.gitignore

@@ -1,8 +1,6 @@
 .log.meta.json
-.ai/
-.geminiignore
-.gemini
 env.yml
-env.json
+
-env.yaml
+.ai/
-/CODE-FULL.md
+
+.geminiignore

config.go

@@ -12,14 +12,8 @@ import (
 	"apigo.cc/go/safe"
 )
 
-var confAES *crypto.Symmetric
+var confAes, _ = crypto.NewAESGCMAndEraseKey([]byte("?GQ$0K0GgLdO=f+~L68PLm$uhKr4'=tV"), []byte("VFs7@sK61cj^f?HZ"))
-
+var keysOnce = sync.Once{}
-func init() {
-	crypto.OnSetDefaultAES(func(aes *crypto.Symmetric) {
-		confAES = aes
-	})
-}
-
 var configMutex sync.RWMutex
 
 // GlobalConfigs 存储整棵配置树
@@ -27,7 +21,12 @@ var GlobalConfigs = map[string]any{}
 
 // SetEncryptKeys 允许设置自定义的配置加解密密钥
 func SetEncryptKeys(key, iv []byte) {
-	crypto.SetDefaultAES(key, iv)
+	keysOnce.Do(func() {
+		if confAes != nil {
+			confAes.Close()
+		}
+		confAes, _ = crypto.NewAESGCMAndEraseKey(key, iv)
+	})
 }
 
 // Load 加载指定的配置文件并合并到 GlobalConfigs
@@ -190,7 +189,7 @@ func decryptMap(m map[string]any) []*safe.SafeBuf {
 			}
 
 			if err == nil && len(b64) > 0 {
-				if dec, err := confAES.DecryptBytes(b64); err == nil {
+				if dec, err := confAes.DecryptBytes(b64); err == nil {
 					sb := safe.NewSafeBufAndErase(dec)
 					m[k] = sb
 					safeBufs = append(safeBufs, sb)

go.mod

@@ -3,20 +3,20 @@ module apigo.cc/go/api
 go 1.25.0
 
 require (
-	apigo.cc/go/cast v1.3.3
+	apigo.cc/go/cast v1.3.0
-	apigo.cc/go/config v1.3.1
+	apigo.cc/go/config v1.3.0
-	apigo.cc/go/crypto v1.3.1
+	apigo.cc/go/crypto v1.3.0
-	apigo.cc/go/encoding v1.3.1
+	apigo.cc/go/encoding v1.3.0
-	apigo.cc/go/http v1.3.2
+	apigo.cc/go/http v1.3.0
-	apigo.cc/go/safe v1.3.1
+	apigo.cc/go/safe v1.3.0
 )
 
 require (
-	apigo.cc/go/file v1.3.2 // indirect
+	apigo.cc/go/file v1.3.0 // indirect
-	apigo.cc/go/id v1.3.1 // indirect
+	apigo.cc/go/id v1.3.0 // indirect
-	apigo.cc/go/log v1.3.4 // indirect
+	apigo.cc/go/log v1.3.0 // indirect
-	apigo.cc/go/rand v1.3.1 // indirect
+	apigo.cc/go/rand v1.3.0 // indirect
-	apigo.cc/go/shell v1.3.1 // indirect
+	apigo.cc/go/shell v1.3.0 // indirect
 	golang.org/x/crypto v0.51.0 // indirect
 	golang.org/x/net v0.54.0 // indirect
 	golang.org/x/sys v0.44.0 // indirect

