diff --git a/controllers/account/api/v1/account_types.go b/controllers/account/api/v1/account_types.go index 31fd54f576a..b6143238d00 100644 --- a/controllers/account/api/v1/account_types.go +++ b/controllers/account/api/v1/account_types.go @@ -62,11 +62,14 @@ type AccountSpec struct{} // AccountStatus defines the observed state of Account type AccountStatus struct { + // EncryptBalance is to encrypt balance + EncryptBalance string `json:"encryptBalance,omitempty"` // Recharge amount Balance int64 `json:"balance,omitempty"` - //Deduction amount DeductionBalance int64 `json:"deductionBalance,omitempty"` + // EncryptDeductionBalance is to encrypt DeductionBalance + EncryptDeductionBalance string `json:"encryptDeductionBalance,omitempty"` // delete in the future ChargeList []Charge `json:"chargeList,omitempty"` } diff --git a/controllers/account/controllers/account_controller.go b/controllers/account/controllers/account_controller.go index e8c54eb0217..7782678bc3e 100644 --- a/controllers/account/controllers/account_controller.go +++ b/controllers/account/controllers/account_controller.go @@ -23,6 +23,8 @@ import ( "strconv" "time" + "github.com/labring/sealos/controllers/pkg/crypto" + retry2 "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -56,6 +58,7 @@ import ( const ( ACCOUNTNAMESPACEENV = "ACCOUNT_NAMESPACE" + PrivateDeployEnv = "PRIVATE_DEPLOY" DEFAULTACCOUNTNAMESPACE = "sealos-system" AccountAnnotationNewAccount = "account.sealos.io/new-account" NEWACCOUNTAMOUNTENV = "NEW_ACCOUNT_AMOUNT" @@ -63,6 +66,7 @@ const ( // AccountReconciler reconciles a Account object type AccountReconciler struct { + PrivateDeploy bool client.Client Scheme *runtime.Scheme Logger logr.Logger @@ -121,6 +125,16 @@ func (r *AccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct if err != nil { return ctrl.Result{}, fmt.Errorf("get account failed: %v", err) } + if r.PrivateDeploy { + account.Status.Balance, err = crypto.DecryptInt64(account.Status.EncryptBalance) + if err != nil { + return ctrl.Result{}, fmt.Errorf("decrypt balance failed: %v", err) + } + account.Status.DeductionBalance, err = crypto.DecryptInt64(account.Status.EncryptDeductionBalance) + if err != nil { + return ctrl.Result{}, fmt.Errorf("decrypt deduction balance failed: %v", err) + } + } orderResp, err := pay.QueryOrder(payment.Status.TradeNO) if err != nil { @@ -145,6 +159,12 @@ func (r *AccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct payAmount := *orderResp.Amount.Total * 10000 //1¥ = 100WechatPayAmount; 1 WechatPayAmount = 10000 SealosAmount var gift = giveGift(payAmount) + if r.PrivateDeploy { + account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, payAmount+gift) + if err != nil { + return ctrl.Result{}, fmt.Errorf("recharge encrypt balance failed: %v", err) + } + } account.Status.Balance += payAmount + gift if err := r.Status().Update(ctx, account); err != nil { return ctrl.Result{}, fmt.Errorf("update account failed: %v", err) @@ -228,6 +248,12 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp }); err != nil { return nil, err } + if r.PrivateDeploy { + account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, int64(amount)) + if err != nil { + return nil, fmt.Errorf("recharge balance failed: %v", err) + } + } account.Status.Balance += int64(amount) if err := r.Status().Update(ctx, &account); err != nil { return nil, err @@ -347,6 +373,21 @@ func (r *AccountReconciler) updateDeductionBalance(ctx context.Context, accountB } else { account.Status.DeductionBalance += accountBalance.Spec.Amount } + if r.PrivateDeploy { + if accountBalance.Spec.Type == accountv1.TransferIn { + account.Status.EncryptBalance, err = crypto.RechargeBalance(account.Status.EncryptBalance, accountBalance.Spec.Amount) + if err != nil { + r.Logger.Error(err, err.Error()) + return err + } + } else { + account.Status.EncryptDeductionBalance, err = crypto.RechargeBalance(account.Status.EncryptDeductionBalance, accountBalance.Spec.Amount) + if err != nil { + r.Logger.Error(err, err.Error()) + return err + } + } + } if err := r.Status().Update(ctx, account); err != nil { r.Logger.Error(err, err.Error()) diff --git a/controllers/pkg/crypto/crypto.go b/controllers/pkg/crypto/crypto.go index 4d73d1c0b63..1861c76b474 100644 --- a/controllers/pkg/crypto/crypto.go +++ b/controllers/pkg/crypto/crypto.go @@ -25,7 +25,9 @@ import ( "encoding/base64" "encoding/pem" "errors" + "fmt" "io" + "strconv" jwt "github.com/golang-jwt/jwt/v4" v1 "github.com/labring/sealos/controllers/cloud/api/v1" @@ -54,6 +56,27 @@ func Encrypt(plaintext []byte) (string, error) { return base64.StdEncoding.EncodeToString(append(nonce, ciphertext...)), nil } +func EncryptInt64(in int64) (string, error) { + return Encrypt([]byte(strconv.FormatInt(in, 10))) +} + +func DecryptInt64(in string) (int64, error) { + out, err := Decrypt(in) + if err != nil { + return 0, fmt.Errorf("failed to decrpt balance: %w", err) + } + return strconv.ParseInt(string(out), 10, 64) +} + +func RechargeBalance(balance string, amount int64) (string, error) { + balanceInt, err := DecryptInt64(balance) + if err != nil { + return "", fmt.Errorf("failed to recharge balance: %w", err) + } + balanceInt += amount + return EncryptInt64(balanceInt) +} + // Decrypt decrypts the given ciphertext using AES-GCM. func Decrypt(ciphertextBase64 string) ([]byte, error) { ciphertext, err := base64.StdEncoding.DecodeString(ciphertextBase64)