Merge pull request #2 from co0ontty/feat/ec-support

feat: add v2 support

Author: KuaiYu95

README.md

@@ -4,7 +4,8 @@
 
 访问验证码服务，创建验证码场景并获取配置信息
 
-[国内应用地址](https://rivers.chaitin.cn/?rc=KYWFRHCKNYWJ7VAZQZSDNJUOAUSXZ4XB&app_scope=scaptcha)
+[v1应用地址](https://rivers.chaitin.cn/?rc=KYWFRHCKNYWJ7VAZQZSDNJUOAUSXZ4XB&app_scope=scaptcha)
+[v2应用地址](https://captcha.app.safepoint.cloud/)
 
 ### 业务接入
 [前端业务接入 demo](https://github.com/chaitin/scaptcha-sdk-golang/-/blob/main/demo.html)

cmd/demo/demo.go

@@ -7,11 +7,8 @@ import (
 )
 
 func main() {
-	publicKeyStr := `-----BEGIN PUBLIC KEY-----
-	***
------END PUBLIC KEY-----
-		`
-	verifyJWTokenken := "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU4MTQ5MzMsImlhdCI6MTczNTgxNDYzMywiaXNzIjoiY2hhaXRpbi9zLWNhcHRjaGEiLCJ2aWQiOiI3N2M4M2E2MjNmZDQxMmJlYjczMDYxZDA3MjgzOWIzYyJ9.lna1PIMJ1zM6vwytnEn_6TEjkMb7-ycVRjYRnbDqqVNcjc35OYZ-dpNDPaMOtL7UJPhu7FHNbOV7BjnrGv-XAU_qHQcdTF7jCjV2J8rOQWSyF8htQ5d1Cvm0R2k1A_zsEYmCfAP8S7Dd_kFyShxUfSPmtIbSk8le1VOa3hfxgsBV8QtwxIZDD5l2TjCprYTbLv6vTu7PFZS5cMV68EZ1PvyuJzu9VEUEkhnSjh859mZLOUOQfO5d6M1oAFoBvRKLTLLvd5GGGmUkto40IKW7Gjh5jFEpaKNUX9GBpUMrqWz5fpwNK08oMQEqOdIdr2nfpsSxuZIiK-2QC9X6rlZwPw"
+	publicKeyStr := `publicKeyStr`
+	verifyJWTokenken := "this-is-a-token"
 	// 创建验证器
 	verifier, err := verify.NewTokenVerifier(publicKeyStr)
 	if err != nil {

go.mod

@@ -2,4 +2,4 @@ module github.com/chaitin/scaptcha-sdk-golang
 
 go 1.23.3
 
-require github.com/golang-jwt/jwt/v5 v5.2.1
+require github.com/golang-jwt/jwt v3.2.2+incompatible

go.sum

@@ -1,2 +1,2 @@
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=

utils/rsa.go

@@ -1,11 +1,9 @@
 package utils
 
 import (
-	"bytes"
-	"crypto"
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/pem"
 	"errors"
 	"strings"
@@ -20,10 +18,6 @@ const (
 
 	kPKCS8Prefix = "-----BEGIN PRIVATE KEY-----"
 	KPKCS8Suffix = "-----END PRIVATE KEY-----"
-
-	kPublicKeyType     = "PUBLIC KEY"
-	kPrivateKeyType    = "PRIVATE KEY"
-	kRSAPrivateKeyType = "RSA PRIVATE KEY"
 )
 
 var (
@@ -32,6 +26,10 @@ var (
 )
 
 func FormatPublicKey(raw string) []byte {
+	newRaw, err := base64.StdEncoding.DecodeString(raw)
+	if err == nil {
+		raw = string(newRaw)
+	}
 	return formatKey(raw, kPublicKeyPrefix, kPublicKeySuffix, 64)
 }
 
@@ -75,209 +73,24 @@ func ParsePKCS8PrivateKey(data []byte) (key *rsa.PrivateKey, err error) {
 	}
 
 	key, ok := rawKey.(*rsa.PrivateKey)
-	if ok == false {
+	if !ok {
 		return nil, ErrPrivateKeyFailedToLoad
 	}
 
 	return key, err
 }
 
-func ParsePublicKey(data []byte) (key *rsa.PublicKey, err error) {
+func ParsePublicKey(data []byte) (key any, err error) {
 	var block *pem.Block
 	block, _ = pem.Decode(data)
 	if block == nil {
 		return nil, ErrPublicKeyFailedToLoad
 	}
 
