go GCM gin中间件的加密解密文件流处理_Golang_

package aes import ( "crypto/aes" "crypto/cipher" "crypto/md5" "crypto/rand" "encoding/base64" "encoding/hex" "errors" "io" ) //加密字符串 func GcmEncrypt(key, plaintext string) (string, error) { if len(key) != 32 && len(key) != 24 && len(key) != 16 { return "", errors.New("the length of key is error") } if len(plaintext) < 1 { return "", errors.New("plaintext is null") } keyByte := []byte(key) plainByte:=[]byte(plaintext) block, err := aes.NewCipher(keyByte) if err != nil { return "", err } aesGcm, err := cipher.NewGCM(block) if err != nil { return "", err } nonce := make([]byte, 12) if _, err := io.ReadFull(rand.Reader, nonce); err != nil { return "", err } seal := aesGcm.Seal(nonce, nonce, plainByte, nil) return base64.URLEncoding.EncodeToString(seal), nil } //解密字符串 func GcmDecrypt(key, cipherText string) (string, error) { if len(key) != 32 && len(key) != 24 && len(key) != 16 { return "", errors.New("the length of key is error") } if len(cipherText) < 1 { return "", errors.New("cipherText is null") } cipherByte, err := base64.URLEncoding.DecodeString(cipherText) if err != nil { return "", err } if len(cipherByte) < 12 { return "", errors.New("cipherByte is error") } nonce, cipherByte := cipherByte[:12], cipherByte[12:] keyByte := []byte(key) block, err := aes.NewCipher(keyByte) if err != nil { return "", err } aesGcm, err := cipher.NewGCM(block) if err != nil { return "", err } plainByte, err := aesGcm.Open(nil, nonce, cipherByte, nil) if err != nil { return "", err } return string(plainByte), nil } //生成32位md5字串 func GetAesKey(s string) string { h := md5.New() h.Write([]byte(s)) return hex.EncodeToString(h.Sum(nil)) }

package middleware import ( "fmt" "github.com/gin-gonic/gin" "github.com/valyala/fasthttp" "io/ioutil" "runtime/debug" "time" ) var fastClient *fasthttp.Client func init() { fastClient = &fasthttp.Client{} fastClient.MaxIdemponentCallAttempts = 1 fastClient.ReadTimeout = time.Second * 60 } func GetHttpClient() *fasthttp.Client { return fastClient } func GateWay() gin.HandlerFunc { return func(c *gin.Context) { defer func() { if e := recover(); e != nil { stack := debug.Stack() log("GateWay Recovery: err:%v, stack:%v", e, string(stack)) } }() err := Forward(c) if err != nil { response(c, 9999, "系统错误", err.Error()) } return } } func Forward(ctx *gin.Context) error { req := &fasthttp.Request{} //请求-获取服务地址 host := "http://localhost:8000/" + ctx.Request.URL.String() //请求-url req.SetRequestURI(host) //请求-header for k, v := range ctx.Request.Header { req.Header.Set(k, v[0]) } //请求-body data, err := ioutil.ReadAll(ctx.Request.Body) if err != nil { log("Forward err:%v", err) return fmt.Errorf("系统错误") } req.SetBody(data) //请求-方法 req.Header.SetMethod(ctx.Request.Method) //请求-发送 resp := &fasthttp.Response{} //请求-新增调用链 /* err = opentracing.GlobalTracer().Inject( opentracing.SpanFromContext(ctx.Request.Context()).Context(), opentracing.TextMap, HTTPHeadersCarrier{&req.Header}, ) */ err = GetHttpClient().Do(req, resp) if err != nil { log("Forward GetHttpClient DO err:%v", err) return fmt.Errorf("系统错误") } //请求-响应 ContentType := fmt.Sprintf("%s", resp.Header.Peek("Content-Type")) ctx.Data(resp.StatusCode(), ContentType, resp.Body()) return nil } type HTTPHeadersCarrier struct { *fasthttp.RequestHeader } func (c HTTPHeadersCarrier) Set(key, val string) { h := c.RequestHeader h.Add(key, val) }

