2023-07-27 02:18:49 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"crypto/aes"
|
|
|
|
"crypto/cipher"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/gob"
|
|
|
|
"fmt"
|
|
|
|
"net/url"
|
|
|
|
)
|
|
|
|
|
2023-07-27 08:48:43 +00:00
|
|
|
type OperateType int8
|
|
|
|
|
|
|
|
const (
|
|
|
|
OpTypeRegister OperateType = 1 //注册的操作类型
|
|
|
|
)
|
|
|
|
|
2023-07-27 02:18:49 +00:00
|
|
|
type ConfirmationLink[T any] struct {
|
|
|
|
Secret []byte
|
|
|
|
DefaultQueryKey string // 默认key 是 token
|
|
|
|
link *url.URL
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewConfirmationLink[T any](key []byte, UrlStr string) *ConfirmationLink[T] {
|
|
|
|
u, err := url.Parse(UrlStr)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &ConfirmationLink[T]{
|
|
|
|
Secret: key,
|
|
|
|
DefaultQueryKey: "token",
|
|
|
|
link: u,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Generate 序列化链接传入需求的obj
|
|
|
|
func (cl *ConfirmationLink[T]) Generate(obj *T) (string, error) {
|
|
|
|
|
|
|
|
token, err := cl.Encrypt(obj)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
return cl.GenerateWithToken(token)
|
|
|
|
}
|
|
|
|
|
|
|
|
// GenerateWithToken 序列化url带token
|
|
|
|
func (cl *ConfirmationLink[T]) GenerateWithToken(token string) (string, error) {
|
|
|
|
|
|
|
|
q := cl.link.Query()
|
|
|
|
if q.Has(cl.DefaultQueryKey) {
|
|
|
|
q.Set(cl.DefaultQueryKey, token)
|
|
|
|
} else {
|
|
|
|
q.Add(cl.DefaultQueryKey, token)
|
|
|
|
}
|
|
|
|
|
|
|
|
// 生成确认链接
|
|
|
|
cl.link.RawQuery = q.Encode()
|
|
|
|
|
|
|
|
return cl.link.String(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func fusenMakeKey(keysting string) []byte {
|
|
|
|
|
|
|
|
key := []byte(keysting)
|
|
|
|
|
|
|
|
var result [32]byte
|
|
|
|
|
|
|
|
// If key length is more than 32, truncate it
|
|
|
|
if len(key) > 32 {
|
|
|
|
key = key[:32]
|
|
|
|
}
|
|
|
|
|
|
|
|
// If key length is less than 32, replicate it until it reaches 32
|
|
|
|
for len(key) < 32 {
|
|
|
|
key = append(key, key...)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Only take the first 32 bytes
|
|
|
|
key = key[:32]
|
|
|
|
|
|
|
|
// Swap the first 16 bytes with the last 16 bytes
|
|
|
|
copy(result[:], key[16:])
|
|
|
|
copy(result[16:], key[:16])
|
|
|
|
|
|
|
|
return result[:]
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cl *ConfirmationLink[T]) Encrypt(obj *T) (string, error) {
|
|
|
|
|
|
|
|
var buf = bytes.NewBuffer(nil)
|
|
|
|
err := gob.NewEncoder(buf).Encode(obj)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
block, err := aes.NewCipher(cl.Secret)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
nonce := make([]byte, 12)
|
|
|
|
// if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
|
|
|
// return "", err
|
|
|
|
// }
|
|
|
|
|
|
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
ciphertext := aesgcm.Seal(nonce, nonce, buf.Bytes(), nil)
|
|
|
|
|
|
|
|
return base64.URLEncoding.EncodeToString(ciphertext), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cl *ConfirmationLink[T]) Decrypt(ciphertext string) (*T, error) {
|
|
|
|
block, err := aes.NewCipher(cl.Secret)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
ct, err := base64.URLEncoding.DecodeString(ciphertext)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(ct) < 12 {
|
|
|
|
return nil, fmt.Errorf("ciphertext too short")
|
|
|
|
}
|
|
|
|
|
|
|
|
aesgcm, err := cipher.NewGCM(block)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
plaintext, err := aesgcm.Open(nil, ct[:12], ct[12:], nil)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// 解出golang的结构体
|
|
|
|
var protected T
|
|
|
|
var buf = bytes.NewBuffer(plaintext)
|
|
|
|
err = gob.NewDecoder(buf).Decode(&protected)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &protected, nil
|
|
|
|
}
|