package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"io"
)
func Encrypt(plaintext string, key []byte) (string, error) {
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return "", err
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], []byte(plaintext))
return base64.StdEncoding.EncodeToString(ciphertext), nil
}
func Decrypt(cryptoText string, key []byte) (string, error) {
ciphertext, _ := base64.StdEncoding.DecodeString(cryptoText)
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
if len(ciphertext) < aes.BlockSize {
return "", errors.New("ciphertext too short")
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext, ciphertext)
return string(ciphertext), nil
}// ❌ 错误:字符串拼接
query := "SELECT * FROM users WHERE username = '" + username + "'"
// ✅ 正确:参数化查询
query := "SELECT * FROM users WHERE username = ?"
db.Query(query, username)import "html"
// 转义HTML
safeContent := html.EscapeString(userInput)// 生成CSRF Token
func GenerateCSRFToken() string {
b := make([]byte, 32)
rand.Read(b)
return base64.StdEncoding.EncodeToString(b)
}
// 验证CSRF Token
func ValidateCSRFToken(r *http.Request) bool {
sessionToken := getSessionToken(r)
requestToken := r.Header.Get("X-CSRF-Token")
return sessionToken == requestToken
}关键要点:
- ✅ AES对称加密敏感数据
- ✅ RSA非对称签名验证
- ✅ HTTPS保证传输安全
- ✅ 防御SQL注入、XSS、CSRF