蛋蛋星球-客户端
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sign_check.go 3.7 KiB

2 maanden geleden
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. package utils
  2. import (
  3. "applet/app/utils/logx"
  4. "fmt"
  5. "github.com/forgoer/openssl"
  6. "github.com/gin-gonic/gin"
  7. "github.com/syyongx/php2go"
  8. "strings"
  9. )
  10. var publicKey = []byte(`-----BEGIN PUBLIC KEY-----
  11. MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFQD7RL2tDNuwdg0jTfV0zjAzh
  12. WoCWfGrcNiucy2XUHZZU2oGhHv1N10qu3XayTDD4pu4sJ73biKwqR6ZN7IS4Sfon
  13. vrzaXGvrTG4kmdo3XrbrkzmyBHDLTsJvv6pyS2HPl9QPSvKDN0iJ66+KN8QjBpw1
  14. FNIGe7xbDaJPY733/QIDAQAB
  15. -----END PUBLIC KEY-----`)
  16. var privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
  17. MIICXAIBAAKBgQCFQD7RL2tDNuwdg0jTfV0zjAzhWoCWfGrcNiucy2XUHZZU2oGh
  18. Hv1N10qu3XayTDD4pu4sJ73biKwqR6ZN7IS4SfonvrzaXGvrTG4kmdo3Xrbrkzmy
  19. BHDLTsJvv6pyS2HPl9QPSvKDN0iJ66+KN8QjBpw1FNIGe7xbDaJPY733/QIDAQAB
  20. AoGADi14wY8XDY7Bbp5yWDZFfV+QW0Xi2qAgSo/k8gjeK8R+I0cgdcEzWF3oz1Q2
  21. 9d+PclVokAAmfj47e0AmXLImqMCSEzi1jDBUFIRoJk9WE1YstE94mrCgV0FW+N/u
  22. +L6OgZcjmF+9dHKprnpaUGQuUV5fF8j0qp8S2Jfs3Sw+dOECQQCQnHALzFjmXXIR
  23. Ez3VSK4ZoYgDIrrpzNst5Hh6AMDNZcG3CrCxlQrgqjgTzBSr3ZSavvkfYRj42STk
  24. TqyX1tQFAkEA6+O6UENoUTk2lG7iO/ta7cdIULnkTGwQqvkgLIUjk6w8E3sBTIfw
  25. rerTEmquw5F42HHE+FMrRat06ZN57lENmQJAYgUHlZevcoZIePZ35Qfcqpbo4Gc8
  26. Fpm6vwKr/tZf2Vlt0qo2VkhWFS6L0C92m4AX6EQmDHT+Pj7BWNdS+aCuGQJBAOkq
  27. NKPZvWdr8jNOV3mKvxqB/U0uMigIOYGGtvLKt5vkh42J7ILFbHW8w95UbWMKjDUG
  28. X/hF3WQEUo//Imsa2yECQHSZIpJxiTRueoDiyRt0LH+jdbYFUu/6D0UIYXhFvP/p
  29. EZX+hfCfUnNYX59UVpRjSZ66g0CbCjuBPOhmOD+hDeQ=
  30. -----END RSA PRIVATE KEY-----`)
  31. func GetApiVersion(c *gin.Context) int {
  32. var apiVersion = c.GetHeader("apiVersion")
  33. if StrToInt(apiVersion) == 0 { //没有版本号先不校验
  34. apiVersion = c.GetHeader("Apiversion")
  35. }
  36. if StrToInt(apiVersion) == 0 { //没有版本号先不校验
  37. apiVersion = c.GetHeader("api_version")
  38. }
  39. return StrToInt(apiVersion)
  40. }
  41. //签名校验
  42. func SignCheck(c *gin.Context) bool {
  43. var apiVersion = GetApiVersion(c)
  44. if apiVersion == 0 { //没有版本号先不校验
  45. return true
  46. }
  47. //1.通过rsa 解析出 aes
  48. var key = c.GetHeader("key")
  49. //拼接对应参数
  50. var uri = c.Request.RequestURI
  51. var query = GetQueryParam(uri)
  52. fmt.Println(query)
  53. query["timestamp"] = c.GetHeader("timestamp")
  54. query["nonce"] = c.GetHeader("nonce")
  55. query["key"] = key
  56. token := c.GetHeader("Authorization")
  57. if token != "" {
  58. // 按空格分割
  59. parts := strings.SplitN(token, " ", 2)
  60. if len(parts) == 2 && parts[0] == "Bearer" {
  61. token = parts[1]
  62. }
  63. }
  64. query["token"] = token
  65. //2.query参数按照 ASCII 码从小到大排序
  66. str := JoinStringsInASCII(query, "&", false, false, "")
  67. //3.拼上密钥
  68. secret := ""
  69. if InArr(c.GetHeader("platform"), []string{"android", "ios"}) {
  70. secret = c.GetString("app_api_secret_key")
  71. } else if c.GetHeader("platform") == "wap" {
  72. secret = c.GetString("h5_api_secret_key")
  73. } else {
  74. secret = c.GetString("applet_api_secret_key")
  75. }
  76. str = fmt.Sprintf("%s&secret=%s", str, secret)
  77. fmt.Println(str)
  78. //4.md5加密 转小写
  79. sign := strings.ToLower(Md5(str))
  80. //5.判断跟前端传来的sign是否一致
  81. if sign != c.GetHeader("sign") {
  82. return false
  83. }
  84. return true
  85. }
  86. func ResultAes(c *gin.Context, raw []byte) string {
  87. var key = c.GetHeader("key")
  88. base, _ := php2go.Base64Decode(key)
  89. aes, err := RsaDecrypt([]byte(base), privateKey)
  90. if err != nil {
  91. logx.Info(err)
  92. return ""
  93. }
  94. str, _ := openssl.AesECBEncrypt(raw, aes, openssl.PKCS7_PADDING)
  95. value := php2go.Base64Encode(string(str))
  96. fmt.Println(value)
  97. return value
  98. }
  99. func ResultAesDecrypt(c *gin.Context, raw string) string {
  100. var key = c.GetHeader("key")
  101. base, _ := php2go.Base64Decode(key)
  102. aes, err := RsaDecrypt([]byte(base), privateKey)
  103. if err != nil {
  104. logx.Info(err)
  105. return ""
  106. }
  107. fmt.Println(raw)
  108. value1, _ := php2go.Base64Decode(raw)
  109. if value1 == "" {
  110. return ""
  111. }
  112. str1, _ := openssl.AesECBDecrypt([]byte(value1), aes, openssl.PKCS7_PADDING)
  113. return string(str1)
  114. }