Hide inputs from action logs

Author: bryangerlach

.github/workflows/generator-android.yml

@@ -1,13 +1,16 @@
 services:
   rdgen:
     # use bryangerlach/rdgen:latest for the latest build
+    #build: .
     image: bryangerlach/rdgen:latest
     restart: unless-stopped
     environment:
       SECRET_KEY: "django-insecure-!(t-!f#6g#sr%yfded9(xha)g+=!6craeez^cp+*&bz_7vdk61"
       GHUSER: "github_username"
       GHBEARER: "github_access_token"
       GENURL: "accessible_url_of_server"
+      ZIP_PASSWORD: ""
+      GHBRANCH: "master"
       PROTOCOL: "https"
       REPONAME: "rdgen"
     ports:

.github/workflows/generator-linux.yml

@@ -24,6 +24,8 @@
 GHUSER = os.environ.get("GHUSER", '')
 GHBEARER = os.environ.get("GHBEARER", '')
 GENURL = os.environ.get("GENURL", '')
+GHBRANCH = os.environ.get("GHBRANCH",'master')
+ZIP_PASSWORD = os.environ.get("ZIP_PASSWORD",'insecure')
 PROTOCOL = os.environ.get("PROTOCOL", 'https')
 REPONAME = os.environ.get("REPONAME", 'rdgen')
 

.github/workflows/generator-macos.yml

@@ -32,4 +32,5 @@
     url(r'^startgh',views.startgh),
     url(r'^get_png',views.get_png),
     url(r'^save_custom_client',views.save_custom_client),
+    url(r'^get_zip',views.get_zip),
 ]

.github/workflows/generator-windows.yml

@@ -9,14 +9,13 @@
 import base64
 import json
 import uuid
+import pyzipper
 from django.conf import settings as _settings
 from django.db.models import Q
 from .forms import GenerateForm
 from .models import GithubRun
 from PIL import Image
 from urllib.parse import quote
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import padding
 
 def generator_view(request):
     if request.method == 'POST':
@@ -48,6 +47,8 @@ def generator_view(request):
             installation = form.cleaned_data['installation']
             settings = form.cleaned_data['settings']
             appname = form.cleaned_data['appname']
+            if not appname:
+                appname = "rustdesk"
             filename = form.cleaned_data['exename']
             compname = form.cleaned_data['compname']
             if not compname:
@@ -98,18 +99,22 @@ def generator_view(request):
                 iconfile = form.cleaned_data.get('iconfile')
                 if not iconfile:
                     iconfile = form.cleaned_data.get('iconbase64')
-                iconlink = save_png(iconfile,myuuid,full_url,"icon.png")
+                iconlink_url, iconlink_uuid, iconlink_file = save_png(iconfile,myuuid,full_url,"icon.png")
             except:
                 print("failed to get icon, using default")
-                iconlink = "false"
+                iconlink_url = "false"
+                iconlink_uuid = "false"
+                iconlink_file = "false"
             try:
                 logofile = form.cleaned_data.get('logofile')
                 if not logofile:
                     logofile = form.cleaned_data.get('logobase64')
-                logolink = save_png(logofile,myuuid,full_url,"logo.png")
+                logolink_url, logolink_uuid, logolink_file = save_png(logofile,myuuid,full_url,"logo.png")
             except:
                 print("failed to get logo")
-                logolink = "false"
+                logolink_url = "false"
+                logolink_uuid = "false"
+                logolink_file = "false"
 
             ###create the custom.txt json here and send in as inputs below
             decodedCustom = {}
@@ -192,21 +197,20 @@ def generator_view(request):
             base64_bytes = base64.b64encode(string_bytes)
             encodedCustom = base64_bytes.decode("ascii")
 
