// Authorize will decrypt the request, and it's a buildin middleware for skynet.
func Authorize(servSeckey string) HandlerFunc {
return func(c *Context) error {
var (
req pp.EncryptReq
rlt *pp.EmptyRes
)
c.ServSeckey = servSeckey
for {
if c.UnmarshalReq(&req) == nil {
// validate pubkey.
if err := validatePubkey(req.GetPubkey()); err != nil {
logger.Error(err.Error())
rlt = pp.MakeErrResWithCode(pp.ErrCode_WrongPubkey)
break
}
pubkey, err := cipher.PubKeyFromHex(req.GetPubkey())
if err != nil {
logger.Error(err.Error())
rlt = pp.MakeErrResWithCode(pp.ErrCode_WrongPubkey)
break
}
c.Pubkey = pubkey.Hex()
seckey, err := cipher.SecKeyFromHex(servSeckey)
if err != nil {
logger.Error(err.Error())
rlt = pp.MakeErrResWithCode(pp.ErrCode_ServerError)
break
}
key := cipher.ECDH(pubkey, seckey)
data, err := cipher.Chacha20Decrypt(req.GetEncryptdata(), key, req.GetNonce())
if err != nil {
logger.Error(err.Error())
rlt = pp.MakeErrResWithCode(pp.ErrCode_UnAuthorized)
break
}
ok, err := regexp.MatchString(`^\{.*\}$`, string(data))
if err != nil || !ok {
logger.Error(err.Error())
rlt = pp.MakeErrResWithCode(pp.ErrCode_UnAuthorized)
break
}
c.Raw = data
return c.Next()
}
rlt = pp.MakeErrRes(errors.New("bad request"))
break
}
return c.Error(rlt)
}
}
func Decrypt(in []byte, nonce []byte, pubkey string, seckey string) (data []byte, err error) {
defer func() {
if r := recover(); r != nil {
err = errors.New("encrypt faild")
}
}()
p := cipher.MustPubKeyFromHex(pubkey)
s := cipher.MustSecKeyFromHex(seckey)
key := cipher.ECDH(p, s)
data, err = cipher.Chacha20Decrypt(in, key, nonce)
return
}
func Encrypt(r interface{}, pubkey string, seckey string) (data []byte, nonce []byte, err error) {
defer func() {
if r := recover(); r != nil {
err = errors.New("encrypt faild")
}
}()
d, err := json.Marshal(r)
if err != nil {
return
}
p := cipher.MustPubKeyFromHex(pubkey)
s := cipher.MustSecKeyFromHex(seckey)
nonce = cipher.RandByte(chacha20.NonceSize)
key := cipher.ECDH(p, s)
data, err = cipher.Chacha20Encrypt([]byte(d), key, nonce)
return
}