package auth import ( "bytes" "errors" "fmt" "golib.gaore.com/GaoreGo/haiwai-common-sdk-go/sdk/requests" "golib.gaore.com/GaoreGo/haiwai-common-sdk-go/sdk/utils" "net/http" "net/url" "strconv" "strings" "time" ) func signRpcRequest(request requests.AcsRequest, signer Signer) (err error) { err = completeRpcSignParams(request, signer) if err != nil { return } if _, isContainsSign := request.GetQueryParams()["sign"]; isContainsSign { delete(request.GetQueryParams(), "sign") } stringToSign := buildRpcStringToSign(request) request.SetStringToSign(stringToSign) signature := signer.Sign(stringToSign, "&") accessKeyForm, err := signer.GetAccessKeyFrom() if err != nil { return } if accessKeyForm != "" { request.GetQueryParams()["sign"] = signature } debug("GrSdk sign: %s", signature) debug("GrSdk sign string: %s", stringToSign) debug("GrSdk sign: \r\n") return } func completeRpcSignParams(request requests.AcsRequest, signer Signer) (err error) { var accessKeyFrom string if accessKeyFrom, err = signer.GetAccessKeyFrom(); err != nil { return } if accessKeyFrom != "" { queryParams := request.GetQueryParams() queryParams["access_time"] = fmt.Sprintf("%d", time.Now().Unix()) queryParams["access_key"], err = signer.GetAccessKeyId() queryParams["access_from"] = accessKeyFrom if err != nil { return } request.GetHeaders()["Gr-Sdk-From"] = accessKeyFrom } request.GetHeaders()["Content-type"] = requests.Form formString := utils.GetUrlFormedMap(request.GetFormParams()) request.SetContent(bytes.NewBufferString(formString).Bytes()) return } func buildRpcStringToSign(request requests.AcsRequest) (stringToSign string) { signParams := make(map[string]string) for key, value := range request.GetQueryParams() { signParams[key] = value } if strings.ToUpper(request.GetMethod()) == requests.POST { for key, value := range request.GetFormParams() { signParams[key] = value } } stringToSign = utils.GetUrlFormedMap(signParams) stringToSign = strings.Replace(stringToSign, "+", "%20", -1) stringToSign = strings.Replace(stringToSign, "*", "%2A", -1) stringToSign = strings.Replace(stringToSign, "%7E", "~", -1) stringToSign = url.QueryEscape(stringToSign) stringToSign = request.GetMethod() + "&%2F&" + stringToSign return } func unsignRpcRequest(request *http.Request, signer Signer) (err error) { signParams := make(map[string]string) for key, value := range request.URL.Query() { signParams[key] = value[0] } if strings.ToUpper(request.Method) == requests.POST { for key, value := range request.Form { signParams[key] = value[0] } } if accessKey, err := signer.GetAccessKeyId(); err != nil { return err } else if accessKey == "" { return errors.New("access key is not allow empty") } else if accessKey != signParams["access_key"] { return errors.New("illegal access key") } signValue, ok := signParams["sign"] if !ok { return errors.New("sign value is not exists") } else { delete(signParams, "sign") } stringToSign := utils.GetUrlFormedMap(signParams) stringToSign = strings.Replace(stringToSign, "+", "%20", -1) stringToSign = strings.Replace(stringToSign, "*", "%2A", -1) stringToSign = strings.Replace(stringToSign, "%7E", "~", -1) stringToSign = url.QueryEscape(stringToSign) stringToSign = request.Method + "&%2F&" + stringToSign debug("GrSdk sign: %s", stringToSign) if timestamp, err := strconv.ParseInt(signParams["access_time"], 10, 64); err != nil { return err } else { if time.Unix(timestamp, 0).Before(time.Now().Add(-5 * time.Minute)) { err = errors.New("sign timeout 5 minute") } } if signer.Sign(stringToSign, "&") != signValue { return errors.New("sign string is not correct") } return }