diff --git a/http/fs/cached/cached.go b/http/fs/cached/cached.go index b49dbe1..3b79b07 100644 --- a/http/fs/cached/cached.go +++ b/http/fs/cached/cached.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package cached import ( diff --git a/http/fs/cached/dir/dir_cache.go b/http/fs/cached/dir/dir_cache.go index 900635b..52f4616 100644 --- a/http/fs/cached/dir/dir_cache.go +++ b/http/fs/cached/dir/dir_cache.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package dir import ( diff --git a/http/fs/cached/remote/remote.go b/http/fs/cached/remote/remote.go index c348243..e786edd 100644 --- a/http/fs/cached/remote/remote.go +++ b/http/fs/cached/remote/remote.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package remote import ( diff --git a/http/fs/file.go b/http/fs/file.go index 65439c6..5704a6c 100644 --- a/http/fs/file.go +++ b/http/fs/file.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fs import ( diff --git a/http/fs/filter/filter.go b/http/fs/filter/filter.go index b3e78d1..ad08922 100644 --- a/http/fs/filter/filter.go +++ b/http/fs/filter/filter.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package filter import ( diff --git a/http/fs/filter/filter_test.go b/http/fs/filter/filter_test.go index 49f10ac..27a6b06 100644 --- a/http/fs/filter/filter_test.go +++ b/http/fs/filter/filter_test.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package filter import ( diff --git a/http/fs/fs.go b/http/fs/fs.go index de21aab..e7ad674 100644 --- a/http/fs/fs.go +++ b/http/fs/fs.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fs import ( diff --git a/http/fs/fstest/fstest.go b/http/fs/fstest/fstest.go index f1ae984..0c0fa9c 100644 --- a/http/fs/fstest/fstest.go +++ b/http/fs/fstest/fstest.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fstest import ( diff --git a/http/fs/gzip/gzip.go b/http/fs/gzip/gzip.go index e0770c8..d0ca987 100644 --- a/http/fs/gzip/gzip.go +++ b/http/fs/gzip/gzip.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package gzip import ( diff --git a/http/fs/http.go b/http/fs/http.go index ed1f6ca..20249f9 100644 --- a/http/fs/http.go +++ b/http/fs/http.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fs import ( diff --git a/http/fs/ignore/ignore.go b/http/fs/ignore/ignore.go index d0fc8d0..dfa2f49 100644 --- a/http/fs/ignore/ignore.go +++ b/http/fs/ignore/ignore.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ignore import ( diff --git a/http/fs/lfs/lfs.go b/http/fs/lfs/lfs.go index 74f64e4..045cbcd 100644 --- a/http/fs/lfs/lfs.go +++ b/http/fs/lfs/lfs.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package lfs import ( diff --git a/http/fs/stream.go b/http/fs/stream.go index 41ce9a7..e31aad6 100644 --- a/http/fs/stream.go +++ b/http/fs/stream.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fs import ( diff --git a/http/fsx/cached/cached.go b/http/fsx/cached/cached.go index 4334531..b325030 100644 --- a/http/fsx/cached/cached.go +++ b/http/fsx/cached/cached.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package cached import ( diff --git a/http/fsx/fsx.go b/http/fsx/fsx.go index 02572d9..a8ed3cf 100644 --- a/http/fsx/fsx.go +++ b/http/fsx/fsx.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package fsx import ( diff --git a/http/fsx/local/local.go b/http/fsx/local/local.go index 4cd0258..bb34893 100644 --- a/http/fsx/local/local.go +++ b/http/fsx/local/local.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package local import ( diff --git a/http/nocache/nocache.go b/http/nocache/nocache.go index e7c30c3..44ffd46 100644 --- a/http/nocache/nocache.go +++ b/http/nocache/nocache.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package nocache import ( diff --git a/http/plugins/plugins.go b/http/plugins/plugins.go index bad363a..631a5b7 100644 --- a/http/plugins/plugins.go +++ b/http/plugins/plugins.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package plugins import ( diff --git a/http/tracer/tracer.go b/http/tracer/tracer.go index abaa98f..4c387bc 100644 --- a/http/tracer/tracer.go +++ b/http/tracer/tracer.go @@ -1,3 +1,19 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package tracer import ( diff --git a/token/doc.go b/token/doc.go new file mode 100644 index 0000000..6bef524 --- /dev/null +++ b/token/doc.go @@ -0,0 +1,18 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +// Package token is a libary for protecting secret parameters. +package token diff --git a/token/protected/token.go b/token/protected/token.go new file mode 100644 index 0000000..ac95ced --- /dev/null +++ b/token/protected/token.go @@ -0,0 +1,107 @@ +/* + Copyright 2023 Qiniu Limited (qiniu.com) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package protected + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/sha256" + "encoding/base64" + "io/fs" + "net/url" + "os" +) + +var ( + KeySalt string + EnvKeyName string +) + +// ----------------------------------------------------------------------------------------- + +// Decode decodes a protected token. +func Decode(token string) (_ url.Values, err error) { + b, err := base64.RawURLEncoding.DecodeString(token) + if err != nil { + return nil, fs.ErrPermission + } + orig, err := decodeData(b) + if err != nil { + return + } + return url.ParseQuery(string(orig)) +} + +// Encode encodes a protected token from params. +func Encode(params url.Values) (token string, err error) { + b := []byte(params.Encode()) + crypted, err := encodeData(b) + if err != nil { + return + } + return base64.RawURLEncoding.EncodeToString(crypted), nil +} + +func decodeData(crypted []byte) (_ []byte, err error) { + key := os.Getenv(EnvKeyName) + if key == "" { + return nil, fs.ErrPermission + } + key2 := sha256.Sum256([]byte(KeySalt + key)) + block, err := aes.NewCipher(key2[:]) + if err != nil { + return nil, fs.ErrPermission + } + blockSize := block.BlockSize() + blockMode := cipher.NewCBCDecrypter(block, key2[:blockSize]) + origData := make([]byte, len(crypted)) + blockMode.CryptBlocks(origData, crypted) + return unpadding(origData), nil +} + +func encodeData(origData []byte) (_ []byte, err error) { + key := os.Getenv(EnvKeyName) + if key == "" { + return nil, fs.ErrPermission + } + key2 := sha256.Sum256([]byte(KeySalt + key)) + block, err := aes.NewCipher(key2[:]) + if err != nil { + return nil, fs.ErrPermission + } + blockSize := block.BlockSize() + origData = padding(origData, blockSize) + blockMode := cipher.NewCBCEncrypter(block, key2[:blockSize]) + crypted := make([]byte, len(origData)) + blockMode.CryptBlocks(crypted, origData) + return crypted, nil +} + +func padding(ciphertext []byte, blockSize int) []byte { + padding := blockSize - len(ciphertext)%blockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +func unpadding(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +} + +// -----------------------------------------------------------------------------------------