siteworxpro/img-proxy-url-generator
1
Fork 0
Code Pull Requests Actions Releases 2 Activity

code cleanup

Browse Source
This commit is contained in:
Ron Rise
2024-04-23 10:27:07 -04:00
parent 984909a648
commit e8eff432fc
5 changed files with 83 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
generator/base64.go Normal file
View File

@@ -0,0 +1,7 @@
package generator
import "encoding/base64"
func (g *Generator) generateBase64Url(file []byte) (string, error) {
return base64.RawURLEncoding.EncodeToString(file), nil
}

38
generator/crypt.go Normal file
View File

@@ -0,0 +1,38 @@
package generator
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"io"
)
func pkcs7pad(data []byte, blockSize int) []byte {
padLen := blockSize - len(data)%blockSize
padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
return append(data, padding...)
}
func (g *Generator) generateBaseAesEncUrl(file []byte) (string, error) {
c, err := aes.NewCipher(g.config.encryptionKeyBin)
if err != nil {
return "", err
}
data := pkcs7pad(file, aes.BlockSize)
ciphertext := make([]byte, aes.BlockSize+len(data))
iv := ciphertext[:aes.BlockSize]
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return "", err
}
mode := cipher.NewCBCEncrypter(c, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], data)
encryptedURL := g.generateBase64Url(ciphertext)
return "enc/" + encryptedURL, nil
}

5
generator/plain.go Normal file
View File

@@ -0,0 +1,5 @@
package generator
func (g *Generator) generatePlainUrl(file string) (string, error) {
return "plain/" + file, nil
}

24
generator/signature.go Normal file
View File

@@ -0,0 +1,24 @@
package generator
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"github.com/siteworxpro/img-proxy-url-generator/printer"
)
func (g *Generator) generateSignature(path string) string {
var signature string
if len(g.config.keyBin) == 0 || len(g.config.saltBin) == 0 {
signature = "insecure"
printer.NewPrinter().LogWarning("Insecure url generated. Provide salt and key to sign and secure url.")
} else {
mac := hmac.New(sha256.New, g.config.keyBin)
mac.Write(g.config.saltBin)
mac.Write([]byte(path))
signature = base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
}
return signature
}

74
generator/url.go
View File

@@ -1,17 +1,8 @@
package generator package generator
import ( import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"github.com/siteworxpro/img-proxy-url-generator/printer"
"io"
"strings" "strings"
) )
@@ -48,51 +39,15 @@ func NewGenerator(config Config) (*Generator, error) {
if gen.config.EncryptionKey != nil && *gen.config.EncryptionKey != "" { if gen.config.EncryptionKey != nil && *gen.config.EncryptionKey != "" {
if gen.config.encryptionKeyBin, err = hex.DecodeString(*gen.config.EncryptionKey); err != nil { if gen.config.encryptionKeyBin, err = hex.DecodeString(*gen.config.EncryptionKey); err != nil {
return nil, fmt.Errorf("Key expected to be hex-encoded string") return nil, fmt.Errorf("key expected to be hex-encoded string")
} }
} }
return gen, nil return gen, nil
} }
func (g *Generator) generatePlainUrl(file []byte) {
}
func (g *Generator) generateBase64Url(file []byte) string {
return base64.RawURLEncoding.EncodeToString(file)
}
func pkcs7pad(data []byte, blockSize int) []byte {
padLen := blockSize - len(data)%blockSize
padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
return append(data, padding...)
}
func (g *Generator) generateBaseAesEncUrl(file []byte) (string, error) {
c, err := aes.NewCipher(g.config.encryptionKeyBin)
if err != nil {
return "", err
}
data := pkcs7pad(file, aes.BlockSize)
ciphertext := make([]byte, aes.BlockSize+len(data))
iv := ciphertext[:aes.BlockSize]
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return "", err
}
mode := cipher.NewCBCEncrypter(c, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], data)
encryptedURL := g.generateBase64Url(ciphertext)
return "enc/" + encryptedURL, nil
}
func (g *Generator) GenerateUrl(file string, params []string, format Format) (string, error) { func (g *Generator) GenerateUrl(file string, params []string, format Format) (string, error) {
if params == nil || len(params) == 0 || params[0] == "" { if params == nil || len(params) == 0 || params[0] == "" {
params = []string{"raw:1"} params = []string{"raw:1"}
} else { } else {
@@ -107,16 +62,16 @@ func (g *Generator) GenerateUrl(file string, params []string, format Format) (st
var url string var url string
var err error var err error
if g.config.PlainUrl { if g.config.PlainUrl {
url = "plain/" + file url, _ = g.generatePlainUrl(file)
} else if g.config.encryptionKeyBin != nil { } else if g.config.encryptionKeyBin != nil {
url, err = g.generateBaseAesEncUrl([]byte(file)) url, err = g.generateBaseAesEncUrl([]byte(file))
if err != nil {
return "", err
}
} else { } else {
url = g.generateBase64Url([]byte(file)) url, _ = g.generateBase64Url([]byte(file))
}
if err != nil {
return "", err
} }
path := fmt.Sprintf("%s%s", paramString, url) path := fmt.Sprintf("%s%s", paramString, url)
@@ -125,18 +80,7 @@ func (g *Generator) GenerateUrl(file string, params []string, format Format) (st
path = path + "." + string(format) path = path + "." + string(format)
} }
var signature string signature := g.generateSignature(path)
if len(g.config.keyBin) == 0 || len(g.config.saltBin) == 0 {
signature = "insecure"
printer.NewPrinter().LogWarning("Insecure url generated. Provide salt and key to sign and secure url.")
} else {
mac := hmac.New(sha256.New, g.config.keyBin)
mac.Write(g.config.saltBin)
mac.Write([]byte(path))
signature = base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
}
return fmt.Sprintf("%s/%s%s", g.config.Host, signature, path), nil return fmt.Sprintf("%s/%s%s", g.config.Host, signature, path), nil
} }