copy encrypt
This commit is contained in:
parent
cf2913b53d
commit
79eb5da3e3
1
go.mod
1
go.mod
@ -6,6 +6,7 @@ require (
|
||||
github.com/andybalholm/brotli v1.0.5 // indirect
|
||||
github.com/caarlos0/env/v8 v8.0.0 // indirect
|
||||
github.com/gofiber/fiber/v2 v2.51.0 // indirect
|
||||
github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
|
||||
github.com/golang/snappy v0.0.1 // indirect
|
||||
github.com/google/uuid v1.4.0 // indirect
|
||||
github.com/klauspost/compress v1.16.7 // indirect
|
||||
|
||||
2
go.sum
2
go.sum
@ -5,6 +5,8 @@ github.com/caarlos0/env/v8 v8.0.0/go.mod h1:7K4wMY9bH0esiXSSHlfHLX5xKGQMnkH5Fk4T
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/gofiber/fiber/v2 v2.51.0 h1:JNACcZy5e2tGApWB2QrRpenTWn0fq0hkFm6k0C86gKQ=
|
||||
github.com/gofiber/fiber/v2 v2.51.0/go.mod h1:xaQRZQJGqnKOQnbQw+ltvku3/h8QxvNi8o6JiJ7Ll0U=
|
||||
github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
|
||||
github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
||||
github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
|
||||
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
|
||||
@ -7,6 +7,7 @@ import (
|
||||
"codeword/internal/repository"
|
||||
httpserver "codeword/internal/server/http"
|
||||
"codeword/internal/services"
|
||||
"codeword/internal/utils/encrypt"
|
||||
"context"
|
||||
"go.uber.org/zap"
|
||||
"time"
|
||||
@ -21,9 +22,15 @@ func Run(ctx context.Context, cfg initialize.Config, logger *zap.Logger) error {
|
||||
return err
|
||||
}
|
||||
|
||||
encryptService := encrypt.New(&encrypt.EncryptDeps{
|
||||
PublicKey: cfg.PublicCurveKey,
|
||||
PrivateKey: cfg.PrivateCurveKey,
|
||||
SignSecret: cfg.SignSecret,
|
||||
})
|
||||
|
||||
userRepo := repository.NewUserRepository(mdb)
|
||||
recoveryEmailSender := &client.RecoveryEmailSender{}
|
||||
recoveryService := services.NewRecoveryService(logger, userRepo, recoveryEmailSender)
|
||||
recoveryService := services.NewRecoveryService(logger, userRepo, recoveryEmailSender, encryptService)
|
||||
recoveryController := controller.NewRecoveryController(logger, recoveryService)
|
||||
|
||||
server := httpserver.NewServer(httpserver.ServerConfig{
|
||||
|
||||
@ -5,15 +5,18 @@ import (
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
AppName string `env:"APP_NAME" envDefault:"codeword"`
|
||||
HTTPHost string `env:"HTTP_HOST" envDefault:"localhost"`
|
||||
HTTPPort string `env:"HTTP_PORT" envDefault:"3000"`
|
||||
MongoHost string `env:"MONGO_HOST" envDefault:"localhost"`
|
||||
MongoPort string `env:"MONGO_PORT" envDefault:"27017"`
|
||||
MongoUser string `env:"MONGO_USER" envDefault:"admin"`
|
||||
MongoPassword string `env:"MONGO_PASSWORD" envDefault:"admin"`
|
||||
MongoDatabase string `env:"MONGO_DB" envDefault:"codeword_db"`
|
||||
MongoAuth string `env:"MONGO_AUTH" envDefault:"admin"`
|
||||
AppName string `env:"APP_NAME" envDefault:"codeword"`
|
||||
HTTPHost string `env:"HTTP_HOST" envDefault:"localhost"`
|
||||
HTTPPort string `env:"HTTP_PORT" envDefault:"3000"`
|
||||
MongoHost string `env:"MONGO_HOST" envDefault:"localhost"`
|
||||
MongoPort string `env:"MONGO_PORT" envDefault:"27017"`
|
||||
MongoUser string `env:"MONGO_USER" envDefault:"admin"`
|
||||
MongoPassword string `env:"MONGO_PASSWORD" envDefault:"admin"`
|
||||
MongoDatabase string `env:"MONGO_DB" envDefault:"codeword_db"`
|
||||
MongoAuth string `env:"MONGO_AUTH" envDefault:"admin"`
|
||||
PublicCurveKey string `env:"PUBLIC_CURVE_KEY,required"`
|
||||
PrivateCurveKey string `env:"PRIVATE_CURVE_KEY,required"`
|
||||
SignSecret string `env:"SIGN_SECRET,required"`
|
||||
}
|
||||
|
||||
func LoadConfig() (*Config, error) {
|
||||
|
||||
@ -2,6 +2,7 @@ package services
|
||||
|
||||
import (
|
||||
"codeword/internal/models"
|
||||
"codeword/internal/utils/encrypt"
|
