refactor(server): decouple services and improve architecture
- Introduce interfaces for all major services (JWT, PostAI, Comment, Message, Notification, QRCodeLogin, Upload, Vote, etc.) to support dependency inversion. - Move query parameters from `internal/dto` to a new `internal/query` package to separate request payloads from data transfer objects. - Refactor `internal/router` to use embedded `RouterDeps` for cleaner dependency management. - Decouple handlers from repositories by injecting services instead of direct repository access, ensuring proper layering. - Improve database initialization by moving it from `internal/model` to `internal/database`. - Optimize message decryption by implementing a more efficient `BatchDecrypt` method in `MessageEncryptor` using a worker pool. - Enhance error handling and security by implementing fail-fast checks for encryption key length during startup. - Clean up unused code, including the `avatar` package and several unused DTOs.
This commit is contained in:
@@ -21,36 +21,6 @@ func BenchmarkEncryptDecryptSingle(b *testing.B) {
|
||||
}
|
||||
}
|
||||
|
||||
// BenchmarkBatchDecrypt 批量并行解密性能基准
|
||||
func BenchmarkBatchDecrypt(b *testing.B) {
|
||||
key := "12345678901234567890123456789012"
|
||||
_ = InitMessageEncryptor(key, 1)
|
||||
encryptor := GetMessageEncryptor()
|
||||
|
||||
// 准备测试数据
|
||||
sizes := []int{10, 50, 100, 500}
|
||||
|
||||
for _, size := range sizes {
|
||||
b.Run(fmt.Sprintf("size_%d", size), func(b *testing.B) {
|
||||
// 生成加密数据
|
||||
ciphertexts := make([]string, size)
|
||||
for i := 0; i < size; i++ {
|
||||
msg := map[string]interface{}{
|
||||
"type": "text",
|
||||
"data": map[string]string{"content": fmt.Sprintf("消息内容 %d", i)},
|
||||
}
|
||||
plaintext, _ := json.Marshal(msg)
|
||||
ciphertexts[i], _ = encryptor.Encrypt(plaintext)
|
||||
}
|
||||
|
||||
b.ResetTimer()
|
||||
for i := 0; i < b.N; i++ {
|
||||
_ = encryptor.BatchDecrypt(ciphertexts, 4)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// BenchmarkSerialDecrypt 串行解密性能基准(对比用)
|
||||
func BenchmarkSerialDecrypt(b *testing.B) {
|
||||
key := "12345678901234567890123456789012"
|
||||
@@ -81,12 +51,41 @@ func BenchmarkSerialDecrypt(b *testing.B) {
|
||||
}
|
||||
}
|
||||
|
||||
// BenchmarkBatchDecrypt 批量并行解密性能基准
|
||||
func BenchmarkBatchDecrypt(b *testing.B) {
|
||||
key := "12345678901234567890123456789012"
|
||||
_ = InitMessageEncryptor(key, 1)
|
||||
encryptor := GetMessageEncryptor()
|
||||
|
||||
sizes := []int{10, 50, 100, 500}
|
||||
|
||||
for _, size := range sizes {
|
||||
b.Run(fmt.Sprintf("size_%d", size), func(b *testing.B) {
|
||||
// 生成加密数据
|
||||
ciphertexts := make([]string, size)
|
||||
for i := 0; i < size; i++ {
|
||||
msg := map[string]interface{}{
|
||||
"type": "text",
|
||||
"data": map[string]string{"content": fmt.Sprintf("消息内容 %d", i)},
|
||||
}
|
||||
plaintext, _ := json.Marshal(msg)
|
||||
ciphertexts[i], _ = encryptor.Encrypt(plaintext)
|
||||
}
|
||||
|
||||
b.ResetTimer()
|
||||
for i := 0; i < b.N; i++ {
|
||||
_ = encryptor.BatchDecrypt(ciphertexts, 4)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestBatchDecrypt 验证批量解密与单条解密结果一致
|
||||
func TestBatchDecrypt(t *testing.T) {
|
||||
key := "12345678901234567890123456789012"
|
||||
_ = InitMessageEncryptor(key, 1)
|
||||
encryptor := GetMessageEncryptor()
|
||||
|
||||
// 准备测试数据
|
||||
count := 100
|
||||
ciphertexts := make([]string, count)
