1.2.2 Version Commit

Squashed commit of the following: [A] Added instructions for GeoIP2 settings (commit b2fd881b75) [U] Mitigated CVE-2023-45288 by updating golang.org/x/net. (commit 2cbef54263) [U] Use GeoIP2 instead of qqWry (commit daee499a4c)
Boc-chi-no · Jun 15, 2024 · 1ea3aee · 1ea3aee
1 parent ef77fe0
commit 1ea3aee
Show file tree

Hide file tree

Showing 28 changed files with 168 additions and 332 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -35,4 +35,4 @@
 /db-data/*
 
 # Go statik
-/statik/statik.go
+/fs/statik.go
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -63,8 +63,8 @@ jobs:
     - run: |
         go mod tidy
         go install github.com/rakyll/statik
-        /home/runner/go/bin/statik -f -src=./resources
-        go fmt statik/statik.go
+        /home/runner/go/bin/statik -f -p=fs -src=./static/
+        go fmt ./fs/statik.go
         
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)

diff --git a/.gitignore b/.gitignore
@@ -35,8 +35,8 @@
 /db-data/*
 
 # resources
-/resources/ui/*
-!/resources/ui/LICENSE
+/static/ui/*
+!/static/ui/LICENSE
 
 # Go statik
-/statik/statik.go
+/fs/statik.go
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ Lls is an efficient, secure, and user-friendly application that can be used to s
 
 ## Run with docker
 This was built using Docker-Compose. In order to run in your machine, just clone the repository and copy your foreground project to . /resources/ui/ and run:
-* cp ./resources/statik/mongo-init.js ./resources/statik/app.ini ./
+* cp ./static/resources/mongo-init.js ./static/resources/app.ini ./
 * perl -p -i -e "s/VFSNnSFLvfOwFnBh/***<font color="red">{Set_database_password_here}</font>***/g" ./mongo-init.js ./app.ini
 * sudo docker-compose up --build -d (first time, then you go up without the --build, which is much faster)
 
