hongze
/
hongze_open_api


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
							package controllers

import (
	"crypto/md5"
	"errors"
	"fmt"
	"hongze/hongze_open_api/models/custom"
	"hongze/hongze_open_api/models/tables/open_api_user"
	"hongze/hongze_open_api/utils"
	"math"
	"sort"
	"strconv"
	"strings"
	"time"
)

// BaseAuth 需要授权token的基类
type BaseAuth struct {
	BaseCommon
	AdminWx *custom.AdminWx                  `description:"管理员信息"`
	Token   string                           `description:"用户token"`

	StartSize int	`description:"开始数量"`
	StartPage int	`description:"开始页码"`
	PageSize int	`description:"每页数量"`
}

func (c *BaseAuth) Prepare() {
	//var requestBody string
	signData := make(map[string]string)
	method := c.Ctx.Input.Method()

	var pageSize,currentIndex int
	switch method {
	case "GET":
		//requestBody = c.Ctx.Request.RequestURI
		params := c.Ctx.Request.URL.Query()
		//fmt.Println(params)
		signData = convertParam(params)

		pageSize, _ = c.GetInt("_page_size")
		currentIndex, _ = c.GetInt("_page")
	case "POST":
		//requestBody, _ = url.QueryUnescape(string(c.Ctx.Input.RequestBody))

		//请求类型
		contentType := c.Ctx.Request.Header.Get("content-type")
		switch contentType {
		case "multipart/form-data":
			//文件最大5M
			err := c.Ctx.Request.ParseMultipartForm(- int64(5<<20))
			if err != nil{
				c.FailWithMessage(fmt.Sprintf("获取参数失败，%v", err))
				//response.FailWithMessage(fmt.Sprintf("获取参数失败，%v", err), c)
				//c.Abort()
				return
			}
		default:
			err := c.Ctx.Request.ParseForm()
			if err != nil{
				c.FailWithMessage(fmt.Sprintf("获取参数失败，%v", err))
				return
			}
		}
		params := c.Ctx.Request.Form
		signData = convertParam(params)
	}

	//页码数
	var startSize int
	if pageSize <= 0 {
		pageSize = utils.PageSize20
	}
	if currentIndex <= 0 {
		currentIndex = 1
	}
	startSize = utils.StartIndex(currentIndex, pageSize)
	c.StartSize = startSize
	c.PageSize = pageSize
	c.StartPage = currentIndex


	ip := c.Ctx.Input.IP()

	//获取签名秘钥
	//key := global.GVA_CONFIG.SignKey.Agent
	////签名校验
	err := checkSign(signData,ip)
	if err != nil {
		c.SignError(fmt.Sprintf("签名校验失败，%v", err))
		return
	}
	uri := c.Ctx.Input.URI()
	utils.FileLog.Info(fmt.Sprintf("URI:%s", uri))
}

//将请求传入的数据格式转换成签名需要的格式
func convertParam(params map[string][]string)(signData map[string]string)  {
	signData = make(map[string]string)
	for key := range params {
		signData[key] = params[key][0]
	}
	return signData
}


//请求参数签名校验
func checkSign(postData map[string]string,ip string) (err error){
	isSandbox := postData["is_sandbox"]
	//如果是测试环境，且是沙箱环境的话，那么绕过测试
	if utils.RunMode == "debug" && isSandbox != "" {
		return
	}

	appid :=postData["appid"]
	if appid == "" {
		err = errors.New("参数异常，缺少appid")
		return
	}
	openApiUserInfo,tmpErr:= open_api_user.GetByAppid(appid)
	if tmpErr != nil{
		if tmpErr.Error() == utils.ErrNoRow(){
			err = errors.New("appid异常，请联系管理员")
		}else{
			err = errors.New("系统异常，请联系管理员")
		}
		return
	}

	if openApiUserInfo == nil{
		err = errors.New("系统异常，请联系管理员")
		return
	}
	//如果有ip限制，那么就添加ip
	if openApiUserInfo.Ip != ""{
		if !strings.Contains(openApiUserInfo.Ip,ip){
			err = errors.New(fmt.Sprintf("无权限访问该接口,ip:%v，请联系管理员",ip))
			return
		}
	}

	//接口提交的签名字符串
	ownSign := postData["sign"]
	if ownSign == "" {
		err = errors.New("参数异常，缺少签名字符串")
		return
	}
	if postData["nonce_str"] == "" {
		err = errors.New("参数异常，缺少随机字符串")
		return
	}
	if postData["timestamp"] == "" {
		err = errors.New("参数异常，缺少时间戳")
		return
	}else{
		timeUnix := time.Now().Unix()	//当前格林威治时间，int64类型
		//将接口传入的时间做转换
		timestamp, timeErr := strconv.ParseInt(postData["timestamp"], 10, 64)
		if timeErr != nil{
			err = errors.New("参数异常，时间戳格式异常")
			return
		}
		if math.Abs(float64(timeUnix - timestamp)) > 300 {
			err = errors.New("当前时间异常，请调整设备时间与北京时间一致")
			return
		}
	}

	//先取出除sign外的所有的提交的参数key
	var keys []string
	for k, _ := range postData {
		if k != "sign" {
			keys = append(keys, k)
		}
	}

	//1,根据参数名称的ASCII码表的顺序排序
	sort.Strings(keys)

	//2 根据排序后的参数名称，取出对应的值，并拼接字符串
	var signStr string
	for _, v := range keys {
		signStr += v + "=" + postData[v] + "&"
	}
	//3,全转小写(md5(拼装的字符串后+分配给你的app_secret))
	//sign := strings.ToLower(fmt.Sprintf("%x", md5.Sum([]byte(strings.Trim(signStr, "&")+key))))


	//md5.Sum([]byte(signStr+"key="+key))  这是md5加密出来后的每个字符的ascall码，需要再转换成对应的字符
	//3,全转大写(md5(拼装的字符串后+分配给你的app_secret))
	sign := strings.ToUpper(fmt.Sprintf("%x", md5.Sum([]byte(signStr+"secret="+openApiUserInfo.Secret))))

	if sign != ownSign {
		utils.ApiLog.Println(fmt.Sprintf("签名校验异常，签名字符串：%v；服务端签名值：%v",signStr,sign))
		return errors.New("签名校验异常，请核实签名")
	}
	return nil
}