From 2f5fff47d8b3d541314c404609c464d8f323abe6 Mon Sep 17 00:00:00 2001
From: ouqiang <qingqianludao@gmail.com>
Date: Tue, 23 May 2017 15:16:39 +0800
Subject: [PATCH] =?UTF-8?q?API=E6=8E=A5=E5=8F=A3=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E7=AD=BE=E5=90=8D=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/setting/setting.go | 13 +++++-----
 routers/install/install.go | 30 ++++++++++++----------
 routers/routers.go         | 52 +++++++++++++++++++++++++++++++++++---
 3 files changed, 72 insertions(+), 23 deletions(-)

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index e40ffdb..334da08 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -19,10 +19,13 @@ func Read(filename string) (*ini.Section,error) {
 }
 
 // 写入配置
-func Write(config map[string]string, filename string) error {
+func Write(config []string, filename string) error {
     if len(config) == 0 {
         return errors.New("参数不能为空")
     }
+    if len(config) % 2 != 0 {
+        return errors.New("参数不匹配")
+    }
 
     file := ini.Empty()
 
@@ -30,14 +33,12 @@ func Write(config map[string]string, filename string) error {
     if err != nil {
         return err
     }
-    for key, value := range config {
-        if key == "" {
-            continue
-        }
-        _, err = section.NewKey(key, value)
+    for i := 0 ;i < len(config); {
+        _, err = section.NewKey(config[i], config[i+1])
         if err != nil {
             return err
         }
+        i += 2
     }
     err = file.SaveTo(filename)
 
diff --git a/routers/install/install.go b/routers/install/install.go
index 12beb33..091cb67 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -102,20 +102,22 @@ func Store(ctx *macaron.Context, form InstallForm) string {
 
 // 配置写入文件
 func writeConfig(form InstallForm) error {
-    dbConfig := map[string]string{
-        "db.engine":   form.DbType,
-        "db.host":     form.DbHost,
-        "db.port":     strconv.Itoa(form.DbPort),
-        "db.user":     form.DbUsername,
-        "db.password": form.DbPassword,
-        "db.database": form.DbName,
-        "db.prefix":   form.DbTablePrefix,
-        "db.charset":  "utf8",
-        "allow_ips" : "",
-        "app.name": "定时任务管理系统", // 应用名称
-        "delay.task.enable": "false", // 是否开启延时任务
-        "delay.task.slots": "3600", // 时间轮槽数量
-        "delay.task.tick": "1s", // 时间轮每次转动的时间
+    dbConfig := []string{
+        "db.engine",   form.DbType,
+        "db.host",    form.DbHost,
+        "db.port",     strconv.Itoa(form.DbPort),
+        "db.user",     form.DbUsername,
+        "db.password",form.DbPassword,
+        "db.database", form.DbName,
+        "db.prefix",   form.DbTablePrefix,
+        "db.charset",  "utf8",
+        "allow_ips", "",
+        "app.name", "定时任务管理系统", // 应用名称
+        "delay.task.enable", "false", // 是否开启延时任务
+        "delay.task.slots", "3600", // 时间轮槽数量
+        "delay.task.tick", "1s", // 时间轮每次转动的时间
+        "api.key", "",
+        "api.secret", "",
     }
 
     return setting.Write(dbConfig, app.AppConfig)
diff --git a/routers/routers.go b/routers/routers.go
index ed0c5bc..fc375ed 100644
--- a/routers/routers.go
+++ b/routers/routers.go
@@ -18,6 +18,8 @@ import (
     "github.com/ouqiang/gocron/routers/manage"
     "github.com/ouqiang/gocron/routers/loginlog"
     "github.com/ouqiang/gocron/routers/delaytask"
+    "time"
+    "strconv"
 )
 
 // 静态文件目录
@@ -99,7 +101,7 @@ func Register(m *macaron.Macaron) {
        m.Post("/tasklog/remove/:id", tasklog.Remove)
        m.Post("/delaytask/push", delaytask.Create)
        m.Post("/delaytask/log/remove/:id", delaytask.Remove)
-    });
+    }, apiAuth);
 
     // 404错误
     m.NotFound(func(ctx *macaron.Context) {
@@ -207,8 +209,6 @@ func userAuth(ctx *macaron.Context, sess session.Store)  {
     }
 }
 
-// endregion
-
 /** 设置共享数据 **/
 func setShareData(ctx *macaron.Context, sess session.Store)  {
     ctx.Data["URI"] = ctx.Req.URL.Path
@@ -227,6 +227,52 @@ func setShareData(ctx *macaron.Context, sess session.Store)  {
     ctx.Data["AppName"] = app.Setting.Key("app.name").String()
 }
 
+/** API接口签名验证 **/
+func apiAuth(ctx *macaron.Context)  {
+    apiSignEnable := app.Setting.Key("app.sign.enable").String()
+    apiSignEnable = strings.TrimSpace(apiSignEnable)
+    if apiSignEnable == "false" {
+        return
+    }
+    apiKey := app.Setting.Key("api.key").String()
+    apiSecret := app.Setting.Key("api.secret").String()
+    apiKey = strings.TrimSpace(apiKey)
+    apiSecret = strings.TrimSpace(apiSecret)
+    json := utils.JsonResponse{}
+    if apiKey == "" || apiSecret == "" {
+        msg := json.CommonFailure("使用API前, 请先配置密钥")
+        ctx.Write([]byte(msg))
+        return
+    }
+    currentTimestamp := time.Now().Unix()
+    time := ctx.QueryInt64("time")
+    if time <= 0 {
+        msg := json.CommonFailure("参数time不能为空")
+        ctx.Write([]byte(msg))
+        return
+    }
+    if time < (currentTimestamp - 1800) {
+        msg := json.CommonFailure("time无效")
+        ctx.Write([]byte(msg))
+        return
+    }
+    sign := ctx.QueryTrim("sign")
+    if sign == "" {
+        msg := json.CommonFailure("参数sign不能为空")
+        ctx.Write([]byte(msg))
+        return
+    }
+    raw := apiKey + strconv.FormatInt(time, 10) + strings.TrimSpace(ctx.Req.URL.Path) + apiSecret
+    realSign := utils.Md5(raw)
+    if sign  != realSign {
+        msg := json.CommonFailure("签名验证失败")
+        ctx.Write([]byte(msg))
+        return
+    }
+}
+
+// endregion
+
 func isAjaxRequest(ctx *macaron.Context) bool {
     req := ctx.Req.Header.Get("X-Requested-With")
     if req == "XMLHttpRequest" {