package initializer

import (
	"github.com/go-web-kits/dbx"
	. "github.com/go-web-kits/secure_storage"
	"github.com/go-web-kits/utils/settings"
)

func InitSecureStorage() {
	_ = Init(dbx.Conn().DB, Config{Key: settings.String("key")})
}

请注意 AES256 key 长度为 32 位

Definition

type User struct {
	Email          string `encrypt_to:"EncryptedEmail" gorm:"-"`
	EncryptedEmail string `decrypt_to:"Email"          db:"encrypted_email"`

	secure_storage.Enable
}

Usage

Create

user := User{Email: "[email protected]"}
dbx.Create(&user)
user.Email          // "[email protected]"
user.EncryptedEmail // "<encrypted>"

Update

gorm UpdateColumns / dbx UpdateBy

dbx.UpdateBy(&user, map[string]interface{}{"email": "[email protected]"})
user.Email          // "[email protected]"
user.EncryptedEmail // "<encrypted>"

gorm Updates / dbx Update

user.Email = "[email protected]"
dbx.Update(&user)
user.Email          // "[email protected]"
user.EncryptedEmail // "<encrypted>"

Tip: dbx Definition Uniqueness 填写 Account 而不是 EncryptedEmail

Query

dbx.First(&user)
user.Email          // "[email protected]"
user.EncryptedEmail // "<encrypted>"

注意：以下示例（自动改变查询条件中的加密字段）仅限于 dbx 的 EQ / IN 两个 Conditioner

dbx.Find(&user, dbx.EQ{"email": "[email protected]"})
user.Email          // "[email protected]"
user.EncryptedEmail // "<encrypted>"

另外：base64 decode 不成功的时候，会认为该值未加密，将会【自动】更新为加密值

Migrate Data

初始化配置中设置 MigrateMode 为 true, 去除 gorm:"-"
跑 Migration 增加加密列

存量数据迁移，例如

total, err := dbx.Model(reflectx.New(model)).Count()
if err != nil {
    panic(err)
}
totalPage := int(total) % 100

for page := 0; page < totalPage; page++ {
    dbx.Where(reflectx.New(model), nil, dbx.With{Page: page, Rows: 100})
}

拿掉 MigrateMode，同时发版有关加密列数据库操作的逻辑
remove 非加密列