refactor(encipher): 更新 JWT 过期时间变量

- 将 vars.JwtExpireDay 更改为 vars.JwtExpire，使代码更具通用性
- 优化了 GenerateTokenAes 函数中的过期时间计算逻辑

README.md

@@ -5,3 +5,23 @@ go env -w  GONOPROXY=git.apinb.com/*
 go env -w  GOINSECURE=git.apinb.com/*
 go env -w  GONOSUMDB=git.apinb.com/*
 ```
+# crypto 加密与解密
+## GCM加密
+```
+AESGCMEncrypt GCM 加密
+AESGCMDecrypt GCM 解密
+```
+## CBC加密
+```
+Encrypt CBC加密
+Decrypt CBC解密
+```
+## ECB加密
+```
+AesEncryptECB ECB加密
+AesDecryptECB ECB解密
+```
+## 环境变量检测
+```
+AesKeyCheck 秘钥环境变量检测
+```

crypto/aes/aes.go

@@ -4,10 +4,58 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/rand"
 	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"os"
 )
 
-// AES加密
+// =================== GCM ======================
+// AEC GCM 加密
+func AESGCMEncrypt(plaintext, key []byte) (string, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", err
+	}
+	ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
+	return hex.EncodeToString(ciphertext), nil
+}
+
+// AEC GCM 解密
+func AESGCMDecrypt(ciphertext string, key []byte) ([]byte, error) {
+	data, err := hex.DecodeString(ciphertext)
+	if err != nil {
+		return nil, err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+	nonceSize := gcm.NonceSize()
+	if len(data) < nonceSize {
+		return nil, errors.New("密文无效")
+	}
+	nonce, cipherbyte := data[:nonceSize], data[nonceSize:]
+	return gcm.Open(nil, nonce, cipherbyte, nil)
+}
+
+// =================== CBC ======================
+// AES CBC加密
 func Encrypt(key string, iv string, data string) string {
 	if len(data) == 0 {
 		return ""
@@ -24,7 +72,7 @@ func Encrypt(key string, iv string, data string) string {
 	return data
 }
 
-// AES解密
+// AES CBC解密
 func Decrypt(key string, iv string, data string) string {
 	if len(data) == 0 {
 		return ""
@@ -102,3 +150,24 @@ func generateKey(key []byte) (genKey []byte) {
 	}
 	return genKey
 }
+
+func AesKeyCheck(key string) (string, error) {
+	// 从环境变量获取密钥
+	keyHex := os.Getenv(key)
+	if keyHex == "" {
+		fmt.Println("环境变量 RST_KEY 未设置")
+		return "", errors.New("环境变量 RST_KEY 未设置")
+	}
+	// 解码十六进制字符串的密钥
+	byteKey, err := hex.DecodeString(keyHex)
+	if err != nil {
+		fmt.Printf("密钥解码失败: %v\n", err)
+		return "", errors.New("密钥解码失败")
+	}
+	// 检查密钥长度
+	if len(byteKey) != 16 && len(key) != 24 && len(key) != 32 {
+		fmt.Printf("无效的密钥长度: %d 字节 (需要16,24或32字节)\n", len(key))
+		return "", errors.New("无效的密钥长度,需要16,24或32字节")
+	}
+	return keyHex, nil
+}

crypto/encipher/encipher.go

@@ -30,7 +30,7 @@ func GenerateTokenAes(id uint, identity, client, role string, owner any, extend
 	if !(JwtSecretLen == 16 || JwtSecretLen == 24 || JwtSecretLen == 32) {
 		return "", errcode.ErrJWTSecretKey
 	}
-	expireTime := time.Now().Add(vars.JwtExpireDay)
+	expireTime := time.Now().Add(vars.JwtExpire)
 	claims := types.JwtClaims{
 		ID:        id,
 		Identity:  identity,

middleware/cors.go

@@ -0,0 +1,18 @@
+package middleware
+
+import (
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+)
+
+func Cors() gin.HandlerFunc {
+	return cors.New(cors.Config{
+		AllowAllOrigins: true,
+		AllowHeaders: []string{
+			"Origin", "Content-Length", "Content-Type", "Workspace", "Request-Id", "Authorization", "Token",
+		},
+		AllowMethods: []string{
+			"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS",
+		},
+	})
+}

middleware/jwt.go

@@ -4,20 +4,20 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"time"
 
-	"git.apinb.com/bsm-sdk/core/cache/redis"
 	"git.apinb.com/bsm-sdk/core/crypto/encipher"
 	"git.apinb.com/bsm-sdk/core/errcode"
 	"git.apinb.com/bsm-sdk/core/types"
 	"github.com/gin-gonic/gin"
 )
 
-func JwtAuth(redis *redis.RedisClient) gin.HandlerFunc {
+func JwtAuth(time_verify bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 从请求头中获取 Authorization
 		authHeader := c.GetHeader("Authorization")
 		if authHeader == "" {
-			log.Println("获取token异常:", "Authorization header is required")
+			log.Printf("获取token异常:%v\n", "Authorization header is required")
 			c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"})
 			c.Abort()
 			return
@@ -25,21 +25,22 @@ func JwtAuth(redis *redis.RedisClient) gin.HandlerFunc {
 		// 提取Token
 		claims, err := encipher.ParseTokenAes(authHeader)
 		if err != nil || claims == nil {
