node/corgi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改合作伙伴签名的验证方式

Browse Source
This commit is contained in:
zhl 2021-06-22 11:41:33 +08:00
parent a2de599f81
commit 946c3b2065
3 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
doc/partner.md
View File

@ -7,7 +7,16 @@
## 说明 ## 说明
1. 所有请求参数中带*号的不能为空 1. 所有请求参数中带*号的不能为空
2. 如无特殊说明, 所有接口返回json, 顶级结构如下, 接口Response的数据结构说明只包含data部分 2. 接口签名字段说明
```
# 1. 将参与签名的参数按照key=value的格式并按照参数名ASCII字典序升序排序, 例如:
var signStr = 'name=一品漫城&sid=65AB7856FE&timestamp=1624332778169'
# 2. 把我们提供的 secretKey(37284c327e10d8b73cf4325f33a3de4b34032e3e) 作为key, 使用HMAC-SHA256得到签名
var sign = HmacSHA256(signStr, secretKey)
```
3. 如无特殊说明, 所有接口返回json, 顶级结构如下, 接口Response的数据结构说明只包含data部分
``` JSON ``` JSON
{ {
@ -17,7 +26,7 @@
} }
``` ```
2. 页面列表 4. 页面列表
> 所有的页面均可单独调用, url: https://puzzle-admin.kingsome.cn/页面url?token=token&mini=1 > 所有的页面均可单独调用, url: https://puzzle-admin.kingsome.cn/页面url?token=token&mini=1
> token为 1号接口获取 > token为 1号接口获取
@ -57,16 +66,7 @@
| timestamp | *10或13位均可 | | timestamp | *10或13位均可 |
| sign | *签名 | | sign | *签名 |
> 签名字段说明: > 签名字段: name, sid, timestamp
>
> 取name,sid, timestamp和我们提供的SecretKey字段拼接成 name=店铺名称&sid=店铺id:timestamp:SecretKey, 取该字符串的sha1
```js
let signStr = `name=${name}&sid=${sid}:${timestamp}:${secretKey}`
let sha1sum = crypto.createHash('sha1')
sha1sum.update(signStr)
let sign = sha1sum.digest('hex')
```
3. Response: JSON 3. Response: JSON

4
src/admin/controllers/partner.controller.ts
View File

@ -27,8 +27,8 @@ class PartnerController extends BaseController {
if (!name || !sid || !timestamp || !sign) { if (!name || !sid || !timestamp || !sign) {
throw new ZError(10, '缺少必要参数') throw new ZError(10, '缺少必要参数')
} }
const signKeys = ['name', 'sid'] const signKeys = ['name', 'sid', 'timestamp']
if (!checkSign({ secretKey: SECRET_KEY, data: req.params, timestamp, sign, signKeys })) { if (!checkSign({ secretKey: SECRET_KEY, data: req.params, sign, signKeys })) {
throw new ZError(21, 'sign error') throw new ZError(21, 'sign error')
} }
sname = sname || name sname = sname || name

11
src/utils/security.util.ts
View File

@ -30,6 +30,13 @@ export function sha1(str) {
return str return str
} }
export function hmacSha256(str: string, key: any) {
const md5sum = crypto.createHmac('sha256', key)
md5sum.update(str)
str = md5sum.digest('hex')
return str
}
export function md5(str) { export function md5(str) {
const md5sum = crypto.createHash('md5') const md5sum = crypto.createHash('md5')
md5sum.update(str) md5sum.update(str)
@ -45,13 +52,11 @@ export function createSign(secretKey, paramStr, timestamp) {
export function checkSign({ export function checkSign({
secretKey, secretKey,
data, data,
timestamp,
sign, sign,
signKeys, signKeys,
}: { }: {
secretKey: string secretKey: string
data: {} data: {}
timestamp: string
sign: string sign: string
signKeys: string[] signKeys: string[]
}) { }) {
@ -63,6 +68,6 @@ export function checkSign({
} }
signStr += `${key}=${data[key]}` signStr += `${key}=${data[key]}`
} }
let sign1 = createSign(secretKey, signStr, timestamp) let sign1 = hmacSha256(signStr, secretKey)
return sign1 === sign return sign1 === sign
} }