添加加密支持

Author: Coloryr

README.md

@@ -1,26 +1,25 @@
 # [ColoryrWork](https://github.com/Coloryr/ColoryrWork) 
 ![ico](./ColoryrWork.png)  
 
-2.0.0版本正在进行中  
-
-一个多功能服务器/应用框架  
+**2.0.0版本制作正在进行中**  
 
 ## ColoryrServer  
-在线动态编译.多功能.服务器框架  
+在线动态编译.多功能.应用服务器框架  
 **服务器框架内不包含任何业务代码，需要用户自行编写**
 
 ![截图](./doc/pic/work.png)
 
 - 这是一个中型服务器
-- 支持Linux和Windows下运行
-- 可以对接Mysql\Redis\MsSql\Oracle数据库
-- 自带Http\WebSocket\Socket\Mqtt支持
-- 可以添加Ssl证书
-- 可以对接[ColorMirai](https://github.com/Coloryr/ColorMirai) QQ机器人
+- 支持`Linux`下运行
+- 可以对接`Mysql\Redis\MsSql\Oracle\Sqlite`数据库
+- 自带`Http\WebSocket\Socket\Mqtt\Netty`支持
+- 可以添加`Ssl证书`
+- 可以对接[ColorMirai](https://github.com/Coloryr/ColorMirai)QQ机器人
 - 占用内存极少
 - 可以配置端口反向代理和域名反向代理
 - 业务代码修改无需重启
-- 可以自己添加DLL库，并在端口文件中调用
+- 可以自己添加DLL库，并在代码文件中调用
+- 自带`Vue项目`编译与上线
 
 [理论性能测试](./doc/test.md)
 
@@ -29,9 +28,6 @@
 [目录结构与文件信息](./doc/config.md)
 
