附近小店
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sign_check.go 6.2 KiB

4 months ago
3 months ago
4 months ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. package utils
  2. import (
  3. "applet/app/cfg"
  4. "applet/app/utils/logx"
  5. "fmt"
  6. "github.com/forgoer/openssl"
  7. "github.com/gin-gonic/gin"
  8. "github.com/syyongx/php2go"
  9. "strings"
  10. "time"
  11. )
  12. var publicKey = []byte(`-----BEGIN PUBLIC KEY-----
  13. MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFQD7RL2tDNuwdg0jTfV0zjAzh
  14. WoCWfGrcNiucy2XUHZZU2oGhHv1N10qu3XayTDD4pu4sJ73biKwqR6ZN7IS4Sfon
  15. vrzaXGvrTG4kmdo3XrbrkzmyBHDLTsJvv6pyS2HPl9QPSvKDN0iJ66+KN8QjBpw1
  16. FNIGe7xbDaJPY733/QIDAQAB
  17. -----END PUBLIC KEY-----`)
  18. var privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
  19. MIICXAIBAAKBgQCFQD7RL2tDNuwdg0jTfV0zjAzhWoCWfGrcNiucy2XUHZZU2oGh
  20. Hv1N10qu3XayTDD4pu4sJ73biKwqR6ZN7IS4SfonvrzaXGvrTG4kmdo3Xrbrkzmy
  21. BHDLTsJvv6pyS2HPl9QPSvKDN0iJ66+KN8QjBpw1FNIGe7xbDaJPY733/QIDAQAB
  22. AoGADi14wY8XDY7Bbp5yWDZFfV+QW0Xi2qAgSo/k8gjeK8R+I0cgdcEzWF3oz1Q2
  23. 9d+PclVokAAmfj47e0AmXLImqMCSEzi1jDBUFIRoJk9WE1YstE94mrCgV0FW+N/u
  24. +L6OgZcjmF+9dHKprnpaUGQuUV5fF8j0qp8S2Jfs3Sw+dOECQQCQnHALzFjmXXIR
  25. Ez3VSK4ZoYgDIrrpzNst5Hh6AMDNZcG3CrCxlQrgqjgTzBSr3ZSavvkfYRj42STk
  26. TqyX1tQFAkEA6+O6UENoUTk2lG7iO/ta7cdIULnkTGwQqvkgLIUjk6w8E3sBTIfw
  27. rerTEmquw5F42HHE+FMrRat06ZN57lENmQJAYgUHlZevcoZIePZ35Qfcqpbo4Gc8
  28. Fpm6vwKr/tZf2Vlt0qo2VkhWFS6L0C92m4AX6EQmDHT+Pj7BWNdS+aCuGQJBAOkq
  29. NKPZvWdr8jNOV3mKvxqB/U0uMigIOYGGtvLKt5vkh42J7ILFbHW8w95UbWMKjDUG
  30. X/hF3WQEUo//Imsa2yECQHSZIpJxiTRueoDiyRt0LH+jdbYFUu/6D0UIYXhFvP/p
  31. EZX+hfCfUnNYX59UVpRjSZ66g0CbCjuBPOhmOD+hDeQ=
  32. -----END RSA PRIVATE KEY-----`)
  33. func GetApiVersion(c *gin.Context) int {
  34. var apiVersion = c.GetHeader("apiVersion")
  35. if StrToInt(apiVersion) == 0 { //没有版本号先不校验
  36. apiVersion = c.GetHeader("Apiversion")
  37. }
  38. if StrToInt(apiVersion) == 0 { //没有版本号先不校验
  39. apiVersion = c.GetHeader("api_version")
  40. }
  41. if StrToInt(apiVersion) == 0 { //没有版本号先不校验
  42. apiVersion = c.GetString("apiVersion")
  43. }
  44. if StrToInt(apiVersion) == 0 {
  45. platform := c.GetHeader("platform")
  46. if InArr(platform, []string{"ios", "android"}) == false && c.GetString("h5_applet_must_sign") == "1" {
  47. apiVersion = "1"
  48. }
  49. if InArr(platform, []string{"android"}) && c.GetString("android_must_sign") == "1" {
  50. apiVersion = "1"
  51. }
  52. if InArr(platform, []string{"ios"}) && c.GetString("ios_must_sign") == "1" {
  53. apiVersion = "1"
  54. }
  55. }
  56. if c.GetString("api_version") == "1" && cfg.Prd {
  57. apiVersion = "1"
  58. }
  59. if (strings.Contains(c.Request.Host, "zhios-app") || strings.Contains(c.Request.Host, "api.zhios.cn")) && apiVersion == "1" {
  60. apiVersion = "0"
  61. c.Set("api_version", "0")
  62. }
  63. //if InArr(c.GetHeader("platform"), []string{"ios", "android"}) {
  64. // apiVersion = "0"
  65. //}
  66. var uri = c.Request.RequestURI
  67. if InArr(c.GetHeader("platform"), []string{"ios", "android", "pc"}) { //不用签名的接口
  68. var filterList = []string{
  69. "/api/v1/appcheck",
  70. "/api/v1/app/guide",
  71. "/api/v1/new/config.json",
  72. "pub.flutter.web_download_page",
  73. }
  74. for _, v := range filterList {
  75. if strings.Contains(uri, v) {
  76. apiVersion = "0"
  77. }
  78. }
  79. }
  80. return StrToInt(apiVersion)
  81. }
  82. func CheckUri(c *gin.Context) int {
  83. apiVersion := "1"
  84. //var uri = c.Request.RequestURI
  85. if InArr(c.GetHeader("platform"), []string{"ios", "android"}) { //不用签名的接口
  86. //var filterList = []string{
  87. // "/api/v1/appcheck",
