GORM是一款優秀的Go語言ORM函式庫,它提供了程式碼優先的資料庫存取方式,支援多種資料庫,包括MySQL、SQLite、PostgreSQL、SQL Server等。我們可以透過對GORM函式庫的使用輕鬆實現MySQL資料庫的加密處理。
import ( "crypto/aes" "crypto/cipher" "encoding/base64" "fmt" "gorm.io/driver/mysql" "gorm.io/gorm" )
dsn := "user:password@tcp(" db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{})
var key = []byte("the-key-has-to-be-32-bytes-long!")
func encrypt(data []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, err } plaintext := padData(data) // The IV needs to be unique, but not secure. Therefore it's common to // include it at the beginning of the ciphertext. ciphertext := make([]byte, aes.BlockSize+len(plaintext)) iv := ciphertext[:aes.BlockSize] if _, err := rand.Read(iv); err != nil { return nil, err } mode := cipher.NewCBCEncrypter(block, iv) mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext) return []byte(base64.StdEncoding.EncodeToString(ciphertext)), nil }
func decrypt(data []byte) ([]byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, err } ciphertext, err := base64.StdEncoding.DecodeString(string(data)) if err != nil { return nil, err } if len(ciphertext) < aes.BlockSize { return nil, fmt.Errorf("ciphertext too short") } iv := ciphertext[:aes.BlockSize] ciphertext = ciphertext[aes.BlockSize:] // CBC mode always works in whole blocks. if len(ciphertext)%aes.BlockSize != 0 { return nil, fmt.Errorf("ciphertext is not a multiple of the block size") } mode := cipher.NewCBCDecrypter(block, iv) mode.CryptBlocks(ciphertext, ciphertext) return unpadData(ciphertext), nil }
type User struct { ID uint Name string Email string Passwd []byte `gorm:"column:passwd"` }
func (u *User) TableName() string { return "users" } func (u *User) BeforeSave(tx *gorm.DB) (err error) { pData, err := encrypt(u.Passwd) if err != nil { return } u.Passwd = pData return } func (u *User) AfterFind(tx *gorm.DB) (err error) { pData, err := decrypt(u.Passwd) if err != nil { return } u.Passwd = pData return }
users := []User{} result := db.Find(&users) if result.Error != nil { panic(result.Error) } for _, user := range users { fmt.Println(user) }