refactor: align with crypto.DefaultAES interface

2026-05-12 23:10:29 +08:00 · 2026-05-12 23:10:29 +08:00 · cb1a1f355c
commit cb1a1f355c
parent e486e7ce46
4 changed files with 27 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,8 @@
 .log.meta.json
-env.yml
-
 .ai/
-
 .geminiignore
+.gemini
+env.yml
+env.json
+env.yaml
+/CODE-FULL.md
--- a/config.go
+++ b/config.go
@ -12,8 +12,14 @@ import (
 	"apigo.cc/go/safe"
 )

-var confAes, _ = crypto.NewAESGCMAndEraseKey([]byte("?GQ$0K0GgLdO=f+~L68PLm$uhKr4'=tV"), []byte("VFs7@sK61cj^f?HZ"))
-var keysOnce = sync.Once{}
+var confAES *crypto.Symmetric
+
+func init() {
+	crypto.OnSetDefaultAES(func(aes *crypto.Symmetric) {
+		confAES = aes
+	})
+}
+
 var configMutex sync.RWMutex

 // GlobalConfigs 存储整棵配置树
@ -21,12 +27,7 @@ var GlobalConfigs = map[string]any{}

 // SetEncryptKeys 允许设置自定义的配置加解密密钥
 func SetEncryptKeys(key, iv []byte) {
-	keysOnce.Do(func() {
-		if confAes != nil {
-			confAes.Close()
-		}
-		confAes, _ = crypto.NewAESGCMAndEraseKey(key, iv)
-	})
+	crypto.SetDefaultAES(key, iv)
 }

 // Load 加载指定的配置文件并合并到 GlobalConfigs
@ -189,7 +190,7 @@ func decryptMap(m map[string]any) []*safe.SafeBuf {
 			}

