feat: 资源密码加密处理&登录密码加密加强等

2025-11-04 00:10:25 +08:00 · 2022-08-02 21:44:01 +08:00
parent daa2ef5203
commit 12f8cf0111
33 changed files with 340 additions and 51 deletions
--- a/server/pkg/config/aes.go
+++ b/server/pkg/config/aes.go
@@ -0,0 +1,27 @@
+package config
+
+import (
+	"fmt"
+	"mayfly-go/pkg/utils"
+	"mayfly-go/pkg/utils/assert"
+)
+
+type Aes struct {
+	Key string `yaml:"key"`
+}
+
+// 编码并base64
+func (a *Aes) EncryptBase64(data []byte) (string, error) {
+	return utils.AesEncryptBase64(data, []byte(a.Key))
+}
+
+// base64解码后再aes解码
+func (a *Aes) DecryptBase64(data string) ([]byte, error) {
+	return utils.AesDecryptBase64(data, []byte(a.Key))
+}
+
+func (j *Aes) Valid() {
+	aesKeyLen := len(j.Key)
+	assert.IsTrue(aesKeyLen == 16 || aesKeyLen == 24 || aesKeyLen == 32,
+		fmt.Sprintf("config.yml之 [aes.key] 长度需为16、24、32位长度, 当前为%d位", aesKeyLen))
+}
--- a/server/pkg/config/config.go
+++ b/server/pkg/config/config.go
@@ -40,6 +40,7 @@ type Config struct {
 	App    *App    `yaml:"app"`
 	Server *Server `yaml:"server"`
 	Jwt    *Jwt    `yaml:"jwt"`
+	Aes    *Aes    `yaml:"aes"`
 	Redis  *Redis  `yaml:"redis"`
 	Mysql  *Mysql  `yaml:"mysql"`
 	Log    *Log    `yaml:"log"`
@@ -49,14 +50,7 @@ type Config struct {
 func (c *Config) Valid() {
 	assert.IsTrue(c.Jwt != nil, "配置文件的[jwt]信息不能为空")
 	c.Jwt.Valid()
-}
-
-// 获取执行可执行文件时，指定的启动参数
-func getStartConfig() *CmdConfigParam {
-	configFilePath := flag.String("e", "./config.yml", "配置文件路径，默认为可执行文件目录")
-	flag.Parse()
-	// 获取配置文件绝对路径
-	path, _ := filepath.Abs(*configFilePath)
-	sc := &CmdConfigParam{ConfigFilePath: path}
-	return sc
+	if c.Aes != nil {
+		c.Aes.Valid()
+	}
 }
--- a/server/pkg/ctx/token.go
+++ b/server/pkg/ctx/token.go
@@ -10,7 +10,7 @@ import (
 	"mayfly-go/pkg/utils"
 	"time"

-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 )

 var (
--- a/server/pkg/utils/crypto_utils.go
+++ b/server/pkg/utils/crypto_utils.go
@@ -2,6 +2,8 @@ package utils

 import (
 	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/md5"
 	"crypto/rand"
 	"crypto/rsa"
@@ -10,6 +12,8 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"errors"
+
+	"golang.org/x/crypto/bcrypt"
 )

 // md5
@@ -19,6 +23,17 @@ func Md5(str string) string {
 	return hex.EncodeToString(h.Sum(nil))
 }

+// bcrypt加密密码
+func PwdHash(password string) string {
+	bytes, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(bytes)
+}
+
+// 检查密码是否一致
+func CheckPwdHash(password, hash string) bool {
+	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
+}
+
 // 系统统一RSA秘钥对
 var RsaPair []string

@@ -130,3 +145,84 @@ func GetRsaPrivateKey() (string, error) {
 	RsaPair = append(RsaPair, publicKey)
 	return privateKey, nil
 }
+
+//AesEncrypt 加密
+func AesEncrypt(data []byte, key []byte) ([]byte, error) {
+	//创建加密实例
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	//判断加密快的大小
+	blockSize := block.BlockSize()
+	//填充
+	encryptBytes := pkcs7Padding(data, blockSize)
+	//初始化加密数据接收切片
+	crypted := make([]byte, len(encryptBytes))
+	//使用cbc加密模式
+	blockMode := cipher.NewCBCEncrypter(block, key[:blockSize])
+	//执行加密
+	blockMode.CryptBlocks(crypted, encryptBytes)
+	return crypted, nil
+}
+
+//AesDecrypt 解密
+func AesDecrypt(data []byte, key []byte) ([]byte, error) {
+	//创建实例
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	//获取块的大小
+	blockSize := block.BlockSize()
+	//使用cbc
+	blockMode := cipher.NewCBCDecrypter(block, key[:blockSize])
+	//初始化解密数据接收切片
+	crypted := make([]byte, len(data))
+	//执行解密
+	blockMode.CryptBlocks(crypted, data)
+	//去除填充
+	crypted, err = pkcs7UnPadding(crypted)
+	if err != nil {
+		return nil, err
+	}
+	return crypted, nil
+}
+
+// aes加密 后 再base64
+func AesEncryptBase64(data []byte, key []byte) (string, error) {
+	res, err := AesEncrypt(data, key)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(res), nil
+}
+
+// base64解码后再 aes解码
+func AesDecryptBase64(data string, key []byte) ([]byte, error) {
+	dataByte, err := base64.StdEncoding.DecodeString(data)
+	if err != nil {
+		return nil, err
+	}
+	return AesDecrypt(dataByte, key)
+}
+
+//pkcs7Padding 填充
+func pkcs7Padding(data []byte, blockSize int) []byte {
+	//判断缺少几位长度。最少1，最多 blockSize
+	padding := blockSize - len(data)%blockSize
+	//补足位数。把切片[]byte{byte(padding)}复制padding个
+	padText := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(data, padText...)
+}
+
+//pkcs7UnPadding 填充的反向操作
+func pkcs7UnPadding(data []byte) ([]byte, error) {
+	length := len(data)
+	if length == 0 {
+		return nil, errors.New("加密字符串错误！")
+	}
+	//获取填充的个数
+	unPadding := int(data[length-1])
+	return data[:(length - unPadding)], nil
+}