-			log.Println("提取token异常:", "Token is required")
+			log.Printf("提取token异常:%v\n", err)
 			c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
 			c.Abort()
 			return
 		}
 
-		// 从redis 获取token,判断当前redis 是否为空
+		// 检测是否需要验证token时间
-		// tokenKey := fmt.Sprintf("%d-%s-%s", claims.ID, claims.Role, "token")
+		if time_verify {
-		// redisToken := redis.Client.Get(redis.Ctx, tokenKey)
+			// 判断时间claims.ExpiresAt
-		// if redisToken.Val() == "" {
+			if time.Now().Unix() > claims.ExpiresAt {
-		// 	log.Println("redis异常", "Token status unauthorized")
+				log.Println("token过期，请重新获取:", "Token has expired")
-		// 	c.JSON(http.StatusUnauthorized, gin.H{"error": "Token status unauthorized"})
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has expired"})
-		// 	c.Abort()
+				c.Abort()
-		// 	return
+				return
-		// }
+			}
+		}
 
 		// 将解析后的 Token 存储到上下文中
 		c.Set("Auth", claims)

middleware/mode.go

@@ -0,0 +1,16 @@
+package middleware
+
+import (
+	"git.apinb.com/bsm-sdk/core/env"
+	"git.apinb.com/bsm-sdk/core/vars"
+	"github.com/gin-gonic/gin"
+)
+
+func Mode(app *gin.Engine) {
+	// 设置gin模式
+	if env.Runtime.Mode == vars.RUN_MODE_PROD {
+		gin.SetMode(gin.ReleaseMode)
+	} else {
+		gin.SetMode(gin.DebugMode)
+	}
+}

oplog/types.go

@@ -9,6 +9,7 @@ type LogItem struct {
 	Level  uint   `json:"level"`
 	Ip     string `json:"ip"`
 	Module string `json:"module"`
+	Encry  bool   `json:"encry"`
 }
 
 var (

utils/ext.go

@@ -1,6 +1,10 @@
 package utils
 
 import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
 	"strconv"
 	"strings"
 )
@@ -33,3 +37,11 @@ func ParseParams(in map[string]string) map[string]interface{} {
 	}
 	return out
 }
+
+func PrintJson(v any) {
+	jsonBy, _ := json.Marshal(v)
+	var out bytes.Buffer
+	json.Indent(&out, jsonBy, "", "\t")
+	out.WriteTo(os.Stdout)
+	fmt.Printf("\n")
+}

utils/file.go

@@ -2,6 +2,7 @@ package utils
 
 import (
 	"errors"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -21,11 +22,37 @@ func StringToFile(path, content string) error {
 	return nil
 }
 
+// 文件复制
+func CopyFile(src, dst string) (int64, error) {
+	sourceFileStat, err := os.Stat(src)
+	if err != nil {
+		return 0, err
+	}
+	if !sourceFileStat.Mode().IsRegular() {
+		return 0, fmt.Errorf("%s is not a regular file", src)
+	}
+
+	source, err := os.Open(src)
+	if err != nil {
+		return 0, err
+	}
+	defer source.Close()
+
+	destination, err := os.Create(dst)
+	if err != nil {
+		return 0, err
+	}
+	defer destination.Close()
+
+	nBytes, err := io.Copy(destination, source)
+	return nBytes, err
+}
+
 // 递归遍历文件夹
 // rootDir: 文件夹根目录
 // s: 存储文件名的切片
 // filter: 过滤条件：".git", ".idea", ".vscode", ".gitignore", ".gitea", ".github", ".golangci.yml", "*.pyc"
-func FileTree(rootDir string, s []string, filter []string) ([]string, error) {
+func FileTreeByFilter(rootDir string, s []string, filter []string) ([]string, error) {
 	rd, err := os.ReadDir(rootDir)
 	if err != nil {
 		return s, err
@@ -50,7 +77,48 @@ func FileTree(rootDir string, s []string, filter []string) ([]string, error) {
 
 		if fi.IsDir() {
 			fullDir := rootDir + "/" + fi.Name()
-			s, err = FileTree(fullDir, s, filter)
+			s, err = FileTreeByFilter(fullDir, s, filter)
+			if err != nil {
+				return s, err
+			}
+		} else {
+			fullName := rootDir + "/" + fi.Name()
+			s = append(s, fullName)
+		}
+	}
+	return s, nil
+}
+
+// 递归遍历文件夹
+// rootDir: 文件夹根目录
+// s: 存储文件名的切片
+// allow: 允许条件：".zip", ".check"
+func FileTreeBySelect(rootDir string, s []string, allow []string) ([]string, error) {
+	rd, err := os.ReadDir(rootDir)
+	if err != nil {
+		return s, err
+	}
+	for _, fi := range rd {
+		// 检查文件名是否匹配任何一个过滤模式
+		matched := false
+		for _, item := range allow {
+			exists, err := filepath.Match(item, fi.Name())
+			if err != nil {
+				continue
+			}
+			if exists {
+				matched = true
+				break
+			}
+		}
+
+		if !matched {
+			continue
+		}
+
+		if fi.IsDir() {
+			fullDir := rootDir + "/" + fi.Name()
+			s, err = FileTreeBySelect(fullDir, s, allow)
 			if err != nil {
 				return s, err
 			}

vars/jwt.go

@@ -4,5 +4,5 @@ import "time"
 
 var (
 	// cache def value
-	JwtExpireDay    time.Duration = 1 * 24 * time.Hour
+	JwtExpire    time.Duration = 1 * 24 * time.Hour
 )