 			if err == nil && len(b64) > 0 {
-				if dec, err := confAes.DecryptBytes(b64); err == nil {
+				if dec, err := confAES.DecryptBytes(b64); err == nil {
 					sb := safe.NewSafeBufAndErase(dec)
 					m[k] = sb
 					safeBufs = append(safeBufs, sb)
--- a/go.sum
+++ b/go.sum
@ -1,25 +1,14 @@
-apigo.cc/go/cast v1.2.10 h1:wa9/hz6GW6Z+5co6l7LftMn2Eo06WpVHHDCCQphnmH8=
-apigo.cc/go/cast v1.2.10/go.mod h1:lGlwImiOvHxG7buyMWhFzcdvQzmSaoKbmr7bcDfUpHk=
-apigo.cc/go/config v1.0.8 h1:ZvontnJngNJrm6EJAPYmPhmBnLC9V7g5kZLiuN1MT60=
-apigo.cc/go/config v1.0.8/go.mod h1:FCZj70MCejeWwv81O7sdpg0zmjOzglAMmNEfT3dQYzw=
-apigo.cc/go/crypto v1.1.1 h1:AE0jNtKzcq4euz6fL9MAYEHQpbIEfDTHv2mriP/juig=
-apigo.cc/go/crypto v1.1.1/go.mod h1:Q26As+TQrNs6olGkiVdD6649DJirxA4CUBT4oukKPuw=
-apigo.cc/go/encoding v1.1.2 h1:reSrLkyYrtZsf4S91XPdyBY2AQpvA43n9q0Q9wz5uJA=
-apigo.cc/go/encoding v1.1.2/go.mod h1:iLuvrYHEK8mLnk8jijx5Sv1tInFreny0yGNBouA1d20=
-apigo.cc/go/file v1.0.8 h1:GPkixU080cvrmz7cbdXkC2DqMvsWWyY3UzoyUVQYFvs=
-apigo.cc/go/file v1.0.8/go.mod h1:T/wYji/va0S+JM2fAHonhKpnXKIELk/bmgnFEgMMY2s=
-apigo.cc/go/http v1.0.11 h1:EOlMXlTGrWY0RI3MynkV7noT49WiUdGVPdOtDJjIkU4=
-apigo.cc/go/http v1.0.11/go.mod h1:K2JgyI7DblfbzAnK1OHx4PS/1Pvcoqcp3g2uwsCPe68=
-apigo.cc/go/id v1.0.7 h1:vXCK8mUW3s4cJYmli0o2BxgyI9XbJrG8gSGJOP2Fe4g=
-apigo.cc/go/id v1.0.7/go.mod h1:wXBrPpcEpyUDM7bp7M5uPM9zFw4VcnvXMQLw4Yd+uZE=
-apigo.cc/go/log v1.1.16 h1:uqPqeHvs+FdNupLBzzamJmY4oHAqtPEkGuW/pW5i2nQ=
-apigo.cc/go/log v1.1.16/go.mod h1:bOfPXjrX2bY+FNG9eEtBnvaVXoxZDGvz0jQfF3s/mYk=
-apigo.cc/go/rand v1.0.6 h1:p51rkaDrYUdZPIRbQAujZmQelWg2ipAMts33A/tG7QE=
-apigo.cc/go/rand v1.0.6/go.mod h1:mZ/4Soa3bk+XvDaqPWJuUe1bfEi4eThBj1XmEAuYxsk=
-apigo.cc/go/safe v1.0.7 h1:f0d+v9K2dHPyG5DNqhyddCmAmSiIqIfkPi/AMED/iQI=
-apigo.cc/go/safe v1.0.7/go.mod h1:Hu7TVDWPe/I+nBZfYJH4mt+ROzG+rwk2D1zHTXj/2eE=
-apigo.cc/go/shell v1.0.6 h1:RngaSMr2AkAFDl545A1Ln+D8ckqV2jknUp4PohDaLIA=
-apigo.cc/go/shell v1.0.6/go.mod h1:X7Nozjd7oau4nvAJCI21vxrxfd4ZL5nE4C6eUsmi2Hc=
+apigo.cc/go/cast v1.3.0 h1:ZTcLYijkqZjSWSCSpJUWMfzJYeJKbwKxquKkPrFsROQ=
+apigo.cc/go/config v1.3.0 h1:TwI3bv3D+BJrAnFx+o62HQo3FarY2Ge3SCGsKchFYGg=
+apigo.cc/go/crypto v1.3.0 h1:rGRrrb5O+4M50X5hVUmJQbXx3l87zzlcgzGtUvZrZL8=
+apigo.cc/go/encoding v1.3.0 h1:8jqNHoZBR8vOU/BGsLFebfp1Txa1UxDRpd7YwzIFLJs=
+apigo.cc/go/file v1.3.0 h1:xG9FcY3Rv6Br83r9pq9QsIXFrplx4g8ITOkHSzfzXRg=
+apigo.cc/go/http v1.3.0 h1:1ZweotOuAxTI8wfib9knWYXM2t0POOJ3ezgOKObH3sg=
+apigo.cc/go/id v1.3.0 h1:Tr2Yj0Rl19lfwW5wBTJ407o/zgo2oVRLE20WWEgJzdE=
+apigo.cc/go/log v1.3.0 h1:61Z80WGN6SnhgxgoR8xuVYIieMdjlJKmf8JX1HXzp0Y=
+apigo.cc/go/rand v1.3.0 h1:k+UFAhMySwXf+dq8Om9TniZV6fm6gAE0evbrqMEdwQU=
+apigo.cc/go/safe v1.3.0 h1:uctdAUsphT9p60Tk4oS5xPCe0NoIdOHfsYv4PNS0Rok=
+apigo.cc/go/shell v1.3.0 h1:hdxuYPN/7T2BuM/Ja8AjVUhbRqU/wpi8OjcJVziJ0nw=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
--- a/security_test.go
+++ b/security_test.go
@ -14,7 +14,7 @@ func TestSafeConfigDecryption(t *testing.T) {
 	SetEncryptKeys(key, iv)

 	plaintext := "my-secret-password"
-	ciphertext, _ := confAes.EncryptBytes([]byte(plaintext))
+	ciphertext, _ := confAES.EncryptBytes([]byte(plaintext))
 	b64 := encoding.Base64ToString(ciphertext)

 	GlobalConfigs = map[string]any{