Selaa lähdekoodia

fix:接口鉴权,新增从表中读取appid配置

Roc 4 päivää sitten
vanhempi
commit
588cc2ef09
3 muutettua tiedostoa jossa 120 lisäystä ja 19 poistoa
  1. 66 19
      controllers/base_auth.go
  2. 23 0
      models/open_api_user.go
  3. 31 0
      utils/common.go

+ 66 - 19
controllers/base_auth.go

@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"errors"
 	"eta/eta_hub/models"
 	"eta/eta_hub/models/system"
 	"eta/eta_hub/utils"
@@ -9,6 +10,7 @@ import (
 	"github.com/beego/beego/v2/server/web"
 	"net/http"
 	"net/url"
+	"strings"
 )
 
 type BaseAuthController struct {
@@ -21,6 +23,7 @@ func (this *BaseAuthController) Prepare() {
 	fmt.Println("enter prepare")
 	method := this.Ctx.Input.Method()
 	uri := this.Ctx.Input.URI()
+	ip := this.Ctx.Input.IP()
 	fmt.Println("Url:", uri)
 	if method != "HEAD" {
 		//校验签名
@@ -30,28 +33,12 @@ func (this *BaseAuthController) Prepare() {
 		signature := this.Ctx.Input.Header("signature")
 		this.Appid = appid
 
-		if nonce == "" {
-			errMsg := "随机字符串不能为空"
-			this.JSON(models.BaseResponse{Ret: 400, Msg: "", ErrMsg: errMsg}, false, false)
+		checkSign, errMsg, err := getCheckSignStr(appid, nonce, timestamp, ip)
+		if err != nil {
+			this.JSON(models.BaseResponse{Ret: 400, Msg: errMsg, ErrMsg: errMsg}, false, false)
 			this.StopRun()
 			return
 		}
-
-		if timestamp == "" {
-			errMsg := "时间戳不能为空"
-			this.JSON(models.BaseResponse{Ret: 400, Msg: "", ErrMsg: errMsg}, false, false)
-			this.StopRun()
-			return
-		}
-
-		if appid != utils.AppId {
-			errMsg := "商家AppId错误,请核查"
-			this.JSON(models.BaseResponse{Ret: 400, Msg: "", ErrMsg: errMsg}, false, false)
-			this.StopRun()
-			return
-		}
-
-		checkSign := utils.GetSign(nonce, timestamp)
 		if signature != checkSign {
 			fmt.Printf("用户提交签名:%s;\n系统生成签名:%s\n", signature, checkSign)
 			errMsg := "签名错误"
@@ -152,3 +139,63 @@ func (c *BaseAuthController) logUri(respContent []byte, requestBody, ip string)
 	}
 	return
 }
+
+// getCheckSignStr
+// @Description: 获取校验签名字符串
+// @author: Roc
+// @datetime 2025-07-03 16:51:30
+// @param appid string
+// @param nonce string
+// @param timestamp string
+// @param ip string
+// @return checkSignStr string
+// @return errMsg string
+// @return err error
+func getCheckSignStr(appid, nonce, timestamp, ip string) (checkSignStr, errMsg string, err error) {
+	if nonce == "" {
+		errMsg = "随机字符串不能为空"
+		err = errors.New(errMsg)
+		return
+	}
+
+	if timestamp == "" {
+		errMsg = "时间戳不能为空"
+		err = errors.New(errMsg)
+		return
+	}
+
+	secret := utils.Secret
+
+	if appid != utils.AppId {
+		openApiUserInfo, tmpErr := models.GetByAppid(appid)
+		if tmpErr != nil {
+			if tmpErr.Error() == utils.ErrNoRow() {
+				errMsg = "商家AppId错误,请核查"
+			} else {
+				err = errors.New("系统异常,请联系管理员")
+			}
+			err = errors.New(errMsg)
+			return
+		}
+
+		if openApiUserInfo == nil {
+			errMsg = "商家AppId错误,请核查"
+			err = errors.New(errMsg)
+			return
+		}
+
+		//如果有ip限制,那么就添加ip
+		if openApiUserInfo.Ip != "" {
+			if !strings.Contains(openApiUserInfo.Ip, ip) {
+				errMsg = fmt.Sprintf("无权限访问该接口,ip:%v,请联系管理员", ip)
+				err = errors.New(errMsg)
+				return
+			}
+		}
+		secret = openApiUserInfo.Secret
+	}
+
+	checkSignStr = utils.GetSignV2(nonce, timestamp, appid, secret)
+
+	return
+}

+ 23 - 0
models/open_api_user.go

@@ -0,0 +1,23 @@
+package models
+
+import (
+	"github.com/beego/beego/v2/client/orm"
+)
+
+type OpenApiUser struct {
+	Appid      string `orm:"column(appid);pk" json:"appid" description:"开放平台appid"`
+	Secret     string `orm:"column(secret);" json:"secret" description:"开放平台秘钥"`
+	Ip         string `orm:"column(ip);" json:"ip" description:"限制请求来源ip,多个ip用英文,隔开"`
+	Remark     string `orm:"column(remark);" json:"remark" description:"备注信息"`
+	CreateTime string `orm:"column(create_time);" json:"create_time" description:"创建时间"`
+	ModifyTime string `orm:"column(modify_time);" json:"modify_time" description:"最近一次更新时间"`
+}
+
+// GetByAppid 根据appid获取开放api用户信息
+func GetByAppid(appid string) (item *OpenApiUser, err error) {
+	sql := `SELECT * FROM open_api_user WHERE appid=? LIMIT 1`
+	o := orm.NewOrm()
+	err = o.Raw(sql, appid).QueryRow(&item)
+
+	return
+}

+ 31 - 0
utils/common.go

@@ -1027,6 +1027,37 @@ func GetSign(nonce, timestamp string) (sign string) {
 	return
 }
 
+// GetSignV2
+// @Description: 获取签名
+// @author: Roc
+// @datetime 2025-07-03 16:43:03
+// @param nonce string
+// @param timestamp string
+// @param appid string
+// @param secret string
+// @return sign string
+func GetSignV2(nonce, timestamp, appid, secret string) (sign string) {
+	signStrMap := map[string]string{
+		"nonce":     nonce,
+		"timestamp": timestamp,
+		"appid":     appid,
+	}
+	keys := make([]string, 0, len(signStrMap))
+	for k := range signStrMap {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	var signStr string
+	for _, k := range keys {
+		signStr += k + "=" + signStrMap[k] + "&"
+	}
+	signStr = strings.Trim(signStr, "&")
+	fmt.Println("signStr:" + signStr)
+	sign = HmacSha256ToBase64(secret, signStr)
+	fmt.Println("sign:" + sign)
+	return
+}
+
 // GetLikeKeywordPars
 //
 //	@Description: 获取sql查询中的参数切片