From dc613b97f51d2d5ee27f74df8a39e85764302182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=B0=E4=BA=AE?= Date: Mon, 30 Sep 2019 11:13:58 +0800 Subject: [PATCH] =?UTF-8?q?Add=20=E8=B7=AF=E7=94=B1=E4=B8=AD=E9=97=B4?= =?UTF-8?q?=E4=BB=B6=20MD5=20=E7=AD=BE=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/config/config.go | 7 ++ app/route/middleware/sign/md5/md5.go | 107 +++++++++++++++++++++++++++ app/route/route.go | 3 +- app/util/md5.go | 12 +++ 4 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 app/route/middleware/sign/md5/md5.go create mode 100644 app/util/md5.go diff --git a/app/config/config.go b/app/config/config.go index 4bf1accb..6b99ae82 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -5,6 +5,13 @@ const ( AppPort = ":9999" AppName = "go-gin-api" + // MD5 密钥 + AppSignSecret = "4OhYXtDYNYxQsGetqASVOTP37jGt5gGY" + + // MD5 签名超时时间 120s + AppSignExpiry = "120" + + // 超时时间 AppReadTimeout = 120 AppWriteTimeout = 120 diff --git a/app/route/middleware/sign/md5/md5.go b/app/route/middleware/sign/md5/md5.go new file mode 100644 index 00000000..18d9b0f2 --- /dev/null +++ b/app/route/middleware/sign/md5/md5.go @@ -0,0 +1,107 @@ +package sign_md5 + +import ( + "errors" + "fmt" + "github.com/gin-gonic/gin" + "go-gin-api/app/config" + "go-gin-api/app/util" + "net/url" + "sort" + "strconv" + "time" +) + +// MD5 组合加密 +func SetUp() gin.HandlerFunc { + + return func(c *gin.Context) { + utilGin := util.Gin{Ctx: c} + + sign, err := verifyMD5Sign(c) + + if sign != nil { + utilGin.Response(-1, "Debug Sign", sign) + c.Abort() + return + } + + if err != nil { + utilGin.Response(-1, err.Error(), sign) + c.Abort() + return + } + + c.Next() + } +} + +// 创建签名 +func createMD5Sign(params url.Values) string { + var key []string + var str = "" + for k := range params { + if k != "sn" && k != "ts" && k != "debug" { + key = append(key, k) + } + } + sort.Strings(key) + for i := 0; i < len(key); i++ { + if i == 0 { + str = fmt.Sprintf("%v=%v", key[i], params.Get(key[i])) + } else { + str = str + fmt.Sprintf("&%v=%v", key[i], params.Get(key[i])) + } + } + + // 自定义签名算法 + sign := util.MD5(config.AppSignSecret + str + config.AppSignSecret) + return sign +} + +// 验证签名 +func verifyMD5Sign(c *gin.Context) (map[string]string, error) { + var method = c.Request.Method + var ts int64 + var sn string + var req url.Values + var debug string + + if method == "GET" { + req = c.Request.URL.Query() + sn = c.Query("sn") + debug = c.Query("debug") + ts, _ = strconv.ParseInt(c.Query("ts"), 10, 64) + } else if method == "POST" { + _ = c.Request.ParseForm() + req = c.Request.PostForm + sn = c.PostForm("sn") + debug = c.PostForm("debug") + ts, _ = strconv.ParseInt(c.PostForm("ts"), 10, 64) + } else { + return nil, errors.New("非法请求") + } + + if debug == "1" { + res := map[string]string{ + "ts": strconv.FormatInt(util.GetCurrentUnix(), 10), + "sn": createMD5Sign(req), + } + return res, nil + } + + exp, _ := strconv.ParseInt(config.AppSignExpiry, 10, 64) + + // 验证过期时间 + timestamp := time.Now().Unix() + if ts > timestamp || timestamp - ts >= exp { + return nil, errors.New("ts Error") + } + + // 验证签名 + if sn == "" || sn != createMD5Sign(req) { + return nil, errors.New("sn Error") + } + + return nil, nil +} diff --git a/app/route/route.go b/app/route/route.go index 68be2c70..26ae3422 100644 --- a/app/route/route.go +++ b/app/route/route.go @@ -7,6 +7,7 @@ import ( "go-gin-api/app/route/middleware/exception" "go-gin-api/app/route/middleware/jaeger" "go-gin-api/app/route/middleware/logger" + signMD5 "go-gin-api/app/route/middleware/sign/md5" "go-gin-api/app/util" ) @@ -31,7 +32,7 @@ func SetupRouter(engine *gin.Engine) { //@todo 记录请求超时的路由 - ProductRouter := engine.Group("/product") + ProductRouter := engine.Group("/product").Use(signMD5.SetUp()) { // 新增产品 ProductRouter.POST("", product.Add) diff --git a/app/util/md5.go b/app/util/md5.go new file mode 100644 index 00000000..42ca96a5 --- /dev/null +++ b/app/util/md5.go @@ -0,0 +1,12 @@ +package util + +import ( + "crypto/md5" + "encoding/hex" +) + +func MD5(str string) string { + s := md5.New() + s.Write([]byte(str)) + return hex.EncodeToString(s.Sum(nil)) +}