package auth import ( "bytes" "crypto/aes" "crypto/cipher" "encoding/base64" "encoding/gob" "fmt" "net/url" ) type OperateType int8 const ( OpTypeRegister OperateType = 1 //注册的操作类型 ) type ConfirmationLink[T any] struct { Secret []byte DefaultQueryKey string // 默认key 是 token link *url.URL } func NewConfirmationLink[T any](key []byte, UrlStr string) *ConfirmationLink[T] { u, err := url.Parse(UrlStr) if err != nil { panic(err) } return &ConfirmationLink[T]{ Secret: key, DefaultQueryKey: "token", link: u, } } // Generate 序列化链接传入需求的obj func (cl *ConfirmationLink[T]) Generate(obj *T) (string, error) { token, err := cl.Encrypt(obj) if err != nil { return "", err } return cl.GenerateWithToken(token) } // GenerateWithToken 序列化url带token func (cl *ConfirmationLink[T]) GenerateWithToken(token string) (string, error) { q := cl.link.Query() if q.Has(cl.DefaultQueryKey) { q.Set(cl.DefaultQueryKey, token) } else { q.Add(cl.DefaultQueryKey, token) } // 生成确认链接 cl.link.RawQuery = q.Encode() return cl.link.String(), nil } func fusenMakeKey(keysting string) []byte { key := []byte(keysting) var result [32]byte // If key length is more than 32, truncate it if len(key) > 32 { key = key[:32] } // If key length is less than 32, replicate it until it reaches 32 for len(key) < 32 { key = append(key, key...) } // Only take the first 32 bytes key = key[:32] // Swap the first 16 bytes with the last 16 bytes copy(result[:], key[16:]) copy(result[16:], key[:16]) return result[:] } func (cl *ConfirmationLink[T]) Encrypt(obj *T) (string, error) { var buf = bytes.NewBuffer(nil) err := gob.NewEncoder(buf).Encode(obj) if err != nil { return "", err } block, err := aes.NewCipher(cl.Secret) if err != nil { return "", err } nonce := make([]byte, 12) // if _, err := io.ReadFull(rand.Reader, nonce); err != nil { // return "", err // } aesgcm, err := cipher.NewGCM(block) if err != nil { return "", err } ciphertext := aesgcm.Seal(nonce, nonce, buf.Bytes(), nil) return base64.URLEncoding.EncodeToString(ciphertext), nil } func (cl *ConfirmationLink[T]) Decrypt(ciphertext string) (*T, error) { block, err := aes.NewCipher(cl.Secret) if err != nil { return nil, err } ct, err := base64.URLEncoding.DecodeString(ciphertext) if err != nil { return nil, err } if len(ct) < 12 { return nil, fmt.Errorf("ciphertext too short") } aesgcm, err := cipher.NewGCM(block) if err != nil { return nil, err } plaintext, err := aesgcm.Open(nil, ct[:12], ct[12:], nil) if err != nil { return nil, err } // 解出golang的结构体 var protected T var buf = bytes.NewBuffer(plaintext) err = gob.NewDecoder(buf).Decode(&protected) if err != nil { return nil, err } return &protected, nil }