refactor: code optimization

server/internal/auth/api/account_login.go

@@ -8,6 +8,7 @@ import (
 	"mayfly-go/internal/auth/imsg"
 	"mayfly-go/internal/auth/pkg/captcha"
 	"mayfly-go/internal/auth/pkg/otp"
+	"mayfly-go/internal/pkg/utils"
 	sysapp "mayfly-go/internal/sys/application"
 	sysentity "mayfly-go/internal/sys/domain/entity"
 	"mayfly-go/pkg/biz"
@@ -18,7 +19,6 @@ import (
 	"mayfly-go/pkg/utils/collx"
 	"mayfly-go/pkg/utils/cryptox"
 	"mayfly-go/pkg/ws"
-	"strconv"
 	"time"
 )
 
@@ -62,7 +62,7 @@ func (a *AccountLogin) Login(rc *req.Ctx) {
 	clientIp := getIpAndRegion(rc)
 	rc.ReqParam = collx.Kvs("username", username, "ip", clientIp)
 
-	originPwd, err := cryptox.DefaultRsaDecrypt(loginForm.Password, true)
+	originPwd, err := utils.DefaultRsaDecrypt(loginForm.Password, true)
 	biz.ErrIsNilAppendErr(err, "decryption password error: %s")
 
 	account := &sysentity.Account{Username: username}
@@ -76,7 +76,7 @@ func (a *AccountLogin) Login(rc *req.Ctx) {
 
 	if err != nil || !cryptox.CheckPwdHash(originPwd, account.Password) {
 		nowFailCount++
-		cache.SetStr(failCountKey, strconv.Itoa(nowFailCount), time.Minute*time.Duration(loginFailMin))
+		cache.Set(failCountKey, nowFailCount, time.Minute*time.Duration(loginFailMin))
 		panic(errorx.NewBizI(ctx, imsg.ErrLoginFail, "failCount", nowFailCount))
 	}
 
@@ -115,7 +115,7 @@ func (a *AccountLogin) OtpVerify(rc *req.Ctx) {
 	otpSecret := otpInfo.OtpSecret
 
 	if !otp.Validate(otpVerify.Code, otpSecret) {
-		cache.SetStr(failCountKey, strconv.Itoa(failCount+1), time.Minute*time.Duration(10))
+		cache.Set(failCountKey, failCount+1, time.Minute*time.Duration(10))
 		panic(errorx.NewBizI(ctx, imsg.ErrOtpCheckFail))
 	}
 

server/internal/auth/api/common.go

@@ -15,7 +15,6 @@ import (
 	"mayfly-go/pkg/i18n"
 	"mayfly-go/pkg/req"
 	"mayfly-go/pkg/utils/collx"
-	"mayfly-go/pkg/utils/jsonx"
 	"mayfly-go/pkg/utils/netx"
 	"mayfly-go/pkg/utils/stringx"
 	"mayfly-go/pkg/utils/timex"
@@ -95,7 +94,7 @@ func useOtp(account *sysentity.Account, otpIssuer, accessToken string, refreshTo
 		AccessToken:  accessToken,
 		RefreshToken: refreshToken,
 	}
-	cache.SetStr(fmt.Sprintf("otp:token:%s", token), jsonx.ToStr(otpInfo), time.Minute*time.Duration(3))
+	cache.Set(fmt.Sprintf("otp:token:%s", token), otpInfo, time.Minute*time.Duration(3))
 	return otpInfo, otpUrl, token
 }
 

server/internal/auth/api/ldap_login.go

@@ -8,6 +8,7 @@ import (
 	"mayfly-go/internal/auth/config"
 	"mayfly-go/internal/auth/imsg"
 	"mayfly-go/internal/auth/pkg/captcha"
+	"mayfly-go/internal/pkg/utils"
 	sysapp "mayfly-go/internal/sys/application"
 	sysentity "mayfly-go/internal/sys/domain/entity"
 	"mayfly-go/pkg/biz"
@@ -17,7 +18,6 @@ import (
 	"mayfly-go/pkg/req"
 	"mayfly-go/pkg/utils/collx"
 	"mayfly-go/pkg/utils/cryptox"
-	"strconv"
 	"strings"
 	"time"
 