||||
"go.uber.org/zap"
|
||||
"time"
|
||||
)
|
||||
@ -16,17 +17,21 @@ type EmailSender interface {
|
||||
SendRecoveryEmail(email, signature string) error
|
||||
}
|
||||
|
||||
// todo deps
|
||||
|
||||
type RecoveryService struct {
|
||||
Logger *zap.Logger
|
||||
Repository UserRepository
|
||||
Email EmailSender
|
||||
Logger *zap.Logger
|
||||
Repository UserRepository
|
||||
Email EmailSender
|
||||
EncryptService *encrypt.Encrypt
|
||||
}
|
||||
|
||||
func NewRecoveryService(logger *zap.Logger, repository UserRepository, email EmailSender) *RecoveryService {
|
||||
func NewRecoveryService(logger *zap.Logger, repository UserRepository, email EmailSender, encryptService *encrypt.Encrypt) *RecoveryService {
|
||||
return &RecoveryService{
|
||||
Logger: logger,
|
||||
Repository: repository,
|
||||
Email: email,
|
||||
Logger: logger,
|
||||
Repository: repository,
|
||||
Email: email,
|
||||
EncryptService: encryptService,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
79
internal/utils/encrypt/encrypt_util.go
Normal file
79
internal/utils/encrypt/encrypt_util.go
Normal file
@ -0,0 +1,79 @@
|
||||
package encrypt
|
||||
|
||||
import (
|
||||
"crypto/ed25519"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
type EncryptDeps struct {
|
||||
PublicKey string
|
||||
PrivateKey string
|
||||
SignSecret string
|
||||
}
|
||||
|
||||
type Encrypt struct {
|
||||
publicKey string
|
||||
privateKey string
|
||||
signSecret string
|
||||
}
|
||||
|
||||
func New(deps *EncryptDeps) *Encrypt {
|
||||
return &Encrypt{
|
||||
publicKey: deps.PublicKey,
|
||||
privateKey: deps.PrivateKey,
|
||||
signSecret: deps.SignSecret,
|
||||
}
|
||||
}
|
||||
|
||||
func (receiver *Encrypt) VerifySignature(signature []byte) (isValid bool, err error) {
|
||||
defer func() {
|
||||
if recovered := recover(); recovered != nil {
|
||||
err = fmt.Errorf("recovered verify error on <VerifySignature> of <EncryptService>: %v", recovered)
|
||||
}
|
||||
}()
|
||||
|
||||
block, _ := pem.Decode([]byte(receiver.publicKey))
|
||||
if block == nil {
|
||||
return false, fmt.Errorf("public key block is nil")
|
||||
}
|
||||
|
||||
rawPublicKey, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||||
if err != nil {
|
||||
return false, fmt.Errorf("failed parse public key on <VerifySignature> of <EncryptService>: %w", err)
|
||||
}
|
||||
|
||||
publicKey, ok := rawPublicKey.(ed25519.PublicKey)
|
||||
if !ok {
|
||||
return false, fmt.Errorf("failed convert to ed25519.PrivateKey on <VerifySignature> of <EncryptService>: %w", err)
|
||||
}
|
||||
|
||||
return ed25519.Verify(publicKey, []byte(receiver.signSecret), signature), nil
|
||||
}
|
||||
|
||||
func (receiver *Encrypt) SignCommonSecret() (signature []byte, err error) {
|
||||
defer func() {
|
||||
if recovered := recover(); recovered != nil {
|
||||
fmt.Printf("recovered sign error: \n%+v\n", receiver)
|
||||
err = fmt.Errorf("recovered sign error on <SignCommonSecret> of <EncryptService>: %v", recovered)
|
||||
}
|
||||
}()
|
||||
|
||||
block, _ := pem.Decode([]byte(receiver.privateKey))
|
||||
if block == nil {
|
||||
return []byte{}, fmt.Errorf("failed decode private key %s on <SignCommonSecret> of <EncryptService>: %w", receiver.privateKey, err)
|
||||
}
|
||||
|
||||
rawPrivateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
return []byte{}, fmt.Errorf("failed parse private key on <SignCommonSecret> of <EncryptService>: %w", err)
|
||||
}
|
||||
|
||||
privateKey, ok := rawPrivateKey.(ed25519.PrivateKey)
|
||||
if !ok {
|
||||
return []byte{}, fmt.Errorf("failed convert to ed25519.PrivateKey on <SignCommonSecret> of <EncryptService>: %w", err)
|
||||
}
|
||||
|
||||
return ed25519.Sign(privateKey, []byte(receiver.signSecret)), nil
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user