Home Explore Help
Sign In
tangmz
/
openbilibili
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
openbilibili
/
app
/
service
/
main
/
workflow
/
http
/
sign.go

sign.go 1.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. package http
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/md5"
    5. 

  5. 	"encoding/hex"
    6. 

  6. 	"strings"
    7. 

  7. 

  8. 	"go-common/library/ecode"
    9. 

  9. 	"go-common/library/log"
    10. 

  10. 	bm "go-common/library/net/http/blademaster"
    11. 

  11. )
    12. 

  12. 

  13. const (
    14. 

  14. 	_sobotAppKey    = "bcef69bb71499209"
    15. 

  15. 	_sobotAppSecret = "ace486f144f1467eefdce1fe5dfc7b14"
    16. 

  16. 	_sobotAPI       = "https://sso-api.bilibili.co/x/internal/workflow/sobot/user"
    17. 

  17. )
    18. 

  18. 

  19. func sobotSign(handler func(*bm.Context)) func(*bm.Context) {
    20. 

  20. 	return func(c *bm.Context) {
    21. 

  21. 		req := c.Request
    22. 

  22. 		query := req.Form
    23. 

  23. 		if query.Get("ts") == "" {
    24. 

  24. 			log.Error("ts is empty")
    25. 

  25. 			c.JSON(nil, ecode.RequestErr)
    26. 

  26. 			return
    27. 

  27. 		}
    28. 

  28. 		sign := query.Get("sign")
    29. 

  29. 		query.Del("sign")
    30. 

  30. 		sappkey := query.Get("appkey")
    31. 

  31. 		if sappkey != _sobotAppKey {
    32. 

  32. 			log.Error("appkey not matched")
    33. 

  33. 			c.JSON(nil, ecode.RequestErr)
    34. 

  34. 			return
    35. 

  35. 		}
    36. 

  36. 		query.Set("appsecret", _sobotAppSecret)
    37. 

  37. 		tmp := query.Encode()
    38. 

  38. 		if strings.IndexByte(tmp, '+') > -1 {
    39. 

  39. 			tmp = strings.Replace(tmp, "+", "%20", -1)
    40. 

  40. 		}
    41. 

  41. 		mh := md5.Sum([]byte(_sobotAPI + "?" + strings.ToLower(tmp) + _sobotAppSecret))
    42. 

  42. 		if hex.EncodeToString(mh[:]) != sign {
    43. 

  43. 			mh1 := md5.Sum([]byte(_sobotAPI + "?" + tmp + _sobotAppSecret))
    44. 

  44. 			if hex.EncodeToString(mh1[:]) != sign {
    45. 

  45. 				log.Error("Get sign: %s, expect %x", sign, mh1)
    46. 

  46. 				c.JSON(nil, ecode.SignCheckErr)
    47. 

  47. 				return
    48. 

  48. 			}
    49. 

  49. 		}
    50. 

  50. 		handler(c)
    51. 

  51. 	}
    52. 

  52. }
    53.