diff --git a/app/cipher.lua b/app/cipher.lua index 6fb6906..246067c 100644 --- a/app/cipher.lua +++ b/app/cipher.lua @@ -1,9 +1,56 @@ -local aes = require('resty.aes') +local ffi = require('ffi') +local aes = require('resty.aes') local aes_params = require('app.config').aes +local string_format = string.format + +local ffi_new = ffi.new +local ffi_string = ffi.string +local C = ffi.C + + +ffi.cdef[[ + unsigned long ERR_get_error(void); + void ERR_error_string_n(unsigned long e, char *buf, size_t len); +]] + + +local _M = {} + +-- https://github.com/openresty/lua-resty-string/pull/65 +local get_error = function(op) + local errno = C.ERR_get_error() + if errno == 0 then + return nil + end + local msg = ffi_new('char[?]', 256) + C.ERR_error_string_n(errno, msg, 256) + return string_format('AES %s error: %s', op, ffi_string(msg)) +end + +local aes_obj = aes:new( + aes_params.key, + aes_params.salt, + aes.cipher(aes_params.size, aes_params.mode), + aes_params.hash and aes.hash[aes_params.hash], + aes_params.hash_rounds +) + +_M.encrypt = function(data) + data = aes_obj:encrypt(data) + if not data then + return nil, get_error('encrypt') + end + return data +end + +_M.decrypt = function(data) + data = aes_obj:decrypt(data) + if not data then + return nil, get_error('decrypt') + end + return data +end -local hash = aes_params.hash and aes.hash[aes_params.hash] -local cipher = aes.cipher(aes_params.size, aes_params.mode) -return aes:new(aes_params.key, aes_params.salt, cipher, - hash, aes_params.hash_rounds) +return _M diff --git a/app/tinyid.lua b/app/tinyid.lua index 668420e..29e7073 100644 --- a/app/tinyid.lua +++ b/app/tinyid.lua @@ -4,6 +4,9 @@ local cipher = require('app.cipher') local mediatypes = require('app.mediatypes') local utils = require('app.utils') +local cipher_encrypt = cipher.encrypt +local cipher_decrypt = cipher.decrypt + local DEFAULT_TYPE_ID = mediatypes.DEFAULT_TYPE_ID local ID_TYPE_MAP = mediatypes.ID_TYPE_MAP local decode_urlsafe_base64 = utils.decode_urlsafe_base64 @@ -25,7 +28,7 @@ _M.encode = function(params) file_id_bytes, media_type_byte, } - local tiny_id_encr_bytes = cipher:encrypt(tiny_id_raw_bytes) + local tiny_id_encr_bytes = cipher_encrypt(tiny_id_raw_bytes) return base58:encode(tiny_id_encr_bytes) end @@ -35,9 +38,9 @@ _M.decode = function(tiny_id) if not tiny_id_encr_bytes then return nil, err end - local tiny_id_raw_bytes = cipher:decrypt(tiny_id_encr_bytes) + local tiny_id_raw_bytes, err = cipher_decrypt(tiny_id_encr_bytes) -- luacheck: ignore 411 if not tiny_id_raw_bytes then - return nil, 'AES decrypt error' + return nil, err end -- get file_id size local file_id_size = string.byte(tiny_id_raw_bytes:sub(1, 1)) diff --git a/app/views/get-file.lua b/app/views/get-file.lua index 9ca5a38..8a736e4 100644 --- a/app/views/get-file.lua +++ b/app/views/get-file.lua @@ -23,6 +23,9 @@ local ngx_HTTP_NOT_MODIFIED = ngx.HTTP_NOT_MODIFIED local ngx_HTTP_NOT_FOUND = ngx.HTTP_NOT_FOUND local ngx_HTTP_BAD_GATEWAY = ngx.HTTP_BAD_GATEWAY +local cipher_encrypt = cipher.encrypt +local cipher_decrypt = cipher.decrypt + local log = utils.log local error = utils.error local escape_uri = utils.escape_uri @@ -51,7 +54,7 @@ end local encode_etag = function(etag) etag = unquote_etag(etag) if not etag then return nil end - etag = base58:encode(cipher:encrypt(etag)) + etag = base58:encode(cipher_encrypt(etag)) return string_format('"%s"', etag) end @@ -60,7 +63,7 @@ local decode_etag = function(etag) if not etag then return nil end etag = base58:decode(etag) if not etag then return nil end - etag = cipher:decrypt(etag) + etag = cipher_decrypt(etag) if not etag then return nil end return string_format('"%s"', etag) end diff --git a/app/views/webhook.lua b/app/views/webhook.lua index b352ae2..ba5a001 100644 --- a/app/views/webhook.lua +++ b/app/views/webhook.lua @@ -86,7 +86,7 @@ local forward_message = function(message) message_id = message.message_id, }, } - local res, err = request_tg_server(conn, params, true) -- luacheck: ignore 411 + local res, err = request_tg_server(conn, params, true) -- luacheck: ignore 411 if not res then log(ngx_ERR, 'tg api request error: %s', err) return