verify.go 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. package http
  2. import (
  3. "crypto/md5"
  4. "encoding/hex"
  5. "net/url"
  6. "strings"
  7. "sync"
  8. "go-common/library/ecode"
  9. "go-common/library/log"
  10. bm "go-common/library/net/http/blademaster"
  11. )
  12. // Verify is is the verify model.
  13. type Verify struct {
  14. keys map[string]string
  15. lock sync.RWMutex
  16. // TODO to table data.
  17. authAppkeyMap map[string]string
  18. }
  19. // Config is the verify config model.
  20. type Config struct {
  21. AuthAppkeyMap map[string]string
  22. }
  23. // NewThirdVerify will create a verify middleware by given config.
  24. func NewThirdVerify(conf *Config) *Verify {
  25. if conf == nil || len(conf.AuthAppkeyMap) == 0 {
  26. panic("conf can not be nil")
  27. }
  28. v := &Verify{
  29. keys: make(map[string]string),
  30. authAppkeyMap: conf.AuthAppkeyMap,
  31. }
  32. return v
  33. }
  34. // Verify will inject into handler func as verify required
  35. func (v *Verify) Verify(ctx *bm.Context) {
  36. if err := v.verify(ctx); err != nil {
  37. ctx.JSON(nil, err)
  38. ctx.Abort()
  39. return
  40. }
  41. }
  42. func (v *Verify) verify(c *bm.Context) error {
  43. req := c.Request
  44. params := req.Form
  45. if req.Method == "POST" {
  46. // Give priority to sign in url query, otherwise check sign in post form.
  47. q := req.URL.Query()
  48. if q.Get("sign") != "" {
  49. params = q
  50. }
  51. }
  52. // check timestamp is not empty (TODO : Check if out of some seconds.., like 100s)
  53. if params.Get("ts") == "" {
  54. log.Error("ts is empty")
  55. return ecode.RequestErr
  56. }
  57. sign := params.Get("sign")
  58. params.Del("sign")
  59. defer params.Set("sign", sign)
  60. sappkey := params.Get("appkey")
  61. v.lock.RLock()
  62. secret, ok := v.keys[sappkey]
  63. v.lock.RUnlock()
  64. if !ok {
  65. fetched, err := v.fetchSecret(c, sappkey)
  66. if err != nil {
  67. return err
  68. }
  69. v.lock.Lock()
  70. v.keys[sappkey] = fetched
  71. v.lock.Unlock()
  72. secret = fetched
  73. }
  74. url := req.URL.Path
  75. if hsign := Sign(url, params, sappkey, secret, true); hsign != sign {
  76. if hsign1 := Sign(url, params, sappkey, secret, false); hsign1 != sign {
  77. log.Error("Get sign: %s, expect %s", sign, hsign)
  78. return ecode.SignCheckErr
  79. }
  80. }
  81. return nil
  82. }
  83. // Sign is used to sign form params by given condition.
  84. func Sign(url string, params url.Values, appkey string, secret string, lower bool) string {
  85. data := params.Encode()
  86. if strings.IndexByte(data, '+') > -1 {
  87. data = strings.Replace(data, "+", "%20", -1)
  88. }
  89. if lower {
  90. data = strings.ToLower(data)
  91. }
  92. digest := md5.Sum([]byte(url + "?" + data + secret))
  93. return hex.EncodeToString(digest[:])
  94. }
  95. // TODO auth apppkey to table.
  96. func (v *Verify) fetchSecret(ctx *bm.Context, appkey string) (string, error) {
  97. return v.authAppkeyMap[appkey], nil
  98. }