@@ -61,7 +61,7 @@ func (a *LdapLogin) Login(rc *req.Ctx) {
 	clientIp := getIpAndRegion(rc)
 	rc.ReqParam = collx.Kvs("username", username, "ip", clientIp)
 
-	originPwd, err := cryptox.DefaultRsaDecrypt(loginForm.Password, true)
+	originPwd, err := utils.DefaultRsaDecrypt(loginForm.Password, true)
 	biz.ErrIsNilAppendErr(err, "decryption password error: %s")
 	// LDAP 用户本地密码为空，不允许本地登录
 	biz.NotEmpty(originPwd, "password cannot be empty")
@@ -78,7 +78,7 @@ func (a *LdapLogin) Login(rc *req.Ctx) {
 
 	if err != nil {
 		nowFailCount++
-		cache.SetStr(failCountKey, strconv.Itoa(nowFailCount), time.Minute*time.Duration(loginFailMin))
+		cache.Set(failCountKey, nowFailCount, time.Minute*time.Duration(loginFailMin))
 		panic(errorx.NewBizI(ctx, imsg.ErrLoginFail, "failCount", nowFailCount))
 	}
 

server/internal/auth/api/oauth2_login.go

@@ -55,14 +55,14 @@ func (o *Oauth2Login) ReqConfs() *req.Confs {
 func (a *Oauth2Login) OAuth2Login(rc *req.Ctx) {
 	client, _ := a.getOAuthClient()
 	state := stringx.Rand(32)
-	cache.SetStr("oauth2:state:"+state, "login", 5*time.Minute)
+	cache.Set("oauth2:state:"+state, "login", 5*time.Minute)
 	rc.Redirect(http.StatusFound, client.AuthCodeURL(state))
 }
 
 func (a *Oauth2Login) OAuth2Bind(rc *req.Ctx) {
 	client, _ := a.getOAuthClient()
 	state := stringx.Rand(32)
-	cache.SetStr("oauth2:state:"+state, "bind:"+strconv.FormatUint(rc.GetLoginAccount().Id, 10),
+	cache.Set("oauth2:state:"+state, "bind:"+strconv.FormatUint(rc.GetLoginAccount().Id, 10),
 		5*time.Minute)
 	rc.Redirect(http.StatusFound, client.AuthCodeURL(state))
 }

server/internal/common/api/common.go

@@ -1,9 +1,9 @@
 package api
 
 import (
+	"mayfly-go/internal/pkg/utils"
 	"mayfly-go/pkg/biz"
 	"mayfly-go/pkg/req"
-	"mayfly-go/pkg/utils/cryptox"
 )
 
 type Common struct {
@@ -19,7 +19,7 @@ func (c *Common) ReqConfs() *req.Confs {
 }
 
 func (i *Common) RasPublicKey(rc *req.Ctx) {
-	publicKeyStr, err := cryptox.GetRsaPublicKey()
+	publicKeyStr, err := utils.GetRsaPublicKey()
 	biz.ErrIsNilAppendErr(err, "rsa - failed to genenrate public key")
 	rc.ResData = publicKeyStr
 }

