package aes import ( "applet/app/lib/aes/md" "applet/app/utils" "bytes" "encoding/json" "errors" "fmt" "github.com/gin-gonic/gin" "io/ioutil" "strconv" "strings" "time" ) func CheckSign(c *gin.Context) error { var query = map[string]string{} //1、从请求头中获取必传参数 query["timestamp"] = c.GetHeader("timestamp") query["nonce"] = c.GetHeader("nonce") if len(query["nonce"]) != 32 { return errors.New("随机字符串有误!") } sign := c.GetHeader("sign") //2、判断请求方式,以获取请求参数 if c.Request.Method == "GET" { queryParams := c.Request.URL.Query() for key, values := range queryParams { if len(values) > 0 { query[key] = values[0] } } } else { body, _ := ioutil.ReadAll(c.Request.Body) if string(body) != "" { str, err := AesDecryptByECB(md.AesKey, string(body)) if err != nil { return err } if str != "" { c.Request.Body = ioutil.NopCloser(bytes.NewBuffer([]byte(str))) var bodyParams = map[string]string{} err = json.Unmarshal([]byte(str), &bodyParams) if err != nil { return err } for key, value := range bodyParams { query[key] = value } } } } //3.query参数按照 ASCII 码从小到大排序 str := utils.JoinStringsInASCII(query, "&", false, false, "") //4.md5加密 转小写 signValue := strings.ToLower(utils.Md5(str)) //5.判断跟前端传来的sign是否一致 if sign != signValue { return errors.New("非法签名!") } //6、判断时效性 currentTimestamp := time.Now().Unix() storedTimestamp, err := strconv.ParseInt(query["timestamp"], 10, 64) if err != nil { return err } if currentTimestamp-storedTimestamp > 300 { // 5分钟 return fmt.Errorf("签名过期!") } return nil }