From 14cbe3b9f22b21ff0a340b5307afbb424aa5aae3 Mon Sep 17 00:00:00 2001
From: jiangcuo <jiangcuo@lierfang.com>
Date: Thu, 29 May 2025 15:27:17 +0800
Subject: [PATCH] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E5=8A=A8=E6=80=81rdp?=
 =?UTF-8?q?=E7=BD=91=E5=85=B3=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cmd/auth/auth.go           |  6 ++----
 cmd/auth/database/apidb.go | 36 +++++++++++++++++++++++-------------
 cmd/auth/ntlm/ntlm.go      |  6 +++---
 debian/rdpgw-auth.yaml     |  4 ++++
 4 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/cmd/auth/auth.go b/cmd/auth/auth.go
index 3f15147..42d2b1b 100644
--- a/cmd/auth/auth.go
+++ b/cmd/auth/auth.go
@@ -138,13 +138,11 @@ func main() {
 	
 	// 根据配置选择使用API认证或本地配置认证
 	var db database.Database
-	log.Printf("使用API认证，API URL: %s", conf.PXVDI.ApiUrl)
-	log.Printf("使用API认证，API URL: %s", conf.PXVDI.Enabled)
 	if conf.PXVDI.Enabled && conf.PXVDI.ApiUrl != "" {
-		log.Printf("使用API认证，API URL: %s", conf.PXVDI.ApiUrl)
+		log.Printf("Using API authentication, API URL: %s", conf.PXVDI.ApiUrl)
 		db = database.NewApiDb(conf.PXVDI.ApiUrl, conf.PXVDI.ApiKey)
 	} else {
-		log.Printf("使用本地配置文件认证")
+		log.Printf("Using local configuration file authentication")
 		db = database.NewConfig(conf.Users)
 	}
 	
diff --git a/cmd/auth/database/apidb.go b/cmd/auth/database/apidb.go
index 8f793d9..8aea799 100644
--- a/cmd/auth/database/apidb.go
+++ b/cmd/auth/database/apidb.go
@@ -36,14 +36,22 @@ func (a *ApiDb) GetPassword(username string) string {
 		return ""
 	}
 
-	// 构建API URL，替换占位符
-	apiUrl := a.ApiUrl
+	// 构建API URL
+	fullUrl := fmt.Sprintf("%s/api/custom/public/ntlmcheck", a.ApiUrl)
 	
-	// 构建完整的URL，包括查询参数 - 使用getpassword模式
-	fullUrl := fmt.Sprintf("%s/api/checkperm?username=%s&mode=getpassword&apikey=%s", 
-		apiUrl, url.QueryEscape(username), url.QueryEscape(a.ApiKey))
+	// 构建POST请求体
+	requestData := map[string]string{
+		"user":   username,
+		"apikey": a.ApiKey,
+	}
 	
-	log.Printf("Sending API password request to: %s", fullUrl)
+	jsonData, err := json.Marshal(requestData)
+	if err != nil {
+		log.Printf("Failed to marshal request data: %v", err)
+		return ""
+	}
+	
+	log.Printf("Sending API password POST request to: %s", fullUrl)
 
 	// 创建自定义HTTP客户端，跳过SSL证书验证
 	tr := &http.Transport{
@@ -51,8 +59,8 @@ func (a *ApiDb) GetPassword(username string) string {
 	}
 	client := &http.Client{Transport: tr}
 
-	// 发送请求到API，使用不验证SSL证书的客户端
-	resp, err := client.Get(fullUrl)
+	// 发送POST请求到API，使用不验证SSL证书的客户端
+	resp, err := client.Post(fullUrl, "application/json", bytes.NewBuffer(jsonData))
 	if err != nil {
 		log.Printf("API password retrieval error: %v", err)
 		return ""
@@ -73,10 +81,12 @@ func (a *ApiDb) GetPassword(username string) string {
 	}
 	log.Printf("API password response received")
 
-	// 解析响应
+	// 解析响应 - 适应新的响应格式
 	var result struct {
-		Status   string `json:"status"`
-		Password string `json:"password"`
+		Success bool `json:"success"`
+		Data    struct {
+			Pass string `json:"pass"`
+		} `json:"data"`
 	}
 	
 	err = json.NewDecoder(bytes.NewReader(body)).Decode(&result)
@@ -86,13 +96,13 @@ func (a *ApiDb) GetPassword(username string) string {
 	}
 
 	// 检查响应内容
-	if result.Status != "success" || result.Password == "" {
+	if !result.Success || result.Data.Pass == "" {
 		log.Printf("API did not return a valid password for user: %s", username)
 		return ""
 	}
 
 	log.Printf("API password retrieval successful for user: %s", username)
-	return result.Password
+	return result.Data.Pass
 }
 
 // VerifyCredentials 验证用户凭据
diff --git a/cmd/auth/ntlm/ntlm.go b/cmd/auth/ntlm/ntlm.go
index 04ef92a..ec5629c 100644
--- a/cmd/auth/ntlm/ntlm.go
+++ b/cmd/auth/ntlm/ntlm.go
@@ -140,7 +140,7 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
         }
         
         username := am.UserName.String()
-        log.Printf("NTLM: 尝试验证用户: %s", username)
+        log.Printf("NTLM: Trying to validate user: %s", username)
         
         password := c.h.Database.GetPassword(username)
         if password == "" {
@@ -148,7 +148,7 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
 		return nil
         }
         
-        log.Printf("NTLM: 成功获取到用户 %s 的密码", username)
+        log.Printf("NTLM: Successfully retrieved password for user: %s", username)
         c.session.SetUserInfo(username, password, "")
 
         err := c.session.ProcessAuthenticateMessage(am)
@@ -159,6 +159,6 @@ func (c *ntlmContext) authenticate(am *ntlm.AuthenticateMessage, r *auth.NtlmRes
 
 	r.Authenticated = true
 	r.Username = username
-	log.Printf("NTLM: 用户 %s 认证成功", username)
+	log.Printf("NTLM: User %s authenticated successfully", username)
 	return nil
 }
diff --git a/debian/rdpgw-auth.yaml b/debian/rdpgw-auth.yaml
index 2706f41..046262a 100644
--- a/debian/rdpgw-auth.yaml
+++ b/debian/rdpgw-auth.yaml
@@ -1,2 +1,6 @@
+PXVDI:
+  Enabled: true
+  apiUrl: "https://10.13.16.164:3002"
+  apiKey: "dasdasdasdas"
 Users:
  - {Username: "debian-rdpgw-start", Password: "debian-rdpgw-password"} 
\ No newline at end of file