Halaman utama Jelajahi Bantuan
Daftar Masuk
lqb
/
imgproxy
cermin dari https://github.com/imgproxy/imgproxy.git
1
0
Fork 0
Berkas Masalah 0 Wiki
Cabang: chore/update-docs
Ranting Tag
imgproxy
/
examples
/
encrypted_source_url.go

encrypted_source_url.go 1.5 KB
Permalink Riwayat Mentahan

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. package examples
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"crypto/aes"
    6. 

  6. 	"crypto/cipher"
    7. 

  7. 	"crypto/rand"
    8. 

  8. 	"encoding/base64"
    9. 

  9. 	"encoding/hex"
    10. 

  10. 	"fmt"
    11. 

  11. 	"io"
    12. 

  12. 	"log"
    13. 

  13. )
    14. 

  14. 

  15. func pkcs7pad(data []byte, blockSize int) []byte {
    16. 

  16. 	padLen := blockSize - len(data)%blockSize
    17. 

  17. 	padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
    18. 

  18. 	return append(data, padding...)
    19. 

  19. }
    20. 

  20. 

  21. func ExcryptSourceURL() {
    22. 

  22. 	key := "1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1"
    23. 

  23. 

  24. 	var (
    25. 

  25. 		keyBin []byte
    26. 

  26. 		err    error
    27. 

  27. 	)
    28. 

  28. 

  29. 	if keyBin, err = hex.DecodeString(key); err != nil {
    30. 

  30. 		log.Fatal("Key expected to be hex-encoded string")
    31. 

  31. 	}
    32. 

  32. 

  33. 	url := "http://img.example.com/pretty/image.jpg"
    34. 

  34. 

  35. 	c, err := aes.NewCipher(keyBin)
    36. 

  36. 	if err != nil {
    37. 

  37. 		log.Fatal(err)
    38. 

  38. 	}
    39. 

  39. 

  40. 	data := pkcs7pad([]byte(url), aes.BlockSize)
    41. 

  41. 

  42. 	ciphertext := make([]byte, aes.BlockSize+len(data))
    43. 

  43. 	iv := ciphertext[:aes.BlockSize]
    44. 

  44. 

  45. 	// We use a random iv generation, but you'll probably want to use some
    46. 

  46. 	// deterministic method
    47. 

  47. 	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
    48. 

  48. 		log.Fatal(err)
    49. 

  49. 	}
    50. 

  50. 

  51. 	mode := cipher.NewCBCEncrypter(c, iv)
    52. 

  52. 	mode.CryptBlocks(ciphertext[aes.BlockSize:], data)
    53. 

  53. 

  54. 	encryptedURL := base64.RawURLEncoding.EncodeToString(ciphertext)
    55. 

  55. 

  56. 	// We don't sign the URL in this example but it is highly recommended to sign
    57. 

  57. 	// imgproxy URLs when imgproxy is being used in production.
    58. 

  58. 	// Signing URLs is especially important when using encrypted source URLs to
    59. 

  59. 	// prevent a padding oracle attack
    60. 

  60. 	fmt.Printf("/unsafe/rs:fit:300:300/enc/%s.jpg", encryptedURL)
    61. 

  61. }
    62.