" style="zoom: 25%;" />

<img src="https://tc.mustache.top/picGo/202305120913255.png" alt="image-20230512091353233" style="zoom:25%;" />

在自己的数据库中执行建表脚本。
89 changes: 89 additions & 0 deletions README_CN.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Alfred-SSH-Util

中文文档 | [README in English](./README.md)

---



一个用于一键连接服务器的alfred workflow

![view](./assets/view.mp4)

![image-20231121170634065](./assets/image-20231121170634065.png)

通过触发动作执行 python 脚本读取 mysql 数据库中的服务器配置信息,通过 expect shell 一键连接服务器

## 功能

- 一键连接服务器

- 复制服务器 ip 到剪切板
- 复制服务器密码到剪切板

* 数据库密码支持 AES 加密,本地通过设置 AES 密钥alfred环境变量解密,保证用户端到 MYSQL 服务器数据安全

## 环境要求

* Python3

```shell
pip3 install pymysql
# 用于连接 mysql
pip3 install pycryptodome
# 用于 AES 加解密
```

## 使用教程

从 realeases里下载最新版本安装包拖动到 alfred 的 workflow,设置环境变量

![image-20231121182433445](./assets/image-20231121182433445.png)

![image-20231121182852543](./assets/image-20231121182852543.png)

配置项按顺序分别为:

1. AES 加密密钥
2. MYSQL数据库名称
3. 数据库服务器地址
4. 数据库连接密码
5. 数据库端口
6. 数据库连接用户名

---



将本仓库下的 common.sql通过导入你创建的数据库,按字段填写服务器信息即可

通过唤出 alfred 输入框,输入 ssh 获取服务器列表信息

选择对应的服务器回车即可连接服务器

选择对应的服务器command + 回车复制服务器 ip 到剪切板

选择对应的服务器option + 回车,复制服务器密码到剪切板

### 加密需知

如果不启用加密,数据库中 encrypt 字段默认 0 即可

如果启用加密,本 workflow 也设置了 encry 关键词触发一键将数据库所有密码按照alfred 配置的 AES环境变量配置作为加密密钥进行加密

**加密方式**

使用 AES 的ECB模式进行加密,因为 AES 需要让明文和密钥的字节数为 16 的倍数,所以需要对数据进行填充,由于填充有多种算法,建议直接使用 workflow 的方式对数据库中数据加密,或者通过仓库下的encryptUtil.py手动加密存储。

该 workflow 通过 pkcs7 填充算法对不满足 16 倍数的明文或者密钥进行填充

---



**遇到任何问题,先开启 alfred debug 模式自己排查,解决不了,截图,隐私打码发 issue**

![image-20231121190259545](./assets/image-20231121190259545.png)



Binary file added assets/.DS_Store
Binary file not shown.
Binary file added assets/image-20231121170634065.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/image-20231121182433445.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/image-20231121182852543.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/image-20231121190259545.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/view.mp4
Binary file not shown.
6 changes: 5 additions & 1 deletion decrypt.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
## 复制密码时进行解密
import sys
import os
from encryptUtil import decrypt_aes

password = sys.argv[1]
password = decrypt_aes(password, os.environ['AES'])
if password.startswith('*&*'):
password = password[3:]
password = decrypt_aes(password, os.environ['AES'])

sys.stdout.write(password)
1 change: 1 addition & 0 deletions encryptMysql.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# 用于对数据库所有密码进行加密
import pymysql
import os
from Crypto.Cipher import AES
Expand Down
1 change: 1 addition & 0 deletions encryptUtil.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# AES加密工具
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad

Expand Down
12 changes: 7 additions & 5 deletions getServerList.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
# 用于获取服务器列表
import sys
import json
import pymysql
import os



def main():
host = os.environ['host']
port = os.environ['port']
Expand Down Expand Up @@ -48,14 +47,17 @@ def main():
'type': 'fileicon',
}
mods = {}
if encrypt == 1:
copyPassword = '*&*' + password

mods['alt'] = {
'valid': 'true',
'subtitle': '按下回车键,将密码复制到剪切板',
'arg': password,
'subtitle': 'press enter to copy password',
'arg': copyPassword,
}
mods['cmd'] = {
'valid': 'true',
'subtitle': '按下回车键,将ip复制到剪切板',
'subtitle': 'press enter to copy server ip',
'arg': ip,
}
item['mods'] = mods
Expand Down
1 change: 1 addition & 0 deletions shell.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# 用于生成 expect 脚本
import sys
import json
import os
Expand Down

0 comments on commit fa7234f

Please sign in to comment.