package middleware import ( "crypto/md5" "errors" "eta_gn/eta_bridge/controller/resp" "eta_gn/eta_bridge/global" "eta_gn/eta_bridge/models/crm" "eta_gn/eta_bridge/utils" "fmt" "github.com/gin-gonic/gin" "math" "sort" "strconv" "strings" "time" ) func BaseAuthCheck() gin.HandlerFunc { return func(c *gin.Context) { method := c.Request.Method if method != "POST" { resp.TokenError(nil, "请求异常", "不支持非POST请求", c) c.Abort() return } pass, e := signCheck(c) if e != nil { resp.TokenError(nil, "签名错误", "签名校验失败, Err: "+e.Error(), c) c.Abort() return } if !pass { resp.TokenError(nil, "签名错误", "签名错误", c) c.Abort() return } } } func signCheck(c *gin.Context) (ok bool, err error) { params := make(map[string][]string) err = c.ShouldBind(params) if err != nil { return } signData := convertParam(params) ip := c.ClientIP() err = checkSignData(signData, ip) if err != nil { return } ok = true return } func convertParam(params map[string][]string) (signData map[string]string) { signData = make(map[string]string) for key := range params { signData[key] = params[key][0] } return signData } func checkSignData(postData map[string]string, ip string) (err error) { isSandbox := postData["is_sandbox"] if global.CONFIG.Serve.RunMode == "debug" && isSandbox != "" { return } appid := postData["appid"] if appid == "" { err = errors.New("参数异常,缺少appid") return } openApiOB := new(crm.OpenApiUser) apiUser, e := openApiOB.GetItemByAppid(appid) if e != nil { if e != utils.ErrNoRow { err = errors.New("系统异常,请联系管理员") return } err = errors.New("appid异常,请联系管理员") return } if apiUser == nil { err = errors.New("系统异常,请联系管理员") return } if apiUser.Ip != "" { if !strings.Contains(apiUser.Ip, ip) { err = errors.New(fmt.Sprintf("无权限访问该接口,ip:%v,请联系管理员", ip)) return } } ownSign := postData["sign"] if ownSign == "" { err = errors.New("参数异常,缺少签名字符串") return } if postData["nonce_str"] == "" { err = errors.New("参数异常,缺少随机字符串") return } if postData["timestamp"] == "" { err = errors.New("参数异常,缺少时间戳") return } else { timeUnix := time.Now().Unix() // 当前格林威治时间,int64类型 timestamp, timeErr := strconv.ParseInt(postData["timestamp"], 10, 64) if timeErr != nil { err = errors.New("参数异常,时间戳格式异常") return } if math.Abs(float64(timeUnix-timestamp)) > 300 { err = errors.New("当前时间异常,请调整设备时间与北京时间一致") return } } var keys []string for k := range postData { if k != "sign" { keys = append(keys, k) } } sort.Strings(keys) var signStr string for _, v := range keys { signStr += v + "=" + postData[v] + "&" } sign := strings.ToUpper(fmt.Sprintf("%x", md5.Sum([]byte(signStr+"secret="+apiUser.Secret)))) if sign != ownSign { global.LOG.Info(fmt.Sprintf("签名校验异常,签名字符串:%v;服务端签名值:%v", signStr, sign)) return errors.New("签名校验异常,请核实签名") } return nil }