-	var pubInterface interface{}
-	pubInterface, err = x509.ParsePKIXPublicKey(block.Bytes)
+	key, err = x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
 		return nil, err
 	}
-	key, ok := pubInterface.(*rsa.PublicKey)
-	if !ok {
-		return nil, ErrPublicKeyFailedToLoad
-	}
 
 	return key, err
 }
-
-func packageData(data []byte, packageSize int) (r [][]byte) {
-	src := make([]byte, len(data))
-	copy(src, data)
-
-	r = make([][]byte, 0)
-	if len(src) <= packageSize {
-		return append(r, src)
-	}
-	for len(src) > 0 {
-		p := src[:packageSize]
-		r = append(r, p)
-		src = src[packageSize:]
-		if len(src) <= packageSize {
-			r = append(r, src)
-			break
-		}
-	}
-	return r
-}
-
-// RSAEncrypt 使用公钥 key 对数据 data 进行 RSA 加密
-func RSAEncrypt(plaintext, key []byte) ([]byte, error) {
-	pubKey, err := ParsePublicKey(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return RSAEncryptWithKey(plaintext, pubKey)
-}
-
-// RSAEncryptWithKey 使用公钥 key 对数据 data 进行 RSA 加密
-func RSAEncryptWithKey(plaintext []byte, key *rsa.PublicKey) ([]byte, error) {
-	pData := packageData(plaintext, key.N.BitLen()/8-11)
-	ciphertext := make([]byte, 0, 0)
-
-	for _, d := range pData {
-		c, e := rsa.EncryptPKCS1v15(rand.Reader, key, d)
-		if e != nil {
-			return nil, e
-		}
-		ciphertext = append(ciphertext, c...)
-	}
-
-	return ciphertext, nil
-}
-
-// RSADecryptWithPKCS1 使用私钥 key 对数据 data 进行 RSA 解密，key 的格式为 pkcs1
-func RSADecryptWithPKCS1(ciphertext, key []byte) ([]byte, error) {
-	priKey, err := ParsePKCS1PrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return RSADecryptWithKey(ciphertext, priKey)
-}
-
-// RSADecryptWithPKCS8 使用私钥 key 对数据 data 进行 RSA 解密，key 的格式为 pkcs8
-func RSADecryptWithPKCS8(ciphertext, key []byte) ([]byte, error) {
-	priKey, err := ParsePKCS8PrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return RSADecryptWithKey(ciphertext, priKey)
-}
-
-// RSADecryptWithKey 使用私钥 key 对数据 data 进行 RSA 解密
-func RSADecryptWithKey(ciphertext []byte, key *rsa.PrivateKey) ([]byte, error) {
-	pData := packageData(ciphertext, key.PublicKey.N.BitLen()/8)
-	plaintext := make([]byte, 0, 0)
-
-	for _, d := range pData {
-		p, e := rsa.DecryptPKCS1v15(rand.Reader, key, d)
-		if e != nil {
-			return nil, e
-		}
-		plaintext = append(plaintext, p...)
-	}
-	return plaintext, nil
-}
-
-func RSASignWithPKCS1(plaintext, key []byte, hash crypto.Hash) ([]byte, error) {
-	priKey, err := ParsePKCS1PrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-	return RSASignWithKey(plaintext, priKey, hash)
-}
-
-func RSASignWithPKCS8(plaintext, key []byte, hash crypto.Hash) ([]byte, error) {
-	priKey, err := ParsePKCS8PrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-	return RSASignWithKey(plaintext, priKey, hash)
-}
-
-func RSASignWithKey(plaintext []byte, key *rsa.PrivateKey, hash crypto.Hash) ([]byte, error) {
-	h := hash.New()
-	h.Write(plaintext)
-	hashed := h.Sum(nil)
-	return rsa.SignPKCS1v15(rand.Reader, key, hash, hashed)
-}
-
-func RSAVerify(ciphertext, sign, key []byte, hash crypto.Hash) error {
-	pubKey, err := ParsePublicKey(key)
-	if err != nil {
-		return err
-	}
-	return RSAVerifyWithKey(ciphertext, sign, pubKey, hash)
-}
-
-func RSAVerifyWithKey(ciphertext, sign []byte, key *rsa.PublicKey, hash crypto.Hash) error {
-	h := hash.New()
-	h.Write(ciphertext)
-	hashed := h.Sum(nil)
-	return rsa.VerifyPKCS1v15(key, hash, hashed, sign)
-}
-
-func getPublicKeyBytes(publicKey *rsa.PublicKey) ([]byte, error) {
-	pubDer, err := x509.MarshalPKIXPublicKey(publicKey)
-	if err != nil {
-		return nil, err
-	}
-
-	pubBlock := &pem.Block{Type: kPublicKeyType, Bytes: pubDer}
-
-	var pubBuf bytes.Buffer
-	if err = pem.Encode(&pubBuf, pubBlock); err != nil {
-		return nil, err
-	}
-	return pubBuf.Bytes(), nil
-}
-
-func GenRSAKeyWithPKCS1(bits int) (privateKey, publicKey []byte, err error) {
-	priKey, err := rsa.GenerateKey(rand.Reader, bits)
-	if err != nil {
-		return nil, nil, err
-	}
-	priDer := x509.MarshalPKCS1PrivateKey(priKey)
-	priBlock := &pem.Block{Type: kRSAPrivateKeyType, Bytes: priDer}
-
-	var priBuf bytes.Buffer
-	if err = pem.Encode(&priBuf, priBlock); err != nil {
-		return nil, nil, err
-	}
-
-	publicKey, err = getPublicKeyBytes(&priKey.PublicKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	privateKey = priBuf.Bytes()
-	return privateKey, publicKey, err
-}
-
-func GenRSAKeyWithPKCS8(bits int) (privateKey, publicKey []byte, err error) {
-	priKey, err := rsa.GenerateKey(rand.Reader, bits)
-	if err != nil {
-		return nil, nil, err
-	}
-	priDer, err := x509.MarshalPKCS8PrivateKey(priKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	priBlock := &pem.Block{Type: kPrivateKeyType, Bytes: priDer}
-
-	var priBuf bytes.Buffer
-	if err = pem.Encode(&priBuf, priBlock); err != nil {
-		return nil, nil, err
-	}
-
-	publicKey, err = getPublicKeyBytes(&priKey.PublicKey)
-	if err != nil {
-		return nil, nil, err
-	}
-	privateKey = priBuf.Bytes()
-
-	return privateKey, publicKey, err
-}

