haiwai-common-sdk-go/sdk/auth/rali_signature_composer.go

package auth

import (
	"bytes"
	"errors"
	"fmt"
	"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/requests"
	"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/utils"
	"net/http"
	"net/url"
	"sort"
	"strconv"
	"strings"
	"time"
)

func signRaliRequest(request requests.AcsRequest, signer Signer) (err error) {
	err = completeRaliSignParams(request, signer)
	if err != nil {
		return
	}

	stringToSign := buildRaliStringToSign(request)
	request.SetStringToSign(stringToSign)
	signature := signer.Sign(stringToSign, "")
	request.GetHeaders()["X-Ca-Signature"] = signature

	debug("GrSdk sign: %s", signature)
	debug("GrSdk sign string: %s", strings.ReplaceAll(stringToSign, "\n", "#"))
	debug("GrSdk sign: \r\n")
	return
}

func completeRaliSignParams(request requests.AcsRequest, signer Signer) (err error) {

	request.GetHeaders()["X-Ca-Timestamp"] = fmt.Sprintf("%d", time.Now().Unix()*1000)
	request.GetHeaders()["X-Ca-Signature-Method"] = signer.GetName()
	request.GetHeaders()["X-Ca-Nonce"] = utils.GetUUID()
	request.GetHeaders()["X-Ca-Key"], err = signer.GetAccessKeyId()

	if request.GetEnv() != "" {
		request.GetHeaders()["X-Ca-Stage"] = request.GetEnv()
	}

	if request.GetMethod() == requests.POST {
		request.GetHeaders()["Content-type"] = requests.Form
	}

	formString := utils.GetUrlFormedMap(request.GetFormParams())
	request.SetContent(bytes.NewBufferString(formString).Bytes())
	return
}

func buildRaliSignHeader(request requests.AcsRequest) (str1, str2 string) {

	headParams := make(map[string]string)
	signatureHeaders := make([]string, 0)

	for key, val := range request.GetHeaders() {
		headParams[key] = val
	}

	delete(headParams, "X-Ca-Signature")
	delete(headParams, "X-Ca-Signature-Headers")
	delete(headParams, "Accept")
	delete(headParams, "Content-MD5")
	delete(headParams, "Content-Type")
	delete(headParams, "Date")

	for key, _ := range headParams {
		signatureHeaders = append(signatureHeaders, key)
	}

	sort.Strings(signatureHeaders)

	for _, key := range signatureHeaders {
		str1 += fmt.Sprintf("%s:%s\n", key, headParams[key])
	}

	return strings.TrimRight(str1, "\n"), strings.Join(signatureHeaders, ",")
}

func buildRaliStringToSign(request requests.AcsRequest) (stringToSign string) {
	signParams := make(map[string]string)
	for key, value := range request.GetQueryParams() {
		signParams[key] = value
	}

	if strings.ToUpper(request.GetMethod()) == requests.POST {
		for key, value := range request.GetFormParams() {
			signParams[key] = value
		}
	}

	str1, str2 := buildRaliSignHeader(request)

	stringToSign = request.GetMethod() + "\n"
	stringToSign += request.GetHeaders()["Accept"] + "\n\n"
	stringToSign += request.GetHeaders()["Content-type"] + "\n\n"
	stringToSign += str1 + "\n"
	stringToSign += request.GetActionName() + "?" + utils.GetUrlByKeySort(signParams)
	request.GetHeaders()["X-Ca-Signature-Headers"] = str2

	//stringToSign = utils.GetUrlFormedMap(signParams)
	//stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
	//stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
	//stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
	//stringToSign = url.QueryEscape(stringToSign)
	//stringToSign = request.GetMethod() + "&%2F&" + stringToSign
	return
}

func unsignRaliRequest(request *http.Request, signer Signer) (err error) {
	signParams := make(map[string]string)
	for key, value := range request.URL.Query() {
		signParams[key] = value[0]
	}

	if strings.ToUpper(request.Method) == requests.POST {
		for key, value := range request.Form {
			signParams[key] = value[0]
		}
	}

	if accessKey, err := signer.GetAccessKeyId(); err != nil {
		return err
	} else if accessKey == "" {
		return errors.New("access key is not allow empty")
	} else if accessKey != signParams["access_key"] {
		return errors.New("illegal access key")
	}

	signValue, ok := signParams["sign"]
	if !ok {
		return errors.New("sign value is not exists")
	} else {
		delete(signParams, "sign")
	}

	stringToSign := utils.GetUrlFormedMap(signParams)
	stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
	stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
	stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
	stringToSign = url.QueryEscape(stringToSign)
	stringToSign = request.Method + "&%2F&" + stringToSign
	debug("GrSdk sign: %s", stringToSign)

	if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil {
		return err
	} else {
		if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) {
			err = errors.New("sign timeout 5 minute")
		}
	}

	if signer.Sign(stringToSign, "&") != signValue {
		return errors.New("sign string is  not correct")
	}
	return
}
fork from gaore-common-sdk-go 2023-02-21 20:46:05 +08:00			`package auth`

			`import (`
			`"bytes"`
			`"errors"`
			`"fmt"`
			`"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/requests"`
			`"golib.gaore.com/GaoreGo/gaore-common-sdk-go/sdk/utils"`
			`"net/http"`
			`"net/url"`
			`"sort"`
			`"strconv"`
			`"strings"`
			`"time"`
			`)`