go.sum

@@ -1,25 +1,25 @@
-apigo.cc/go/cast v1.3.3 h1:aln5eDR5DZVWVzZ/y5SJh1gQNgWv2sT82I25NaO9g34=
+apigo.cc/go/cast v1.2.10 h1:wa9/hz6GW6Z+5co6l7LftMn2Eo06WpVHHDCCQphnmH8=
-apigo.cc/go/cast v1.3.3/go.mod h1:lGlwImiOvHxG7buyMWhFzcdvQzmSaoKbmr7bcDfUpHk=
+apigo.cc/go/cast v1.2.10/go.mod h1:lGlwImiOvHxG7buyMWhFzcdvQzmSaoKbmr7bcDfUpHk=
-apigo.cc/go/config v1.3.1 h1:wZzUh4oL+fGD6SayVgX6prLPMsniM25etWFcEH8XzIE=
+apigo.cc/go/config v1.0.8 h1:ZvontnJngNJrm6EJAPYmPhmBnLC9V7g5kZLiuN1MT60=
-apigo.cc/go/config v1.3.1/go.mod h1:7KHz/1WmtBLM762Lln/TaXh2dmlMvJTLhnlk33zbS3U=
+apigo.cc/go/config v1.0.8/go.mod h1:FCZj70MCejeWwv81O7sdpg0zmjOzglAMmNEfT3dQYzw=
-apigo.cc/go/crypto v1.3.1 h1:ulQ2zX9bUWirk0sEacx1Srsjs2Jow7HlZq7ED7msNcg=
+apigo.cc/go/crypto v1.1.1 h1:AE0jNtKzcq4euz6fL9MAYEHQpbIEfDTHv2mriP/juig=
-apigo.cc/go/crypto v1.3.1/go.mod h1:SwHlBFDPddttWgFFtzsEMla8CM/rcFy9nvdsJjW4CIs=
+apigo.cc/go/crypto v1.1.1/go.mod h1:Q26As+TQrNs6olGkiVdD6649DJirxA4CUBT4oukKPuw=
-apigo.cc/go/encoding v1.3.1 h1:y8O58KYAyulkThg1O2ji2BqjnFoSvk42sit9I3z+K7Y=
+apigo.cc/go/encoding v1.1.2 h1:reSrLkyYrtZsf4S91XPdyBY2AQpvA43n9q0Q9wz5uJA=
-apigo.cc/go/encoding v1.3.1/go.mod h1:xAJk5b83VZ31mXMTnyp0dfMoBKfT/AHDn0u+cQfojgY=
+apigo.cc/go/encoding v1.1.2/go.mod h1:iLuvrYHEK8mLnk8jijx5Sv1tInFreny0yGNBouA1d20=
-apigo.cc/go/file v1.3.2 h1:pu4oiDyiqgj3/eykfnJf+/6+A9v/Z0b3ClP5XK+lwG4=
+apigo.cc/go/file v1.0.8 h1:GPkixU080cvrmz7cbdXkC2DqMvsWWyY3UzoyUVQYFvs=
-apigo.cc/go/file v1.3.2/go.mod h1:vci4h0Pz94mV6dkniQkuyBYERVYeq7/LX4jJVuCg9hs=
+apigo.cc/go/file v1.0.8/go.mod h1:T/wYji/va0S+JM2fAHonhKpnXKIELk/bmgnFEgMMY2s=
-apigo.cc/go/http v1.3.2 h1:0Or5KfoIq4+yeWKYusYPV8XLPw8XuzJMeaFv7dZViLI=
+apigo.cc/go/http v1.0.11 h1:EOlMXlTGrWY0RI3MynkV7noT49WiUdGVPdOtDJjIkU4=
-apigo.cc/go/http v1.3.2/go.mod h1:Q9R7Ors0Fz2A6Mxg0dykO2PjCzdAHRRXreOUMjMOLwA=
+apigo.cc/go/http v1.0.11/go.mod h1:K2JgyI7DblfbzAnK1OHx4PS/1Pvcoqcp3g2uwsCPe68=
-apigo.cc/go/id v1.3.1 h1:pkqi6VeWyQoHuIu0Zbx/RRxIAdM61Js0j6cY1M9XVCk=
+apigo.cc/go/id v1.0.7 h1:vXCK8mUW3s4cJYmli0o2BxgyI9XbJrG8gSGJOP2Fe4g=
-apigo.cc/go/id v1.3.1/go.mod h1:P2/vl3tyW3US+ayOFSMoPIOCulNLBngNYPhXJC/Z7J4=
+apigo.cc/go/id v1.0.7/go.mod h1:wXBrPpcEpyUDM7bp7M5uPM9zFw4VcnvXMQLw4Yd+uZE=
-apigo.cc/go/log v1.3.4 h1:UT8Neb9r4QjjbCFbTzw+ZeTxd+DmdmR5gNExeR4Cj+g=
+apigo.cc/go/log v1.1.16 h1:uqPqeHvs+FdNupLBzzamJmY4oHAqtPEkGuW/pW5i2nQ=
-apigo.cc/go/log v1.3.4/go.mod h1:/Q/2r51xWSsrS4QN5U9jLiTw8n6qNC8kG9nuVHweY20=
+apigo.cc/go/log v1.1.16/go.mod h1:bOfPXjrX2bY+FNG9eEtBnvaVXoxZDGvz0jQfF3s/mYk=
-apigo.cc/go/rand v1.3.1 h1:7FvsI6PtQ5XrWER0dTiLVo0p7GIxRidT/TBKhVy93j8=
+apigo.cc/go/rand v1.0.6 h1:p51rkaDrYUdZPIRbQAujZmQelWg2ipAMts33A/tG7QE=
-apigo.cc/go/rand v1.3.1/go.mod h1:mZ/4Soa3bk+XvDaqPWJuUe1bfEi4eThBj1XmEAuYxsk=
+apigo.cc/go/rand v1.0.6/go.mod h1:mZ/4Soa3bk+XvDaqPWJuUe1bfEi4eThBj1XmEAuYxsk=
-apigo.cc/go/safe v1.3.1 h1:irTCqPAC97gGsX/Lw5AzLelDt1xXLEZIAaVhLELWe9Q=
+apigo.cc/go/safe v1.0.7 h1:f0d+v9K2dHPyG5DNqhyddCmAmSiIqIfkPi/AMED/iQI=
-apigo.cc/go/safe v1.3.1/go.mod h1:XdOpBhN2vkImalaykYXXmEpczqWa1y3ah6/Q72cdRqE=
+apigo.cc/go/safe v1.0.7/go.mod h1:Hu7TVDWPe/I+nBZfYJH4mt+ROzG+rwk2D1zHTXj/2eE=
-apigo.cc/go/shell v1.3.1 h1:M8oD0b2HcJuCC6frQFx11b3UTcTx3lATX8XK+YXSVm8=
+apigo.cc/go/shell v1.0.6 h1:RngaSMr2AkAFDl545A1Ln+D8ckqV2jknUp4PohDaLIA=
-apigo.cc/go/shell v1.3.1/go.mod h1:ZMdJjpCpWdvsHKUXlelh/AxsV/nWdkH/k3lISfzMdUw=
+apigo.cc/go/shell v1.0.6/go.mod h1:X7Nozjd7oau4nvAJCI21vxrxfd4ZL5nE4C6eUsmi2Hc=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=

security_test.go

@@ -14,7 +14,7 @@ func TestSafeConfigDecryption(t *testing.T) {
 	SetEncryptKeys(key, iv)
 
 	plaintext := "my-secret-password"
-	ciphertext, _ := confAES.EncryptBytes([]byte(plaintext))
+	ciphertext, _ := confAes.EncryptBytes([]byte(plaintext))
 	b64 := encoding.Base64ToString(ciphertext)
 
 	GlobalConfigs = map[string]any{