|
- package auth
-
- import (
- "bytes"
- "errors"
- "fmt"
- "golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/requests"
- "golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/utils"
- "net/http"
- "net/url"
- "strconv"
- "strings"
- "time"
- )
-
- func signRpcRequest(request requests.AcsRequest, signer Signer) (err error) {
- err = completeRpcSignParams(request, signer)
- if err != nil {
- return
- }
- if _, isContainsSign := request.GetQueryParams()["sign"]; isContainsSign {
- delete(request.GetQueryParams(), "sign")
- }
-
- stringToSign := buildRpcStringToSign(request)
- request.SetStringToSign(stringToSign)
- signature := signer.Sign(stringToSign, "&")
- request.GetQueryParams()["sign"] = signature
- debug("grsdk sign %s", signature)
- return
- }
-
- func completeRpcSignParams(request requests.AcsRequest, signer Signer) (err error) {
-
- var accessKeyFrom string
- if accessKeyFrom, err = signer.GetAccessKeyFrom(); err != nil {
- return
- }
-
- queryParams := request.GetQueryParams()
- queryParams["access_time"] = fmt.Sprintf("%d", time.Now().Unix())
- queryParams["access_key"], err = signer.GetAccessKeyId()
- queryParams["access_from"] = accessKeyFrom
-
- if err != nil {
- return
- }
-
- request.GetHeaders()["Content-type"] = requests.Form
- request.GetHeaders()["Gr-Sdk-From"] = accessKeyFrom
- formString := utils.GetUrlFormedMap(request.GetFormParams())
- request.SetContent(bytes.NewBufferString(formString).Bytes())
- return
- }
-
- func buildRpcStringToSign(request requests.AcsRequest) (stringToSign string) {
- signParams := make(map[string]string)
- for key, value := range request.GetQueryParams() {
- signParams[key] = value
- }
-
- if strings.ToUpper(request.GetMethod()) == requests.POST {
- for key, value := range request.GetFormParams() {
- signParams[key] = value
- }
- }
-
- stringToSign = utils.GetUrlFormedMap(signParams)
- stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
- stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
- stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
- stringToSign = url.QueryEscape(stringToSign)
- stringToSign = request.GetMethod() + "&%2F&" + stringToSign
- return
- }
-
- func unsignRpcRequest(request *http.Request, signer Signer) (err error) {
- signParams := make(map[string]string)
- for key, value := range request.URL.Query() {
- signParams[key] = value[0]
- }
-
- if strings.ToUpper(request.Method) == requests.POST {
- for key, value := range request.Form {
- signParams[key] = value[0]
- }
- }
-
- if accessKey, err := signer.GetAccessKeyId(); err != nil {
- return err
- } else if accessKey == "" {
- return errors.New("access key is not allow empty")
- } else if accessKey != signParams["access_key"] {
- return errors.New("illegal access key")
- }
-
- signValue, ok := signParams["sign"]
- if !ok {
- return errors.New("sign value is not exists")
- } else {
- delete(signParams, "sign")
- }
-
- stringToSign := utils.GetUrlFormedMap(signParams)
- stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
- stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
- stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
- stringToSign = url.QueryEscape(stringToSign)
- stringToSign = request.Method + "&%2F&" + stringToSign
- debug("grsdk signstring %s", stringToSign)
-
- if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil {
- return err
- } else {
- if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) {
- err = errors.New("sign timeout 5 minute")
- }
- }
-
- if signer.Sign(stringToSign, "&") != signValue {
- return errors.New("sign string is not correct")
- }
- return
- }
|
