feat: 登录强制校验弱密码&关键信息加密传输

2025-11-04 00:10:25 +08:00 · 2022-07-18 20:36:31 +08:00
parent db554ebdc9
commit 5271bd21e8
29 changed files with 1804 additions and 1327 deletions
--- a/server/pkg/biz/bizerror.go
+++ b/server/pkg/biz/bizerror.go
@@ -7,28 +7,28 @@ type BizError struct {
 }

 var (
-	Success       *BizError = NewBizErrCode(200, "success")
-	BizErr        *BizError = NewBizErrCode(400, "biz error")
-	ServerError   *BizError = NewBizErrCode(500, "server error")
-	PermissionErr *BizError = NewBizErrCode(501, "token error")
+	Success       BizError = NewBizErrCode(200, "success")
+	BizErr        BizError = NewBizErrCode(400, "biz error")
+	ServerError   BizError = NewBizErrCode(500, "server error")
+	PermissionErr BizError = NewBizErrCode(501, "token error")
 )

 // 错误消息
-func (e *BizError) Error() string {
+func (e BizError) Error() string {
 	return e.err
 }

 // 错误码
-func (e *BizError) Code() int16 {
+func (e BizError) Code() int16 {
 	return e.code
 }

 // 创建业务逻辑错误结构体，默认为业务逻辑错误
-func NewBizErr(msg string) *BizError {
-	return &BizError{code: BizErr.code, err: msg}
+func NewBizErr(msg string) BizError {
+	return BizError{code: BizErr.code, err: msg}
 }

 // 创建业务逻辑错误结构体，可设置指定错误code
-func NewBizErrCode(code int16, msg string) *BizError {
-	return &BizError{code: code, err: msg}
+func NewBizErrCode(code int16, msg string) BizError {
+	return BizError{code: code, err: msg}
 }
--- a/server/pkg/ctx/log_handler.go
+++ b/server/pkg/ctx/log_handler.go
@@ -95,7 +95,7 @@ func getErrMsg(rc *ReqCtx, err interface{}) string {

 	var errMsg string
 	switch t := err.(type) {
-	case *biz.BizError:
+	case biz.BizError:
 		errMsg = fmt.Sprintf("\n<-e errCode: %d, errMsg: %s", t.Code(), t.Error())
 	case error:
 		errMsg = fmt.Sprintf("\n<-e errMsg: %s\n%s", t.Error(), string(debug.Stack()))
--- a/server/pkg/ginx/ginx.go
+++ b/server/pkg/ginx/ginx.go
@@ -62,7 +62,7 @@ func SuccessRes(g *gin.Context, data interface{}) {
 // 返回失败结果集
 func ErrorRes(g *gin.Context, err interface{}) {
 	switch t := err.(type) {
-	case *biz.BizError:
+	case biz.BizError:
 		g.JSON(http.StatusOK, model.Error(t))
 	case error:
 		g.JSON(http.StatusOK, model.ServerError())
--- a/server/pkg/model/result.go
+++ b/server/pkg/model/result.go
@@ -44,7 +44,7 @@ func SuccessNoData() *Result {
 	return &Result{Code: SuccessCode, Msg: SuccessMsg}
 }

-func Error(bizerr *biz.BizError) *Result {
+func Error(bizerr biz.BizError) *Result {
 	return &Result{Code: bizerr.Code(), Msg: bizerr.Error()}
 }

--- a/server/pkg/utils/crypto_utils.go
+++ b/server/pkg/utils/crypto_utils.go
@@ -1,8 +1,15 @@
 package utils

 import (
+	"bytes"
 	"crypto/md5"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
 	"encoding/hex"
+	"encoding/pem"
+	"errors"
 )

 // md5
@@ -11,3 +18,115 @@ func Md5(str string) string {
 	h.Write([]byte(str))
 	return hex.EncodeToString(h.Sum(nil))
 }
+
+// 系统统一RSA秘钥对
+var RsaPair []string
+
+// 生成RSA私钥和公钥字符串
+// bits 证书大小
+// @return privateKeyStr publicKeyStr error
+func GenerateRSAKey(bits int) (string, string, error) {
+	var privateKeyStr, publicKeyStr string
+
+	//GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥
+	//Reader是一个全局、共享的密码用强随机数生成器
+	privateKey, err := rsa.GenerateKey(rand.Reader, bits)
+	if err != nil {
+		return privateKeyStr, publicKeyStr, err
+	}
+	//保存私钥
+	//通过x509标准将得到的ras私钥序列化为ASN.1 的 DER编码字符串
+	X509PrivateKey := x509.MarshalPKCS1PrivateKey(privateKey)
+	//构建一个pem.Block结构体对象
+	privateBlock := pem.Block{Type: "RSA Private Key", Bytes: X509PrivateKey}
+
+	privateBuf := new(bytes.Buffer)
+	pem.Encode(privateBuf, &privateBlock)
+	privateKeyStr = privateBuf.String()
+
+	//保存公钥
+	//获取公钥的数据
+	publicKey := privateKey.PublicKey
+	//X509对公钥编码
+	X509PublicKey, err := x509.MarshalPKIXPublicKey(&publicKey)
+	if err != nil {
+		return publicKeyStr, privateKeyStr, err
+	}
+	//创建一个pem.Block结构体对象
+	publicBlock := pem.Block{Type: "RSA Public Key", Bytes: X509PublicKey}
+
+	publicBuf := new(bytes.Buffer)
+	pem.Encode(publicBuf, &publicBlock)
+	publicKeyStr = publicBuf.String()
+
+	return privateKeyStr, publicKeyStr, nil
+}
+
+// rsa解密
+func RsaDecrypt(privateKeyStr string, data []byte) ([]byte, error) {
+	block, _ := pem.Decode([]byte(privateKeyStr))
+	if block == nil {
+		return nil, errors.New("private key error")
+	}
+
+	priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return rsa.DecryptPKCS1v15(rand.Reader, priv, data)
+}
+
+// 使用系统默认的私钥解密
+// @param base64 字符串是否使用base64编码
+func DefaultRsaDecrypt(data string, useBase64 bool) (string, error) {
+	// 空字符串不解密
+	if data == "" {
+		return "", nil
+	}
+	if useBase64 {
+		if decodeBase64, err := base64.StdEncoding.DecodeString(data); err != nil {
+			return "", err
+		} else {
+			data = string(decodeBase64)
+		}
+	}
+	priKey, err := GetRsaPrivateKey()
+	if err != nil {
+		return "", err
+	}
+	val, err := RsaDecrypt(priKey, []byte(data))
+	if err != nil {
+		return "", err
+	}
+	return string(val), nil
+}
+
+// 获取系统的RSA公钥
+func GetRsaPublicKey() (string, error) {
+	if len(RsaPair) == 2 {
+		return RsaPair[1], nil
+	}
+
+	privateKey, publicKey, err := GenerateRSAKey(1024)
+	if err != nil {
+		return "", err
+	}
+	RsaPair = append(RsaPair, privateKey)
+	RsaPair = append(RsaPair, publicKey)
+	return publicKey, nil
+}
+
+// 获取系统私钥
+func GetRsaPrivateKey() (string, error) {
+	if len(RsaPair) == 2 {
+		return RsaPair[0], nil
+	}
+
+	privateKey, publicKey, err := GenerateRSAKey(1024)
+	if err != nil {
+		return "", err
+	}
+	RsaPair = append(RsaPair, privateKey)
+	RsaPair = append(RsaPair, publicKey)
+	return privateKey, nil
+}