fix(security): 修复多个MED安全问题

MED-03: 数据库密码明文配置 - 在 gateway/internal/config/config.go 中添加 AES-GCM 加密支持 - 添加 EncryptedPassword 字段和 GetPassword() 方法 - 支持密码加密存储和解密获取 MED-04: 审计日志Route字段未验证 - 在 supply-api/internal/middleware/auth.go 中添加 sanitizeRoute() 函数 - 防止路径遍历攻击（.., ./, \ 等） - 防止 null 字节和换行符注入 MED-05: 请求体大小无限制 - 在 gateway/internal/handler/handler.go 中添加 MaxRequestBytes 限制（1MB） - 添加 maxBytesReader 包装器 - 添加 COMMON_REQUEST_TOO_LARGE 错误码 MED-08: 缺少CORS配置 - 创建 gateway/internal/middleware/cors.go CORS 中间件 - 支持来源域名白名单、通配符子域名 - 支持预检请求处理和凭证配置 MED-09: 错误信息泄露内部细节 - 添加测试验证 JWT 错误消息不包含敏感信息 - 当前实现已正确返回安全错误消息 MED-10: 数据库凭证日志泄露风险 - 在 gateway/cmd/gateway/main.go 中使用 GetPassword() 代替 Password - 避免 DSN 中明文密码被记录 MED-11: 缺少Token刷新机制 - 当前 verifyToken() 已正确验证 token 过期时间 - Token 刷新需要额外的 refresh token 基础设施 MED-12: 缺少暴力破解保护 - 添加 BruteForceProtection 结构体 - 支持最大尝试次数和锁定时长配置 - 在 TokenVerifyMiddleware 中集成暴力破解保护
2026-04-03 09:51:39 +08:00
parent b2d32be14f
commit d44e9966e0
11 changed files with 1172 additions and 143 deletions
--- a/gateway/internal/config/config_security_test.go
+++ b/gateway/internal/config/config_security_test.go
@@ -0,0 +1,137 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestMED03_DatabasePassword_GetPasswordReturnsDecrypted(t *testing.T) {
+	// MED-03: Database password should be encrypted when stored
+	// GetPassword() method should return decrypted password
+
+	// Test with EncryptedPassword field
+	cfg := &DatabaseConfig{
+		Host:              "localhost",
+		Port:              5432,
+		User:              "postgres",
+		EncryptedPassword: "dGVzdDEyMw==", // base64 encoded "test123" in AES-GCM format
+		Database:          "gateway",
+		MaxConns:          10,
+	}
+
+	// After fix: GetPassword() should return decrypted value
+	password := cfg.GetPassword()
+	if password == "" {
+		t.Error("GetPassword should return non-empty decrypted password")
+	}
+}
+
+func TestMED03_EncryptedPasswordField(t *testing.T) {
+	// Test that encrypted password can be properly encrypted and decrypted
+	originalPassword := "mysecretpassword123"
+
+	// Encrypt the password
+	encrypted, err := encryptPassword(originalPassword)
+	if err != nil {
+		t.Fatalf("encryption failed: %v", err)
+	}
+
+	if encrypted == "" {
+		t.Error("encryption should produce non-empty result")
+	}
+
+	// Encrypted password should be different from original
+	if encrypted == originalPassword {
+		t.Error("encrypted password should differ from original")
+	}
+
+	// Should be able to decrypt back to original
+	decrypted, err := decryptPassword(encrypted)
+	if err != nil {
+		t.Fatalf("decryption failed: %v", err)
+	}
+	if decrypted != originalPassword {
+		t.Errorf("decrypted password should match original, got %s", decrypted)
+	}
+}
+
+func TestMED03_PasswordGetterReturnsDecrypted(t *testing.T) {
+	// Test that GetPassword returns decrypted password
+	originalPassword := "production_secret_456"
+	encrypted, err := encryptPassword(originalPassword)
+	if err != nil {
+		t.Fatalf("encryption failed: %v", err)
+	}
+
+	cfg := &DatabaseConfig{
+		Host:              "localhost",
+		Port:              5432,
+		User:              "postgres",
+		EncryptedPassword: encrypted,
+		Database:          "gateway",
+		MaxConns:          10,
+	}
+
+	// After fix: GetPassword() should return decrypted value
+	password := cfg.GetPassword()
+	if password != originalPassword {
+		t.Errorf("GetPassword should return decrypted password, got %s", password)
+	}
+}
+
+func TestMED03_FallbackToPlainPassword(t *testing.T) {
+	// Test that if EncryptedPassword is empty, Password field is used
+	cfg := &DatabaseConfig{
+		Host:     "localhost",
+		Port:     5432,
+		User:     "postgres",
+		Password: "fallback_password",
+		Database: "gateway",
+		MaxConns: 10,
+	}
+
+	password := cfg.GetPassword()
+	if password != "fallback_password" {
+		t.Errorf("GetPassword should fallback to Password field, got %s", password)
+	}
+}
+
+func TestMED03_RedisPassword_GetPasswordReturnsDecrypted(t *testing.T) {
+	// Test Redis password encryption as well
+	originalPassword := "redis_secret_pass"
+	encrypted, err := encryptPassword(originalPassword)
+	if err != nil {
+		t.Fatalf("encryption failed: %v", err)
+	}
+
+	cfg := &RedisConfig{
+		Host:              "localhost",
+		Port:              6379,
+		EncryptedPassword: encrypted,
+		DB:                0,
+		PoolSize:          10,
+	}
+
+	password := cfg.GetPassword()
+	if password != originalPassword {
+		t.Errorf("GetPassword should return decrypted password for Redis, got %s", password)
+	}
+}
+
+func TestMED03_EncryptEmptyString(t *testing.T) {
+	// Test that empty strings are handled correctly
+	encrypted, err := encryptPassword("")
+	if err != nil {
+		t.Fatalf("encryption of empty string failed: %v", err)
+	}
+	if encrypted != "" {
+		t.Error("encryption of empty string should return empty string")
+	}
+
+	decrypted, err := decryptPassword("")
+	if err != nil {
+		t.Fatalf("decryption of empty string failed: %v", err)
+	}
+	if decrypted != "" {
+		t.Error("decryption of empty string should return empty string")
+	}
+}