From e8eff432fc53879071baa6f82546670ae34b6ef2 Mon Sep 17 00:00:00 2001 From: Ron Rise Date: Tue, 23 Apr 2024 10:27:07 -0400 Subject: [PATCH] code cleanup --- generator/base64.go | 7 ++++ generator/crypt.go | 38 ++++++++++++++++++++++ generator/plain.go | 5 +++ generator/signature.go | 24 ++++++++++++++ generator/url.go | 74 +++++------------------------------------- 5 files changed, 83 insertions(+), 65 deletions(-) create mode 100644 generator/base64.go create mode 100644 generator/crypt.go create mode 100644 generator/plain.go create mode 100644 generator/signature.go diff --git a/generator/base64.go b/generator/base64.go new file mode 100644 index 0000000..c0bcd13 --- /dev/null +++ b/generator/base64.go @@ -0,0 +1,7 @@ +package generator + +import "encoding/base64" + +func (g *Generator) generateBase64Url(file []byte) (string, error) { + return base64.RawURLEncoding.EncodeToString(file), nil +} diff --git a/generator/crypt.go b/generator/crypt.go new file mode 100644 index 0000000..3f20f6f --- /dev/null +++ b/generator/crypt.go @@ -0,0 +1,38 @@ +package generator + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "io" +) + +func pkcs7pad(data []byte, blockSize int) []byte { + padLen := blockSize - len(data)%blockSize + padding := bytes.Repeat([]byte{byte(padLen)}, padLen) + return append(data, padding...) +} + +func (g *Generator) generateBaseAesEncUrl(file []byte) (string, error) { + c, err := aes.NewCipher(g.config.encryptionKeyBin) + if err != nil { + return "", err + } + + data := pkcs7pad(file, aes.BlockSize) + + ciphertext := make([]byte, aes.BlockSize+len(data)) + iv := ciphertext[:aes.BlockSize] + + if _, err = io.ReadFull(rand.Reader, iv); err != nil { + return "", err + } + + mode := cipher.NewCBCEncrypter(c, iv) + mode.CryptBlocks(ciphertext[aes.BlockSize:], data) + + encryptedURL := g.generateBase64Url(ciphertext) + + return "enc/" + encryptedURL, nil +} diff --git a/generator/plain.go b/generator/plain.go new file mode 100644 index 0000000..0e401f0 --- /dev/null +++ b/generator/plain.go @@ -0,0 +1,5 @@ +package generator + +func (g *Generator) generatePlainUrl(file string) (string, error) { + return "plain/" + file, nil +} diff --git a/generator/signature.go b/generator/signature.go new file mode 100644 index 0000000..a250800 --- /dev/null +++ b/generator/signature.go @@ -0,0 +1,24 @@ +package generator + +import ( + "crypto/hmac" + "crypto/sha256" + "encoding/base64" + "github.com/siteworxpro/img-proxy-url-generator/printer" +) + +func (g *Generator) generateSignature(path string) string { + var signature string + if len(g.config.keyBin) == 0 || len(g.config.saltBin) == 0 { + signature = "insecure" + + printer.NewPrinter().LogWarning("Insecure url generated. Provide salt and key to sign and secure url.") + + } else { + mac := hmac.New(sha256.New, g.config.keyBin) + mac.Write(g.config.saltBin) + mac.Write([]byte(path)) + signature = base64.RawURLEncoding.EncodeToString(mac.Sum(nil)) + } + return signature +} diff --git a/generator/url.go b/generator/url.go index a450ff9..b0c806b 100644 --- a/generator/url.go +++ b/generator/url.go @@ -1,17 +1,8 @@ package generator import ( - "bytes" - "crypto/aes" - "crypto/cipher" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "encoding/base64" "encoding/hex" "fmt" - "github.com/siteworxpro/img-proxy-url-generator/printer" - "io" "strings" ) @@ -48,51 +39,15 @@ func NewGenerator(config Config) (*Generator, error) { if gen.config.EncryptionKey != nil && *gen.config.EncryptionKey != "" { if gen.config.encryptionKeyBin, err = hex.DecodeString(*gen.config.EncryptionKey); err != nil { - return nil, fmt.Errorf("Key expected to be hex-encoded string") + return nil, fmt.Errorf("key expected to be hex-encoded string") } } return gen, nil } -func (g *Generator) generatePlainUrl(file []byte) { - -} - -func (g *Generator) generateBase64Url(file []byte) string { - return base64.RawURLEncoding.EncodeToString(file) -} - -func pkcs7pad(data []byte, blockSize int) []byte { - padLen := blockSize - len(data)%blockSize - padding := bytes.Repeat([]byte{byte(padLen)}, padLen) - return append(data, padding...) -} - -func (g *Generator) generateBaseAesEncUrl(file []byte) (string, error) { - c, err := aes.NewCipher(g.config.encryptionKeyBin) - if err != nil { - return "", err - } - - data := pkcs7pad(file, aes.BlockSize) - - ciphertext := make([]byte, aes.BlockSize+len(data)) - iv := ciphertext[:aes.BlockSize] - - if _, err = io.ReadFull(rand.Reader, iv); err != nil { - return "", err - } - - mode := cipher.NewCBCEncrypter(c, iv) - mode.CryptBlocks(ciphertext[aes.BlockSize:], data) - - encryptedURL := g.generateBase64Url(ciphertext) - - return "enc/" + encryptedURL, nil -} - func (g *Generator) GenerateUrl(file string, params []string, format Format) (string, error) { + if params == nil || len(params) == 0 || params[0] == "" { params = []string{"raw:1"} } else { @@ -107,16 +62,16 @@ func (g *Generator) GenerateUrl(file string, params []string, format Format) (st var url string var err error - if g.config.PlainUrl { - url = "plain/" + file + url, _ = g.generatePlainUrl(file) } else if g.config.encryptionKeyBin != nil { url, err = g.generateBaseAesEncUrl([]byte(file)) - if err != nil { - return "", err - } } else { - url = g.generateBase64Url([]byte(file)) + url, _ = g.generateBase64Url([]byte(file)) + } + + if err != nil { + return "", err } path := fmt.Sprintf("%s%s", paramString, url) @@ -125,18 +80,7 @@ func (g *Generator) GenerateUrl(file string, params []string, format Format) (st path = path + "." + string(format) } - var signature string - if len(g.config.keyBin) == 0 || len(g.config.saltBin) == 0 { - signature = "insecure" - - printer.NewPrinter().LogWarning("Insecure url generated. Provide salt and key to sign and secure url.") - - } else { - mac := hmac.New(sha256.New, g.config.keyBin) - mac.Write(g.config.saltBin) - mac.Write([]byte(path)) - signature = base64.RawURLEncoding.EncodeToString(mac.Sum(nil)) - } + signature := g.generateSignature(path) return fmt.Sprintf("%s/%s%s", g.config.Host, signature, path), nil }