			`func signRaliRequest(request requests.AcsRequest, signer Signer) (err error) {`
			`err = completeRaliSignParams(request, signer)`
			`if err != nil {`
			`return`
			`}`

			`stringToSign := buildRaliStringToSign(request)`
			`request.SetStringToSign(stringToSign)`
			`signature := signer.Sign(stringToSign, "")`
			`request.GetHeaders()["X-Ca-Signature"] = signature`

			`debug("GrSdk sign: %s", signature)`
			`debug("GrSdk sign string: %s", strings.ReplaceAll(stringToSign, "\n", "#"))`
			`debug("GrSdk sign: \r\n")`
			`return`
			`}`

			`func completeRaliSignParams(request requests.AcsRequest, signer Signer) (err error) {`

			`request.GetHeaders()["X-Ca-Timestamp"] = fmt.Sprintf("%d", time.Now().Unix()*1000)`
			`request.GetHeaders()["X-Ca-Signature-Method"] = signer.GetName()`
			`request.GetHeaders()["X-Ca-Nonce"] = utils.GetUUID()`
			`request.GetHeaders()["X-Ca-Key"], err = signer.GetAccessKeyId()`

			`if request.GetEnv() != "" {`
			`request.GetHeaders()["X-Ca-Stage"] = request.GetEnv()`
			`}`

			`if request.GetMethod() == requests.POST {`
			`request.GetHeaders()["Content-type"] = requests.Form`
			`}`

			`formString := utils.GetUrlFormedMap(request.GetFormParams())`
			`request.SetContent(bytes.NewBufferString(formString).Bytes())`
			`return`
			`}`

			`func buildRaliSignHeader(request requests.AcsRequest) (str1, str2 string) {`

			`headParams := make(map[string]string)`
			`signatureHeaders := make([]string, 0)`

			`for key, val := range request.GetHeaders() {`
			`headParams[key] = val`
			`}`

			`delete(headParams, "X-Ca-Signature")`
			`delete(headParams, "X-Ca-Signature-Headers")`
			`delete(headParams, "Accept")`
			`delete(headParams, "Content-MD5")`
			`delete(headParams, "Content-Type")`
			`delete(headParams, "Date")`

			`for key, _ := range headParams {`
			`signatureHeaders = append(signatureHeaders, key)`
			`}`

			`sort.Strings(signatureHeaders)`

			`for _, key := range signatureHeaders {`
			`str1 += fmt.Sprintf("%s:%s\n", key, headParams[key])`
			`}`

			`return strings.TrimRight(str1, "\n"), strings.Join(signatureHeaders, ",")`
			`}`

			`func buildRaliStringToSign(request requests.AcsRequest) (stringToSign string) {`
			`signParams := make(map[string]string)`
			`for key, value := range request.GetQueryParams() {`
			`signParams[key] = value`
			`}`

			`if strings.ToUpper(request.GetMethod()) == requests.POST {`
			`for key, value := range request.GetFormParams() {`
			`signParams[key] = value`
			`}`
			`}`

			`str1, str2 := buildRaliSignHeader(request)`

			`stringToSign = request.GetMethod() + "\n"`
			`stringToSign += request.GetHeaders()["Accept"] + "\n\n"`
			`stringToSign += request.GetHeaders()["Content-type"] + "\n\n"`
			`stringToSign += str1 + "\n"`
			`stringToSign += request.GetActionName() + "?" + utils.GetUrlByKeySort(signParams)`
			`request.GetHeaders()["X-Ca-Signature-Headers"] = str2`

			`//stringToSign = utils.GetUrlFormedMap(signParams)`
			`//stringToSign = strings.Replace(stringToSign, "+", "%20", -1)`
			`//stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)`
			`//stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)`
			`//stringToSign = url.QueryEscape(stringToSign)`
			`//stringToSign = request.GetMethod() + "&%2F&" + stringToSign`
			`return`
			`}`

			`func unsignRaliRequest(request *http.Request, signer Signer) (err error) {`
			`signParams := make(map[string]string)`
			`for key, value := range request.URL.Query() {`
			`signParams[key] = value[0]`
			`}`

			`if strings.ToUpper(request.Method) == requests.POST {`
			`for key, value := range request.Form {`
			`signParams[key] = value[0]`
			`}`
			`}`

			`if accessKey, err := signer.GetAccessKeyId(); err != nil {`
			`return err`
			`} else if accessKey == "" {`
			`return errors.New("access key is not allow empty")`
			`} else if accessKey != signParams["access_key"] {`
			`return errors.New("illegal access key")`
			`}`

			`signValue, ok := signParams["sign"]`
			`if !ok {`
			`return errors.New("sign value is not exists")`
			`} else {`
			`delete(signParams, "sign")`
			`}`

			`stringToSign := utils.GetUrlFormedMap(signParams)`
			`stringToSign = strings.Replace(stringToSign, "+", "%20", -1)`
			`stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)`
			`stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)`
			`stringToSign = url.QueryEscape(stringToSign)`
			`stringToSign = request.Method + "&%2F&" + stringToSign`
			`debug("GrSdk sign: %s", stringToSign)`

			`if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil {`
			`return err`
			`} else {`
			`if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) {`
			`err = errors.New("sign timeout 5 minute")`
			`}`
			`}`

			`if signer.Sign(stringToSign, "&") != signValue {`
			`return errors.New("sign string is not correct")`
			`}`
			`return`
			`}`