123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 |
- package middleware
- import (
- "cold-delivery/conf"
- "crypto/hmac"
- "crypto/sha256"
- "encoding/hex"
- "errors"
- "fmt"
- "github.com/gin-gonic/gin"
- "gogs.baozhida.cn/zoie/OAuth-core/pkg/response"
- "net/http"
- "strconv"
- "time"
- )
- const apiKeyHeader = "X-API-KEY"
- const apiSignatureHeader = "X-API-SIGNATURE"
- const apiTimestampHeader = "X-API-TIMESTAMP"
- // 验证签名是否有效
- func isValidSignature(apiKey, signature, timestamp string) bool {
- // 使用提供的 API Key 查找对应的 API Secret
- if apiKey != conf.ExtConfig.OpenApi.ApiKey {
- return false
- }
- secret := conf.ExtConfig.OpenApi.Secret
- // 计算签名,签名内容是 "apiKey + timestamp"
- message := apiKey + timestamp
- mac := hmac.New(sha256.New, []byte(secret))
- mac.Write([]byte(message))
- expectedSignature := hex.EncodeToString(mac.Sum(nil))
- fmt.Println("apiKey:", apiKey)
- fmt.Println("secret:", secret)
- fmt.Println("时间戳:", timestamp)
- fmt.Println("生成的签名:", expectedSignature)
- fmt.Println("传递的签名:", signature)
- // 验证客户端提供的签名是否与预期签名匹配
- return hmac.Equal([]byte(signature), []byte(expectedSignature))
- }
- // AuthCheckRole 权限检查中间件
- func ApiKeyAuthMiddleware() gin.HandlerFunc {
- return func(c *gin.Context) {
- apiKey := c.GetHeader(apiKeyHeader)
- signature := c.GetHeader(apiSignatureHeader)
- timestamp := c.GetHeader(apiTimestampHeader)
- // 检查 API Key, 签名和时间戳是否存在
- if apiKey == "" || signature == "" || timestamp == "" {
- err := errors.New("API Key, Signature, and Timestamp required")
- response.Error(c, http.StatusUnauthorized, err, err.Error())
- return
- }
- // 校验请求的签名是否有效
- if !isValidSignature(apiKey, signature, timestamp) {
- err := errors.New("Invalid Signature")
- response.Error(c, http.StatusForbidden, err, err.Error())
- return
- }
- // 校验时间戳是否在合理范围内(防止重放攻击)
- sec, _ := strconv.ParseInt(timestamp, 10, 64)
- reqTime := time.Unix(sec, 0)
- if time.Since(reqTime) > 5*time.Minute {
- err := errors.New("Request too old or invalid timestamp")
- response.Error(c, http.StatusForbidden, err, err.Error())
- return
- }
- // 如果鉴权成功,继续处理请求
- c.Next()
- return
- }
- }
|