 [业务代码编写](./doc/code.md)
-```
-注：net6正在生产环境测试中，目前暂未发现问题
-```
 
 ## ColoryrApp(在计划中)  
 动态加载App

doc/config.md

@@ -21,13 +21,13 @@
       "Heads": {}
     }
   },
-  //是否启用SSL
-  "Ssl": false,
-  //SSL配置
+  //是否启用Http的SSL
+  "UseSsl": false,
+  //Http的SSL配置
   "Ssls": {
     "default": {
-      "SslLocal": "./test.sfx",
-      "SslPassword": "123456"
+      "Ssl": "./test.sfx",
+      "Password": "123456"
     }
   },
   //域名转发设置
@@ -48,8 +48,13 @@
   },
   //WebSocket服务器地址
   "WebSocket": {
-    "IP": "0.0.0.0",
-    "Port": 25557
+    "UseSsl": false,
+    "Ssl": "",
+    "Password": "",
+    "Socket": {
+      "IP": "0.0.0.0",
+      "Port": 25557
+    }
   },
   //机器人链接地址
   "Robot": {
@@ -159,6 +164,13 @@
 }
 ```
 
+## 加密证书配置
+
+修改`Ssl`为证书位置  
+修改`Password`为证书密码  
+修改`UseSsl`为true，重启服务器  
+加密版本为`Tls1.3`，需要你的证书支持才行
+
 ## 登录数据库
 
 管理员数据，登录信息储存在`ColoryrServer\Login.db`中
@@ -200,3 +212,4 @@
 - `FileRam`内存数据库固化
 - `Libs`额外CLR库，可以用于Dll调用，只能在关闭服务器期间更换
 - `Notes`导出的说明信息
+

src/ColoryrServer/ASP/ASPConfig.cs

@@ -5,10 +5,10 @@
 
 namespace ColoryrServer.ASP
 {
-    internal record Ssl
+    internal record SslObj
     {
-        public string SslLocal { get; set; }
-        public string SslPassword { get; set; }
+        public string Ssl { get; set; }
+        public string Password { get; set; }
     }
     internal record ASPConfig : MainConfig
     {
@@ -17,8 +17,8 @@ internal record ASPConfig : MainConfig
         /// </summary>
         public List<SocketConfig> Http { get; set; }
         public Dictionary<string, RouteConfigObj> Routes { get; set; }
-        public bool Ssl { get; set; }
-        public Dictionary<string, Ssl> Ssls { get; set; }
+        public bool UseSsl { get; set; }
+        public Dictionary<string, SslObj> Ssls { get; set; }
         public Dictionary<string, RouteConfigObj> UrlRoutes { get; set; }
         public bool RouteEnable { get; set; }
         public bool NoInput { get; set; }
@@ -53,15 +53,15 @@ public override void Start()
                     }
                 },
                 RouteEnable = false,
-                Ssl = false,
+                UseSsl = false,
                 Ssls = new()
                 {
                     {
                         "default",
                         new()
                         {
-                            SslLocal = "./test.sfx",
-                            SslPassword = "123456"
+                            Ssl = "./test.sfx",
+                            Password = "123456"
                         }
                     }
                 },
@@ -92,8 +92,14 @@ public override void Start()
                 },
                 WebSocket = new()
                 {
-                    IP = "0.0.0.0",
-                    Port = 25557
+                    Ssl = "",
+                    Password = "",
+                    UseSsl = false,
+                    Socket = new() 
+                    {
+                        IP = "0.0.0.0",
+                        Port = 25557
+                    }
                 },
                 Robot = new()
                 {

src/ColoryrServer/ASP/Program.cs

@@ -44,7 +44,7 @@ public static void Main()
             var builder = WebApplication.CreateBuilder();
             builder.Logging.ClearProviders();
             builder.Logging.AddProvider(new ColoryrLoggerProvider());
-            if (Config.Ssl)
+            if (Config.UseSsl)
             {
                 builder.Services.AddCertificateForwarding(options =>
                 {
@@ -54,8 +54,7 @@ public static void Main()
                         if (!string.IsNullOrWhiteSpace(headerValue))
                         {
                             byte[] bytes = StringToByteArray(headerValue);
-                            var clientCertificate = new X509Certificate2(bytes);
-                            return clientCertificate;
+                            return new X509Certificate2(bytes);
                         }
                         return null;
                     };
@@ -66,11 +65,11 @@ public static void Main()
                               i.ServerCertificateSelector = ASPServer.Ssl));
                 foreach (var item in Config.Ssls)
                 {
-                    if (File.Exists(item.Value.SslLocal))
+                    if (File.Exists(item.Value.Ssl))
                     {
                         try
                         {
-                            var ssl = new X509Certificate2(item.Value.SslLocal, item.Value.SslPassword);
+                            var ssl = new X509Certificate2(item.Value.Ssl, item.Value.Password);
                             if (item.Key == "default")
                                 DefaultSsl = ssl;
                             else
@@ -83,15 +82,15 @@ public static void Main()
                     }
                     else
                     {
-                        ServerMain.LogError($"SSL证书找不到:{item.Value.SslLocal}");
+                        ServerMain.LogError($"SSL证书找不到:{item.Value.Ssl}");
                     }
                 }
             }
             string[] urls = new string[Config.Http.Count];
             for (int a = 0; a < Config.Http.Count; a++)
             {
                 var item = Config.Http[a];