|
||||
expectedContents := make([]string, count)
|
||||
@@ -105,6 +104,10 @@ func TestBatchDecrypt(t *testing.T) {
|
||||
// 批量解密
|
||||
results := encryptor.BatchDecrypt(ciphertexts, 4)
|
||||
|
||||
if len(results) != count {
|
||||
t.Fatalf("BatchDecrypt returned %d results, want %d", len(results), count)
|
||||
}
|
||||
|
||||
// 验证结果
|
||||
for i, result := range results {
|
||||
if result == nil {
|
||||
|
||||
@@ -139,31 +139,70 @@ func (e *MessageEncryptor) GetKeyVersion() int {
|
||||
return e.keyVersion
|
||||
}
|
||||
|
||||
// RotateKey 密钥轮换(用于密钥升级)
|
||||
// 新密钥必须也是32字节
|
||||
func (e *MessageEncryptor) RotateKey(newKey string, newVersion int) error {
|
||||
keyBytes := []byte(newKey)
|
||||
if len(keyBytes) != 32 {
|
||||
return ErrInvalidKey
|
||||
// BatchDecrypt 批量解密多条密文,返回与输入等长的明文字节切片数组。
|
||||
// 并发度由 workers 指定(<=0 时按密文数量自适应)。
|
||||
// 解密失败或空密文的位置返回 nil,调用方可据此判断。
|
||||
// 这是 Decrypt 的无锁读优化版:AEAD 的 Open 不修改内部状态,
|
||||
// 但仍走 RLock 以兼容未来可能的密钥轮换语义。
|
||||
func (e *MessageEncryptor) BatchDecrypt(ciphertexts []string, workers int) [][]byte {
|
||||
results := make([][]byte, len(ciphertexts))
|
||||
if e == nil || len(ciphertexts) == 0 {
|
||||
return results
|
||||
}
|
||||
|
||||
block, err := aes.NewCipher(keyBytes)
|
||||
if err != nil {
|
||||
return err
|
||||
// 自适应并发度:与历史实现保持一致
|
||||
if workers <= 0 {
|
||||
switch {
|
||||
case len(ciphertexts) < 20:
|
||||
workers = 2
|
||||
case len(ciphertexts) > 100:
|
||||
workers = 8
|
||||
default:
|
||||
workers = 4
|
||||
}
|
||||
}
|
||||
if workers > len(ciphertexts) {
|
||||
workers = len(ciphertexts)
|
||||
}
|
||||
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return err
|
||||
// 预取一次 AEAD,避免 worker 内重复进入 RLock
|
||||
e.mu.RLock()
|
||||
gcm := e.gcm
|
||||
nonceSize := e.gcm.NonceSize()
|
||||
e.mu.RUnlock()
|
||||
|
||||
jobs := make(chan int, len(ciphertexts))
|
||||
var wg sync.WaitGroup
|
||||
|
||||
for w := 0; w < workers; w++ {
|
||||
wg.Add(1)
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
for i := range jobs {
|
||||
ct := ciphertexts[i]
|
||||
if ct == "" {
|
||||
continue
|
||||
}
|
||||
raw, err := base64.StdEncoding.DecodeString(ct)
|
||||
if err != nil || len(raw) < nonceSize {
|
||||
continue
|
||||
}
|
||||
nonce := raw[:nonceSize]
|
||||
actual := raw[nonceSize:]
|
||||
plaintext, err := gcm.Open(nil, nonce, actual, nil)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
results[i] = plaintext
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
e.mu.Lock()
|
||||
defer e.mu.Unlock()
|
||||
for i := range ciphertexts {
|
||||
jobs <- i
|
||||
}
|
||||
close(jobs)
|
||||
wg.Wait()
|
||||
|
||||
e.key = keyBytes
|
||||
e.gcm = gcm
|
||||
e.keyVersion = newVersion
|
||||
|
||||
return nil
|
||||
return results
|
||||
}
|
||||
|
||||
|
||||
@@ -150,16 +150,6 @@ func TestMessageEncryptor_KeyVersion(t *testing.T) {
|
||||
if encryptor.GetKeyVersion() != 1 {
|
||||
t.Errorf("GetKeyVersion() = %d, want 1", encryptor.GetKeyVersion())
|
||||
}
|
||||
|
||||
// 测试密钥轮换
|
||||
err = encryptor.RotateKey("abcdefghijklmnopqrstuvwxyz123456", 2)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if encryptor.GetKeyVersion() != 2 {
|
||||
t.Errorf("GetKeyVersion() after rotation = %d, want 2", encryptor.GetKeyVersion())
|
||||
}
|
||||
}
|
||||
|
||||
func mustMarshal(v interface{}) []byte {
|
||||
|
||||
Reference in New Issue
Block a user