mayfly-go/server/pkg/utils/cryptox/cryptox.go

package cryptox

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"encoding/hex"
	"encoding/pem"
	"errors"

	"golang.org/x/crypto/bcrypt"
)

// md5
func Md5(str string) string {
	h := md5.New()
	h.Write([]byte(str))
	return hex.EncodeToString(h.Sum(nil))
}

// bcrypt加密密码
func PwdHash(password string) string {
	bytes, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	return string(bytes)
}

// 检查密码是否一致
func CheckPwdHash(password, hash string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
}

// 生成RSA私钥和公钥字符串
// bits 证书大小
// @return privateKeyStr publicKeyStr error
func GenerateRSAKey(bits int) (string, string, error) {
	var privateKeyStr, publicKeyStr string

	//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
	//Reader是一个全局、共享的密码用强随机数生成器
	privateKey, err := rsa.GenerateKey(rand.Reader, bits)
	if err != nil {
		return privateKeyStr, publicKeyStr, err
	}
	//保存私钥
	//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
	X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
	//构建一个pem.Block结构体对象
	privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}

	privateBuf := new(bytes.Buffer)
	pem.Encode(privateBuf, &privateBlock)
	privateKeyStr = privateBuf.String()

	//保存公钥
	//获取公钥的数据
	publicKey := privateKey.PublicKey
	//X509对公钥编码
	X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
	if err != nil {
		return publicKeyStr, privateKeyStr, err
	}
	//创建一个pem.Block结构体对象
	publicBlock := pem.Block{Type: "PUBLIC KEY", Bytes: X509PublicKey}

	publicBuf := new(bytes.Buffer)
	pem.Encode(publicBuf, &publicBlock)
	publicKeyStr = publicBuf.String()

	return privateKeyStr, publicKeyStr, nil
}

// rsa加密
func RsaEncrypt(publicKeyStr string, data []byte) ([]byte, error) {
	block, _ := pem.Decode([]byte(publicKeyStr))
	if block == nil {
		return nil, errors.New("private key error")
	}

	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	return rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), data)
}

// rsa解密
func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
	block, _ := pem.Decode([]byte(privateKeyStr))
	if block == nil {
		return nil, errors.New("private key error")
	}

	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
}

// AesEncrypt 加密
func AesEncrypt(data []byte, key []byte) ([]byte, error) {
	//创建加密实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	//判断加密快的大小
	blockSize := block.BlockSize()
	//填充
	encryptBytes := pkcs7Padding(data, blockSize)
	//初始化加密数据接收切片
	crypted := make([]byte, len(encryptBytes))
	//使用cbc加密模式
	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
	//执行加密
	blockMode.CryptBlocks(crypted, encryptBytes)
	return crypted, nil
}

// AesDecrypt 解密
func AesDecrypt(data []byte, key []byte) ([]byte, error) {
	//创建实例
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}

	//获取块的大小
	blockSize := block.BlockSize()
	//使用cbc
	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
	//初始化解密数据接收切片
	crypted := make([]byte, len(data))
	//执行解密
	blockMode.CryptBlocks(crypted, data)
	//去除填充
	crypted, err = pkcs7UnPadding(crypted)
	if err != nil {
		return nil, err
	}
	return crypted, nil
}

// aes加密 后 再base64
func AesEncryptBase64(data []byte, key []byte) (string, error) {
	res, err := AesEncrypt(data, key)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(res), nil
}

// base64解码后再 aes解码
func AesDecryptBase64(data string, key []byte) ([]byte, error) {
	dataByte, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return nil, err
	}
	return AesDecrypt(dataByte, key)
}

// pkcs7Padding 填充
func pkcs7Padding(data []byte, blockSize int) []byte {
	//判断缺少几位长度。最少1，最多 blockSize
	padding := blockSize - len(data)%blockSize
	//补足位数。把切片[]byte{byte(padding)}复制padding个
	padText := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(data, padText...)
}

// pkcs7UnPadding 填充的反向操作
func pkcs7UnPadding(data []byte) ([]byte, error) {
	length := len(data)
	if length == 0 {
		return nil, errors.New("加密字符串错误！")
	}
	//获取填充的个数
	unPadding := int(data[length-1])
	if unPadding > length {
		return nil, errors.New("解密字符串时去除填充个数超出字符串长度")
	}
	return data[:(length - unPadding)], nil
}
-												feat: 代码优化、机器计划任务完善

											
										
										
											2023-07-21 17:07:04 +08:00
+								package cryptox
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
 								import (
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"bytes"
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+									"crypto/aes"
 									"crypto/cipher"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"crypto/md5"
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"crypto/rand"
 									"crypto/rsa"
 									"crypto/x509"
 									"encoding/base64"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"encoding/hex"
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+									"encoding/pem"
 									"errors"
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
 									"golang.org/x/crypto/bcrypt"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								)
 								// md5
 								func Md5(str string) string {
 									h := md5.New()
 									h.Write([]byte(str))
 									return hex.EncodeToString(h.Sum(nil))
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								// bcrypt加密密码
 								func PwdHash(password string) string {
 									bytes, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 									return string(bytes)
 								}
 								// 检查密码是否一致
 								func CheckPwdHash(password, hash string) bool {
 									return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+								// 生成RSA私钥和公钥字符串
 								// bits 证书大小
 								// @return privateKeyStr publicKeyStr error
 								func GenerateRSAKey(bits int) (string, string, error) {
 									var privateKeyStr, publicKeyStr string
 									//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
 									//Reader是一个全局、共享的密码用强随机数生成器
 									privateKey, err := rsa.GenerateKey(rand.Reader, bits)
 									if err != nil {
 										return privateKeyStr, publicKeyStr, err
 									}
 									//保存私钥
 									//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
 									X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
 									//构建一个pem.Block结构体对象
 									privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}
 									privateBuf := new(bytes.Buffer)
 									pem.Encode(privateBuf, &privateBlock)
 									privateKeyStr = privateBuf.String()
 									//保存公钥
 									//获取公钥的数据
 									publicKey := privateKey.PublicKey
 									//X509对公钥编码
 									X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
 									if err != nil {
 										return publicKeyStr, privateKeyStr, err
 									}
 									//创建一个pem.Block结构体对象
-												feat: 实现数据库备份与恢复

