sunny
/
lzyd-user-api


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
							package middleware

import (
	"bytes"
	"crypto/md5"
	"encoding/hex"
	"encoding/json"
	"github.com/gin-gonic/gin"
	"io/ioutil"
	"lzyd-user-api/utils"
	"net/http"
	"net/url"
	"sort"
	"strings"
)

/**
Sign的格式如下:
所有的请求参数加上appkey=lzwg-app-N78ya51qaz2wsx!排序后，再MD5
*/
const AppKey string = "lzyd-sign-7c423d19cb2b"

func ValidSign(forceValid bool) gin.HandlerFunc {
	return func(c *gin.Context) {
		// 暂时不对swagger做强校验
		if strings.Contains(c.Request.RequestURI, "swagger") {
			c.Next()
			return
		}
		if strings.Contains(c.Request.Header.Get("Referer"), "swagger") {
			c.Next()
			return
		}
		if !forceValid {
			c.Next()
			return
		}
		validSign(c, AppKey)
	}
}

//从Header验证参数
func ValidHeaderParams() gin.HandlerFunc {
	return func(c *gin.Context) {
		//判断是否合法请求
		client := c.Request.Header.Get("client")
		guid := c.Request.Header.Get("guid")
		timestamp := c.Request.Header.Get("timestamp")
		sig := c.Request.Header.Get("sig")
		if client == "2" { //wap鉴权
			//sig:md5(client+'lz2019_random'+uuid+timestamp)
			_sig := Md5Encode(client + "lz2019_random" + guid + timestamp)
			if _sig == sig { //鉴权通过
				//fmt.Println("_sig == sig")
				//c.JSON(http.StatusOK, gin.H{"message": "授权成功"})
				c.Next()
			} else { //请求非法
				//fmt.Println("_sig != sig")
				c.Abort()
				c.JSON(http.StatusForbidden, gin.H{"message": "访问未授权"})
				// return可省略, 只要前面执行Abort()就可以让后面的handler函数不再执行
				return
			}
		} else {
			c.Next()
		}
	}
}

func validSign(c *gin.Context, appKey string) {

	var (
		inSign  string
		outSign string
	)

	if c.Request.Method == "GET" {
		values := c.Request.URL.Query()
		if len(values) <= 0 {
			c.Next()
			return
		}
		inSign = values.Get("sign")
		if len(inSign) == 0 {
			c.JSON(http.StatusOK, gin.H{
				"code":    -1,
				"message": "未传入签名参数",
			})
			c.Abort()
			return
		}
		outSign = calculateSignFromValues(values, appKey)
	} else {
		c.Request.ParseMultipartForm(32 << 20)
		formData := c.Request.PostForm
		if len(formData) > 0 {
			inSign = formData.Get("sign")
			if len(inSign) == 0 {
				c.JSON(http.StatusOK, gin.H{
					"code":    -1,
					"message": "未传入签名参数",
				})
				c.Abort()
				return
			}
			outSign = calculateSignFromValues(formData, appKey)
		} else {
			var params map[string]interface{}
			data, _ := c.GetRawData()
			err := json.Unmarshal(data, &params)
			if err != nil {
				panic(err)
			}
			inSign = utils.Interface2String(params["sign"])
			if len(inSign) == 0 {
				c.JSON(http.StatusOK, gin.H{
					"code":    -1,
					"message": "未传入签名参数",
				})
				c.Abort()
				return
			}
			outSign = calculateSignFromJsonBody(params, appKey)

			// 很关键，把读过的字节流重新放到body
			c.Request.Body = ioutil.NopCloser(bytes.NewBuffer(data))
		}
	}
	if outSign != inSign {
		c.JSON(http.StatusOK, gin.H{
			"code":    -1,
			"message": "签名验证错误",
		})
		c.Abort()
	}

	c.Next()
}

func calculateSignFromValues(values url.Values, appKey string) string {
	values.Del("sign")
	values.Add("secret", appKey)
	if len(values) > 0 {
		// 先对Key进行排序
		var keywords []string
		for key, _ := range values {
			keywords = append(keywords, key)
		}
		sort.Strings(keywords)
		// 再根据Key查找参数Map, 并拼接成字符串
		var stringBuffer bytes.Buffer
		keywordsCnt := len(keywords)
		for i := 0; i < keywordsCnt-1; i++ {
			keyword := keywords[i]
			stringBuffer.WriteString(keyword + "=" + values.Get(keyword))
			stringBuffer.WriteString("&")
		}
		lastKeyword := keywords[keywordsCnt-1]
		stringBuffer.WriteString(lastKeyword + "=" + values.Get(lastKeyword))
		// 最后MD5加密
		hash := md5.New()
		hash.Write(stringBuffer.Bytes())
		return hex.EncodeToString(hash.Sum(nil))
	}
	return ""
}

func calculateSignFromJsonBody(params map[string]interface{}, appKey string) string {
	delete(params, "sign")
	params["secret"] = appKey
	if len(params) > 0 {
		// 先对Key进行排序
		var keywords []string
		for key, _ := range params {
			keywords = append(keywords, key)
		}
		sort.Strings(keywords)
		// 再根据Key查找参数Map, 并拼接成字符串
		var stringBuffer bytes.Buffer
		keywordsCnt := len(keywords)
		for i := 0; i < keywordsCnt-1; i++ {
			keyword := keywords[i]
			stringBuffer.WriteString(keyword + "=" + utils.Interface2String(params[keyword]))
			stringBuffer.WriteString("&")
		}
		lastKeyword := keywords[keywordsCnt-1]
		stringBuffer.WriteString(lastKeyword + "=" + utils.Interface2String(params[lastKeyword]))
		// 最后MD5加密
		hash := md5.New()
		hash.Write(stringBuffer.Bytes())
		return hex.EncodeToString(hash.Sum(nil))
	}
	return ""
}


// 生成32位md5字串
func Md5Encode(s string) string {
	h := md5.New()
	h.Write([]byte(s))
	return hex.EncodeToString(h.Sum(nil))
}