server/internal/db/api/db.go

@@ -14,6 +14,7 @@ import (
 	"mayfly-go/internal/event"
 	msgapp "mayfly-go/internal/msg/application"
 	msgdto "mayfly-go/internal/msg/application/dto"
+	"mayfly-go/internal/pkg/utils"
 	tagapp "mayfly-go/internal/tag/application"
 	tagentity "mayfly-go/internal/tag/domain/entity"
 	"mayfly-go/pkg/biz"
@@ -24,7 +25,6 @@ import (
 	"mayfly-go/pkg/req"
 	"mayfly-go/pkg/utils/anyx"
 	"mayfly-go/pkg/utils/collx"
-	"mayfly-go/pkg/utils/cryptox"
 	"mayfly-go/pkg/utils/writerx"
 	"strings"
 	"time"
@@ -144,7 +144,7 @@ func (d *Db) ExecSql(rc *req.Ctx) {
 	biz.ErrIsNilAppendErr(d.tagApp.CanAccess(rc.GetLoginAccount().Id, dbConn.Info.CodePath...), "%s")
 
 	global.EventBus.Publish(rc.MetaCtx, event.EventTopicResourceOp, dbConn.Info.CodePath[0])
-	sqlStr, err := cryptox.AesDecryptByLa(form.Sql, rc.GetLoginAccount())
+	sqlStr, err := utils.AesDecryptByLa(form.Sql, rc.GetLoginAccount())
 	biz.ErrIsNilAppendErr(err, "sql decoding failure: %s")
 
 	rc.ReqParam = fmt.Sprintf("%s %s\n-> %s", dbConn.Info.GetLogDesc(), form.ExecId, sqlStr)

server/internal/db/api/db_data_sync.go

@@ -6,9 +6,9 @@ import (
 	"mayfly-go/internal/db/application"
 	"mayfly-go/internal/db/domain/entity"
 	"mayfly-go/internal/db/imsg"
+	"mayfly-go/internal/pkg/utils"
 	"mayfly-go/pkg/biz"
 	"mayfly-go/pkg/req"
-	"mayfly-go/pkg/utils/cryptox"
 	"mayfly-go/pkg/utils/stringx"
 	"strings"
 
@@ -67,7 +67,7 @@ func (d *DataSyncTask) SaveTask(rc *req.Ctx) {
 	task := req.BindJsonAndCopyTo[*entity.DataSyncTask](rc, form, new(entity.DataSyncTask))
 
 	// 解码base64 sql
-	sqlStr, err := cryptox.AesDecryptByLa(task.DataSql, rc.GetLoginAccount())
+	sqlStr, err := utils.AesDecryptByLa(task.DataSql, rc.GetLoginAccount())
 	biz.ErrIsNilAppendErr(err, "sql decoding failure: %s")
 	sql := stringx.TrimSpaceAndBr(sqlStr)
 	task.DataSql = sql

server/internal/machine/infrastructure/cache/machine_stats.go

@@ -12,7 +12,7 @@ import (
 const MachineStatCacheKey = "mayfly:machine:%d:stat"
 
 func SaveMachineStats(machineId uint64, stat *mcm.Stats) error {
-	return global_cache.SetStr(fmt.Sprintf(MachineStatCacheKey, machineId), jsonx.ToStr(stat), 10*time.Minute)
+	return global_cache.Set(fmt.Sprintf(MachineStatCacheKey, machineId), stat, 10*time.Minute)
 }
 
 func GetMachineStats(machineId uint64) (*mcm.Stats, error) {

server/internal/pkg/starter/cache.go

@@ -4,14 +4,25 @@ import (
 	"context"
 	"fmt"
 	"mayfly-go/internal/pkg/config"
+	"mayfly-go/pkg/cache"
 	"mayfly-go/pkg/logx"
 	"mayfly-go/pkg/rediscli"
 
 	"github.com/redis/go-redis/v9"
 )
 
