feat(enterprise-site): add PbootCMS enterprise site publisher
Introduce a new enterprise-site publishing channel that lets tenants push articles to self-hosted PbootCMS sites alongside the existing media supply flow. Backend (server/internal/tenant): - enterprise_site_service: CRUD, ping, category sync, and article publish - enterprise_site_pbootcms: PbootCMS API client integration - enterprise_site_crypto: encrypt/decrypt stored site credentials - enterprise_site_handler + routes under /enterprise-sites - migrations for the enterprise site publisher tables - config: add SERVER_PUBLIC_BASE_URL (Server.PublicBaseURL) for callbacks - article/media services adjusted to support the publish flow Frontend (apps/admin-web): - PublishArticleModal & ArticlePublishStatus: enterprise-site publish UI - MediaView: manage enterprise sites and categories - api + shared-types: enterprise site endpoints and types - http-client: add PATCH method support Integrations: - pbootcms GeoPublisher controller plugin + install guide - docs/enterprise-site-publisher-v1.md design doc
This commit is contained in:
@@ -0,0 +1,78 @@
|
||||
package app
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const enterpriseSiteCredentialPrefix = "v1:"
|
||||
|
||||
func encryptEnterpriseSiteCredential(secret string, keyMaterial string) (string, error) {
|
||||
secret = strings.TrimSpace(secret)
|
||||
if secret == "" {
|
||||
return "", fmt.Errorf("enterprise site credential is empty")
|
||||
}
|
||||
key := enterpriseSiteCredentialKey(keyMaterial)
|
||||
block, err := aes.NewCipher(key[:])
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create enterprise site credential cipher: %w", err)
|
||||
}
|
||||
aead, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create enterprise site credential gcm: %w", err)
|
||||
}
|
||||
nonce := make([]byte, aead.NonceSize())
|
||||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
||||
return "", fmt.Errorf("generate enterprise site credential nonce: %w", err)
|
||||
}
|
||||
ciphertext := aead.Seal(nil, nonce, []byte(secret), nil)
|
||||
packed := append(nonce, ciphertext...)
|
||||
return enterpriseSiteCredentialPrefix + base64.StdEncoding.EncodeToString(packed), nil
|
||||
}
|
||||
|
||||
func decryptEnterpriseSiteCredential(ciphertext string, keyMaterial string) (string, error) {
|
||||
ciphertext = strings.TrimSpace(ciphertext)
|
||||
if ciphertext == "" {
|
||||
return "", fmt.Errorf("enterprise site credential ciphertext is empty")
|
||||
}
|
||||
if !strings.HasPrefix(ciphertext, enterpriseSiteCredentialPrefix) {
|
||||
return "", fmt.Errorf("unsupported enterprise site credential format")
|
||||
}
|
||||
raw, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(ciphertext, enterpriseSiteCredentialPrefix))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("decode enterprise site credential: %w", err)
|
||||
}
|
||||
key := enterpriseSiteCredentialKey(keyMaterial)
|
||||
block, err := aes.NewCipher(key[:])
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create enterprise site credential cipher: %w", err)
|
||||
}
|
||||
aead, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create enterprise site credential gcm: %w", err)
|
||||
}
|
||||
if len(raw) <= aead.NonceSize() {
|
||||
return "", fmt.Errorf("enterprise site credential payload is invalid")
|
||||
}
|
||||
nonce := raw[:aead.NonceSize()]
|
||||
encrypted := raw[aead.NonceSize():]
|
||||
plaintext, err := aead.Open(nil, nonce, encrypted, nil)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("decrypt enterprise site credential: %w", err)
|
||||
}
|
||||
return string(plaintext), nil
|
||||
}
|
||||
|
||||
func enterpriseSiteCredentialKey(keyMaterial string) [32]byte {
|
||||
trimmed := strings.TrimSpace(keyMaterial)
|
||||
if trimmed == "" {
|
||||
trimmed = "geo-rankly-enterprise-site-development-key"
|
||||
}
|
||||
return sha256.Sum256([]byte("enterprise-site-credential:" + trimmed))
|
||||
}
|
||||
Reference in New Issue
Block a user