| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 |
- package controllers
- import (
- "crypto/md5"
- "encoding/json"
- "errors"
- "fmt"
- "github.com/shopspring/decimal"
- "hongze/hongze_open_api/models/custom"
- "hongze/hongze_open_api/models/tables/open_api_user"
- "hongze/hongze_open_api/utils"
- "math"
- "reflect"
- "sort"
- "strconv"
- "strings"
- "time"
- )
- // BaseAuth 需要授权token的基类
- type BaseAuth struct {
- BaseCommon
- AdminWx *custom.AdminWx `description:"管理员信息"`
- Token string `description:"用户token"`
- StartSize int `description:"开始数量"`
- StartPage int `description:"开始页码"`
- PageSize int `description:"每页数量"`
- }
- func (c *BaseAuth) Prepare() {
- //var requestBody string
- signData := make(map[string]string)
- method := c.Ctx.Input.Method()
- var pageSize, currentIndex int
- switch method {
- case "GET":
- //requestBody = c.Ctx.Request.RequestURI
- params := c.Ctx.Request.URL.Query()
- signData = convertParam(params)
- pageSize, _ = c.GetInt("_page_size")
- currentIndex, _ = c.GetInt("_page")
- case "POST":
- //requestBody, _ = url.QueryUnescape(string(c.Ctx.Input.RequestBody))
- //请求类型
- contentType := c.Ctx.Request.Header.Get("content-type")
- //fmt.Println("contentType:", contentType)
- //fmt.Println("c.Ctx.Input.RequestBody:", string(c.Ctx.Input.RequestBody))
- switch contentType {
- case "multipart/form-data":
- //文件最大5M
- err := c.Ctx.Request.ParseMultipartForm(-int64(5 << 20))
- if err != nil {
- c.FailWithMessage(fmt.Sprintf("获取参数失败,%v", err))
- //response.FailWithMessage(fmt.Sprintf("获取参数失败,%v", err), c)
- //c.Abort()
- return
- }
- params := c.Ctx.Request.Form
- signData = convertParam(params)
- case "application/x-www-form-urlencoded":
- err := c.Ctx.Request.ParseForm()
- if err != nil {
- c.FailWithMessage(fmt.Sprintf("获取参数失败,%v", err))
- return
- }
- params := c.Ctx.Request.Form
- signData = convertParam(params)
- case "application/json":
- //var v interface{}
- params := make(map[string]interface{})
- err := json.Unmarshal(c.Ctx.Input.RequestBody, ¶ms)
- if err != nil {
- // handle error
- //fmt.Println("err json:", err)
- c.FailWithMessage(fmt.Sprintf("获取参数失败,%v", err))
- return
- }
- //fmt.Println("params:", params)
- signData = convertParamInterface(params)
- //tmpV := v.(map[string]string)
- //fmt.Println("tmpV:", tmpV)
- //fmt.Sprintln("list type is v%", tmpV["list"])
- default: //正常应该是其他方式获取解析的,暂时这么处理吧
- err := c.Ctx.Request.ParseForm()
- if err != nil {
- c.FailWithMessage(fmt.Sprintf("获取参数失败,%v", err))
- return
- }
- params := c.Ctx.Request.Form
- signData = convertParam(params)
- }
- }
- //fmt.Println("signData:", signData)
- //页码数
- var startSize int
- if pageSize <= 0 {
- pageSize = utils.PageSize20
- }
- //如果超过最大分页数,那么就是按照最大分页数返回
- if pageSize > utils.PageMaxSize {
- pageSize = utils.PageMaxSize
- }
- if currentIndex <= 0 {
- currentIndex = 1
- }
- startSize = utils.StartIndex(currentIndex, pageSize)
- c.StartSize = startSize
- c.PageSize = pageSize
- c.StartPage = currentIndex
- ip := c.Ctx.Input.IP()
- //获取签名秘钥
- //key := global.GVA_CONFIG.SignKey.Agent
- ////签名校验
- err := checkSign(signData, ip)
- if err != nil {
- c.SignError(fmt.Sprintf("签名校验失败,%v", err))
- return
- }
- uri := c.Ctx.Input.URI()
- utils.FileLog.Info(fmt.Sprintf("URI:%s", uri))
- }
- // 将请求传入的数据格式转换成签名需要的格式
- func convertParam(params map[string][]string) (signData map[string]string) {
