HI-VPN/zero-ppanel
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zero-ppanel/apps/api/internal/middleware/signatureMiddleware.go

84 lines
2.0 KiB
Go
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package middleware
import (
"bytes"
"io"
"net/http"
"strings"
"github.com/zero-ppanel/zero-ppanel/apps/api/internal/config"
"github.com/zero-ppanel/zero-ppanel/pkg/signature"
"github.com/zero-ppanel/zero-ppanel/pkg/xerr"
"github.com/zeromicro/go-zero/rest/httpx"
)
type SignatureMiddleware struct {
conf config.Config
validator *signature.Validator
}
func NewSignatureMiddleware(c config.Config, store signature.NonceStore) *SignatureMiddleware {
return &SignatureMiddleware{
conf: c,
validator: signature.NewValidator(c.AppSignature, store),
}
}
func (m *SignatureMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
appId := r.Header.Get("X-App-Id")
// X-App-Id 为空,提示非法访问
if appId == "" {
httpx.Error(w, xerr.NewErrCode(xerr.InvalidAccess))
return
}
// SkipPrefixes 白名单
for _, prefix := range m.conf.AppSignature.SkipPrefixes {
if strings.HasPrefix(r.URL.Path, prefix) {
next(w, r)
return
}
}
timestamp := r.Header.Get("X-Timestamp")
nonce := r.Header.Get("X-Nonce")
sig := r.Header.Get("X-Signature")
if timestamp == "" || nonce == "" || sig == "" {
httpx.Error(w, xerr.NewErrCode(xerr.SignatureMissing))
return
}
// 读取 body签名对原始 body bytes 计算)
var bodyBytes []byte
if r.Body != nil {
bodyBytes, _ = io.ReadAll(r.Body)
r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
}
sts := signature.BuildStringToSign(r.Method, r.URL.Path, r.URL.RawQuery, bodyBytes, appId, timestamp, nonce)
if err := m.validator.Validate(r.Context(), appId, timestamp, nonce, sig, sts); err != nil {
code := mapSignatureErr(err)
httpx.Error(w, xerr.NewErrCode(code))
return
}
next(w, r)
}
}
func mapSignatureErr(err error) int {
switch err {
case signature.ErrSignatureMissing:
return xerr.SignatureMissing
case signature.ErrSignatureExpired:
return xerr.SignatureExpired
case signature.ErrSignatureReplay:
return xerr.SignatureReplay
default:
return xerr.SignatureInvalid
}
}
Reference in New Issue View Git Blame Copy Permalink