package middleware import ( "bytes" "demo/aes" "encoding/json" "errors" "fmt" "github.com/gin-gonic/gin" "io" "io/ioutil" "mime" "mime/multipart" "net/url" "runtime/debug" "strconv" "strings" ) type aesWriter struct { gin.ResponseWriter body *bytes.Buffer } func (w *aesWriter) Write(b []byte) (int, error) { return w.body.Write(b) } func (w *aesWriter) WriteString(s string) (int, error) { return w.body.WriteString(s) } //只有经过token 验证的才会加密 和解密 //handleFile 表示是否处理上传文件， 默认网关不处理上传文件的encryptString数据， 如果处理会导致具体服务无法接收到具体参数 func AesGcmDecrypt() gin.HandlerFunc { return func(c *gin.Context) { defer func() { if e := recover(); e != nil { stack := debug.Stack() log("AesGcmDecrypt Recovery: err:%v, stack:%v", e, string(stack)) } }() if c.Request.Method == "OPTIONS" { c.Next() } else { md5key := aes.GetAesKey("gavin12345678") log("AesGcmDecrypt start url:%s ,md5key:%s, Method:%s, Header:%+v", c.Request.URL.String(), md5key, c.Request.Method, c.Request.Header) handleAes(c, md5key) } } } //请求和返回都加密 解密 func handleAes(c *gin.Context, md5key string) { contentType := c.Request.Header.Get("Content-Type") isJsonRequest := strings.Contains(contentType, "application/json") isFileRequest := strings.Contains(contentType, "multipart/form-data") isFormUrl := strings.Contains(contentType, "application/x-www-form-urlencoded") if c.Request.Method == "GET" { err := parseQuery(c, md5key) if err != nil { log("handleAes parseQuery err:%v", err) //这里输出应该密文 一旦加密解密调试好 这里就不会走进来 response(c, 2001, "系统错误", err.Error()) return } } else if isJsonRequest { err := parseJson(c, md5key) if err != nil { log("handleAes parseJson err:%v", err) //这里输出应该密文 一旦加密解密调试好 这里就不会走进来 response(c, 2001, "系统错误", err.Error()) return } } else if isFormUrl { err := parseForm(c, md5key) if err != nil { log("handleAes parseForm err:%v", err) //这里输出应该密文 一旦加密解密调试好 这里就不会走进来 response(c, 2001, "系统错误", err.Error()) return } } else if isFileRequest { err := parseFile(c, md5key) if err != nil { log("handleAes parseFile err:%v", err) //这里输出应该密文 一旦加密解密调试好 这里就不会走进来 response(c, 2001, "系统错误", err.Error()) return } } ///截取 response body oldWriter := c.Writer blw := &aesWriter{body: bytes.NewBufferString(""), ResponseWriter: c.Writer} c.Writer = blw // 走流程 c.Next() ///获取返回数据 responseByte := blw.body.Bytes() //日志 c.Writer = oldWriter //如果返回的不是json格式 那么直接返回,应为文件下载之类的不应该加密 if !isJsonResponse(c) { _, _ = c.Writer.Write(responseByte) return } ///加密 encryptStr, err := aes.GcmEncrypt(md5key, string(responseByte)) if err != nil { log("handleAes GcmEncrypt err:%v", err) response(c, 2001, "系统错误", err.Error()) return } _, _ = c.Writer.WriteString(encryptStr) } //处理json func parseJson(c *gin.Context, md5key string) error { //读取数据 body处理 payload, err := c.GetRawData() if err != nil { return err } ///解密body数据 请求的json是{"encryptString":{value}} value含有gcm的12字节nonce,实际长度大于32 if payload != nil && len(payload) > 20 { var jsonData encryptJson log("AesGcmDecrypt parseJson url:%s md5key:%s,old data:%s,", c.Request.URL.String(), md5key, string(payload)) err := json.Unmarshal(payload, &jsonData) if err != nil { log("AesGcmDecrypt parseJson Unmarshal err:%v", err) return err } payloadText := jsonData.EncryptString if len(payloadText) > 0 { payloadText, err = aes.GcmDecrypt(md5key, payloadText) if err != nil { log("AesGcmDecrypt parseJson GcmDecryptByte err:%v", err) return err } payload = []byte(payloadText) log("AesGcmDecrypt parseJson url:%s md5key:%s,encryptString:%s,decrypt data:%s", c.Request.URL.String(), md5key, jsonData.EncryptString, payloadText) } } c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(payload)) return nil } func parseForm(c *gin.Context, md5key string) error { //读取数据 body处理 payload, err := c.GetRawData() if err != nil { return err } ///解密body数据 请求的json是"encryptString= value含有gcm的12字节nonce,实际长度大于32 if payload != nil && len(payload) > 20 { var jsonData encryptJson log("AesGcmDecrypt parseForm url:%s md5key:%s,old data:%s,", c.Request.URL.String(), md5key, string(payload)) values, err := url.ParseQuery(string(payload)) if err != nil { log("AesGcmDecrypt parseForm ParseQuery err:%v", err) return err } payloadText := values.Get("encryptString") if len(payloadText) > 0 { mapData, err := gcmDecryptString(md5key, payloadText) if err != nil { log("AesGcmDecrypt parseForm gcmDecryptString err:%v", err) return err } for k, v := range mapData { values.Add(k, getStr(v)) } formData := values.Encode() log("AesGcmDecrypt parseForm url:%s md5key:%s,encryptString:%s,decrypt data:%s", c.Request.URL.String(), md5key, jsonData.EncryptString, formData) payload = []byte(formData) } } c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(payload)) return nil } //处理get url的解密 func parseQuery(c *gin.Context, md5Key string) error { encryptString := c.Query("encryptString") log("AesGcmDecrypt parseQuery url:%s, md5key:%s, encryptString:%s", c.Request.URL.String(), md5Key, encryptString) if len(encryptString) < 1 { return nil } queryData, err := gcmDecryptString(md5Key, encryptString) if err != nil { return err } var args []string var logs []string for k, v := range queryData { val := getStr(v) args = append(args, fmt.Sprintf("%s=%s", k, url.QueryEscape(val))) logs = append(logs, fmt.Sprintf("%s=%s", k, val)) } log("AesGcmDecrypt parseQuery url:%s, md5key:%s, encryptString:%s, decrypt data:%s", c.Request.URL.String(), md5Key, encryptString, strings.Join(logs, "&")) c.Request.URL.RawQuery = strings.Join(args, "&") return nil } func parseFile(c *gin.Context, md5Key string) error { contentType := c.Request.Header.Get("Content-Type") _, params, _ := mime.ParseMediaType(contentType) boundary, ok := params["boundary"]
                
提示：
                    本文由神整理自网络，如有侵权请联系本站删除！
                    

                    本站声明： 

                    1、本站所有资源均来源于互联网，不保证100%完整、不提供任何技术支持； 

                    2、本站所发布的文章以及附件仅限用于学习和研究目的;不得将用于商业或者非法用途；否则由此产生的法律后果，本站概不负责！
                
                

                

                                            
上一篇：使用Go实现健壮的内存型缓存的方法_Golang_
                                                                
下一篇：Golang配置解析神器go viper使用详解_Golang_