-            #github limits inputs to 10, so lump extras into one with json
-            extras = {}
-            extras['genurl'] = _settings.GENURL
-            #extras['runasadmin'] = runasadmin
-            extras['urlLink'] = urlLink
-            extras['downloadLink'] = downloadLink
-            extras['delayFix'] = 'true' if delayFix else 'false'
-            extras['version'] = version
-            extras['rdgen'] = 'true'
-            extras['cycleMonitor'] = 'true' if cycleMonitor else 'false'
-            extras['xOffline'] = 'true' if xOffline else 'false'
-            extras['removeNewVersionNotif'] = 'true' if removeNewVersionNotif else 'false'
-            extras['compname'] = compname
-            extras['androidappid'] = androidappid
-            extra_input = json.dumps(extras)
+            # #github limits inputs to 10, so lump extras into one with json
+            # extras = {}
+            # extras['genurl'] = _settings.GENURL
+            # #extras['runasadmin'] = runasadmin
+            # extras['urlLink'] = urlLink
+            # extras['downloadLink'] = downloadLink
+            # extras['delayFix'] = 'true' if delayFix else 'false'
+            # extras['rdgen'] = 'true'
+            # extras['cycleMonitor'] = 'true' if cycleMonitor else 'false'
+            # extras['xOffline'] = 'true' if xOffline else 'false'
+            # extras['removeNewVersionNotif'] = 'true' if removeNewVersionNotif else 'false'
+            # extras['compname'] = compname
+            # extras['androidappid'] = androidappid
+            # extra_input = json.dumps(extras)
 
             ####from here run the github action, we need user, repo, access token.
             if platform == 'windows':
@@ -223,19 +227,59 @@ def generator_view(request):
                 url = 'https://api.github.com/repos/'+_settings.GHUSER+'/'+_settings.REPONAME+'/actions/workflows/generator-windows.yml/dispatches'
 
             #url = 'https://api.github.com/repos/'+_settings.GHUSER+'/rustdesk/actions/workflows/test.yml/dispatches'  
+            inputs_raw = {
+                "server":server,
+                "key":key,
+                "apiServer":apiServer,
+                "custom":encodedCustom,
+                "uuid":myuuid,
+                "iconlink_url":iconlink_url,
+                "iconlink_uuid":iconlink_uuid,
+                "iconlink_file":iconlink_file,
+                "logolink_url":logolink_url,
+                "logolink_uuid":logolink_uuid,
+                "logolink_file":logolink_file,
+                "appname":appname,
+                "genurl":_settings.GENURL,
+                "urlLink":urlLink,
+                "downloadLink":downloadLink,
+                "delayFix": 'true' if delayFix else 'false',
+                "rdgen":'true',
+                "cycleMonitor": 'true' if cycleMonitor else 'false',
+                "xOffline": 'true' if xOffline else 'false',
+                "removeNewVersionNotif": 'true' if removeNewVersionNotif else 'false',
+                "compname": compname,
+                "androidappid":androidappid,
+                "filename":filename
+            }
+
+            temp_json_path = f"data_{uuid.uuid4()}.json"
+            zip_filename = f"secrets_{uuid.uuid4()}.zip"
+            zip_path = "temp_zips/%s" % (zip_filename)
+            Path("temp_zips").mkdir(parents=True, exist_ok=True)
+
+            with open(temp_json_path, "w") as f:
+                json.dump(inputs_raw, f)
+
+            with pyzipper.AESZipFile(zip_path, 'w', compression=pyzipper.ZIP_LZMA, encryption=pyzipper.WZ_AES) as zf:
+                zf.setpassword(_settings.ZIP_PASSWORD.encode())
+                zf.write(temp_json_path, arcname="secrets.json")
+
+            # 4. Cleanup the plain JSON file immediately
+            if os.path.exists(temp_json_path):
+                os.remove(temp_json_path)
+
+            zipJson = {}
+            zipJson['url'] = full_url
+            zipJson['file'] = zip_filename
+
+            zip_url = json.dumps(zipJson)
+
             data = {
-                "ref":"master",
+                "ref":_settings.GHBRANCH,
                 "inputs":{
-                    "server":server,
-                    "key":key,
-                    "apiServer":apiServer,
-                    "custom":encodedCustom,
-                    "uuid":myuuid,
-                    "iconlink":iconlink,
-                    "logolink":logolink,
-                    "appname":appname,
-                    "extras":extra_input,
-                    "filename":filename
+                    "version":version,
+                    "zip_url":zip_url
                 }
             } 
             #print(data)
@@ -357,7 +401,7 @@ def startgh(request):
     ####from here run the github action, we need user, repo, access token.
     url = 'https://api.github.com/repos/'+_settings.GHUSER+'/'+_settings.REPONAME+'/actions/workflows/generator-'+data_.get('platform')+'.yml/dispatches'  
     data = {
-        "ref":"master",
+        "ref": _settings.GHBRANCH,
         "inputs":{
             "server":data_.get('server'),
             "key":data_.get('key'),
@@ -400,12 +444,12 @@ def save_png(file, uuid, domain, name):
     with open(file_save_path, "wb+") as f:
         for chunk in file.chunks():
             f.write(chunk)
-    imageJson = {}
-    imageJson['url'] = domain
-    imageJson['uuid'] = uuid
-    imageJson['file'] = name
+    # imageJson = {}
+    # imageJson['url'] = domain
+    # imageJson['uuid'] = uuid
+    # imageJson['file'] = name
     #return "%s/%s" % (domain, file_save_path)
-    return json.dumps(imageJson)
+    return domain, uuid, name
 
