| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 | package middlewareimport (	"cold-delivery/conf"	"crypto/hmac"	"crypto/sha256"	"encoding/hex"	"errors"	"fmt"	"github.com/gin-gonic/gin"	"gogs.baozhida.cn/zoie/OAuth-core/pkg/response"	"net/http"	"strconv"	"time")const apiKeyHeader = "X-API-KEY"const apiSignatureHeader = "X-API-SIGNATURE"const apiTimestampHeader = "X-API-TIMESTAMP"// 验证签名是否有效func isValidSignature(apiKey, signature, timestamp string) bool {	// 使用提供的 API Key 查找对应的 API Secret	if apiKey != conf.ExtConfig.OpenApi.ApiKey {		return false	}	secret := conf.ExtConfig.OpenApi.Secret	// 计算签名,签名内容是 "apiKey + timestamp"	message := apiKey + timestamp	mac := hmac.New(sha256.New, []byte(secret))	mac.Write([]byte(message))	expectedSignature := hex.EncodeToString(mac.Sum(nil))	fmt.Println("apiKey:", apiKey)	fmt.Println("secret:", secret)	fmt.Println("时间戳:", timestamp)	fmt.Println("生成的签名:", expectedSignature)	fmt.Println("传递的签名:", signature)	// 验证客户端提供的签名是否与预期签名匹配	return hmac.Equal([]byte(signature), []byte(expectedSignature))}// AuthCheckRole 权限检查中间件func ApiKeyAuthMiddleware() gin.HandlerFunc {	return func(c *gin.Context) {		apiKey := c.GetHeader(apiKeyHeader)		signature := c.GetHeader(apiSignatureHeader)		timestamp := c.GetHeader(apiTimestampHeader)		// 检查 API Key, 签名和时间戳是否存在		if apiKey == "" || signature == "" || timestamp == "" {			err := errors.New("API Key, Signature, and Timestamp required")			response.Error(c, http.StatusUnauthorized, err, err.Error())			return		}		// 校验请求的签名是否有效		if !isValidSignature(apiKey, signature, timestamp) {			err := errors.New("Invalid Signature")			response.Error(c, http.StatusForbidden, err, err.Error())			return		}		// 校验时间戳是否在合理范围内(防止重放攻击)		sec, _ := strconv.ParseInt(timestamp, 10, 64)		reqTime := time.Unix(sec, 0)		if time.Since(reqTime) > 5*time.Minute {			err := errors.New("Request too old or invalid timestamp")			response.Error(c, http.StatusForbidden, err, err.Error())			return		}		// 如果鉴权成功,继续处理请求		c.Next()		return	}}
 |