  88. // "/api/v1/app/guide",
  89. // "/api/v1/new/config.json",
  90. // "api/v1/rec",
  91. // "api/v1/custom/mod/",
  92. // "api/v1/mod/",
  93. // "api/v1/s/",
  94. //}
  95. //for _, v := range filterList {
  96. // if strings.Contains(uri, v) {
  97. // apiVersion = "0"
  98. // }
  99. //}
  100. apiVersion = "0"
  101. }
  102. if c.GetHeader("mp") == "jd" {
  103. apiVersion = "0"
  104. }
  105. return StrToInt(apiVersion)
  106. }
  107. // 签名校验
  108. func SignCheck(c *gin.Context) bool {
  109. var apiVersion = GetApiVersion(c)
  110. if apiVersion == 0 { //没有版本号先不校验
  111. return true
  112. }
  113. //1.通过rsa 解析出 aes
  114. var key = c.GetHeader("key")
  115. //拼接对应参数
  116. var uri = c.Request.RequestURI
  117. var query = GetQueryParam(uri)
  118. fmt.Println(query)
  119. query["timestamp"] = c.GetHeader("timestamp")
  120. query["nonce"] = c.GetHeader("nonce")
  121. query["key"] = key
  122. token := c.GetHeader("Authorization")
  123. if token != "" {
  124. // 按空格分割
  125. parts := strings.SplitN(token, " ", 2)
  126. if len(parts) == 2 && parts[0] == "Bearer" {
  127. token = parts[1]
  128. }
  129. }
  130. query["token"] = token
  131. //2.query参数按照 ASCII 码从小到大排序
  132. str := JoinStringsInASCII(query, "&", false, false, "")
  133. //3.拼上密钥
  134. secret := ""
  135. if InArr(c.GetHeader("platform"), []string{"android", "ios"}) {
  136. secret = c.GetString("app_api_secret_key")
  137. } else if c.GetHeader("platform") == "wap" {
  138. secret = c.GetString("h5_api_secret_key")
  139. } else {
  140. secret = c.GetString("applet_api_secret_key")
  141. }
  142. str = fmt.Sprintf("%s&secret=%s", str, secret)
  143. fmt.Println(str)
  144. //4.md5加密 转小写
  145. sign := strings.ToLower(Md5(str))
  146. //5.判断跟前端传来的sign是否一致
  147. if sign != c.GetHeader("sign") {
  148. return false
  149. }
  150. if StrToInt64(query["timestamp"])/1000 < time.Now().Unix()-300 {
  151. fmt.Println("============" + query["timestamp"])
  152. return false
  153. }
  154. //if query["nonce"] != "" {
  155. // //TODO s
  156. // getString, err := cache.GetString(query["nonce"])
  157. // if err != nil {
  158. // fmt.Println("nonce", err)
  159. // }
  160. // if getString != "" {
  161. // fmt.Println("nonce", "============"+getString)
  162. // return false
  163. // } else {
  164. // cache.SetEx(query["nonce"], "1", 300)
  165. // }
  166. //}
  167. return true
  168. }
  169. func ResultAes(c *gin.Context, raw []byte) string {
  170. var key = c.GetHeader("key")
  171. base, _ := php2go.Base64Decode(key)
  172. aes, err := RsaDecrypt([]byte(base), privateKey)
  173. if err != nil {
  174. logx.Info(err)
  175. return ""
  176. }
  177. fmt.Println("============aes============")
  178. fmt.Println(string(aes))
  179. fmt.Println(string(raw))
  180. str, _ := openssl.AesECBEncrypt(raw, aes, openssl.PKCS7_PADDING)
  181. value := php2go.Base64Encode(string(str))
  182. fmt.Println(value)
  183. return value
  184. }
  185. func ResultAesDecrypt(c *gin.Context, raw string) string {
  186. var key = c.GetHeader("key")
  187. if key == "" {
  188. key = c.GetHeader("Key")
  189. }
  190. fmt.Println("验签", key)
  191. base, _ := php2go.Base64Decode(key)
  192. aes, err := RsaDecrypt([]byte(base), privateKey)
  193. if err != nil {
  194. logx.Info(err)
  195. return ""
  196. }
  197. raw = strings.ReplaceAll(raw, "\"", "")
  198. fmt.Println(raw)
  199. value1, _ := php2go.Base64Decode(raw)
  200. if value1 == "" {
  201. return ""
  202. }
  203. str1, _ := openssl.AesECBDecrypt([]byte(value1), aes, openssl.PKCS7_PADDING)
  204. fmt.Println("==========解码=========")
  205. fmt.Println(string(str1))
  206. return string(str1)
  207. }