@@ -27,13 +27,13 @@ https://www.docker.com/
 ├── /db-data/
 |   ├── Directory to store MongoDB database data. This folder is used to persist MongoDB data in Docker containers.
 |
-├── /resources/
+├── /static/
 |   ├── /ui/
 |   |   ├── Directory to store static files for the frontend, such as HTML, CSS, and JavaScript files.
-|   ├── /statik/
+|   ├── /resources/
 |   |   ├── Directory to store resource files that the server needs.
 |
-└── /statik/
+└── /fs/
     └── /statik.go
         ├── File that stores the Go code generated by Statik after packaging. This file contains all files under the /resources/ directory.
 ````
@@ -48,13 +48,13 @@ This folder is used to store server log files, including access logs and error l
 #### /db-data/
 This folder is used to persist MongoDB data in Docker containers. In this folder, you can persist MongoDB database data so that it can continue to be used after the container is restarted.
 
-#### /resources/ui/
+#### /static/ui/
 This folder stores static files for the frontend, such as HTML, CSS, and JavaScript files.
 
-#### /resources/statik/
+#### /static/resources/
 This folder stores resource files that the server needs, such as images and fonts.
 
-#### /statik/statik.go
+#### /fs/statik.go
 This file is a Go code file generated automatically by the Statik tool, which is used to embed all files under the /resources/ directory into Go code so that they can be accessed as static files.
 
 
@@ -71,6 +71,10 @@ Please be aware that LLS will read the `app.ini` file located in the working dir
 ### Logging Settings:
 - **`DEBUG`**: Toggle to print debug logs (`true` or `false`).
 
+### GeoIP2 Settings:
+- **`LANGUAGE`**: GeoIP2 language using BCP 47 Code.
+- **`USE_ONLINE_GEOIP2`**: Whether to use the online GeoIP2 (`true` or `false`).
+
 ### Internationalization Settings:
 - **`ADD_EXTRA_LANGUAGE`**: Add extra languages (`true` or `false`).
 - **`EXTRA_LANGUAGE_NAME`**: Additional language using BCP 47 Code.

diff --git a/controller/init.go b/controller/init.go
@@ -7,13 +7,13 @@ import (
 	"github.com/gin-contrib/sessions/memstore"
 	"github.com/gin-gonic/gin"
 	"golang.org/x/time/rate"
+	"linkshortener/fs"
 	"linkshortener/i18n"
 	"linkshortener/lib/lfs"
 	"linkshortener/lib/tool"
 	"linkshortener/log"
 	"linkshortener/model"
 	"linkshortener/setting"
-	"linkshortener/statikFS"
 	"net/http"
 	"strings"
 	"sync"
@@ -89,7 +89,7 @@ func InitRouter() {
 	} else {
 		router.NoRoute(gin.WrapH(tool.HTTPAddPrefix("/ui", http.FileServer(
 			lfs.LlsFileSystem{
-				Fs: statikFS.StatikFS, //Use of embedded resources
+				Fs: fs.StatikFS, //Use of embedded resources
 			},
 		))))
 	}

diff --git a/controller/redirect.go b/controller/redirect.go
@@ -112,8 +112,7 @@ func Redirect(c *gin.Context) {
 }
 
 func accessLogWorker(ip string, hash string, header http.Header, nowTime int64) {
-	qqWry := ip2location.NewQQwry()
-	location := qqWry.Find(ip)
+	location := ip2location.Find(ip)
 	uaInfo := uap.Parse(header)
 
 	var linkInfo = model.LinkInfo{

diff --git a/statikFS/initFS.go → fs/initFS.go b/statikFS/initFS.go → fs/initFS.go
@@ -1,4 +1,4 @@
-package statikFS
+package fs
 
 import (
 	"github.com/golang/freetype"
@@ -24,7 +24,7 @@ func InitFs() {
 }
 
 func InitFont() {
-	fontBytes, err := fs.ReadFile(StatikFS, "/statik/arphic.ttf")
+	fontBytes, err := fs.ReadFile(StatikFS, "/resources/arphic.ttf")
 
 	if err != nil {
 		log.PanicPrint("Init Font failed", err)
@@ -37,7 +37,7 @@ func InitFont() {
 }
 
 func InitUap() {
-	uapBytes, err := fs.ReadFile(StatikFS, "/statik/uaparser.yaml")
+	uapBytes, err := fs.ReadFile(StatikFS, "/resources/uaparser.yaml")
 	if err != nil {
 		log.PanicPrint("Init UAInfo failed", err)
 	}
@@ -46,24 +46,28 @@ func InitUap() {
 }
 
 func InitIPData() {
-	ipDataBytes, err := fs.ReadFile(StatikFS, "/statik/qqwry.dat")
+	geoip2CityBytes, err := fs.ReadFile(StatikFS, "/resources/GeoIP2-City.mmdb")
 	if err != nil {
-		log.PanicPrint("Init IPData failed", err)
+		log.PanicPrint("Init IPData-City failed", err)
+	}
+	geoip2IspBytes, err := fs.ReadFile(StatikFS, "/resources/GeoIP2-ISP.mmdb")
+	if err != nil {
+		log.PanicPrint("Init IPData-ISP failed", err)
 	}
 
-	ip2location.IPData.InitIPData(ipDataBytes)
+	ip2location.IPData.InitIPData(geoip2CityBytes, geoip2IspBytes)
 }
 
 func InitI18n() {
-	jpBytes, err := fs.ReadFile(StatikFS, "/statik/lang/ja-JP.json")
+	jpBytes, err := fs.ReadFile(StatikFS, "/resources/lang/ja-JP.json")
 	if err != nil {
 		log.PanicPrint("Loading embedded language pack(ja-JP) exception: %s", err)
