From cf8c7c0e2b21e9e215cb948747bd33aad20e8c7e Mon Sep 17 00:00:00 2001
From: joycezhang <787027175@qq.com>
Date: Thu, 8 Sep 2022 15:58:46 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7:=20=E9=87=8D=E6=96=B0=E5=AE=9A?=
 =?UTF-8?q?=E4=B9=89=E5=8A=A0=E5=AF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Exceptions/DecryptErrorException.php      | 14 +++++++
 src/{Aop => Security}/AopPassword.php         |  9 ++--
 .../AopCrypt.php => Security/AopSecurity.php} | 41 +++++++++++++------
 src/Traits/EncryptTableDbAttribute.php        | 22 +++++-----
 src/config.php                                |  5 ++-
 5 files changed, 62 insertions(+), 29 deletions(-)
 create mode 100644 src/Exceptions/DecryptErrorException.php
 rename src/{Aop => Security}/AopPassword.php (88%)
 rename src/{Aop/AopCrypt.php => Security/AopSecurity.php} (64%)

diff --git a/src/Exceptions/DecryptErrorException.php b/src/Exceptions/DecryptErrorException.php
new file mode 100644
index 0000000..5f522be
--- /dev/null
+++ b/src/Exceptions/DecryptErrorException.php
@@ -0,0 +1,14 @@
+<?php
+
+
+namespace JoyceZ\LaravelLib\Exceptions;
+
+/**
+ * 解密异常
+ * Class DecryptErrorException
+ * @package JoyceZ\LaravelLib\Exceptions
+ */
+class DecryptErrorException extends \Exception
+{
+
+}
\ No newline at end of file
diff --git a/src/Aop/AopPassword.php b/src/Security/AopPassword.php
similarity index 88%
rename from src/Aop/AopPassword.php
rename to src/Security/AopPassword.php
index 2b40c73..72016a1 100644
--- a/src/Aop/AopPassword.php
+++ b/src/Security/AopPassword.php
@@ -1,7 +1,7 @@
 <?php
 
 
-namespace JoyceZ\LaravelLib\Aop;
+namespace JoyceZ\LaravelLib\Security;
 
 
 use Illuminate\Support\Str;
@@ -9,8 +9,7 @@
 /**
  * 密码操作
  * Class AopPassword
- * @author joyecZhang <zhangwei762@163.com>
- * @package JoyceZ\LaravelLib\Aop
+ * @package JoyceZ\LaravelLib\Security
  */
 class AopPassword
 {
@@ -21,7 +20,7 @@ class AopPassword
      * @param string $salt 加密盐
      * @return $this
      */
-    public function withSalt(string $salt='')
+    public function withSalt(string $salt = '')
     {
         $this->salt = trim($salt) == '' ? config('landao.passport.password_salt') : $salt;
         return $this;
@@ -51,4 +50,4 @@ public function check(string $dbPassword, string $password, string $salt)
     {
         return $this->encrypt($password, $salt) == $dbPassword ? true : false;
     }
-}
+}
\ No newline at end of file
diff --git a/src/Aop/AopCrypt.php b/src/Security/AopSecurity.php
similarity index 64%
rename from src/Aop/AopCrypt.php
rename to src/Security/AopSecurity.php
index ff7115c..0515c2b 100644
--- a/src/Aop/AopCrypt.php
+++ b/src/Security/AopSecurity.php
@@ -1,15 +1,17 @@
 <?php
 
 
-namespace JoyceZ\LaravelLib\Aop;
+namespace JoyceZ\LaravelLib\Security;
 
+
+use JoyceZ\LaravelLib\Exceptions\DecryptErrorException;
 /**
  * 加密工具
  * Class AopCrypt
  * @author alipay  https://github.com/alipay/alipay-sdk-php-all
  * @package JoyceZ\LaravelLib\Aop
  */
-class AopCrypt
+class AopSecurity
 {
     /**
      * 密钥
@@ -17,18 +19,28 @@ class AopCrypt
      */
     protected $screctKey = '';
 
+    protected $scretIv = '';
+
 
     /**
      * 设置密码加密盐
      * @param string $screctKey 加密盐
      * @return $this
      */
-    public function withScrectKey(string $screctKey = '')
+    public function withScrectKey(string $screctKey = '', $iv='')
     {
-        $this->screctKey = trim($screctKey) == '' ? config('landao.crypt.screct_key') : $screctKey;
+        $this->screctKey = trim($screctKey) == '' ? config('landao.security.security_key') : $screctKey;
+        $this->scretIv = trim($iv) == '' ? config('landao.security.security_iv') : $iv;
         return $this;
     }
 
+    public function hmac_md5($input)
+    {
+        $key = base64_decode($this->screctKey);
+
+        return hash_hmac('md5', $input, $key, true);
+    }
+
     /**
      * 加密方法
      * @param string $str
@@ -43,15 +55,17 @@ public function encrypt($str)
 
