完成数据库敏感信息的加密
This commit is contained in:
dushixiang
@ -1,8 +1,10 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@ -45,6 +47,7 @@ var (
|
||||
sessionService *service.SessionService
|
||||
mailService *service.MailService
|
||||
numService *service.NumService
|
||||
assetService *service.AssetService
|
||||
)
|
||||
|
||||
func SetupRoutes(db *gorm.DB) *echo.Echo {
|
||||
@ -54,6 +57,7 @@ func SetupRoutes(db *gorm.DB) *echo.Echo {
|
||||
|
||||
if err := InitDBData(); err != nil {
|
||||
log.WithError(err).Error("初始化数据异常")
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
if err := ReloadData(); err != nil {
|
||||
@ -251,6 +255,7 @@ func InitService() {
|
||||
sessionService = service.NewSessionService(sessionRepository)
|
||||
mailService = service.NewMailService(propertyRepository)
|
||||
numService = service.NewNumService(numRepository)
|
||||
assetService = service.NewAssetService(assetRepository)
|
||||
}
|
||||
|
||||
func InitDBData() (err error) {
|
||||
@ -266,12 +271,18 @@ func InitDBData() (err error) {
|
||||
if err := jobService.InitJob(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := userService.FixedUserOnlineState(); err != nil {
|
||||
if err := userService.FixUserOnlineState(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := sessionService.FixSessionState(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := sessionService.EmptyPassword(); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := assetService.Encrypt(); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -312,6 +323,47 @@ func ResetTotp(username string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func ChangeEncryptionKey(oldEncryptionKey, newEncryptionKey string) error {
|
||||
|
||||
oldPassword := []byte(fmt.Sprintf("%x", md5.Sum([]byte(oldEncryptionKey))))
|
||||
newPassword := []byte(fmt.Sprintf("%x", md5.Sum([]byte(newEncryptionKey))))
|
||||
|
||||
credentials, err := credentialRepository.FindAll()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := range credentials {
|
||||
credential := credentials[i]
|
||||
if err := credentialRepository.Decrypt(&credential, oldPassword); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := credentialRepository.Encrypt(&credential, newPassword); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := credentialRepository.UpdateById(&credential, credential.ID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
assets, err := assetRepository.FindAll()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i := range assets {
|
||||
asset := assets[i]
|
||||
if err := assetRepository.Decrypt(&asset, oldPassword); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := assetRepository.Encrypt(&asset, newPassword); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := assetRepository.UpdateById(&asset, asset.ID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
log.Infof("encryption key has being changed.")
|
||||
return nil
|
||||
}
|
||||
|
||||
func SetupCache() *cache.Cache {
|
||||
// 配置缓存器
|
||||
mCache := cache.New(5*time.Minute, 10*time.Minute)
|
||||
|
||||
Reference in New Issue
Block a user