-func initRedis() {
+// 有配置redis信息，则初始化redis。多台机器部署需要使用redis存储验证码、权限、公私钥等信息
+func initCache() {
+	redisCli := connRedis()
+
+	if redisCli == nil {
+		logx.Info("no redis configuration exists, local cache is used")
+		return
+	}
+
+	logx.Info("redis connection is successful, redis cache is used")
 	rediscli.SetCli(connRedis())
+	cache.SetCache(cache.NewRedisCache(redisCli))
 }
 
 func connRedis() *redis.Client {
@@ -21,7 +32,7 @@ func connRedis() *redis.Client {
 		// logx.Panic("未找到redis配置信息")
 		return nil
 	}
-	logx.Infof("连接redis [%s:%d]", redisConf.Host, redisConf.Port)
+	logx.Infof("redis connecting [%s:%d]", redisConf.Host, redisConf.Port)
 	rdb := redis.NewClient(&redis.Options{
 		Addr:     fmt.Sprintf("%s:%d", redisConf.Host, redisConf.Port),
 		Password: redisConf.Password, // no password set
@@ -30,7 +41,7 @@ func connRedis() *redis.Client {
 	// 测试连接
 	_, e := rdb.Ping(context.TODO()).Result()
 	if e != nil {
-		logx.Panicf("连接redis失败! [%s:%d][%s]", redisConf.Host, redisConf.Port, e.Error())
+		logx.Panicf("redis connection faild! [%s:%d][%s]", redisConf.Host, redisConf.Port, e.Error())
 	}
 	return rdb
 }

server/internal/pkg/starter/run.go

@@ -33,8 +33,8 @@ func RunWebServer() {
 	// 初始化并赋值数据库全局变量
 	initDb()
 
-	// 有配置redis信息，则初始化redis。多台机器部署需要使用redis存储验证码、权限、公私钥等
-	initRedis()
+	// 初始化缓存
+	initCache()
 
 	// 数据库升级操作
 	if err := migration.RunMigrations(global.Db); err != nil {

server/internal/pkg/utils/ctypto.go

@@ -0,0 +1,129 @@
+package utils
+
+import (
+	"encoding/base64"
+	"mayfly-go/pkg/cache"
+	"mayfly-go/pkg/logx"
+	"mayfly-go/pkg/model"
+	"mayfly-go/pkg/utils/cryptox"
+	"os"
+)
+
+const (
+	// 公钥文件路径
+	publicKeyFile = "./mayfly_rsa.pub"
+	// 私钥文件路径
+	privateKeyFile = "./mayfly_rsa"
+
+	publicKeyK  = "mayfly:public-key"
+	privateKeyK = "mayfly:private-key"
+)
+
+// 使用系统默认的私钥解密
+// @param base64 字符串是否使用base64编码
+func DefaultRsaDecrypt(data string, useBase64 bool) (string, error) {
+	// 空字符串不解密
+	if data == "" {
+		return "", nil
+	}
+	if useBase64 {
+		if decodeBase64, err := base64.StdEncoding.DecodeString(data); err != nil {
+			return "", err
+		} else {
+			data = string(decodeBase64)
+		}
+	}
+	priKey, err := GetRsaPrivateKey()
+	if err != nil {
+		return "", err
+	}
+	val, err := cryptox.RsaDecrypt(priKey, []byte(data))
+	if err != nil {
+		return "", err
+	}
+	return string(val), nil
+}
+
+// 获取系统的RSA公钥
+func GetRsaPublicKey() (string, error) {
+	if cache.UseRedisCache() {
+		publicKey := cache.GetStr(publicKeyK)
+		if publicKey != "" {
+			return publicKey, nil
+		}
+	} else {
+		content, err := os.ReadFile(publicKeyFile)
+		if err != nil {
+			publicKey := cache.GetStr(publicKeyK)
+			if publicKey != "" {
+				return publicKey, nil
+			}
+		} else {
+			return string(content), nil
+		}
+	}
+
+	_, pubKey, err := GenerateAndSaveRSAKey()
+	return pubKey, err
+}
+
+// 获取系统私钥
+func GetRsaPrivateKey() (string, error) {
+	if cache.UseRedisCache() {
+		priKey := cache.GetStr(privateKeyK)
+		if priKey != "" {
+			return priKey, nil
+		}
+	} else {
+		content, err := os.ReadFile(privateKeyFile)
+		if err != nil {
+			priKey := cache.GetStr(privateKeyK)
+			if priKey != "" {
+				return priKey, nil
+			}
+		} else {
+			return string(content), nil
+		}
+	}
+
+	priKey, _, err := GenerateAndSaveRSAKey()
+	return priKey, err
+}
+
+// 生成并保存rsa key，优先保存于磁盘，若磁盘保存失败，则保存至缓存
+//
+// 依次返回 privateKey, publicKey, error
+func GenerateAndSaveRSAKey() (string, string, error) {
+	privateKey, publicKey, err := cryptox.GenerateRSAKey(1024)
+	if err != nil {
+		return "", "", err
+	}
+
+	// 如果使用了redis缓存，则优先存入redis
+	if cache.UseRedisCache() {
+		logx.Debug("系统配置了redis, rsa存入redis")
+		cache.Set(privateKeyK, privateKey, -1)
+		cache.Set(publicKeyK, publicKey, -1)
+		return privateKey, publicKey, nil
+	}
+
+	err = os.WriteFile(privateKeyFile, []byte(privateKey), 0644)
+	if err != nil {
+		logx.ErrorTrace("RSA私钥写入磁盘文件失败, 使用缓存存储该私钥", err)
+		cache.Set(privateKeyK, privateKey, -1)
+	}
+
+	err = os.WriteFile(publicKeyFile, []byte(publicKey), 0644)
+	if err != nil {
+		logx.ErrorTrace("RSA公钥写入磁盘文件失败, 使用缓存存储该公钥", err)
+		cache.Set(publicKeyK, publicKey, -1)
+	}
+
+	return privateKey, publicKey, nil
+}
+
+func AesDecryptByLa(data string, la *model.LoginAccount) (string, error) {
+	key := []byte(la.GetAesKey())
+	res, err := cryptox.AesDecryptBase64(data, key)
+	return string(res), err
+}

