mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 17:40:55 +00:00
apiauth add more comments & improve
This commit is contained in:
parent
5a087b28d2
commit
50a21d60c1
@ -21,10 +21,35 @@
|
|||||||
//
|
//
|
||||||
// func main(){
|
// func main(){
|
||||||
// // apiauth every request
|
// // apiauth every request
|
||||||
// beego.InsertFilter("*", beego.BeforeRouter,auth.APIAuth("appid","appkey"))
|
// beego.InsertFilter("*", beego.BeforeRouter,apiauth.APIBaiscAuth("appid","appkey"))
|
||||||
// beego.Run()
|
// beego.Run()
|
||||||
// }
|
// }
|
||||||
//
|
//
|
||||||
|
// Advanced Usage:
|
||||||
|
//
|
||||||
|
// func getAppSecret(appid string) string {
|
||||||
|
// // get appsecret by appid
|
||||||
|
// // maybe store in configure, maybe in database
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// beego.InsertFilter("*", beego.BeforeRouter,apiauth.APIAuthWithFunc(getAppSecret, 360))
|
||||||
|
//
|
||||||
|
// in the request user should include these params in the query
|
||||||
|
//
|
||||||
|
// 1. appid
|
||||||
|
//
|
||||||
|
// appid is asigned to the application
|
||||||
|
//
|
||||||
|
// 2. signature
|
||||||
|
//
|
||||||
|
// get the signature use apiauth.Signature()
|
||||||
|
//
|
||||||
|
// >>> should use url.QueryEscape()
|
||||||
|
//
|
||||||
|
// 3. timestamp:
|
||||||
|
//
|
||||||
|
// send the request time, the format is yyyy-mm-dd HH:ii:ss
|
||||||
|
//
|
||||||
package apiauth
|
package apiauth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@ -34,7 +59,6 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"sort"
|
"sort"
|
||||||
"strings"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
@ -83,7 +107,7 @@ func APIAuthWithFunc(f AppIdToAppSecret, timeout int) beego.FilterFunc {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
t := time.Now()
|
t := time.Now()
|
||||||
if (t.Second() - u.Second()) > timeout {
|
if t.Sub(u).Seconds() > float64(timeout) {
|
||||||
ctx.Output.SetStatus(403)
|
ctx.Output.SetStatus(403)
|
||||||
ctx.WriteString("timeout! the request time is long ago, please try again")
|
ctx.WriteString("timeout! the request time is long ago, please try again")
|
||||||
return
|
return
|
||||||
@ -117,12 +141,7 @@ func Signature(appsecret, method string, params url.Values, RequestURI string) (
|
|||||||
sha256 := sha256.New
|
sha256 := sha256.New
|
||||||
hash := hmac.New(sha256, []byte(appsecret))
|
hash := hmac.New(sha256, []byte(appsecret))
|
||||||
hash.Write([]byte(string_to_sign))
|
hash.Write([]byte(string_to_sign))
|
||||||
sha := base64.StdEncoding.EncodeToString(hash.Sum(nil))
|
return base64.StdEncoding.EncodeToString(hash.Sum(nil))
|
||||||
sha = url.QueryEscape(sha)
|
|
||||||
sha = strings.Replace(sha, "+", "%20", -1)
|
|
||||||
sha = strings.Replace(sha, "*", "%2A", -1)
|
|
||||||
sha = strings.Replace(sha, "%7E", "~", -1)
|
|
||||||
return sha
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type valSorter struct {
|
type valSorter struct {
|
||||||
|
@ -27,6 +27,7 @@
|
|||||||
//
|
//
|
||||||
//
|
//
|
||||||
// Advanced Usage:
|
// Advanced Usage:
|
||||||
|
//
|
||||||
// func SecretAuth(username, password string) bool {
|
// func SecretAuth(username, password string) bool {
|
||||||
// return username == "astaxie" && password == "helloBeego"
|
// return username == "astaxie" && password == "helloBeego"
|
||||||
// }
|
// }
|
||||||
|
Loading…
Reference in New Issue
Block a user