ben/coze-studio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(plugin): enhanced AES encryption security (#533)

Browse Source
This commit is contained in:
mrh997
2025-08-04 20:03:31 +08:00
committed by GitHub
parent 36923bd0a4
commit f80d4f757b
8 changed files with 230 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/api/model/crossdomain/plugin/plugin_manifest.go
View File

@@ -19,6 +19,7 @@ package plugin
import (
"encoding/json"
"net/url"
"os"
"strings"
api "github.com/coze-dev/coze-studio/backend/api/model/plugin_develop_common"
@@ -74,7 +75,12 @@ func (mf *PluginManifest) EncryptAuthPayload() (*PluginManifest, error) {
return mf_, nil
}
payload_, err := utils.EncryptByAES([]byte(mf_.Auth.Payload), utils.AuthSecretKey)
secret := os.Getenv(utils.AuthSecretEnv)
if secret == "" {
secret = utils.DefaultAuthSecret
}
payload_, err := utils.EncryptByAES([]byte(mf_.Auth.Payload), secret)
if err != nil {
return nil, err
}
@@ -357,7 +363,12 @@ func (au *AuthV2) UnmarshalJSON(data []byte) error {
}
if auth.Payload != "" {
payload_, err := utils.DecryptByAES(auth.Payload, utils.AuthSecretKey)
secret := os.Getenv(utils.AuthSecretEnv)
if secret == "" {
secret = utils.DefaultAuthSecret
}
payload_, err := utils.DecryptByAES(auth.Payload, secret)
if err == nil {
auth.Payload = string(payload_)
}