refactor(CookieCloud): Consolidate crypto and hash operations into HashUtils and CryptoJsUtils

2026-05-12 10:57:16 +08:00 · 2024-08-23 18:52:00 +08:00
parent c15d326636
commit bc1da0a7c7
5 changed files with 145 additions and 83 deletions
--- a/app/utils/common.py
+++ b/app/utils/common.py
@@ -1,11 +1,6 @@
-import base64
 import time
-from hashlib import md5
 from typing import Any

-from Crypto import Random
-from Crypto.Cipher import AES
-
 from app.schemas import ImmediateException


@@ -41,48 +36,3 @@ def retry(ExceptionToCheck: Any,
        return f_retry

    return deco_retry
-
-
-def bytes_to_key(data: bytes, salt: bytes, output=48) -> bytes:
-    # extended from https://gist.github.com/gsakkis/4546068
-    assert len(salt) == 8, len(salt)
-    data += salt
-    key = md5(data).digest()
-    final_key = key
-    while len(final_key) < output:
-        key = md5(key + data).digest()
-        final_key += key
-    return final_key[:output]
-
-
-def encrypt(message: bytes, passphrase: bytes) -> bytes:
-    """
-    CryptoJS 加密原文
-    
-    This is a modified copy of https://stackoverflow.com/questions/36762098/how-to-decrypt-password-from-javascript-cryptojs-aes-encryptpassword-passphras
-    """
-    salt = Random.new().read(8)
-    key_iv = bytes_to_key(passphrase, salt, 32 + 16)
-    key = key_iv[:32]
-    iv = key_iv[32:]
-    aes = AES.new(key, AES.MODE_CBC, iv)
-    length = 16 - (len(message) % 16)
-    data = message + (chr(length) * length).encode()
-    return base64.b64encode(b"Salted__" + salt + aes.encrypt(data))
-
-
-def decrypt(encrypted: str | bytes, passphrase: bytes) -> bytes:
-    """
-    CryptoJS 解密密文
-    
-    来源同encrypt
-    """
-    encrypted = base64.b64decode(encrypted)
-    assert encrypted[0:8] == b"Salted__"
-    salt = encrypted[8:16]
-    key_iv = bytes_to_key(passphrase, salt, 32 + 16)
-    key = key_iv[:32]
-    iv = key_iv[32:]
-    aes = AES.new(key, AES.MODE_CBC, iv)
-    data = aes.decrypt(encrypted[16:])
-    return data[:-(data[-1] if type(data[-1]) == int else ord(data[-1]))]
--- a/app/utils/crypto.py
+++ b/app/utils/crypto.py
@@ -1,8 +1,13 @@
 import base64
+import hashlib
+from hashlib import md5
+from typing import Union

+from Crypto import Random
+from Crypto.Cipher import AES
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization, hashes
-from cryptography.hazmat.primitives.asymmetric import rsa, padding
+from cryptography.hazmat.primitives.asymmetric import rsa, padding as asym_padding


 class RSAUtils:
@@ -68,8 +73,8 @@ class RSAUtils:
            message = b'test'
            encrypted_message = public_key.encrypt(
                message,
-                padding.OAEP(
-                    mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                asym_padding.OAEP(
+                    mgf=asym_padding.MGF1(algorithm=hashes.SHA256()),
                    algorithm=hashes.SHA256(),
                    label=None
                )
@@ -77,8 +82,8 @@ class RSAUtils:

            decrypted_message = private_key.decrypt(
                encrypted_message,
-                padding.OAEP(
-                    mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                asym_padding.OAEP(
+                    mgf=asym_padding.MGF1(algorithm=hashes.SHA256()),
                    algorithm=hashes.SHA256(),
                    label=None
                )
@@ -88,3 +93,101 @@ class RSAUtils:
        except Exception as e:
            print(f"RSA 密钥验证失败: {e}")
            return False
+
+
+class HashUtils:
+    @staticmethod
+    def md5(data: str, encoding: str = "utf-8") -> str:
+        """
+        生成数据的MD5哈希值，并以字符串形式返回
+
+        :param data: 输入的数据，类型为字符串
+        :param encoding: 字符串编码类型，默认使用UTF-8
+        :return: 生成的MD5哈希字符串
+        """
+        encoded_data = data.encode(encoding)
+        return hashlib.md5(encoded_data).hexdigest()
+
+    @staticmethod
+    def md5_bytes(data: str, encoding: str = "utf-8") -> bytes:
+        """
+        生成数据的MD5哈希值，并以字节形式返回
+
+        :param data: 输入的数据，类型为字符串
+        :param encoding: 字符串编码类型，默认使用UTF-8
+        :return: 生成的MD5哈希二进制数据
+        """
+        encoded_data = data.encode(encoding)
+        return hashlib.md5(encoded_data).digest()
+
+
+class CryptoJsUtils:
+
+    @staticmethod
+    def bytes_to_key(data: bytes, salt: bytes, output=48) -> bytes:
+        """
+        生成加密/解密所需的密钥和初始化向量 (IV)
+        """
+        # extended from https://gist.github.com/gsakkis/4546068
+        assert len(salt) == 8, len(salt)
+        data += salt
+        key = md5(data).digest()
+        final_key = key
+        while len(final_key) < output:
+            key = md5(key + data).digest()
+            final_key += key
+        return final_key[:output]
+
+    @staticmethod
+    def encrypt(message: bytes, passphrase: bytes) -> bytes:
+        """
+        使用 CryptoJS 兼容的加密策略对消息进行加密
+        """
+        # This is a modified copy of https://stackoverflow.com/questions/36762098/how-to-decrypt-password-from-javascript-cryptojs-aes-encryptpassword-passphras
+        # 生成8字节的随机盐值
+        salt = Random.new().read(8)
+        # 通过密码短语和盐值生成密钥和IV
+        key_iv = CryptoJsUtils.bytes_to_key(passphrase, salt, 32 + 16)
+        key = key_iv[:32]
+        iv = key_iv[32:]
+        # 创建AES加密器（CBC模式）
+        aes = AES.new(key, AES.MODE_CBC, iv)
+        # 应用PKCS#7填充
+        padding_length = 16 - (len(message) % 16)
+        padding = bytes([padding_length] * padding_length)
+        padded_message = message + padding
+        # 加密消息
+        encrypted = aes.encrypt(padded_message)
+        # 构建加密数据格式：b"Salted__" + salt + encrypted_message
+        salted_encrypted = b"Salted__" + salt + encrypted
+        # 返回Base64编码的加密数据
+        return base64.b64encode(salted_encrypted)
+
+    @staticmethod
+    def decrypt(encrypted: Union[str, bytes], passphrase: bytes) -> bytes:
+        """
+        使用 CryptoJS 兼容的解密策略对加密消息进行解密
+        """
+        # 确保输入是字节类型
+        if isinstance(encrypted, str):
+            encrypted = encrypted.encode("utf-8")
+        # Base64 解码
+        encrypted = base64.b64decode(encrypted)
+        # 检查前8字节是否为 "Salted__"
+        assert encrypted.startswith(b"Salted__"), "Invalid encrypted data format"
+        # 提取盐值
+        salt = encrypted[8:16]
+        # 通过密码短语和盐值生成密钥和IV
+        key_iv = CryptoJsUtils.bytes_to_key(passphrase, salt, 32 + 16)
+        key = key_iv[:32]
+        iv = key_iv[32:]
+        # 创建AES解密器（CBC模式）
+        aes = AES.new(key, AES.MODE_CBC, iv)
+        # 解密加密部分
+        decrypted_padded = aes.decrypt(encrypted[16:])
+        # 移除PKCS#7填充
+        padding_length = decrypted_padded[-1]
+        if isinstance(padding_length, str):
+            padding_length = ord(padding_length)
+        decrypted = decrypted_padded[:-padding_length]
+        return decrypted
--- a/app/utils/string.py
+++ b/app/utils/string.py
@@ -12,7 +12,6 @@ import dateutil.parser

 from app.schemas.types import MediaType

-
 _special_domains = [
    'u2.dmhy.org',
    'pt.ecust.pp.ua',
@@ -788,3 +787,11 @@ class StringUtils:
            return f'{diff_minutes}分钟'
        else:
            return ''
+
+    @staticmethod
+    def safe_strip(value) -> Optional[str]:
+        """
+        去除字符串两端的空白字符
+        :return: 如果输入值不是 None，返回去除空白字符后的字符串，否则返回 None
+        """
+        return value.strip() if value is not None else None