 def save_custom_client(request):
     file = request.FILES['file']
@@ -417,3 +461,37 @@ def save_custom_client(request):
             f.write(chunk)
 
     return HttpResponse("File saved successfully!")
+
+def cleanup_secrets(request):
+    # Pass the UUID as a query param or in JSON body
+    my_uuid = request.GET.get('uuid')
+    
+    if not my_uuid:
+        return HttpResponse("Missing UUID", status=400)
+
+    # 1. Find the files in your temp directory matching the UUID
+    temp_dir = os.path.join('temp_zips')
+    
+    # We look for any file starting with 'secrets_' and containing the uuid
+    for filename in os.listdir(temp_dir):
+        if my_uuid in filename and filename.endswith('.zip'):
+            file_path = os.path.join(temp_dir, filename)
+            try:
+                os.remove(file_path)
+                print(f"Successfully deleted {file_path}")
+            except OSError as e:
+                print(f"Error deleting file: {e}")
+
+    return HttpResponse("Cleanup successful", status=200)
+
+def get_zip(request):
+    filename = request.GET['filename']
+    #filename = filename+".exe"
+    file_path = os.path.join('temp_zips',filename)
+    with open(file_path, 'rb') as file:
+        response = HttpResponse(file, headers={
+            'Content-Type': 'application/vnd.microsoft.portable-executable',
+            'Content-Disposition': f'attachment; filename="{filename}"'
+        })
+
+    return response

docker-compose.yml

@@ -2,4 +2,4 @@ django
 requests
 pillow
 gunicorn
-cryptography>=42.0.0
+pyzipper

rdgen/settings.py

@@ -20,10 +20,14 @@
    * Now click New repository secret
    * Set the Name to GENURL
    * Set the Secret to https://rdgen.hostname.com (or whatever your server will be accessed from)
+   * Now click New repository secret again
+   * Set the Name to ZIP_PASSWORD
+   * Set the Secret to any password you want (use this in the next step as well) - generate a password by running: ```python3 -c 'import secrets; print(secrets.token_hex(100))'```
 4. Now download the docker-compose.yml file and fill in the environment variables:
   * SECRET_KEY="your secret key" - generate a secret key by running: ```python3 -c 'import secrets; print(secrets.token_hex(100))'```
   * GHUSER="your github username"  
   * GHBEARER="your fine-grained access token"  
+  * ZIP_PASSWORD="the same password that you entered as a github secret"
   * PROTOCOL="https" *optional - defaults to "https", change to "http" if you need to
   * REPONAME="rdgen" *optional - defaults to "rdgen", change this if you renamed the repo when you forked it
 5. Now just run ```docker compose up -d```