 	}
-	cnBytes, err := fs.ReadFile(StatikFS, "/statik/lang/zh-CN.json")
+	cnBytes, err := fs.ReadFile(StatikFS, "/resources/lang/zh-CN.json")
 	if err != nil {
 		log.PanicPrint("Loading embedded language pack(zh-CN) exception: %s", err)
 	}
-	usBytes, err := fs.ReadFile(StatikFS, "/statik/lang/en-US.json")
+	usBytes, err := fs.ReadFile(StatikFS, "/resources/lang/en-US.json")
 	if err != nil {
 		log.PanicPrint("Loading embedded language pack(en-US) exception: %s", err)
 	}

diff --git a/go.mod b/go.mod
@@ -15,11 +15,12 @@ require (
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/llgcode/draw2d v0.0.0-20210904075650-80aa0a2a901d
 	github.com/nicksnyder/go-i18n/v2 v2.2.1
+	github.com/oschwald/geoip2-golang v1.11.0
 	github.com/rakyll/statik v0.1.7
 	github.com/spaolacci/murmur3 v1.1.0
 	github.com/ua-parser/uap-go v0.0.0-20211112212520-00c877edfe0f
 	go.mongodb.org/mongo-driver v1.9.1
-	golang.org/x/net v0.17.0
+	golang.org/x/net v0.23.0
 	golang.org/x/text v0.14.0
 	golang.org/x/time v0.3.0
 )
@@ -54,6 +55,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/oschwald/maxminddb-golang v1.13.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b // indirect
@@ -65,10 +67,10 @@ require (
 	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
 	go.opencensus.io v0.22.5 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/image v0.10.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -130,6 +130,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/nicksnyder/go-i18n/v2 v2.2.1 h1:aOzRCdwsJuoExfZhoiXHy4bjruwCMdt5otbYojM/PaA=
 github.com/nicksnyder/go-i18n/v2 v2.2.1/go.mod h1:fF2++lPHlo+/kPaj3nB0uxtPwzlPm+BlgwGX7MkeGj0=
+github.com/oschwald/geoip2-golang v1.11.0 h1:hNENhCn1Uyzhf9PTmquXENiWS6AlxAEnBII6r8krA3w=
+github.com/oschwald/geoip2-golang v1.11.0/go.mod h1:P9zG+54KPEFOliZ29i7SeYZ/GM6tfEL+rgSn03hYuUo=
+github.com/oschwald/maxminddb-golang v1.13.0 h1:R8xBorY71s84yO06NgTmQvqvTvlS/bnYZrrWX1MElnU=
+github.com/oschwald/maxminddb-golang v1.13.0/go.mod h1:BU0z8BfFVhi1LQaonTwwGQlsHUEu9pWNdMfmq4ztm0o=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
 github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
@@ -158,8 +162,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
@@ -194,8 +198,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.10.0 h1:gXjUUtwtx5yOE0VKWq1CH4IJAClq4UGgUA3i+rpON9M=
@@ -218,8 +222,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -248,8 +252,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

diff --git a/lib/captcha/captcha.go b/lib/captcha/captcha.go
@@ -6,9 +6,9 @@ import (
 	"github.com/llgcode/draw2d/draw2dimg"
 	"image"
 	"image/color"
+	"linkshortener/fs"
 	"linkshortener/lib/tool"
 	"linkshortener/log"
-	"linkshortener/statikFS"
 	"math"
 	"math/big"
 	"strconv"
@@ -267,7 +267,7 @@ func (captcha *Captcha) SetFontSize(fontSize float64) {
 
 // setFont Setting the font
 func (captcha *Captcha) setFont(gc *draw2dimg.GraphicContext) {
-	font := statikFS.CaptchaFont
+	font := fs.CaptchaFont
 
 	// Set custom font information
 	gc.FontCache = draw2d.NewSyncFolderFontCache("./arphic.ttf")

diff --git a/lib/ip2location/download.go b/lib/ip2location/download.go
@@ -1,61 +1,17 @@
 package ip2location
 
 import (
-	"bytes"
-	"compress/zlib"
-	"encoding/binary"
 	"io"
 	"net/http"
 )
 
-// @ref https://zhangzifan.com/update-qqwry-dat.html
-
-func getKey() (uint32, error) {
-	resp, err := http.Get("http://update.cz88.net/ip/copywrite.rar")
-	if err != nil {
-		return 0, err
-	}
-	defer func(Body io.ReadCloser) {
-		_ = Body.Close()
-	}(resp.Body)
-
-	if body, err := io.ReadAll(resp.Body); err != nil {
-		return 0, err
-	} else {
-		// @see https://stackoverflow.com/questions/34078427/how-to-read-packed-binary-data-in-go
-		return binary.LittleEndian.Uint32(body[5*4:]), nil
-	}
-}
-
 func GetOnline() ([]byte, error) {
-	resp, err := http.Get("http://update.cz88.net/ip/qqwry.rar")
+	resp, err := http.Get("https://git.io/GeoLite2-City.mmdb")
 	if err != nil {
 		return nil, err
 	}
 	defer func(Body io.ReadCloser) {
 		_ = Body.Close()
 	}(resp.Body)
-
-	if body, err := io.ReadAll(resp.Body); err != nil {
-		return nil, err
-	} else {
-		if key, err := getKey(); err != nil {
-			return nil, err
-		} else {
-			for i := 0; i < 0x200; i++ {
-				key = key * 0x805
-				key++
-				key = key & 0xff
-
-				body[i] = byte(uint32(body[i]) ^ key)
-			}
-
-			reader, err := zlib.NewReader(bytes.NewReader(body))
-			if err != nil {
-				return nil, err
-			}
-
-			return io.ReadAll(reader)
-		}
-	}
+	return io.ReadAll(resp.Body)
 }