datasignMiddleware.go 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. package middleware
  2. import (
  3. "GtDataStore/app/cmd/dtgateway/internal/config"
  4. "GtDataStore/app/model"
  5. "GtDataStore/common/crypto/md5"
  6. "GtDataStore/common/utils"
  7. "GtDataStore/common/xerr"
  8. "bytes"
  9. "context"
  10. "fmt"
  11. "github.com/zeromicro/go-zero/core/stores/sqlx"
  12. "github.com/zeromicro/go-zero/core/validation"
  13. "github.com/zeromicro/go-zero/rest/httpx"
  14. "io/ioutil"
  15. "k8s.io/apimachinery/pkg/util/json"
  16. "math"
  17. "net/http"
  18. "net/url"
  19. "sync"
  20. "sync/atomic"
  21. "time"
  22. )
  23. const (
  24. TIME_OUT = 10 // ts时间窗口大小, 单位: 秒
  25. S2_MIN_LENGTH = 2048
  26. S2_HEAD_LENGTH = 200
  27. S2_TAIL_LENGTH = 200
  28. APP_SECRET_CACHE_EXPIRE = 600
  29. )
  30. var (
  31. appSecrets = make(map[string]secretExpire)
  32. appSecretsLock sync.Mutex
  33. validator atomic.Value
  34. )
  35. type (
  36. secretExpire struct {
  37. Secret string
  38. Status int64
  39. Expire time.Time
  40. }
  41. DataSignMiddleware struct {
  42. AppInfo model.DcAppInfoModel
  43. }
  44. CommonParams struct {
  45. Ts int64 `form:"ts"`
  46. ProjectId int64 `form:"project_id"`
  47. Sign string `form:"sign"`
  48. SignFlag uint8 `form:"sign_flag,optional"`
  49. AppName string `header:"APP-NAME"`
  50. }
  51. )
  52. func NewDataSignMiddleware(conf config.Config) *DataSignMiddleware {
  53. mysql := sqlx.NewMysql(conf.DtDataStoreDB.DataSource)
  54. return &DataSignMiddleware{
  55. AppInfo: model.NewDcAppInfoModel(mysql),
  56. }
  57. }
  58. func (m *DataSignMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
  59. return func(w http.ResponseWriter, r *http.Request) {
  60. cps := CommonParams{}
  61. err := m.parseCommonParams(r, &cps)
  62. if err != nil {
  63. httpx.WriteJson(w, http.StatusOK, map[string]interface{}{
  64. "code": xerr.REUQEST_PARAM_ERROR,
  65. "msg": err.Error(),
  66. })
  67. return
  68. }
  69. // 验证时间窗口
  70. if m.checkTs(cps.Ts) == false {
  71. httpx.WriteJson(w, http.StatusOK, map[string]interface{}{
  72. "code": xerr.REUQEST_PARAM_TS_ERROR,
  73. "msg": "请求参数错误",
  74. })
  75. return
  76. }
  77. // 得到secret, 如果发生错误, 则响应失败
  78. appSecret, err := m.getAppSecret(cps.AppName)
  79. if err != nil {
  80. httpx.WriteJson(w, http.StatusOK, map[string]interface{}{
  81. "code": xerr.REUQEST_PARAM_APP_NAME_ERROR,
  82. "msg": err.Error(),
  83. })
  84. return
  85. }
  86. // 解析query, 得到sign和s1
  87. s1, err := m.parseQuery(r)
  88. if err != nil {
  89. fmt.Printf("m.parseQuery(r) error :s\n", err.Error())
  90. }
  91. s2, err := m.parseBody(r)
  92. if err != nil {
  93. fmt.Printf("m.parseBody(r) error :s\n", err.Error())
  94. }
  95. s3 := r.ContentLength
  96. csign := m.calcSign(s1, s2, appSecret, s3, cps.SignFlag)
  97. if csign != cps.Sign {
  98. httpx.WriteJson(w, http.StatusOK, map[string]interface{}{
  99. "code": xerr.REUQEST_PARAM_DATA_SIGN_ERROR,
  100. "msg": "未通过数据认证",
  101. })
  102. return
  103. }
  104. next(w, r)
  105. }
  106. }
