fix bugs

file/views.py

@@ -10,7 +10,7 @@ from utils.debug import debug_view
 from utils.http import make_json_response
 from utils.permission import can_delete
 from utils.crypto import secure_transport
-from utils.crypto import get_file_encrypt_cipher
+from utils.crypto import get_file_encrypt_cipher, get_padding
 import base64
 
 # Create your views here.
@@ -52,13 +52,18 @@ def upload_file(request):
         file_path = file.get_path()
         with open(file_path, 'wb+') as f:
             if key:
-                file_bytes = base64.b64decode(file_b64)
-                enc_file_bytes = get_file_encrypt_cipher().encrypt(file_bytes)
+                print(key)
+                file.file_type, content_b64 = file_b64.split(',')
+                file.save()
+                file_bytes = base64.b64decode(content_b64)
+                file_bytes += get_padding(file_bytes)
+                enc_file_bytes = get_file_encrypt_cipher(key).encrypt(file_bytes)
                 f.write(enc_file_bytes)
             else:
                 for chunk in file_obj.chunks():
                     f.write(chunk)
     except Exception as e:
+        print(e)
         file.delete()
         return make_json_response(code=500, error='文件保存失败')
 
@@ -85,10 +90,12 @@ def download_file(request):
     if file.key:
         try:
             enc_file_bytes = f.read()
-            file_bytes = get_file_encrypt_cipher().decrypt(enc_file_bytes)
-            file_b64 = base64.b64encode(file_bytes).decode()
+            file_bytes = get_file_encrypt_cipher(file.key).decrypt(enc_file_bytes)
+            content_b64 = base64.b64encode(file_bytes).decode()
+            file_b64 = f'{file.file_type},{content_b64}'
             f.close()
-        except:
+        except Exception as e:
+            print(e)
             return make_json_response(code=500, error='文件读取失败')
         return make_json_response(file_b64=file_b64, **file.to_json())
     else:

st_cloud/settings.py

@@ -23,7 +23,7 @@ DATA_UPLOAD_MAX_MEMORY_SIZE = None
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'django-insecure-h1r^p(6-s&@7u!q(sv%_@97fxv(ikbi7d9p#i9+-o_3&pbpw(j'
 SALT = 'sa0v-038auwmd-r0awvy4-0y4vs9mdy9-aby09384vy-amr9tv8ybsva9v4y'
-FILE_ENCRYPT_IV = 'fv70a9j938hvan09rh'
+FILE_ENCRYPT_IV = 'F9FA3DBC9D8HAFDF'
 
 # SECURITY WARNING: don't run with utils turned on in production!
 DEBUG = True

utils/crypto.py

@@ -32,7 +32,7 @@ def get_padding(content):
 
 
 def get_file_encrypt_cipher(key):
-    return AES.new(key.encode(), AES.MODE_CBC, settings.IV.encode())
+    return AES.new(key.encode(), AES.MODE_CBC, settings.FILE_ENCRYPT_IV.encode())
 
 
 # 安全传输decorator
@@ -65,10 +65,11 @@ def secure_transport(view_func):
             loaded = {}
             plain_text = parse.unquote(plain_text)
             print(plain_text)
-            for p in map(lambda s: s.split('='), plain_text.split('&')):
-                loaded[p[0]] = p[1]
+            for kv in plain_text.split('&'):
+                p = kv.find('=')
+                loaded[kv[:p]] = kv[p+1:]
         dec_request = request
-        dec_request.POST = {'key': key, **request.POST, **loaded}
+        dec_request.POST = {'key': aes_key, **request.POST, **loaded}
 
         raw_response = view_func(dec_request, *args, **kwargs)