-                urls[a] = $"{(Config.Ssl ? https : http)}://{item.IP}:{item.Port}/";
+                urls[a] = $"{(Config.UseSsl ? https : http)}://{item.IP}:{item.Port}/";
                 ServerMain.LogOut($"Http服务器监听{item.IP}:{item.Port}");
             }
 

src/ColoryrServer/Core/FileSystem/ConfigUtil.cs

@@ -12,7 +12,7 @@ public abstract record MainConfig
     /// <summary>
     /// WebSocket配置
     /// </summary>
-    public SocketConfig WebSocket { get; set; }
+    public SslConfigObj WebSocket { get; set; }
     /// <summary>
     /// Reboot配置
     /// </summary>
@@ -40,7 +40,7 @@ public abstract record MainConfig
     /// <summary>
     /// MQTT配置
     /// </summary>
-    public MqttConfigObj MqttConfig { get; set; }
+    public SslConfigObj MqttConfig { get; set; }
     /// <summary>
     /// 任务配置
     /// </summary>
@@ -63,7 +63,7 @@ public abstract record MainConfig
     public CodeConfigObj CodeSetting { get; set; }
 }
 
-public record MqttConfigObj
+public record SslConfigObj
 {
     /// <summary>
     /// 使用SSL证书

src/ColoryrServer/Core/Http/PostBuild/PostServerConfig.cs

@@ -63,7 +63,7 @@ public static SocketObj GetSocketConfig()
         {
             Socket = ServerMain.Config.Socket,
             Mqtt = ServerMain.Config.MqttConfig.Socket,
-            WebSocket = ServerMain.Config.WebSocket
+            WebSocket = ServerMain.Config.WebSocket.Socket
         };
     }
     public static ReMessage WebSetSocket(BuildOBJ json)
@@ -110,8 +110,8 @@ public static ReMessage WebSetSocket(BuildOBJ json)
         }
         else if (json.Text is "WebSocket")
         {
-            ServerMain.Config.WebSocket.IP = ip;
-            ServerMain.Config.WebSocket.Port = port;
+            ServerMain.Config.WebSocket.Socket.IP = ip;
+            ServerMain.Config.WebSocket.Socket.Port = port;
             ServerMain.ConfigUtil.Save();
             return new()
             {

src/ColoryrServer/Core/PortServer/PortMqttServer.cs

@@ -5,6 +5,7 @@
 using MQTTnet.Server;
 using System.Net;
 using System.Security.Authentication;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
@@ -22,10 +23,18 @@ public static async void Start()
             .WithDefaultEndpointPort(ServerMain.Config.MqttConfig.Socket.Port);
         if (ServerMain.Config.MqttConfig.UseSsl)
         {
-            optionsBuilder = optionsBuilder.WithEncryptionSslProtocol(SslProtocols.Tls13)
-                .WithEncryptionCertificate(
-                new X509Certificate2(ServerMain.Config.MqttConfig.Ssl,
-                        ServerMain.Config.MqttConfig.Password));
+            try
+            {
+                optionsBuilder = optionsBuilder.WithEncryptionSslProtocol(SslProtocols.Tls13)
+                .WithEncryptionCertificate(new X509Certificate2(ServerMain.Config.MqttConfig.Ssl,
+                            ServerMain.Config.MqttConfig.Password));
+                ServerMain.LogOut($"Mqtt服务器加载SSL证书{ServerMain.Config.MqttConfig.Ssl}");
+            }
+            catch (CryptographicException e)
+            {
+                ServerMain.LogError($"Mqtt服务器加载SSL证书{ServerMain.Config.MqttConfig.Ssl}错误");
+                ServerMain.LogError(e);
+            }
         }
         ServerMain.LogOut($"Mqtt服务器监听{ServerMain.Config.MqttConfig.Socket.IP}:{ServerMain.Config.MqttConfig.Socket.Port}");
         MqttServer = new MqttFactory().CreateMqttServer(optionsBuilder.Build());

src/ColoryrServer/Core/PortServer/PortWebSocket.cs

@@ -1,9 +1,14 @@
 using ColoryrServer.Core.DllManager;
 using ColoryrServer.SDK;
 using Fleck;
+using Org.BouncyCastle.Crypto.Tls;
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
+using System.Security.Authentication;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 
 namespace ColoryrServer.Core.PortServer;
 
@@ -65,8 +70,31 @@ public static void Start()
     {
         ServerMain.LogOut("WebScoket服务器正在启动");
         FleckLog.Level = LogLevel.Error;
-        Server = new WebSocketServer("ws://" + ServerMain.Config.WebSocket.IP + ":" + ServerMain.Config.WebSocket.Port);
-        ServerMain.LogOut($"WebScoket监听{ServerMain.Config.WebSocket.IP}:{ServerMain.Config.WebSocket.Port}");
+        string url = ServerMain.Config.WebSocket.Socket.IP + ":" + ServerMain.Config.WebSocket.Socket.Port;
+        if (ServerMain.Config.WebSocket.UseSsl && File.Exists(ServerMain.Config.WebSocket.Ssl))
+        {
+            try
+            {
+                var ssl = new X509Certificate2(ServerMain.Config.WebSocket.Ssl, ServerMain.Config.WebSocket.Password);
+                Server = new WebSocketServer("wss://" + url)
+                {
+                    EnabledSslProtocols = SslProtocols.Tls13,
+                    Certificate = ssl
+                };
+                ServerMain.LogOut($"WebScoket使用SSL证书{ServerMain.Config.WebSocket.Ssl}");
+            }
+            catch (CryptographicException e)
+            {
+                ServerMain.LogError($"WebScoket使用SSL证书{ServerMain.Config.WebSocket.Ssl}错误");
+                ServerMain.LogError(e);
+            }
+        }
+        else
+        {
+            Server = new WebSocketServer("ws://" + url);
+        }
+        
+        ServerMain.LogOut($"WebScoket监听{url}");
         Server.Start(Socket =>
         {
             Socket.OnOpen = () =>