evan/next-terminal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

完成数据库敏感信息的加密 close #127 close #46

Browse Source
This commit is contained in:
dushixiang
2021-04-17 20:00:02 +08:00
parent bceda9a95c
commit 8f22ecfb76
5 changed files with 18 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/service/asset.go
View File

@ -1,11 +1,8 @@
package service package service
import ( import (
"encoding/base64"
"next-terminal/pkg/global" "next-terminal/pkg/global"
"next-terminal/server/repository" "next-terminal/server/repository"
"next-terminal/server/utils"
) )
type AssetService struct { type AssetService struct {
@ -26,31 +23,10 @@ func (r AssetService) Encrypt() error {
if item.Encrypted { if item.Encrypted {
continue continue
} }
if item.Password != "" && item.Password != "-" { if err := r.assetRepository.Encrypt(&item, global.Config.EncryptionPassword); err != nil {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Password), global.Config.EncryptionPassword)
if err != nil {
return err return err
} }
item.Password = base64.StdEncoding.EncodeToString(encryptedCBC) if err := r.assetRepository.UpdateById(&item, item.ID); err != nil {
}
if item.PrivateKey != "" && item.PrivateKey != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.PrivateKey), global.Config.EncryptionPassword)
if err != nil {
return err
}
item.PrivateKey = base64.StdEncoding.EncodeToString(encryptedCBC)
}
if item.Passphrase != "" && item.Passphrase != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Passphrase), global.Config.EncryptionPassword)
if err != nil {
return err
}
item.Passphrase = base64.StdEncoding.EncodeToString(encryptedCBC)
}
err = r.assetRepository.EncryptedById(true, item.Password, item.PrivateKey, item.Passphrase, item.ID)
if err != nil {
return err return err
} }
} }

28
pkg/service/credential.go
View File

@ -1,11 +1,8 @@
package service package service
import ( import (
"encoding/base64"
"next-terminal/pkg/global" "next-terminal/pkg/global"
"next-terminal/server/repository" "next-terminal/server/repository"
"next-terminal/server/utils"
) )
type CredentialService struct { type CredentialService struct {
@ -26,31 +23,10 @@ func (r CredentialService) Encrypt() error {
if item.Encrypted { if item.Encrypted {
continue continue
} }
if item.Password != "" && item.Password != "-" { if err := r.credentialRepository.Encrypt(&item, global.Config.EncryptionPassword); err != nil {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Password), global.Config.EncryptionPassword)
if err != nil {
return err return err
} }
item.Password = base64.StdEncoding.EncodeToString(encryptedCBC) if err := r.credentialRepository.UpdateById(&item, item.ID); err != nil {
}
if item.PrivateKey != "" && item.PrivateKey != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.PrivateKey), global.Config.EncryptionPassword)
if err != nil {
return err
}
item.PrivateKey = base64.StdEncoding.EncodeToString(encryptedCBC)
}
if item.Passphrase != "" && item.Passphrase != "-" {
encryptedCBC, err := utils.AesEncryptCBC([]byte(item.Passphrase), global.Config.EncryptionPassword)
if err != nil {
return err
}
item.Passphrase = base64.StdEncoding.EncodeToString(encryptedCBC)
}
err = r.credentialRepository.EncryptedById(true, item.Password, item.PrivateKey, item.Passphrase, item.ID)
if err != nil {
return err return err
} }
} }

5
server/api/routes.go
View File

@ -48,6 +48,7 @@ var (
mailService *service.MailService mailService *service.MailService
numService *service.NumService numService *service.NumService
assetService *service.AssetService assetService *service.AssetService
credentialService *service.CredentialService
) )
func SetupRoutes(db *gorm.DB) *echo.Echo { func SetupRoutes(db *gorm.DB) *echo.Echo {
@ -256,6 +257,7 @@ func InitService() {
mailService = service.NewMailService(propertyRepository) mailService = service.NewMailService(propertyRepository)
numService = service.NewNumService(numRepository) numService = service.NewNumService(numRepository)
assetService = service.NewAssetService(assetRepository) assetService = service.NewAssetService(assetRepository)
credentialService = service.NewCredentialService(credentialRepository)
} }
func InitDBData() (err error) { func InitDBData() (err error) {
@ -280,6 +282,9 @@ func InitDBData() (err error) {
if err := sessionService.EmptyPassword(); err != nil { if err := sessionService.EmptyPassword(); err != nil {
return err return err
} }
if err := credentialService.Encrypt(); err != nil {
return err
}
if err := assetService.Encrypt(); err != nil { if err := assetService.Encrypt(); err != nil {
return err return err
} }

5
server/repository/asset.go
View File

@ -243,11 +243,6 @@ func (r AssetRepository) UpdateActiveById(active bool, id string) error {
return r.DB.Exec(sql, active, id).Error return r.DB.Exec(sql, active, id).Error
} }
func (r AssetRepository) EncryptedById(encrypted bool, password, privateKey, passphrase, id string) error {
sql := "update assets set encrypted = ?, password = ?,private_key = ?, passphrase = ? where id = ?"
return r.DB.Exec(sql, encrypted, password, privateKey, passphrase, id).Error
}
func (r AssetRepository) DeleteById(id string) error { func (r AssetRepository) DeleteById(id string) error {
return r.DB.Where("id = ?", id).Delete(&model.Asset{}).Error return r.DB.Where("id = ?", id).Delete(&model.Asset{}).Error
} }

5
server/repository/credential.go
View File

@ -192,8 +192,3 @@ func (r CredentialRepository) FindAll() (o []model.Credential, err error) {
err = r.DB.Find(&o).Error err = r.DB.Find(&o).Error
return return
} }
func (r CredentialRepository) EncryptedById(encrypted bool, password, privateKey, passphrase, id string) error {
sql := "update assets set encrypted = ?, password = ?,private_key = ?, passphrase = ? where id = ?"
return r.DB.Exec(sql, encrypted, password, privateKey, passphrase, id).Error
}