2025-05-15 15:56:20 +08:00
|
|
|
|
package core
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
|
|
|
|
|
"crypto/aes"
|
|
|
|
|
|
"crypto/cipher"
|
2025-05-22 14:52:31 +08:00
|
|
|
|
"encoding/base32"
|
2025-05-15 15:56:20 +08:00
|
|
|
|
"encoding/base64"
|
|
|
|
|
|
"encoding/json"
|
|
|
|
|
|
"fmt"
|
2025-05-16 17:04:03 +08:00
|
|
|
|
g "proxy-server/gateway/globals"
|
2025-05-15 15:56:20 +08:00
|
|
|
|
"time"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type SecuredReq struct {
|
|
|
|
|
|
Content string `json:"content"`
|
|
|
|
|
|
Nonce string `json:"nonce"`
|
|
|
|
|
|
Timestamp int64 `json:"timestamp"`
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-05-22 14:52:31 +08:00
|
|
|
|
func Decrypt[T any](req *SecuredReq, secretStr string) (resp *T, err error) {
|
|
|
|
|
|
var encoding = base32.StdEncoding.WithPadding(base32.NoPadding)
|
|
|
|
|
|
|
|
|
|
|
|
secret, err := encoding.DecodeString(secretStr)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, fmt.Errorf("解码密钥失败: %w", err)
|
|
|
|
|
|
}
|
2025-05-15 15:56:20 +08:00
|
|
|
|
|
|
|
|
|
|
// 解密请求
|
2025-05-22 14:52:31 +08:00
|
|
|
|
block, err := aes.NewCipher(secret)
|
2025-05-15 15:56:20 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
gcm, err := cipher.NewGCM(block)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-05-22 14:52:31 +08:00
|
|
|
|
nonce, err := encoding.DecodeString(req.Nonce)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2025-05-15 15:56:20 +08:00
|
|
|
|
|
|
|
|
|
|
content, err := base64.StdEncoding.DecodeString(req.Content)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var aad = []byte(fmt.Sprintf("%s:%d", req.Nonce, req.Timestamp))
|
|
|
|
|
|
|
|
|
|
|
|
bytes, err := gcm.Open(nil, nonce, content, aad)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查时间与 nonce 是否匹配
|
|
|
|
|
|
var duration = time.Now().UnixMilli() - req.Timestamp
|
|
|
|
|
|
if duration > 1000*60*5 { // 5分钟
|
|
|
|
|
|
return nil, fmt.Errorf("请求超时,当前时间:%d,接收时间:%d", time.Now().UnixMilli(), req.Timestamp)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
result, err := g.Redis.Exists(context.Background(), req.Nonce).Result()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
if result > 0 {
|
|
|
|
|
|
return nil, fmt.Errorf("请求已被使用,nonce:%s", req.Nonce)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 将 nonce 存入 redis,设置过期时间为 5 分钟
|
|
|
|
|
|
err = g.Redis.Set(context.Background(), req.Nonce, 1, time.Minute*5).Err()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 返回解密后的数据
|
|
|
|
|
|
err = json.Unmarshal(bytes, &resp)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return resp, nil
|
|
|
|
|
|
}
|
