github.com/gofiber/fiber/v2@v2.47.0/middleware/encryptcookie/utils.go

github.com/gofiber/fiber/v2@v2.47.0/middleware/encryptcookie/utils.go (about)

     1  package encryptcookie
     2  
     3  import (
     4  	"crypto/aes"
     5  	"crypto/cipher"
     6  	"crypto/rand"
     7  	"encoding/base64"
     8  	"errors"
     9  	"fmt"
    10  	"io"
    11  )
    12  
    13  // EncryptCookie Encrypts a cookie value with specific encryption key
    14  func EncryptCookie(value, key string) (string, error) {
    15  	keyDecoded, err := base64.StdEncoding.DecodeString(key)
    16  	if err != nil {
    17  		return "", fmt.Errorf("failed to base64-decode key: %w", err)
    18  	}
    19  
    20  	block, err := aes.NewCipher(keyDecoded)
    21  	if err != nil {
    22  		return "", fmt.Errorf("failed to create AES cipher: %w", err)
    23  	}
    24  
    25  	gcm, err := cipher.NewGCM(block)
    26  	if err != nil {
    27  		return "", fmt.Errorf("failed to create GCM mode: %w", err)
    28  	}
    29  
    30  	nonce := make([]byte, gcm.NonceSize())
    31  	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
    32  		return "", fmt.Errorf("failed to read: %w", err)
    33  	}
    34  
    35  	ciphertext := gcm.Seal(nonce, nonce, []byte(value), nil)
    36  
    37  	return base64.StdEncoding.EncodeToString(ciphertext), nil
    38  }
    39  
    40  // DecryptCookie Decrypts a cookie value with specific encryption key
    41  func DecryptCookie(value, key string) (string, error) {
    42  	keyDecoded, err := base64.StdEncoding.DecodeString(key)
    43  	if err != nil {
    44  		return "", fmt.Errorf("failed to base64-decode key: %w", err)
    45  	}
    46  	enc, err := base64.StdEncoding.DecodeString(value)
    47  	if err != nil {
    48  		return "", fmt.Errorf("failed to base64-decode value: %w", err)
    49  	}
    50  
    51  	block, err := aes.NewCipher(keyDecoded)
    52  	if err != nil {
    53  		return "", fmt.Errorf("failed to create AES cipher: %w", err)
    54  	}
    55  
    56  	gcm, err := cipher.NewGCM(block)
    57  	if err != nil {
    58  		return "", fmt.Errorf("failed to create GCM mode: %w", err)
    59  	}
    60  
    61  	nonceSize := gcm.NonceSize()
    62  
    63  	if len(enc) < nonceSize {
    64  		return "", errors.New("encrypted value is not valid")
    65  	}
    66  
    67  	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
    68  
    69  	plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)
    70  	if err != nil {
    71  		return "", fmt.Errorf("failed to decrypt ciphertext: %w", err)
    72  	}
    73  
    74  	return string(plaintext), nil
    75  }
    76  
    77  // GenerateKey Generates an encryption key
    78  func GenerateKey() string {
    79  	const keyLen = 32
    80  	ret := make([]byte, keyLen)
    81  
    82  	if _, err := rand.Read(ret); err != nil {
    83  		panic(err)
    84  	}
    85  
    86  	return base64.StdEncoding.EncodeToString(ret)
    87  }
    88  
    89  // Check given cookie key is disabled for encryption or not
    90  func isDisabled(key string, except []string) bool {
    91  	for _, k := range except {
    92  		if key == k {
    93  			return true
    94  		}
    95  	}
    96  
    97  	return false
    98  }