server/internal/sys/api/account.go

@@ -110,7 +110,7 @@ func (a *Account) ChangePassword(rc *req.Ctx) {
 
 	form := req.BindJsonAndValid(rc, new(form.AccountChangePasswordForm))
 
-	originOldPwd, err := cryptox.DefaultRsaDecrypt(form.OldPassword, true)
+	originOldPwd, err := utils.DefaultRsaDecrypt(form.OldPassword, true)
 	biz.ErrIsNilAppendErr(err, "Wrong to decrypt old password: %s")
 
 	account := &entity.Account{Username: form.Username}
@@ -119,7 +119,7 @@ func (a *Account) ChangePassword(rc *req.Ctx) {
 	biz.IsTrueI(ctx, cryptox.CheckPwdHash(originOldPwd, account.Password), imsg.ErrOldPasswordWrong)
 	biz.IsTrue(account.IsEnable(), "This account is not available")
 
-	originNewPwd, err := cryptox.DefaultRsaDecrypt(form.NewPassword, true)
+	originNewPwd, err := utils.DefaultRsaDecrypt(form.NewPassword, true)
 	biz.ErrIsNilAppendErr(err, "Wrong to decrypt new password: %s")
 	biz.IsTrueI(ctx, utils.CheckAccountPasswordLever(originNewPwd), imsg.ErrAccountPasswordNotFollowRule)
 

server/internal/sys/application/config.go

@@ -2,7 +2,6 @@ package application
 
 import (
 	"context"
-	"encoding/json"
 	"mayfly-go/internal/sys/domain/entity"
 	"mayfly-go/internal/sys/domain/repository"
 	"mayfly-go/pkg/base"
@@ -10,7 +9,6 @@ import (
 	"mayfly-go/pkg/errorx"
 	"mayfly-go/pkg/logx"
 	"mayfly-go/pkg/model"
-	"mayfly-go/pkg/utils/jsonx"
 	"strings"
 )
 