verify.go

@@ -1,13 +1,12 @@
 package verify
 
 import (
-	"crypto/rsa"
 	"fmt"
 	"sync"
 	"time"
 
 	"github.com/chaitin/scaptcha-sdk-golang/utils"
-	"github.com/golang-jwt/jwt/v5"
+	"github.com/golang-jwt/jwt"
 )
 
 // 可能需要返回给用户业务的数据，v-id、score等
@@ -17,7 +16,8 @@ type VerifyClaims struct {
 
 // TokenVerifier 处理 JWT token 的验证和防重放
 type TokenVerifier struct {
-	publicKey *rsa.PublicKey
+	publicKey any
+	// publicKey *rsa.PublicKey
 	// 使用 sync.Map 替代普通 map，专门用于并发场景
 	usedTokens sync.Map
 	// 清理间隔
@@ -74,9 +74,6 @@ func (v *TokenVerifier) Stop() {
 // VerifyToken 验证 token 并防止重放攻击
 func (v *TokenVerifier) VerifyToken(tokenString string) (bool, VerifyClaims, error) {
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
-			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-		}
 		return v.publicKey, nil
 	})
 	if err != nil {
@@ -89,7 +86,12 @@ func (v *TokenVerifier) VerifyToken(tokenString string) (bool, VerifyClaims, err
 	}
 
 	// 验证过期时间
-	exp, err := claims.GetExpirationTime()
+	expClaim, ok := claims["exp"].(float64)
+	if !ok {
+		err = fmt.Errorf("exp claim not found or invalid type")
+		return false, VerifyClaims{}, err
+	}
+	exp := time.Unix(int64(expClaim), 0)
 	if err != nil {
 		return false, VerifyClaims{}, fmt.Errorf("exp not found")
 	}