.

2025-06-13 22:18:58 +08:00 · 2025-06-13 22:18:58 +08:00 · 0d75f1c58c
parent 7adc7499ff
commit 0d75f1c58c
2 changed files with 29 additions and 18 deletions
--- a/license/crypto.go
+++ b/license/crypto.go
@ -1,14 +1,15 @@
 package license

 import (
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
-	"math/big"
 )

 var (
@ -30,15 +31,14 @@ func SignPayload(payload []byte) (string, error) {
 	return base64.StdEncoding.EncodeToString(sig), nil
 }

-func VerifySignature(pubKey *ecdsa.PublicKey, payload []byte, signature string) bool {
-	sigBytes, _ := base64.StdEncoding.DecodeString(signature)
-	r := big.Int{}
-	s := big.Int{}
-	r.SetBytes(sigBytes[:len(sigBytes)/2])
-	s.SetBytes(sigBytes[len(sigBytes)/2:])
-
-	hash := sha256.Sum256(payload)
-	return ecdsa.Verify(pubKey, hash[:], &r, &s)
+func VerifySignature(pub *rsa.PublicKey, message []byte, signatureBase64 string) bool {
+	signature, err := base64.StdEncoding.DecodeString(signatureBase64)
+	if err != nil {
+		return false
+	}
+	hashed := sha256.Sum256(message)
+	err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, hashed[:], signature)
+	return err == nil
 }

 func ExportPublicKeyPEM() string {
--- a/license/service.go
+++ b/license/service.go
@ -62,17 +62,28 @@ func ValidateLicenseHandler(db storage.Database) fiber.Handler {
 			return fiber.ErrBadRequest
 		}

-		payloadBytes, _ := base64.StdEncoding.DecodeString(lf.Payload)
-		var req LicenseRequest
-		json.Unmarshal(payloadBytes, &req)
-
-		if !VerifySignature(&privateKey.PublicKey, payloadBytes, lf.Signature) {
-			return fiber.NewError(401, "Invalid license signature")
+		payloadBytes, err := base64.StdEncoding.DecodeString(lf.Payload)
+		if err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, "Invalid payload encoding")
 		}

-		expiry, _ := time.Parse("2006-01-02", req.Expiry)
+		// 先验证签名是否真的是对 payloadBytes 签的
+		if !VerifySignature(&privateKey.PublicKey, payloadBytes, lf.Signature) {
+			return fiber.NewError(fiber.StatusUnauthorized, "Invalid license signature")
+		}
+
+		// 验证通过后再解析 payload 内容
+		var req LicenseRequest
+		if err := json.Unmarshal(payloadBytes, &req); err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, "Malformed payload")
+		}
+
+		expiry, err := time.Parse("2006-01-02", req.Expiry)
+		if err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, "Invalid expiry date")
+		}
 		if time.Now().After(expiry) {
-			return fiber.NewError(403, "License expired")
+			return fiber.NewError(fiber.StatusForbidden, "License expired")
 		}

 		return c.JSON(fiber.Map{"valid": true, "features": req.Features})