balki/speedtest-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
cd20f44d20b39c039406a3349772b9be2399a21a
speedtest-go/results/idobfuscation.go
T
Maddie Zhan cd20f44d20 Sync PHP backend feature parity: IP detection, database backends, API endpoints, and frontend 
- IP detection: Cloudflare IPv6, ULA IPv6, proxy header chain, offline GeoIP DB
- Database: add SQLite (pure Go, no CGo) and MSSQL backends
- API: add JSON result sharing endpoint and ID obfuscation
- Frontend: add modern CSS design, design switcher, favicon
- Compatibility: ?cors parameter support, human-friendly distance rounding
- Update Go to 1.21, add modernc.org/sqlite and maxminddb deps
2026-04-30 13:53:52 +08:00

120 lines
3.2 KiB
Go
Raw Blame History

package results
import (
"crypto/rand"
"encoding/base64"
"encoding/binary"
"fmt"
"os"
"path/filepath"
"sync"
"github.com/oklog/ulid/v2"
log "github.com/sirupsen/logrus"
)
// ID obfuscation provides an optional privacy layer for test result URLs.
// When enabled, the telemetry endpoint returns an obfuscated ULID that must
// be deobfuscated before looking up the result.
//
// This is NOT cryptographically secure — it prevents casual ID guessing,
// matching the behavior of the PHP version's idObfuscation.php.
var (
obfuscationSalt uint32
obfuscationSaltOnce sync.Once
obfuscationSaltErr error
)
const obfuscationSaltFile = "idObfuscation_salt.bin"
func getOrCreateObfuscationSalt() (uint32, error) {
obfuscationSaltOnce.Do(func() {
data, err := os.ReadFile(obfuscationSaltFile)
if err == nil && len(data) == 4 {
obfuscationSalt = binary.LittleEndian.Uint32(data)
return
}
saltBytes := make([]byte, 4)
if _, err := rand.Read(saltBytes); err != nil {
obfuscationSaltErr = fmt.Errorf("failed to generate obfuscation salt: %w", err)
return
}
obfuscationSalt = binary.LittleEndian.Uint32(saltBytes)
dir := filepath.Dir(obfuscationSaltFile)
if dir != "." {
if err := os.MkdirAll(dir, 0755); err != nil {
log.Warnf("Could not create directory for obfuscation salt file: %s", err)
}
}
if err := os.WriteFile(obfuscationSaltFile, saltBytes, 0644); err != nil {
log.Warnf("Could not save obfuscation salt file: %s", err)
}
})
return obfuscationSalt, obfuscationSaltErr
}
// obfuscateBytes applies reversible transform on ULID bytes:
// XOR the first 4 bytes with the salt (simple but effective for casual privacy)
func obfuscateBytes(data []byte) []byte {
salt, err := getOrCreateObfuscationSalt()
if err != nil || len(data) < 4 {
return data
}
result := make([]byte, len(data))
copy(result, data)
val := binary.LittleEndian.Uint32(result[:4])
val ^= salt
binary.LittleEndian.PutUint32(result[:4], val)
return result
}
// deobfuscateBytes reverses obfuscateBytes (XOR is self-inverse)
var deobfuscateBytes = obfuscateBytes
// ObfuscateULID transforms a ULID string to its obfuscated (base64) form
func ObfuscateULID(id string) string {
parsed, err := ulid.Parse(id)
if err != nil {
return id
}
obfuscated := obfuscateBytes(parsed[:])
return base64.RawURLEncoding.EncodeToString(obfuscated)
}
// DeobfuscateULID reverses ULID obfuscation
func DeobfuscateULID(obfuscated string) (string, error) {
data, err := base64.RawURLEncoding.DecodeString(obfuscated)
if err != nil {
return "", fmt.Errorf("invalid obfuscated ID encoding: %w", err)
}
if len(data) != 16 {
return "", fmt.Errorf("invalid obfuscated ID length: %d", len(data))
}
deobfuscated := deobfuscateBytes(data)
var id ulid.ULID
copy(id[:], deobfuscated)
return id.String(), nil
}
// ResolveID takes an ID string and returns the database ULID.
// It tries the raw input first, then attempts deobfuscation.
func ResolveID(id string) string {
// First try: use as-is (plain ULID)
if _, err := ulid.Parse(id); err == nil {
return id
}
// Second try: deobfuscate
if deobfuscated, err := DeobfuscateULID(id); err == nil {
return deobfuscated
}
return id
}
Reference in New Issue View Git Blame Copy Permalink