         //设置全0的IV
 
-        $iv = str_repeat("\0", 16);
+        $iv = $this->scretIv;//str_repeat("\0", 16);
         $encrypt_str = openssl_encrypt($str, 'aes-128-cbc', $screct_key, OPENSSL_NO_PADDING, $iv);
         return base64_encode($encrypt_str);
     }
 
+
     /**
      * 解密方法
-     * @param string $str
-     * @return string
+     * @param $str
+     * @return false|string
+     * @throws DecryptErrorException
      */
     public function decrypt($str)
     {
@@ -60,10 +74,13 @@ public function decrypt($str)
         $screct_key = base64_decode($this->screctKey);
 
         //设置全0的IV
-        $iv = str_repeat("\0", 16);
-        $decrypt_str = openssl_decrypt($str, 'aes-128-cbc', $screct_key, OPENSSL_NO_PADDING, $iv);
-        $decrypt_str = $this->stripPKSC7Padding($decrypt_str);
-        return $decrypt_str;
+        $iv = $this->scretIv;//str_repeat("\0", 16);
+        $decrypted = openssl_decrypt($str, 'aes-128-cbc', $screct_key, OPENSSL_NO_PADDING, $iv);
+        $decrypted = $this->stripPKSC7Padding($decrypted);
+        if (!$decrypted) {
+            throw new DecryptErrorException(sprintf('解密失败，请检查密钥 %s 密文 %s 是否正确?', $screct_key, $str));
+        }
+        return $decrypted;
     }
 
     /**
@@ -98,4 +115,4 @@ private function stripPKSC7Padding($source)
         $source = substr($source, 0, -$num);
         return $source;
     }
-}
+}
\ No newline at end of file
diff --git a/src/Traits/EncryptTableDbAttribute.php b/src/Traits/EncryptTableDbAttribute.php
index df4ae25..bf1db58 100644
--- a/src/Traits/EncryptTableDbAttribute.php
+++ b/src/Traits/EncryptTableDbAttribute.php
@@ -2,7 +2,7 @@
 
 namespace JoyceZ\LaravelLib\Traits;
 
-use JoyceZ\LaravelLib\Aop\AopCrypt;
+use JoyceZ\LaravelLib\Security\AopSecurity;
 
 /**
  * 对数据进行加密
@@ -30,10 +30,9 @@ public function setAttribute($key, $value)
     }
 
     /**
-     * Get a plain attribute (not a relationship).
-     *
-     * @param string $key
-     * @return mixed
+     * @param $key
+     * @return false|string
+     * @throws \JoyceZ\LaravelLib\Exceptions\DecryptErrorException
      */
     public function getAttributeValue($key)
     {
@@ -72,8 +71,8 @@ public function getAttributeValue($key)
 
     /**
      * 将模型的属性转换为数组
-     *
      * @return array
+     * @throws \JoyceZ\LaravelLib\Exceptions\DecryptErrorException
      */
     public function attributesToArray(): array
     {
@@ -109,8 +108,10 @@ public function attributesToArray(): array
     }
 
     /**
+     * 解密字段
      * @param array $attributes
      * @return array
+     * @throws \JoyceZ\LaravelLib\Exceptions\DecryptErrorException
      */
     private function decryptAttributes(array $attributes): array
     {
@@ -132,16 +133,17 @@ private function decryptAttributes(array $attributes): array
      */
     private function encrypt($value)
     {
-        return (new AopCrypt())->withScrectKey()->encrypt($value);
+        return (new AopSecurity())->withScrectKey()->encrypt($value);
     }
 
     /**
      * 解密
-     * @param mixed $value
-     * @return mixed
+     * @param $value
+     * @return false|string
+     * @throws \JoyceZ\LaravelLib\Exceptions\DecryptErrorException
      */
     public function decrypt($value)
     {
-        return (new AopCrypt())->withScrectKey()->decrypt($value);
+        return (new AopSecurity())->withScrectKey()->decrypt($value);
     }
 }
diff --git a/src/config.php b/src/config.php
index a00032d..8b5798f 100644
--- a/src/config.php
+++ b/src/config.php
@@ -5,8 +5,9 @@
         'check_captcha_cache_key' => 'captcha_uniqid',
         'password_salt' => env('LANDAO_PASSPORT_PASSWORD_SALT', env('APP_KEY'))
     ],
-    'crypt' => [
-        'screct_key' => env('LANDAO_CRYPT_SCRECT_KEY', env('APP_KEY'))
+    'security' => [
+        'security_key' => env('LANDAO_CRYPT_SECURITY_KEY', md5('landao_admin')),
+        'security_iv' => env('LANDAO_CRYPT_SECURITY_IV', str_repeat("\0", 16))
     ],
     'captcha' => [
         'charset' => 'abcdefghkmnprstuvwxyzABCDEFGHKMNPRSTUVWXYZ23456789',