You've already forked img-proxy-url-generator
143 lines
3.1 KiB
Go
143 lines
3.1 KiB
Go
package generator
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/hmac"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"github.com/siteworxpro/img-proxy-url-generator/printer"
|
|
"io"
|
|
"strings"
|
|
)
|
|
|
|
type Generator struct {
|
|
config Config
|
|
}
|
|
|
|
type Config struct {
|
|
Salt []byte
|
|
saltBin []byte
|
|
Key []byte
|
|
keyBin []byte
|
|
Host string
|
|
EncryptionKey *string
|
|
encryptionKeyBin []byte
|
|
PlainUrl bool
|
|
}
|
|
|
|
var PathPrefix string
|
|
|
|
func NewGenerator(config Config) (*Generator, error) {
|
|
var err error
|
|
|
|
gen := new(Generator)
|
|
gen.config = config
|
|
|
|
if gen.config.keyBin, err = hex.DecodeString(string(gen.config.Key)); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if gen.config.saltBin, err = hex.DecodeString(string(gen.config.Salt)); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if gen.config.EncryptionKey != nil && *gen.config.EncryptionKey != "" {
|
|
if gen.config.encryptionKeyBin, err = hex.DecodeString(*gen.config.EncryptionKey); err != nil {
|
|
return nil, fmt.Errorf("Key expected to be hex-encoded string")
|
|
}
|
|
}
|
|
|
|
return gen, nil
|
|
}
|
|
|
|
func (g *Generator) generatePlainUrl(file []byte) {
|
|
|
|
}
|
|
|
|
func (g *Generator) generateBase64Url(file []byte) string {
|
|
return base64.RawURLEncoding.EncodeToString(file)
|
|
}
|
|
|
|
func pkcs7pad(data []byte, blockSize int) []byte {
|
|
padLen := blockSize - len(data)%blockSize
|
|
padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
|
|
return append(data, padding...)
|
|
}
|
|
|
|
func (g *Generator) generateBaseAesEncUrl(file []byte) (string, error) {
|
|
c, err := aes.NewCipher(g.config.encryptionKeyBin)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
data := pkcs7pad(file, aes.BlockSize)
|
|
|
|
ciphertext := make([]byte, aes.BlockSize+len(data))
|
|
iv := ciphertext[:aes.BlockSize]
|
|
|
|
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
mode := cipher.NewCBCEncrypter(c, iv)
|
|
mode.CryptBlocks(ciphertext[aes.BlockSize:], data)
|
|
|
|
encryptedURL := g.generateBase64Url(ciphertext)
|
|
|
|
return "enc/" + encryptedURL, nil
|
|
}
|
|
|
|
func (g *Generator) GenerateUrl(file string, params []string, format Format) (string, error) {
|
|
if params == nil || len(params) == 0 || params[0] == "" {
|
|
params = []string{"raw:1"}
|
|
} else {
|
|
params = append(params, "sm:1")
|
|
}
|
|
|
|
if PathPrefix != "" {
|
|
file = PathPrefix + file
|
|
}
|
|
|
|
paramString := "/" + strings.Join(params, "/") + "/"
|
|
|
|
var url string
|
|
var err error
|
|
|
|
if g.config.PlainUrl {
|
|
url = "plain/" + file
|
|
} else if g.config.encryptionKeyBin != nil {
|
|
url, err = g.generateBaseAesEncUrl([]byte(file))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
} else {
|
|
url = g.generateBase64Url([]byte(file))
|
|
}
|
|
|
|
path := fmt.Sprintf("%s%s", paramString, url)
|
|
|
|
if format != DEF {
|
|
path = path + "." + string(format)
|
|
}
|
|
|
|
var signature string
|
|
if len(g.config.keyBin) == 0 || len(g.config.saltBin) == 0 {
|
|
signature = "insecure"
|
|
|
|
printer.NewPrinter().LogWarning("Insecure url generated. Provide salt and key to sign and secure url.")
|
|
|
|
} else {
|
|
mac := hmac.New(sha256.New, g.config.keyBin)
|
|
mac.Write(g.config.saltBin)
|
|
mac.Write([]byte(path))
|
|
signature = base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
|
|
}
|
|
|
|
return fmt.Sprintf("%s/%s%s", g.config.Host, signature, path), nil
|
|
}
|