Add windows server mode start process verify

2025-04-27 01:08:29 +08:00
11 changed files with 97 additions and 42 deletions
--- a/lib/common/constant.dart
+++ b/lib/common/constant.dart
@@ -16,7 +16,6 @@ const browserUa =
 const packageName = "com.follow.clash";
 final unixSocketPath = "/tmp/FlClashSocket_${Random().nextInt(10000)}.sock";
 const helperPort = 47890;
-const helperTag = "2024125";
 const maxTextScale = 1.4;
 const minTextScale = 0.8;
 final baseInfoEdgeInsets = EdgeInsets.symmetric(
--- a/lib/common/request.dart
+++ b/lib/common/request.dart
@@ -130,7 +130,7 @@ class Request {
      if (response.statusCode != HttpStatus.ok) {
        return false;
      }
-      return (response.data as String) == helperTag;
+      return (response.data as String) == globalState.helperToken;
    } catch (_) {
      return false;
    }
--- a/lib/main.dart
+++ b/lib/main.dart
@@ -27,6 +27,7 @@ Future<void> main() async {
  await android?.init();
  await window?.init(version);
  globalState.isPre = const String.fromEnvironment("APP_ENV") != 'stable';
+  globalState.helperToken = const String.fromEnvironment("HELPER_TOKEN");
  HttpOverrides.global = FlClashHttpOverrides();
  runApp(ProviderScope(
    child: const Application(),
--- a/lib/state.dart
+++ b/lib/state.dart
@@ -30,6 +30,7 @@ class GlobalState {
  late Config config;
  late AppState appState;
  bool isPre = true;
+  String? helperToken;
  late PackageInfo packageInfo;
  Function? updateCurrentDelayDebounce;
  late Measure measure;
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -279,7 +279,7 @@ packages:
    source: hosted
    version: "0.3.4+2"
  crypto:
-    dependency: transitive
+    dependency: "direct dev"
    description:
      name: crypto
      sha256: "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855"
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -66,6 +66,7 @@ dev_dependencies:
  riverpod_generator: ^2.6.3
  custom_lint: ^0.7.0
  riverpod_lint: ^2.6.3
+  crypto: ^3.0.3

 flutter:
  uses-material-design: true
--- a/services/helper/Cargo.lock
+++ b/services/helper/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4

 [[package]]
 name = "addr2line"
@@ -284,6 +284,7 @@ dependencies = [
 "anyhow",
 "once_cell",
 "serde",
+ "sha2",
 "tokio",
 "warp",
 "windows-service",
@@ -822,6 +823,17 @@ dependencies = [
 "digest",
 ]

+[[package]]
+name = "sha2"
+version = "0.10.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.2"
--- a/services/helper/Cargo.toml
+++ b/services/helper/Cargo.toml
@@ -14,10 +14,11 @@ anyhow = "1.0.93"
 warp = "0.3.7"
 serde = { version = "1.0.215", features = ["derive"] }
 once_cell = "1.20.2"
+sha2 = "0.10.8"


 [profile.release]
 panic = "abort"
 codegen-units = 1
 lto = true
-opt-level = "s"
+opt-level = "s"
--- a/services/helper/build.rs
+++ b/services/helper/build.rs
@@ -0,0 +1,4 @@
+fn main() {
+    let version = std::env::var("TOKEN").unwrap_or_default();
+    println!("cargo:rustc-env=TOKEN={}", version);
+}
--- a/services/helper/src/service/hub.rs
+++ b/services/helper/src/service/hub.rs
@@ -1,11 +1,13 @@
+use once_cell::sync::Lazy;
+use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256};
 use std::collections::VecDeque;
-use std::{io, thread};
-use std::io::BufRead;
+use std::fs::File;
+use std::io::{BufRead, Error, Read};
 use std::process::{Command, Stdio};
 use std::sync::{Arc, Mutex};
+use std::{io, thread};
 use warp::{Filter, Reply};
-use serde::{Deserialize, Serialize};
-use once_cell::sync::Lazy;

 const LISTEN_PORT: u16 = 47890;

@@ -15,10 +17,31 @@ pub struct StartParams {
    pub arg: String,
 }

-static LOGS: Lazy<Arc<Mutex<VecDeque<String>>>> = Lazy::new(|| Arc::new(Mutex::new(VecDeque::with_capacity(100))));
-static PROCESS: Lazy<Arc<Mutex<Option<std::process::Child>>>> = Lazy::new(|| Arc::new(Mutex::new(None)));
+fn sha256_file(path: &str) -> Result<String, Error> {
+    let mut file = File::open(path)?;
+    let mut hasher = Sha256::new();
+    let mut buffer = [0; 4096];
+
+    loop {
+        let bytes_read = file.read(&mut buffer)?;
+        if bytes_read == 0 {
+            break;
+        }
+        hasher.update(&buffer[..bytes_read]);
+    }
+
+    Ok(format!("{:x}", hasher.finalize()))
+}
+
+static LOGS: Lazy<Arc<Mutex<VecDeque<String>>>> =
+    Lazy::new(|| Arc::new(Mutex::new(VecDeque::with_capacity(100))));
+static PROCESS: Lazy<Arc<Mutex<Option<std::process::Child>>>> =
+    Lazy::new(|| Arc::new(Mutex::new(None)));