  107. func (m *DataSignMiddleware) calcSign(s1, s2, appSecret string, s3 int64, signFlag uint8) string {
  108. // 处理s2
  109. if signFlag == 1 {
  110. s2 = m.cutS2(s2)
  111. } else {
  112. s2, _ = m.sortS2(s2)
  113. }
  114. //fmt.Printf("sign data: %s\n", fmt.Sprintf("%s_%s_%d_%s", s1, s2, s3, appSecret))
  115. //fmt.Printf("md5: %s\n", md5.Md5([]byte(fmt.Sprintf("%s%s%d%s", s1, s2, s3, appSecret))))
  116. return md5.Md5([]byte(fmt.Sprintf("%s%s%d%s", s1, s2, s3, appSecret)))
  117. }
  118. func (m *DataSignMiddleware) cutS2(s2 string) string {
  119. s2l := len(s2)
  120. if s2l <= S2_MIN_LENGTH {
  121. return s2
  122. }
  123. return fmt.Sprintf("%s%s", s2[:S2_HEAD_LENGTH], s2[s2l-S2_TAIL_LENGTH:])
  124. }
  125. func (m *DataSignMiddleware) sortS2(s2 string) (string, error) {
  126. var mi map[string]interface{}
  127. if err := json.Unmarshal([]byte(s2), &mi); err != nil {
  128. return "", err
  129. }
  130. smi := utils.SortMapByKey(mi)
  131. if bs, err := json.Marshal(smi); err != nil {
  132. return "", err
  133. } else {
  134. return string(bs), nil
  135. }
  136. }
  137. func (m *DataSignMiddleware) parseCommonParams(r *http.Request, v any) error {
  138. if err := httpx.ParsePath(r, v); err != nil {
  139. return err
  140. }
  141. if err := httpx.ParseForm(r, v); err != nil {
  142. return err
  143. }
  144. if err := httpx.ParseHeaders(r, v); err != nil {
  145. return err
  146. }
  147. if valid, ok := v.(validation.Validator); ok {
  148. return valid.Validate()
  149. } else if val := validator.Load(); val != nil {
  150. return val.(httpx.Validator).Validate(r, v)
  151. }
  152. return nil
  153. }
  154. func (m *DataSignMiddleware) parseBody(r *http.Request) (body string, err error) {
  155. if r.Method == http.MethodGet {
  156. return "", nil
  157. }
  158. cnt, _ := ioutil.ReadAll(r.Body)
  159. r.Body = ioutil.NopCloser(bytes.NewReader(cnt))
  160. return string(cnt), nil
  161. }
  162. func (m *DataSignMiddleware) parseQuery(r *http.Request) (query string, err error) {
  163. if vs, err := url.ParseQuery(r.URL.RawQuery); err != nil {
  164. return "", err
  165. } else {
  166. vs.Del("sign")
  167. return vs.Encode(), nil
  168. }
  169. }
  170. func (m *DataSignMiddleware) getAppSecret(appName string) (string, error) {
  171. if secret, ok := appSecrets[appName]; ok {
  172. if secret.Expire.After(time.Now()) == false {
  173. return secret.Secret, nil
  174. }
  175. }
  176. // 从数据库中读取appSecret
  177. if appInfo, err := m.AppInfo.FindOneByAppName(context.Background(), appName); err == nil {
  178. appSecretsLock.Lock()
  179. defer appSecretsLock.Unlock()
  180. appSecrets[appName] = secretExpire{
  181. Secret: appInfo.Secret,
  182. Status: appInfo.Status,
  183. Expire: time.Now().Add(APP_SECRET_CACHE_EXPIRE * time.Second),
  184. }
  185. if appInfo.Status == 0 {
  186. return appInfo.Secret, nil
  187. }
  188. }
  189. return "", xerr.NewErrCodeMsg(xerr.REUQEST_PARAM_APP_NAME_ERROR, "该app name错误, 无法进行数据验签")
  190. }
  191. func (m *DataSignMiddleware) checkTs(ts int64) bool {
  192. return math.Abs(float64(time.Now().Unix()-ts)) <= TIME_OUT
  193. }