文件加密存储

file/views.py

@@ -10,6 +10,7 @@ from utils.debug import debug_view
 from utils.http import make_json_response
 from utils.permission import can_delete
 from utils.crypto import secure_transport
+from utils.crypto import get_file_encrypt_cipher
 import base64
 
 # Create your views here.
@@ -21,7 +22,7 @@ import base64
 def upload_file(request):
     data = request.POST
     user = get_user(request)
-    key = data.get('key')
+    key = data.get('key', '')
     if key:
         file_b64 = data.get('file_b64')
         if not file_b64:
@@ -51,7 +52,9 @@ def upload_file(request):
         file_path = file.get_path()
         with open(file_path, 'wb+') as f:
             if key:
-                f.write(base64.b64decode(file_b64))
+                file_bytes = base64.b64decode(file_b64)
+                enc_file_bytes = get_file_encrypt_cipher().encrypt(file_bytes)
+                f.write(enc_file_bytes)
             else:
                 for chunk in file_obj.chunks():
                     f.write(chunk)
@@ -81,7 +84,9 @@ def download_file(request):
         return make_json_response(code=500, error='文件读取失败')
     if file.key:
         try:
-            file_b64 = base64.b64encode(f.read()).decode()
+            enc_file_bytes = f.read()
+            file_bytes = get_file_encrypt_cipher().decrypt(enc_file_bytes)
+            file_b64 = base64.b64encode(file_bytes).decode()
             f.close()
         except:
             return make_json_response(code=500, error='文件读取失败')

st_cloud/settings.py

@@ -22,6 +22,7 @@ MEDIA_ROOT = BASE_DIR / 'upload/'
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'django-insecure-h1r^p(6-s&@7u!q(sv%_@97fxv(ikbi7d9p#i9+-o_3&pbpw(j'
 SALT = 'sa0v-038auwmd-r0awvy4-0y4vs9mdy9-aby09384vy-amr9tv8ybsva9v4y'
+FILE_ENCRYPT_IV = 'fv70a9j938hvan09rh'
 
 # SECURITY WARNING: don't run with utils turned on in production!
 DEBUG = True

utils/crypto.py

@@ -7,6 +7,7 @@ from functools import wraps
 from utils.http import make_json_response
 from urllib import parse
 from django.http import JsonResponse
+from django.conf import settings
 
 import json
 
@@ -25,6 +26,15 @@ with open('private.rsa') as f:
     # print(private_key.exportKey().decode(encoding='utf-8'))
 
 
+def get_padding(content):
+    padding = 16 - len(content) % 16
+    return bytes([padding] * padding)
+
+
+def get_file_encrypt_cipher(key):
+    return AES.new(key.encode(), AES.MODE_CBC, settings.IV.encode())
+
+
 # 安全传输decorator
 def secure_transport(view_func):
     @wraps(view_func)
@@ -66,13 +76,13 @@ def secure_transport(view_func):
             return raw_response
 
         content = json.dumps({'data': json.loads(raw_response.content)}).encode('utf-8')
-        padding = 16 - len(content) % 16
-        content += bytes([padding] * padding)
+        content += get_padding(content)
         print(content)
 
         enc_content = base64.b64encode(get_aes_cipher().encrypt(content)).decode('utf-8')
         print(enc_content)
-        print(get_aes_cipher().decrypt(base64.b64decode(enc_content.encode('utf-8'))))
+        if settings.DEBUG:
+            print(get_aes_cipher().decrypt(base64.b64decode(enc_content.encode('utf-8'))))
         return make_json_response(enc_content=enc_content)
     return _wrapped_view