Add RBAC support with roles, permissions, and session management. Implement middleware for authentication and CSRF protection. Enhance audit logging with additional fields. Update HTTP handlers and routes for new features.

2025-12-13 17:44:09 +00:00
parent d69e01bbaf
commit 8100f87686
44 changed files with 3262 additions and 76 deletions
--- a/internal/infra/crypto/crypto.go
+++ b/internal/infra/crypto/crypto.go
@@ -0,0 +1,59 @@
+package crypto
+
+import (
+    "crypto/aes"
+    "crypto/cipher"
+    "crypto/rand"
+    "encoding/base64"
+    "errors"
+    "io"
+)
+
+// Encrypt uses AES-GCM with a 32 byte key
+func Encrypt(key []byte, plaintext string) (string, error) {
+    if len(key) != 32 {
+        return "", errors.New("invalid key length")
+    }
+    block, err := aes.NewCipher(key)
+    if err != nil {
+        return "", err
+    }
+    aesgcm, err := cipher.NewGCM(block)
+    if err != nil {
+        return "", err
+    }
+    nonce := make([]byte, aesgcm.NonceSize())
+    if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+        return "", err
+    }
+    ct := aesgcm.Seal(nonce, nonce, []byte(plaintext), nil)
+    return base64.StdEncoding.EncodeToString(ct), nil
+}
+
+func Decrypt(key []byte, cipherText string) (string, error) {
+    if len(key) != 32 {
+        return "", errors.New("invalid key length")
+    }
+    data, err := base64.StdEncoding.DecodeString(cipherText)
+    if err != nil {
+        return "", err
+    }
+    block, err := aes.NewCipher(key)
+    if err != nil {
+        return "", err
+    }
+    aesgcm, err := cipher.NewGCM(block)
+    if err != nil {
+        return "", err
+    }
+    nonceSize := aesgcm.NonceSize()
+    if len(data) < nonceSize {
+        return "", errors.New("ciphertext too short")
+    }
+    nonce, ct := data[:nonceSize], data[nonceSize:]
+    pt, err := aesgcm.Open(nil, nonce, ct, nil)
+    if err != nil {
+        return "", err
+    }
+    return string(pt), nil
+}