jinql
/
gocron
mirror of https://github.com/ouqiang/gocron
1
0
Fork 0
Code Issues Releases Wiki Activity

API接口增加签名验证

pull/21/merge
ouqiang 2017-05-23 15:16:39 +08:00
parent 94197e0511
commit 2f5fff47d8
3 changed files with 72 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/setting/setting.go
View File

@ -19,10 +19,13 @@ func Read(filename string) (*ini.Section,error) {
} }
// 写入配置 // 写入配置
func Write(config map[string]string, filename string) error { func Write(config []string, filename string) error {
if len(config) == 0 { if len(config) == 0 {
return errors.New("参数不能为空") return errors.New("参数不能为空")
} }
if len(config) % 2 != 0 {
return errors.New("参数不匹配")
}
file := ini.Empty() file := ini.Empty()
@ -30,14 +33,12 @@ func Write(config map[string]string, filename string) error {
if err != nil { if err != nil {
return err return err
} }
for key, value := range config { for i := 0 ;i < len(config); {
if key == "" { _, err = section.NewKey(config[i], config[i+1])
continue
}
_, err = section.NewKey(key, value)
if err != nil { if err != nil {
return err return err
} }
i += 2
} }
err = file.SaveTo(filename) err = file.SaveTo(filename)

30
routers/install/install.go
View File

@ -102,20 +102,22 @@ func Store(ctx *macaron.Context, form InstallForm) string {
// 配置写入文件 // 配置写入文件
func writeConfig(form InstallForm) error { func writeConfig(form InstallForm) error {
dbConfig := map[string]string{ dbConfig := []string{
"db.engine": form.DbType, "db.engine", form.DbType,
"db.host": form.DbHost, "db.host", form.DbHost,
"db.port": strconv.Itoa(form.DbPort), "db.port", strconv.Itoa(form.DbPort),
"db.user": form.DbUsername, "db.user", form.DbUsername,
"db.password": form.DbPassword, "db.password",form.DbPassword,
"db.database": form.DbName, "db.database", form.DbName,
"db.prefix": form.DbTablePrefix, "db.prefix", form.DbTablePrefix,
"db.charset": "utf8", "db.charset", "utf8",
"allow_ips" : "", "allow_ips", "",
"app.name": "定时任务管理系统", // 应用名称 "app.name", "定时任务管理系统", // 应用名称
"delay.task.enable": "false", // 是否开启延时任务 "delay.task.enable", "false", // 是否开启延时任务
"delay.task.slots": "3600", // 时间轮槽数量 "delay.task.slots", "3600", // 时间轮槽数量
"delay.task.tick": "1s", // 时间轮每次转动的时间 "delay.task.tick", "1s", // 时间轮每次转动的时间
"api.key", "",
"api.secret", "",
} }
return setting.Write(dbConfig, app.AppConfig) return setting.Write(dbConfig, app.AppConfig)

52
routers/routers.go
View File

@ -18,6 +18,8 @@ import (
"github.com/ouqiang/gocron/routers/manage" "github.com/ouqiang/gocron/routers/manage"
"github.com/ouqiang/gocron/routers/loginlog" "github.com/ouqiang/gocron/routers/loginlog"
"github.com/ouqiang/gocron/routers/delaytask" "github.com/ouqiang/gocron/routers/delaytask"
"time"
"strconv"
) )
// 静态文件目录 // 静态文件目录
@ -99,7 +101,7 @@ func Register(m *macaron.Macaron) {
m.Post("/tasklog/remove/:id", tasklog.Remove) m.Post("/tasklog/remove/:id", tasklog.Remove)
m.Post("/delaytask/push", delaytask.Create) m.Post("/delaytask/push", delaytask.Create)
m.Post("/delaytask/log/remove/:id", delaytask.Remove) m.Post("/delaytask/log/remove/:id", delaytask.Remove)
}); }, apiAuth);
// 404错误 // 404错误
m.NotFound(func(ctx *macaron.Context) { m.NotFound(func(ctx *macaron.Context) {
@ -207,8 +209,6 @@ func userAuth(ctx *macaron.Context, sess session.Store) {
} }
} }
// endregion
/** 设置共享数据 **/ /** 设置共享数据 **/
func setShareData(ctx *macaron.Context, sess session.Store) { func setShareData(ctx *macaron.Context, sess session.Store) {
ctx.Data["URI"] = ctx.Req.URL.Path ctx.Data["URI"] = ctx.Req.URL.Path
@ -227,6 +227,52 @@ func setShareData(ctx *macaron.Context, sess session.Store) {
ctx.Data["AppName"] = app.Setting.Key("app.name").String() ctx.Data["AppName"] = app.Setting.Key("app.name").String()
} }
/** API接口签名验证 **/
func apiAuth(ctx *macaron.Context) {
apiSignEnable := app.Setting.Key("app.sign.enable").String()
apiSignEnable = strings.TrimSpace(apiSignEnable)
if apiSignEnable == "false" {
return
}
apiKey := app.Setting.Key("api.key").String()
apiSecret := app.Setting.Key("api.secret").String()
apiKey = strings.TrimSpace(apiKey)
apiSecret = strings.TrimSpace(apiSecret)
json := utils.JsonResponse{}
if apiKey == "" || apiSecret == "" {
msg := json.CommonFailure("使用API前, 请先配置密钥")
ctx.Write([]byte(msg))
return
}
currentTimestamp := time.Now().Unix()
time := ctx.QueryInt64("time")
if time <= 0 {
msg := json.CommonFailure("参数time不能为空")
ctx.Write([]byte(msg))
return
}
if time < (currentTimestamp - 1800) {
msg := json.CommonFailure("time无效")
ctx.Write([]byte(msg))
return
}
sign := ctx.QueryTrim("sign")
if sign == "" {
msg := json.CommonFailure("参数sign不能为空")
ctx.Write([]byte(msg))
return
}
raw := apiKey + strconv.FormatInt(time, 10) + strings.TrimSpace(ctx.Req.URL.Path) + apiSecret
realSign := utils.Md5(raw)
if sign != realSign {
msg := json.CommonFailure("签名验证失败")
ctx.Write([]byte(msg))
return
}
}
// endregion
func isAjaxRequest(ctx *macaron.Context) bool { func isAjaxRequest(ctx *macaron.Context) bool {
req := ctx.Req.Header.Get("X-Requested-With") req := ctx.Req.Header.Get("X-Requested-With")
if req == "XMLHttpRequest" { if req == "XMLHttpRequest" {