This repository has been archived by the owner on Sep 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcredentials.go
106 lines (96 loc) · 2.89 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package wujiesdk
// @Title credentials.go
// @Description sign request
// @Create XdpCs 2023-09-10 20:47
// @Update XdpCs 2023-11-25 21:13
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"time"
"github.com/patrickmn/go-cache"
)
// Credentials is the credentials for wujie sdk
type Credentials struct {
AppID string
PrivateKey string
cache *cache.Cache
RsaPrivateKey *rsa.PrivateKey
}
// Sign the request
func (c *Credentials) Sign(req *http.Request) (*http.Request, error) {
auth, found := c.cache.Get(HTTPHeaderAuthorization)
if !found {
sign, err := c.sign()
if err != nil {
return nil, fmt.Errorf("c.sign(): sign fail: %w", err)
}
c.cache.Set(HTTPHeaderAuthorization, sign, DefaultExpiration)
auth = sign
}
req.Header.Set(HTTPHeaderAuthorization, auth.(string))
return req, nil
}
func (c *Credentials) sign() (string, error) {
var signContent struct {
AppID string `json:"appId"`
Timestamp int64 `json:"timestamp"`
}
signContent.AppID = c.AppID
signContent.Timestamp = time.Now().Unix()
data, err := json.Marshal(&signContent)
if err != nil {
return "", fmt.Errorf("json.Marshal: sign content: %v, marshal sign content fail: %w", signContent, err)
}
hash := sha256.New()
hash.Write(data)
digest := hash.Sum(nil)
signBytes, err := rsa.SignPKCS1v15(rand.Reader, c.RsaPrivateKey, crypto.SHA256, digest)
if err != nil {
return "", fmt.Errorf("rsa.SignPKCS1v15: digest: %v, sign fail: %w", digest, err)
}
signString := base64.StdEncoding.EncodeToString(signBytes)
authorization := map[string]string{
"sign": signString,
"secretKeyVersion": "1",
"appId": c.AppID,
"original": string(data),
}
auth, err := json.Marshal(authorization)
if err != nil {
return "", fmt.Errorf("json.Marshal: authorization: %v, marshal authorization fail: %w, ", authorization, err)
}
return string(auth), nil
}
// NewCredentials create a new credentials
func NewCredentials(appID, privateKey string) (*Credentials, error) {
c := &Credentials{
AppID: appID,
PrivateKey: privateKey,
cache: cache.New(DefaultExpiration, 10*time.Minute),
}
pkBytes, err := base64.StdEncoding.DecodeString(c.PrivateKey)
if err != nil {
return nil, fmt.Errorf("base64.StdEncoding.DecodeString: private key: %v, decode private key fail: %w", c.PrivateKey, err)
}
RsaPtr, err := x509.ParsePKCS8PrivateKey(pkBytes)
if err != nil {
return nil, fmt.Errorf("x509.ParsePKCS8PrivateKey: private bytes: %v, parse private key fail: %w", pkBytes, err)
}
RsaPk := RsaPtr.(*rsa.PrivateKey)
c.RsaPrivateKey = RsaPk
return c, nil
}
// BeforeRequest sign the request
func (c *Credentials) BeforeRequest(req *http.Request) error {
_, err := c.Sign(req)
return err
}
// AfterRequest do nothing
func (c *Credentials) AfterRequest(_ *http.Response, _ error) {}