1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- package rpc
- import (
- "context"
- "crypto/hmac"
- "crypto/sha256"
- "fmt"
- "google.golang.org/grpc"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/metadata"
- "google.golang.org/grpc/status"
- "google.golang.org/protobuf/proto"
- "google.golang.org/protobuf/types/known/anypb"
- )
- // 自定义拦截器
- func SignatureInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
- md, ok := metadata.FromIncomingContext(ctx)
- if !ok {
- return nil, status.Errorf(codes.InvalidArgument, "metadata is missing")
- }
- // 获取签名
- signature, ok := md["signature"]
- if !ok {
- return nil, status.Errorf(codes.Unauthenticated, "signature is missing")
- }
- // 验证签名
- if !verifySignature(req, signature[0]) {
- return nil, status.Errorf(codes.Unauthenticated, "invalid signature")
- }
- return handler(ctx, req)
- }
- // 验证签名
- func verifySignature(req interface{}, signature string) bool {
- // 假设req是*pb.HelloRequest
- message := req.(proto.Message)
- reqData, _ := anypb.New(message)
- reqBytes, _ := proto.Marshal(reqData)
- key := []byte("secret-key") // 秘钥应该保密
- mac := hmac.New(sha256.New, key)
- mac.Write(reqBytes)
- expectedSignature := fmt.Sprintf("%x", mac.Sum(nil))
- return expectedSignature == signature
- }
|