优化WAF

* 信息加密使用struct代替map，以缩短加密后内容长度 * 拦截动作、人机识别动作增加是否尝试全局封禁选项 * JSCookie识别动作增加默认设置选项 * 人机识别中传入info参数异常时，尝试跳转到来源地址，避免直接提示invalid request
2026-05-05 22:58:33 +08:00 · 2024-04-07 14:31:22 +08:00
parent e87ea9d802
commit 1fe15d4e3c
18 changed files with 441 additions and 129 deletions
--- a/internal/utils/encrypt.go
+++ b/internal/utils/encrypt.go
@@ -74,7 +74,7 @@ func SimpleEncryptMap(m maps.Map) (base64String string, err error) {
 	if err != nil {
 		return "", err
 	}
-	data := SimpleEncrypt(mJSON)
+	var data = SimpleEncrypt(mJSON)
 	return base64.StdEncoding.EncodeToString(data), nil
 }

@@ -83,7 +83,7 @@ func SimpleDecryptMap(base64String string) (maps.Map, error) {
 	if err != nil {
 		return nil, err
 	}
-	mJSON := SimpleDecrypt(data)
+	var mJSON = SimpleDecrypt(data)
 	var result = maps.Map{}
 	err = json.Unmarshal(mJSON, &result)
 	if err != nil {
@@ -92,6 +92,25 @@ func SimpleDecryptMap(base64String string) (maps.Map, error) {
 	return result, nil
 }

+func SimpleEncryptObject(ptr any) (string, error) {
+	mJSON, err := json.Marshal(ptr)
+	if err != nil {
+		return "", err
+	}
+	var data = SimpleEncrypt(mJSON)
+	return base64.StdEncoding.EncodeToString(data), nil
+}
+
+func SimpleDecryptObjet(base64String string, ptr any) error {
+	data, err := base64.StdEncoding.DecodeString(base64String)
+	if err != nil {
+		return err
+	}
+	var mJSON = SimpleDecrypt(data)
+	err = json.Unmarshal(mJSON, ptr)
+	return err
+}
+
 type AES256CFBMethod struct {
 	block cipher.Block
 	iv    []byte
@@ -99,7 +118,7 @@ type AES256CFBMethod struct {

 func (this *AES256CFBMethod) Init(key, iv []byte) error {
 	// 判断key是否为32长度
-	l := len(key)
+	var l = len(key)
 	if l > 32 {
 		key = key[:32]
 	} else if l < 32 {
@@ -113,7 +132,7 @@ func (this *AES256CFBMethod) Init(key, iv []byte) error {
 	this.block = block

 	// 判断iv长度
-	l2 := len(iv)
+	var l2 = len(iv)
 	if l2 > aes.BlockSize {
 		iv = iv[:aes.BlockSize]
 	} else if l2 < aes.BlockSize {
@@ -130,7 +149,7 @@ func (this *AES256CFBMethod) Encrypt(src []byte) (dst []byte, err error) {
 	}

 	defer func() {
-		r := recover()
+		var r = recover()
 		if r != nil {
 			err = errors.New("encrypt failed")
 		}
@@ -138,7 +157,7 @@ func (this *AES256CFBMethod) Encrypt(src []byte) (dst []byte, err error) {

 	dst = make([]byte, len(src))

-	encrypter := cipher.NewCFBEncrypter(this.block, this.iv)
+	var encrypter = cipher.NewCFBEncrypter(this.block, this.iv)
 	encrypter.XORKeyStream(dst, src)

 	return
@@ -157,7 +176,7 @@ func (this *AES256CFBMethod) Decrypt(dst []byte) (src []byte, err error) {
 	}()

 	src = make([]byte, len(dst))
-	decrypter := cipher.NewCFBDecrypter(this.block, this.iv)
+	var decrypter = cipher.NewCFBDecrypter(this.block, this.iv)
 	decrypter.XORKeyStream(src, dst)

 	return
--- a/internal/utils/encrypt_test.go
+++ b/internal/utils/encrypt_test.go
@@ -1,32 +1,60 @@
 // Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.

-package utils
+package utils_test

 import (
+	"github.com/TeaOSLab/EdgeNode/internal/utils"
+	"github.com/iwind/TeaGo/assert"
 	"github.com/iwind/TeaGo/maps"
 	"sync"
 	"testing"
 )

 func TestSimpleEncrypt(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
 	var arr = []string{"Hello", "World", "People"}
 	for _, s := range arr {
 		var value = []byte(s)
-		encoded := SimpleEncrypt(value)
+		var encoded = utils.SimpleEncrypt(value)
 		t.Log(encoded, string(encoded))
-		decoded := SimpleDecrypt(encoded)
+		var decoded = utils.SimpleDecrypt(encoded)
 		t.Log(decoded, string(decoded))
+		a.IsTrue(s == string(decoded))
 	}
 }

+func TestSimpleEncryptObject(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	type Obj struct {
+		Name string `json:"name"`
+		Age  int    `json:"age"`
+	}
+
+	encoded, err := utils.SimpleEncryptObject(&Obj{Name: "lily", Age: 20})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var obj = &Obj{}
+	err = utils.SimpleDecryptObjet(encoded, obj)
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("%#v", obj)
+	a.IsTrue(obj.Name == "lily")
+	a.IsTrue(obj.Age == 20)
+}
+
 func TestSimpleEncrypt_Concurrent(t *testing.T) {
-	wg := sync.WaitGroup{}
+	var wg = sync.WaitGroup{}
 	var arr = []string{"Hello", "World", "People"}
 	wg.Add(len(arr))
 	for _, s := range arr {
 		go func(s string) {
 			defer wg.Done()
-			t.Log(string(SimpleDecrypt(SimpleEncrypt([]byte(s)))))
+			t.Log(string(utils.SimpleDecrypt(utils.SimpleEncrypt([]byte(s)))))
 		}(s)
 	}
 	wg.Wait()
@@ -38,13 +66,13 @@ func TestSimpleEncryptMap(t *testing.T) {
 		"i": 20,
 		"b": true,
 	}
-	encodedResult, err := SimpleEncryptMap(m)
+	encodedResult, err := utils.SimpleEncryptMap(m)
 	if err != nil {
 		t.Fatal(err)
 	}
 	t.Log("result:", encodedResult)

-	decodedResult, err := SimpleDecryptMap(encodedResult)
+	decodedResult, err := utils.SimpleDecryptMap(encodedResult)
 	if err != nil {
 		t.Fatal(err)
 	}