- signData = make(map[string]string)
- for key := range params {
- signData[key] = params[key][0]
- }
- return signData
- }
- // 将请求传入的数据格式转换成签名需要的格式(目前只能处理简单的类型,数组、对象暂不支持)
- func convertParamInterface(params map[string]interface{}) (signData map[string]string) {
- signData = make(map[string]string)
- for key := range params {
- val := ``
- //fmt.Println("key", key, ";val:", params[key], ";type:", reflect.TypeOf(params[key]))
- //signData[key] = params[key][0]
- tmpVal := params[key]
- switch reflect.TypeOf(tmpVal).Kind() {
- case reflect.String:
- val = fmt.Sprint(tmpVal)
- case reflect.Int, reflect.Int16, reflect.Int64, reflect.Int32, reflect.Int8:
- val = fmt.Sprint(tmpVal)
- case reflect.Uint, reflect.Uint32, reflect.Uint16, reflect.Uint8, reflect.Uint64:
- val = fmt.Sprint(tmpVal)
- case reflect.Bool:
- val = fmt.Sprint(tmpVal)
- case reflect.Float64:
- decimalNum := decimal.NewFromFloat(tmpVal.(float64))
- val = decimalNum.String()
- //val = strconv.FormatFloat(tmpVal.(float64), 'E', -1, 64) //float64
- case reflect.Float32:
- decimalNum := decimal.NewFromFloat32(tmpVal.(float32))
- val = decimalNum.String()
- }
- signData[key] = val
- }
- return signData
- }
- // 请求参数签名校验
- func checkSign(postData map[string]string, ip string) (err error) {
- isSandbox := postData["is_sandbox"]
- //如果是测试环境,且是沙箱环境的话,那么绕过测试
- if utils.RunMode == "debug" && isSandbox != "" {
- return
- }
- appid := postData["appid"]
- if appid == "" {
- err = errors.New("参数异常,缺少appid")
- return
- }
- openApiUserInfo, tmpErr := open_api_user.GetByAppid(appid)
- if tmpErr != nil {
- if tmpErr.Error() == utils.ErrNoRow() {
- err = errors.New("appid异常,请联系管理员")
- } else {
- err = errors.New("系统异常,请联系管理员")
- }
- return
- }
- if openApiUserInfo == nil {
- err = errors.New("系统异常,请联系管理员")
- return
- }
- //如果有ip限制,那么就添加ip
- if openApiUserInfo.Ip != "" {
- if !strings.Contains(openApiUserInfo.Ip, ip) {
- err = errors.New(fmt.Sprintf("无权限访问该接口,ip:%v,请联系管理员", ip))
- return
- }
- }
- //接口提交的签名字符串
- ownSign := postData["sign"]
- if ownSign == "" {
- err = errors.New("参数异常,缺少签名字符串")
- return
- }
- if postData["nonce_str"] == "" {
- err = errors.New("参数异常,缺少随机字符串")
- return
- }
- if postData["timestamp"] == "" {
- err = errors.New("参数异常,缺少时间戳")
- return
- } else {
- timeUnix := time.Now().Unix() //当前格林威治时间,int64类型
- //将接口传入的时间做转换
- timestamp, timeErr := strconv.ParseInt(postData["timestamp"], 10, 64)
- if timeErr != nil {
- err = errors.New("参数异常,时间戳格式异常")
- return
- }
- if math.Abs(float64(timeUnix-timestamp)) > 300 {
- err = errors.New("当前时间异常,请调整设备时间与北京时间一致")
- return
- }
- }
- //先取出除sign外的所有的提交的参数key
- var keys []string
- for k := range postData {
- if k != "sign" {
- keys = append(keys, k)
- }
- }
- //1,根据参数名称的ASCII码表的顺序排序
- sort.Strings(keys)
- //2 根据排序后的参数名称,取出对应的值,并拼接字符串
- var signStr string
- for _, v := range keys {
- signStr += v + "=" + postData[v] + "&"
- }
- //3,全转小写(md5(拼装的字符串后+分配给你的app_secret))
- //sign := strings.ToLower(fmt.Sprintf("%x", md5.Sum([]byte(strings.Trim(signStr, "&")+key))))
- //md5.Sum([]byte(signStr+"key="+key)) 这是md5加密出来后的每个字符的ascall码,需要再转换成对应的字符
- //3,全转大写(md5(拼装的字符串后+分配给你的app_secret))
- sign := strings.ToUpper(fmt.Sprintf("%x", md5.Sum([]byte(signStr+"secret="+openApiUserInfo.Secret))))
- if sign != ownSign {
- utils.ApiLog.Println(fmt.Sprintf("签名校验异常,签名字符串:%v;服务端签名值:%v", signStr, sign))
- return errors.New("签名校验异常,请核实签名")
- }
- return nil
- }
|
