GH-33 github token 安全性问题，本地会暴露 (#219)

* ✨ 增加AES加密方法

* ✨ github token 安全性问题

* 🐛 key length require 16,24,32

* ✏️ 取消注释行

cmd/checkout.go

@@ -126,7 +126,7 @@ func getGithubBranch(branchNum string, account string) string {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://api.github.com/repos/"+account+"/"+viper.GetString("current-project.name")+"/branches/"+branchNum, nil)
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)
@@ -243,7 +243,7 @@ func getGithubIssueBranch(issueNumber string) string {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://api.github.com/repos/isxcode/"+viper.GetString("current-project.name")+"/issues/"+issueNumber, nil)
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)

cmd/clone.go

@@ -32,7 +32,7 @@ var cloneCmd = &cobra.Command{
 func cloneCmdMain() {
 
 	// 判断用户是否登录
-	isLogin := common.CheckUserAccount(viper.GetString("user.token"))
+	isLogin := common.CheckUserAccount(common.GetToken())
 	if !isLogin {
 		fmt.Println("请先登录")
 		os.Exit(1)
@@ -106,7 +106,7 @@ func inputProjectPath() {
 func cloneCode(isxcodeRepository string, path string, name string, isMain bool) {
 
 	// 替换下载链接
-	isxcodeRepository = strings.Replace(isxcodeRepository, "https://", "https://"+viper.GetString("user.token")+"@", -1)
+	isxcodeRepository = strings.Replace(isxcodeRepository, "https://", "https://"+common.GetToken()+"@", -1)
 
 	// 下载主项目代码
 	executeCommand := "git clone -b main " + isxcodeRepository

cmd/delete.go

@@ -111,7 +111,7 @@ func getGithubIssueStatus(issueNumber string) string {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://api.github.com/repos/isxcode/"+viper.GetString("current-project.name")+"/issues/"+issueNumber, nil)
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)

cmd/pr.go

@@ -97,7 +97,7 @@ func createPr(titleName string, branchName string, name string) {
 	}
 	req, err := http.NewRequest("POST", "https://api.github.com/repos/isxcode/"+name+"/pulls", bytes.NewBuffer(payload))
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)
@@ -134,7 +134,7 @@ func getGithubIssueTitle(issueNumber string) string {
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", "https://api.github.com/repos/isxcode/"+viper.GetString("current-project.name")+"/issues/"+issueNumber, nil)
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)

cmd/sync.go

@@ -61,7 +61,7 @@ func SyncBranch(projectName, branchName string) {
 	userName := viper.GetString("user.account")
 	req, err := http.NewRequest("POST", common.GithubApiReposDomain+"/"+userName+"/"+projectName+"/merge-upstream", bytes.NewBuffer(payload))
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)

cmd/upgrade.go

@@ -96,7 +96,7 @@ func upgradeCmdMain() {
 		os.Exit(1)
 	}
 
-	req.Header = common.GitHubHeader(viper.GetString("user.token"))
+	req.Header = common.GitHubHeader(common.GetToken())
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Println("请求失败:", err)

common/common.go

@@ -4,11 +4,17 @@ Copyright © 2024 jamie HERE <EMAIL ADDRESS>
 package common
 
 import (
-	"encoding/json"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/hex"
+  "encoding/json"
 	"fmt"
 	"github.com/mitchellh/go-homedir"
+	"github.com/spf13/viper"
 	"io"
 	"os"
+	"strings"
 )
 
 func HomeDir() string {
@@ -29,6 +35,79 @@ func CurrentWorkDir() string {
 	return dir
 }
 
+var key = []byte("isxcode-20240719")
+
+func Encrypt(token string) string {
+	ciphertext, err := encryptAES([]byte(token), key)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	return ciphertext
+}
+
+func GetToken() string {
+	token := viper.GetString("user.token")
+	if token == "" {
+		fmt.Println("请先登录")
+		os.Exit(1)
+	}
+	if strings.HasPrefix(token, "ghp_") {
+		encryptToken := Encrypt(token)
+		viper.Set("user.token", encryptToken)
+		viper.WriteConfig()
+		return token
+	}
+	s, err := decryptAES(token, key)
+	if err != nil {
+		fmt.Println("解密失败...", err)
+		os.Exit(1)
+	}
+	return s
+}
+
+func encryptAES(plaintext, key []byte) (string, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return "", err
+	}
+
+	stream := cipher.NewCFBEncrypter(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+
+	return hex.EncodeToString(ciphertext), nil
+}
+
+func decryptAES(ciphertext string, key []byte) (string, error) {
+	ciphertextBytes, err := hex.DecodeString(ciphertext)
+	if err != nil {
+		return "", err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	if len(ciphertextBytes) < aes.BlockSize {
+		return "", fmt.Errorf("ciphertext too short")
+	}
+
+	iv := ciphertextBytes[:aes.BlockSize]
+	ciphertextBytes = ciphertextBytes[aes.BlockSize:]
+
+	stream := cipher.NewCFBDecrypter(block, iv)
+	stream.XORKeyStream(ciphertextBytes, ciphertextBytes)
+
+	return string(ciphertextBytes), nil
+}
+
 func Parse(reader io.Reader, v any) {
 	body, err := io.ReadAll(reader)
 	if err != nil {