2026-02-24 16:47:46 +08:00
|
|
|
|
package captcha
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
|
"fmt"
|
|
|
|
|
|
"time"
|
2026-02-24 18:42:06 +08:00
|
|
|
|
|
|
|
|
|
|
lzcrypto "tyc-server/pkg/lzkit/crypto"
|
2026-02-24 16:47:46 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// GenerateEncryptedSceneID 按阿里云文档生成 EncryptedSceneId(仅适用于 V3 架构加密模式)。
|
|
|
|
|
|
// 明文格式: sceneId×tamp&expireTime
|
|
|
|
|
|
// 加密: AES-256-CBC + PKCS7Padding,结果为 Base64( IV(16字节) + ciphertext )
|
|
|
|
|
|
func GenerateEncryptedSceneID(sceneId, ekey string, expireSeconds int) (string, error) {
|
|
|
|
|
|
if expireSeconds <= 0 || expireSeconds > 86400 {
|
|
|
|
|
|
expireSeconds = 3600
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
ts := time.Now().Unix() // 秒级时间戳
|
|
|
|
|
|
plaintext := fmt.Sprintf("%s&%d&%d", sceneId, ts, expireSeconds)
|
|
|
|
|
|
|
|
|
|
|
|
keyBytes, err := base64.StdEncoding.DecodeString(ekey)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return "", fmt.Errorf("decode ekey error: %w", err)
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(keyBytes) != 32 {
|
|
|
|
|
|
return "", fmt.Errorf("invalid ekey length, need 32 bytes after base64 decode, got %d", len(keyBytes))
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-24 18:42:06 +08:00
|
|
|
|
// 复用已有的 AES-CBC + PKCS7 实现,输出即为 Base64(IV + ciphertext)
|
|
|
|
|
|
return lzcrypto.AesEncrypt([]byte(plaintext), keyBytes)
|
2026-02-24 16:47:46 +08:00
|
|
|
|
}
|