@@ -56,16 +54,14 @@ func (a *configAppImpl) Save(ctx context.Context, config *entity.Config) error {
 func (a *configAppImpl) GetConfig(key string) *entity.Config {
 	config := &entity.Config{Key: key}
 	// 优先从缓存中获取
-	cacheStr := cache.GetStr(SysConfigKeyPrefix + key)
-	if cacheStr != "" {
-		json.Unmarshal([]byte(cacheStr), &config)
+	if exist := cache.Get(SysConfigKeyPrefix+key, &config); exist {
 		return config
 	}
 
 	if err := a.GetByCond(model.NewModelCond(config).Columns("Id", "Key", "Value", "Permission")); err != nil {
 		logx.Warnf("There is no system configuration with key = [%s]", key)
 	} else {
-		cache.SetStr(SysConfigKeyPrefix+key, jsonx.ToStr(config), -1)
+		cache.Set(SysConfigKeyPrefix+key, config, -1)
 	}
 	return config
 }

server/internal/tag/application/tag_tree.go

@@ -419,14 +419,12 @@ func (p *tagTreeAppImpl) GetAccountTags(accountId uint64, query *entity.TagTreeQ
 					continue
 				}
 
-				// 如用户分配了: "default/type1|code1/type2|code2/type3|code3/", 需要查询的codePathLike为: default/type1|%/type2|%/，即用户分配的标签路径是查询的子节点。
-				// 若需要获取所有子节点，则codePathLike 使用default/type1|code1/type2|code2/去查。否则需要单独再去查一遍
+				// 如用户分配了: "default/type1|code1/type2|code2/type3|code3/",即accountMathPath=default/type1|%/type2|%/type3/%/, 需要查询的codePathLike为: default/type1|%/type2|%/，即用户分配的标签路径是查询的子节点。
+				// 则codePathLike 使用default/type1|code1/type2|code2/去查
 				if strings.HasPrefix(accountMatchPath, codePathLike) {
 					actualMatchCodePath := accountTagCodePathSections[len(entity.CodePath(codePathLike).GetPathSections())-1].Path
 					needFilterAccountTagPaths[actualMatchCodePath] = append(needFilterAccountTagPaths[actualMatchCodePath], accountTag)
-					if query.GetAllChildren {
-						codePathLikes = append(codePathLikes, actualMatchCodePath)
-					}
+					codePathLikes = append(codePathLikes, actualMatchCodePath)
 				}
 			}
 		}
@@ -444,19 +442,8 @@ func (p *tagTreeAppImpl) GetAccountTags(accountId uint64, query *entity.TagTreeQ
 	tagResourceQuery.CodePathLikes = codePathLikes
 	p.ListByQuery(tagResourceQuery, &tagResources)
 
-	// 不是获取所有子节点，则需要额外查询需要过滤的节点信息。如用户分配了default/2|db_local/5|db_local_root/22|cWMpm6137g/标签，但是typePath为default/2|%/5|%/
-	// 由于不是获取所有子节点，则会被追加Type进行过滤，故获取不到default/2|db_local/5|db_local_root/的信息，需要额外查询
-	if !query.GetAllChildren && len(needFilterAccountTagPaths) > 0 {
-		var otherTags []*dto.SimpleTagTree
-		p.ListByQuery(&entity.TagTreeQuery{
-			CodePaths: collx.MapKeys(needFilterAccountTagPaths),
-		}, &otherTags)
-		tagResources = append(tagResources, otherTags...)
-		// 清空，因为不是获取所有子节点，so 后续不需要进行过滤
-		clear(needFilterAccountTagPaths)
-	}
-
-	if len(needFilterAccountTagPaths) > 0 {
+	// 获取所有子节点，并且存在需要过滤的路径，则进行过滤处理
+	if query.GetAllChildren && len(needFilterAccountTagPaths) > 0 {
 		tagResources = collx.ArrayFilter(tagResources, func(tr *dto.SimpleTagTree) bool {
 			for codePathLike, accountTags := range needFilterAccountTagPaths {
 				if strings.HasPrefix(tr.CodePath, codePathLike) {