API接口增加签名验证

2017-05-23 15:16:39 +08:00 · 2017-05-23 15:16:39 +08:00 · 2f5fff47d8
parent 94197e0511
commit 2f5fff47d8
3 changed files with 72 additions and 23 deletions
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -19,10 +19,13 @@ func Read(filename string) (*ini.Section,error) {
 }

 // 写入配置
-func Write(config map[string]string, filename string) error {
+func Write(config []string, filename string) error {
    if len(config) == 0 {
        return errors.New("参数不能为空")
    }
+    if len(config) % 2 != 0 {
+        return errors.New("参数不匹配")
+    }

    file := ini.Empty()

@ -30,14 +33,12 @@ func Write(config map[string]string, filename string) error {
    if err != nil {
        return err
    }
-    for key, value := range config {
-        if key == "" {
-            continue
-        }
-        _, err = section.NewKey(key, value)
+    for i := 0 ;i < len(config); {
+        _, err = section.NewKey(config[i], config[i+1])
        if err != nil {
            return err
        }
+        i += 2
    }
    err = file.SaveTo(filename)

--- a/routers/install/install.go
+++ b/routers/install/install.go
@ -102,20 +102,22 @@ func Store(ctx *macaron.Context, form InstallForm) string {

 // 配置写入文件
 func writeConfig(form InstallForm) error {
-    dbConfig := map[string]string{
-        "db.engine":   form.DbType,
-        "db.host":     form.DbHost,
-        "db.port":     strconv.Itoa(form.DbPort),
-        "db.user":     form.DbUsername,
-        "db.password": form.DbPassword,
-        "db.database": form.DbName,
-        "db.prefix":   form.DbTablePrefix,
-        "db.charset":  "utf8",
-        "allow_ips" : "",
-        "app.name": "定时任务管理系统", // 应用名称
-        "delay.task.enable": "false", // 是否开启延时任务
-        "delay.task.slots": "3600", // 时间轮槽数量
-        "delay.task.tick": "1s", // 时间轮每次转动的时间
+    dbConfig := []string{
+        "db.engine",   form.DbType,
+        "db.host",    form.DbHost,
+        "db.port",     strconv.Itoa(form.DbPort),
+        "db.user",     form.DbUsername,
+        "db.password",form.DbPassword,
+        "db.database", form.DbName,
+        "db.prefix",   form.DbTablePrefix,
+        "db.charset",  "utf8",
+        "allow_ips", "",
+        "app.name", "定时任务管理系统", // 应用名称
+        "delay.task.enable", "false", // 是否开启延时任务
+        "delay.task.slots", "3600", // 时间轮槽数量
+        "delay.task.tick", "1s", // 时间轮每次转动的时间
+        "api.key", "",
+        "api.secret", "",
    }

    return setting.Write(dbConfig, app.AppConfig)
--- a/routers/routers.go
+++ b/routers/routers.go
@ -18,6 +18,8 @@ import (
    "github.com/ouqiang/gocron/routers/manage"
    "github.com/ouqiang/gocron/routers/loginlog"
    "github.com/ouqiang/gocron/routers/delaytask"
+    "time"
+    "strconv"
 )

 // 静态文件目录
@ -99,7 +101,7 @@ func Register(m *macaron.Macaron) {
       m.Post("/tasklog/remove/:id", tasklog.Remove)
       m.Post("/delaytask/push", delaytask.Create)
       m.Post("/delaytask/log/remove/:id", delaytask.Remove)
-    });
+    }, apiAuth);

    // 404错误
    m.NotFound(func(ctx *macaron.Context) {
@ -207,8 +209,6 @@ func userAuth(ctx *macaron.Context, sess session.Store)  {
    }
 }

-// endregion
-
 /** 设置共享数据 **/
 func setShareData(ctx *macaron.Context, sess session.Store)  {
    ctx.Data["URI"] = ctx.Req.URL.Path
@ -227,6 +227,52 @@ func setShareData(ctx *macaron.Context, sess session.Store)  {
    ctx.Data["AppName"] = app.Setting.Key("app.name").String()
 }

+/** API接口签名验证 **/
+func apiAuth(ctx *macaron.Context)  {
+    apiSignEnable := app.Setting.Key("app.sign.enable").String()
+    apiSignEnable = strings.TrimSpace(apiSignEnable)
+    if apiSignEnable == "false" {
+        return
+    }
+    apiKey := app.Setting.Key("api.key").String()
+    apiSecret := app.Setting.Key("api.secret").String()
+    apiKey = strings.TrimSpace(apiKey)
+    apiSecret = strings.TrimSpace(apiSecret)
+    json := utils.JsonResponse{}
+    if apiKey == "" || apiSecret == "" {
+        msg := json.CommonFailure("使用API前, 请先配置密钥")
+        ctx.Write([]byte(msg))
+        return
+    }
+    currentTimestamp := time.Now().Unix()
+    time := ctx.QueryInt64("time")
+    if time <= 0 {
+        msg := json.CommonFailure("参数time不能为空")
+        ctx.Write([]byte(msg))
+        return
+    }
+    if time < (currentTimestamp - 1800) {
+        msg := json.CommonFailure("time无效")
+        ctx.Write([]byte(msg))
+        return
+    }
+    sign := ctx.QueryTrim("sign")
+    if sign == "" {
+        msg := json.CommonFailure("参数sign不能为空")
+        ctx.Write([]byte(msg))
+        return
+    }
+    raw := apiKey + strconv.FormatInt(time, 10) + strings.TrimSpace(ctx.Req.URL.Path) + apiSecret
+    realSign := utils.Md5(raw)
+    if sign  != realSign {
+        msg := json.CommonFailure("签名验证失败")
+        ctx.Write([]byte(msg))
+        return
+    }
+}
+
+// endregion
+
 func isAjaxRequest(ctx *macaron.Context) bool {
    req := ctx.Req.Header.Get("X-Requested-With")
    if req == "XMLHttpRequest" {