使用 base32 解码传入的密钥；优化调试接口返回内容；新增 RUN_MODE，根据环境变量确定是否要公开调试接口

2025-05-22 14:52:31 +08:00
parent 8c824595f4
commit 12038f0af7
6 changed files with 71 additions and 33 deletions
--- a/gateway/core/security.go
+++ b/gateway/core/security.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/aes"
 	"crypto/cipher"
+	"encoding/base32"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -17,10 +18,16 @@ type SecuredReq struct {
 	Timestamp int64  `json:"timestamp"`
 }

-func Decrypt[T any](req *SecuredReq, secret string) (resp *T, err error) {
+func Decrypt[T any](req *SecuredReq, secretStr string) (resp *T, err error) {
+	var encoding = base32.StdEncoding.WithPadding(base32.NoPadding)
+
+	secret, err := encoding.DecodeString(secretStr)
+	if err != nil {
+		return nil, fmt.Errorf("解码密钥失败: %w", err)
+	}

 	// 解密请求
-	block, err := aes.NewCipher([]byte(secret))
+	block, err := aes.NewCipher(secret)
 	if err != nil {
 		return nil, err
 	}
@@ -30,7 +37,10 @@ func Decrypt[T any](req *SecuredReq, secret string) (resp *T, err error) {
 		return nil, err
 	}

-	var nonce = []byte(req.Nonce)
+	nonce, err := encoding.DecodeString(req.Nonce)
+	if err != nil {
+		return nil, err
+	}

 	content, err := base64.StdEncoding.DecodeString(req.Content)
 	if err != nil {