- Add encryption configuration with environment variable support - Implement batch parallel decryption for improved query performance - Integrate message encryptor via wire dependency injection - Add explicit Decrypt() method for single message decryption - Optimize AfterFind hook to defer decryption for batch processing
110 lines
2.3 KiB
Go
110 lines
2.3 KiB
Go
package crypto
|
|
|
|
import (
|
|
"encoding/json"
|
|
"sync"
|
|
)
|
|
|
|
// BatchDecryptResult 批量解密结果
|
|
type BatchDecryptResult struct {
|
|
Index int
|
|
Plaintext []byte
|
|
Error error
|
|
}
|
|
|
|
// BatchDecrypt 批量并行解密
|
|
// workerCount 指定并行工作数,如果 <= 0 则使用 CPU 核数
|
|
func (e *MessageEncryptor) BatchDecrypt(ciphertexts []string, workerCount int) [][]byte {
|
|
if e == nil || len(ciphertexts) == 0 {
|
|
return nil
|
|
}
|
|
|
|
results := make([][]byte, len(ciphertexts))
|
|
|
|
// 小批量直接串行处理
|
|
if len(ciphertexts) <= 10 {
|
|
for i, ct := range ciphertexts {
|
|
if ct == "" {
|
|
continue
|
|
}
|
|
plaintext, err := e.Decrypt(ct)
|
|
if err == nil {
|
|
results[i] = plaintext
|
|
}
|
|
}
|
|
return results
|
|
}
|
|
|
|
// 并行处理
|
|
jobs := make(chan int, len(ciphertexts))
|
|
var wg sync.WaitGroup
|
|
|
|
// 确定工作数
|
|
if workerCount <= 0 {
|
|
workerCount = 4 // 默认4个并行
|
|
}
|
|
if workerCount > len(ciphertexts) {
|
|
workerCount = len(ciphertexts)
|
|
}
|
|
|
|
// 启动 worker
|
|
for w := 0; w < workerCount; w++ {
|
|
wg.Add(1)
|
|
go func() {
|
|
defer wg.Done()
|
|
for i := range jobs {
|
|
ct := ciphertexts[i]
|
|
if ct == "" {
|
|
continue
|
|
}
|
|
plaintext, err := e.Decrypt(ct)
|
|
if err == nil {
|
|
results[i] = plaintext
|
|
}
|
|
}
|
|
}()
|
|
}
|
|
|
|
// 分发任务
|
|
for i := range ciphertexts {
|
|
jobs <- i
|
|
}
|
|
close(jobs)
|
|
|
|
wg.Wait()
|
|
return results
|
|
}
|
|
|
|
// DecryptMessageSegments 解密消息段 JSON
|
|
// 这是一个便捷方法,直接返回解析后的 MessageSegments
|
|
func (e *MessageEncryptor) DecryptMessageSegments(ciphertext string) ([]byte, error) {
|
|
if e == nil || ciphertext == "" {
|
|
return nil, nil
|
|
}
|
|
return e.Decrypt(ciphertext)
|
|
}
|
|
|
|
// TryParseMessageSegments 尝试解析消息段
|
|
// 先尝试解密,如果失败则尝试直接解析(兼容未加密的旧数据)
|
|
func TryParseMessageSegments(ciphertext string, segments interface{}) error {
|
|
if ciphertext == "" {
|
|
return nil
|
|
}
|
|
|
|
encryptor := GetMessageEncryptor()
|
|
if encryptor == nil {
|
|
// 加密器未初始化,直接解析
|
|
return json.Unmarshal([]byte(ciphertext), segments)
|
|
}
|
|
|
|
// 尝试解密
|
|
plaintext, err := encryptor.Decrypt(ciphertext)
|
|
if err != nil {
|
|
// 解密失败,可能是未加密的旧数据,尝试直接解析
|
|
return json.Unmarshal([]byte(ciphertext), segments)
|
|
}
|
|
|
|
// 解析解密后的数据
|
|
return json.Unmarshal(plaintext, segments)
|
|
}
|