 fn start(start_params: StartParams) -> impl Reply {
+    if sha256_file(start_params.path.as_str()).unwrap_or("".to_string()) != env!("TOKEN") {
+        return "Only FlClashCore is allowed to run.".to_string();
+    }
    stop();
    let mut process = PROCESS.lock().unwrap();
    match Command::new(&start_params.path)
@@ -73,38 +96,29 @@ fn log_message(message: String) {

 fn get_logs() -> impl Reply {
    let log_buffer = LOGS.lock().unwrap();
-    let value = log_buffer.iter().cloned().collect::<Vec<String>>().join("\n");
+    let value = log_buffer
+        .iter()
+        .cloned()
+        .collect::<Vec<String>>()
+        .join("\n");
    warp::reply::with_header(value, "Content-Type", "text/plain")
 }

 pub async fn run_service() -> anyhow::Result<()> {
-    let api_ping = warp::get()
-        .and(warp::path("ping"))
-        .map(|| "2024125");
+    let api_ping = warp::get().and(warp::path("ping")).map(|| env!("TOKEN"));

    let api_start = warp::post()
        .and(warp::path("start"))
        .and(warp::body::json())
-        .map(|start_params: StartParams| {
-            start(start_params)
-        });
+        .map(|start_params: StartParams| start(start_params));

-    let api_stop = warp::post()
-        .and(warp::path("stop"))
-        .map(|| stop());
+    let api_stop = warp::post().and(warp::path("stop")).map(|| stop());

-    let api_logs = warp::get()
-        .and(warp::path("logs"))
-        .map(|| get_logs());
+    let api_logs = warp::get().and(warp::path("logs")).map(|| get_logs());

-    warp::serve(
-        api_ping
-            .or(api_start)
-            .or(api_stop)
-            .or(api_logs)
-    )
+    warp::serve(api_ping.or(api_start).or(api_stop).or(api_logs))
        .run(([127, 0, 0, 1], LISTEN_PORT))
        .await;

    Ok(())
-}
+}
--- a/setup.dart
+++ b/setup.dart
@@ -5,6 +5,7 @@ import 'dart:io';

 import 'package:args/command_runner.dart';
 import 'package:path/path.dart';
+import 'package:crypto/crypto.dart';

 enum Target {
  windows,
@@ -195,7 +196,16 @@ class Build {
    if (exitCode != 0 && name != null) throw "$name error";
  }

-  static buildCore({
+  static Future<String?> calcSha256(String filePath) async {
+    final file = File(filePath);
+    if (!await file.exists()) {
+      return null;
+    }
+    final stream = file.openRead();
+    return sha256.convert(await stream.reduce((a, b) => a + b)).toString();
+  }
+
+  static Future<List<String>> buildCore({
    required Mode mode,
    required Target target,
    Arch? arch,
@@ -209,6 +219,8 @@ class Build {
      },
    ).toList();

+    final List<String> corePaths = [];
+
    for (final item in items) {
      final outFileDir = join(
        outDir,
@@ -228,6 +240,7 @@ class Build {
        outFileDir,
        fileName,
      );
+      corePaths.add(outPath);

      final Map<String, String> env = {};
      env["GOOS"] = item.target.os;
@@ -258,9 +271,11 @@ class Build {
        workingDirectory: _coreDir,
      );
    }
+
+    return corePaths;
  }

-  static buildHelper(Target target) async {
+  static buildHelper(Target target, String token) async {
    await exec(
      [
        "cargo",
@@ -269,6 +284,9 @@ class Build {
        "--features",
        "windows-service",
      ],
+      environment: {
+        "TOKEN": token,
+      },
      name: "build helper",
      workingDirectory: _servicesDir,
    );
@@ -278,13 +296,15 @@ class Build {
      "release",
      "helper${target.executableExtensionName}",
    );
-    final targetPath = join(outDir, target.name,
-        "FlClashHelperService${target.executableExtensionName}");
+    final targetPath = join(
+      outDir,
+      target.name,
+      "FlClashHelperService${target.executableExtensionName}",
+    );
    await File(outPath).copy(targetPath);
  }

  static List<String> getExecutable(String command) {
-    print(command);
    return command.split(" ");
  }

@@ -466,26 +486,28 @@ class BuildCommand extends Command {
      throw "Invalid arch parameter";
    }

-    await Build.buildCore(
+    final corePaths = await Build.buildCore(
      target: target,
      arch: arch,
      mode: mode,
    );

-    if (target == Target.windows) {
-      await Build.buildHelper(target);
-    }
-
    if (out != "app") {
      return;
    }

    switch (target) {
      case Target.windows:
+        final token = await Build.calcSha256(corePaths.first);
+        if (token == null) {
+          throw "Core not exists";
+        }
+        Build.buildHelper(target, token);
        _buildDistributor(
          target: target,
          targets: "exe,zip",
-          args: " --description $archName",
+          args:
+              " --description $archName --build-dart-define=HELPER_TOKEN=$token",
          env: env,
        );
        return;