init encrypt account

bxy4543 · Jun 29, 2023 · 7d0b3db · 7d0b3db
1 parent c76a674
commit 7d0b3db
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 1 deletion.
diff --git a/controllers/account/api/v1/account_types.go b/controllers/account/api/v1/account_types.go
@@ -62,11 +62,14 @@ type AccountSpec struct{}
 
 // AccountStatus defines the observed state of Account
 type AccountStatus struct {
+	// EncryptBalance is to encrypt balance
+	EncryptBalance string `json:"encryptBalance,omitempty"`
 	// Recharge amount
 	Balance int64 `json:"balance,omitempty"`
-
 	//Deduction amount
 	DeductionBalance int64 `json:"deductionBalance,omitempty"`
+	// EncryptDeductionBalance is to encrypt DeductionBalance
+	EncryptDeductionBalance string `json:"encryptDeductionBalance,omitempty"`
 	// delete in the future
 	ChargeList []Charge `json:"chargeList,omitempty"`
 }

diff --git a/controllers/account/controllers/account_controller.go b/controllers/account/controllers/account_controller.go
@@ -23,6 +23,8 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/labring/sealos/controllers/pkg/crypto"
+
 	retry2 "k8s.io/client-go/util/retry"
 
 	"sigs.k8s.io/controller-runtime/pkg/controller"
@@ -56,13 +58,15 @@ import (
 
 const (
 	ACCOUNTNAMESPACEENV         = "ACCOUNT_NAMESPACE"
+	PrivateDeployEnv            = "PRIVATE_DEPLOY"
 	DEFAULTACCOUNTNAMESPACE     = "sealos-system"
 	AccountAnnotationNewAccount = "account.sealos.io/new-account"
 	NEWACCOUNTAMOUNTENV         = "NEW_ACCOUNT_AMOUNT"
 )
 
 // AccountReconciler reconciles a Account object
 type AccountReconciler struct {
+	PrivateDeploy bool
 	client.Client
 	Scheme                 *runtime.Scheme
 	Logger                 logr.Logger
@@ -121,6 +125,16 @@ func (r *AccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("get account failed: %v", err)
 	}
+	if r.PrivateDeploy {
+		account.Status.Balance, err = crypto.DecryptInt64(account.Status.EncryptBalance)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("decrypt balance failed: %v", err)
+		}
+		account.Status.DeductionBalance, err = crypto.DecryptInt64(account.Status.EncryptDeductionBalance)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("decrypt deduction balance failed: %v", err)
+		}
+	}
 
 	orderResp, err := pay.QueryOrder(payment.Status.TradeNO)
 	if err != nil {
@@ -145,6 +159,12 @@ func (r *AccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		payAmount := *orderResp.Amount.Total * 10000
 		//1¥ = 100WechatPayAmount; 1 WechatPayAmount = 10000 SealosAmount
 		var gift = giveGift(payAmount)
+		if r.PrivateDeploy {
+			account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, payAmount+gift)
+			if err != nil {
+				return ctrl.Result{}, fmt.Errorf("recharge encrypt balance failed: %v", err)
+			}
+		}
 		account.Status.Balance += payAmount + gift
 		if err := r.Status().Update(ctx, account); err != nil {
 			return ctrl.Result{}, fmt.Errorf("update account failed: %v", err)
@@ -228,6 +248,12 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp
 	}); err != nil {
 		return nil, err
 	}
+	if r.PrivateDeploy {
+		account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, int64(amount))
+		if err != nil {
+			return nil, fmt.Errorf("recharge balance failed: %v", err)
+		}
+	}
 	account.Status.Balance += int64(amount)
 	if err := r.Status().Update(ctx, &account); err != nil {
 		return nil, err
@@ -347,6 +373,21 @@ func (r *AccountReconciler) updateDeductionBalance(ctx context.Context, accountB
 	} else {
 		account.Status.DeductionBalance += accountBalance.Spec.Amount
 	}
+	if r.PrivateDeploy {
+		if accountBalance.Spec.Type == accountv1.TransferIn {
+			account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, accountBalance.Spec.Amount)
+			if err != nil {
+				r.Logger.Error(err, err.Error())
+				return err
+			}
+		} else {
+			account.Status.EncryptDeductionBalance, err = crypto.RechargeBalance(account.Status.EncryptDeductionBalance, accountBalance.Spec.Amount)
+			if err != nil {
+				r.Logger.Error(err, err.Error())
+				return err
+			}
+		}
+	}
 
 	if err := r.Status().Update(ctx, account); err != nil {
 		r.Logger.Error(err, err.Error())

diff --git a/controllers/pkg/crypto/crypto.go b/controllers/pkg/crypto/crypto.go
@@ -25,7 +25,9 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"errors"
+	"fmt"
 	"io"
+	"strconv"
 
 	jwt "github.com/golang-jwt/jwt/v4"
 	v1 "github.com/labring/sealos/controllers/cloud/api/v1"
@@ -54,6 +56,27 @@ func Encrypt(plaintext []byte) (string, error) {
 	return base64.StdEncoding.EncodeToString(append(nonce, ciphertext...)), nil
 }
 
+func EncryptInt64(in int64) (string, error) {
+	return Encrypt([]byte(strconv.FormatInt(in, 10)))
+}
+
+func DecryptInt64(in string) (int64, error) {
+	out, err := Decrypt(in)
+	if err != nil {
+		return 0, fmt.Errorf("failed to decrpt balance: %w", err)
+	}
+	return strconv.ParseInt(string(out), 10, 64)
+}
+
+func RechargeBalance(balance string, amount int64) (string, error) {
+	balanceInt, err := DecryptInt64(balance)
+	if err != nil {
+		return "", fmt.Errorf("failed to recharge balance: %w", err)
+	}
+	balanceInt += amount
+	return EncryptInt64(balanceInt)
+}
+
 // Decrypt decrypts the given ciphertext using AES-GCM.
 func Decrypt(ciphertextBase64 string) ([]byte, error) {
 	ciphertext, err := base64.StdEncoding.DecodeString(ciphertextBase64)