											
										
										
											2023-12-27 22:59:20 +08:00
+									publicBlock := pem.Block{Type: "PUBLIC KEY", Bytes: X509PublicKey}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
 									publicBuf := new(bytes.Buffer)
 									pem.Encode(publicBuf, &publicBlock)
 									publicKeyStr = publicBuf.String()
 									return privateKeyStr, publicKeyStr, nil
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// rsa加密
 								func RsaEncrypt(publicKeyStr string, data []byte) ([]byte, error) {
 									block, _ := pem.Decode([]byte(publicKeyStr))
 									if block == nil {
 										return nil, errors.New("private key error")
 									}
 									pub, err := x509.ParsePKIXPublicKey(block.Bytes)
 									if err != nil {
 										return nil, err
 									}
 									return rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), data)
 								}
-												feat: 登录强制校验弱密码&关键信息加密传输

											
										
										
											2022-07-18 20:36:31 +08:00
+								// rsa解密
 								func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
 									block, _ := pem.Decode([]byte(privateKeyStr))
 									if block == nil {
 										return nil, errors.New("private key error")
 									}
 									priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
 									if err != nil {
 										return nil, err
 									}
 									return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// AesEncrypt 加密
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func AesEncrypt(data []byte, key []byte) ([]byte, error) {
 									//创建加密实例
 									block, err := aes.NewCipher(key)
 									if err != nil {
 										return nil, err
 									}
 									//判断加密快的大小
 									blockSize := block.BlockSize()
 									//填充
 									encryptBytes := pkcs7Padding(data, blockSize)
 									//初始化加密数据接收切片
 									crypted := make([]byte, len(encryptBytes))
 									//使用cbc加密模式
 									blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
 									//执行加密
 									blockMode.CryptBlocks(crypted, encryptBytes)
 									return crypted, nil
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// AesDecrypt 解密
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func AesDecrypt(data []byte, key []byte) ([]byte, error) {
 									//创建实例
 									block, err := aes.NewCipher(key)
 									if err != nil {
 										return nil, err
 									}
-												feat: sql解析器替换、工单统一由‘我的流程’发起、流程定义支持自定义条件触发审批、资源隐藏编号、model支持物理删除等

											
										
										
											2024-10-16 17:24:50 +08:00
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+									//获取块的大小
 									blockSize := block.BlockSize()
 									//使用cbc
 									blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
 									//初始化解密数据接收切片
 									crypted := make([]byte, len(data))
 									//执行解密
 									blockMode.CryptBlocks(crypted, data)
 									//去除填充
 									crypted, err = pkcs7UnPadding(crypted)
 									if err != nil {
 										return nil, err
 									}
 									return crypted, nil
 								}
 								// aes加密 后 再base64
 								func AesEncryptBase64(data []byte, key []byte) (string, error) {
 									res, err := AesEncrypt(data, key)
 									if err != nil {
 										return "", err
 									}
 									return base64.StdEncoding.EncodeToString(res), nil
 								}
 								// base64解码后再 aes解码
 								func AesDecryptBase64(data string, key []byte) ([]byte, error) {
 									dataByte, err := base64.StdEncoding.DecodeString(data)
 									if err != nil {
 										return nil, err
 									}
 									return AesDecrypt(dataByte, key)
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// pkcs7Padding 填充
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func pkcs7Padding(data []byte, blockSize int) []byte {
 									//判断缺少几位长度。最少1，最多 blockSize
 									padding := blockSize - len(data)%blockSize
 									//补足位数。把切片[]byte{byte(padding)}复制padding个
 									padText := bytes.Repeat([]byte{byte(padding)}, padding)
 									return append(data, padText...)
 								}
-												feat: redis scan优化

											
										
										
											2022-12-05 21:45:35 +08:00
+								// pkcs7UnPadding 填充的反向操作
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+								func pkcs7UnPadding(data []byte) ([]byte, error) {
 									length := len(data)
 									if length == 0 {
 										return nil, errors.New("加密字符串错误！")
 									}
 									//获取填充的个数
 									unPadding := int(data[length-1])
-												重构数据库备份与恢复模块 (#80)

* fix: 保存 LastResult 时截断字符串过长部分，以避免数据库报错

* refactor: 新增 entity.DbTaskBase 和 persistence.dbTaskBase, 用于实现数据库备份和恢复任务处理相关部分

* fix: aeskey变更后，解密密码出现数组越界访问错误

* fix: 时间属性为零值时，保存到 mysql 数据库报错

* refactor db.infrastructure.service.scheduler

* feat: 实现立即备份功能

* refactor db.infrastructure.service.db_instance

* refactor: 从数据库中获取数据库备份目录、mysql文件路径等配置信息

* fix: 数据库备份和恢复问题

* fix: 修改 .gitignore 文件，忽略数据库备份目录和数据库程序目录
											
										
										
											2024-01-05 08:55:34 +08:00
+									if unPadding > length {
 										return nil, errors.New("解密字符串时去除填充个数超出字符串长度")
 									}
-												feat: 资源密码加密处理&登录密码加密加强等

											
										
										
											2022-08-02 21:44:01 +08:00
+									return data[:(length - unPadding)], nil
 								}