From d93c2ba089b0aca4181e5d2f54a79e60ee370a92 Mon Sep 17 00:00:00 2001
From: aozhiwei <aozhiwei@kingsome.cn>
Date: Thu, 25 Jul 2024 09:40:26 +0800
Subject: [PATCH] 1

---
 bin/gamesapi/config/config.json         |  1 +
 server/gamesapi/go.mod                  |  1 +
 server/gamesapi/go.sum                  |  2 ++
 server/gamesapi/middleware/caforward.go | 14 ++++++++++++--
 server/gamesapi/mt/Config.go            |  4 ++++
 server/gamesapi/mtb/mtb.auto_gen.go     | 10 ++++++++++
 server/gamesapi/proto/mt.proto          |  1 +
 server/gamesapi/service/sapi_forward.go | 13 +++++++++++++
 8 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/bin/gamesapi/config/config.json b/bin/gamesapi/config/config.json
index 062ee28b..1384b4c1 100644
--- a/bin/gamesapi/config/config.json
+++ b/bin/gamesapi/config/config.json
@@ -1,6 +1,7 @@
 {
   "gamesapi_url": "https://game2006sapi-test.kingsome.cn",
   "redirect_url": "https://game2006api-test.kingsome.cn",
+  "redirect_secret_key": "",
   "max_concurrent_num": 10,
   "request_over_time": 30
 }
diff --git a/server/gamesapi/go.mod b/server/gamesapi/go.mod
index 7d8592b3..ed898e90 100644
--- a/server/gamesapi/go.mod
+++ b/server/gamesapi/go.mod
@@ -34,6 +34,7 @@ require (
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/protobuf v1.5.0 // indirect
 	github.com/gomodule/redigo v1.8.3 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
diff --git a/server/gamesapi/go.sum b/server/gamesapi/go.sum
index 7702a70b..e2a08d0e 100644
--- a/server/gamesapi/go.sum
+++ b/server/gamesapi/go.sum
@@ -36,6 +36,8 @@ github.com/gomodule/redigo v1.8.3/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUz
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
diff --git a/server/gamesapi/middleware/caforward.go b/server/gamesapi/middleware/caforward.go
index 6c3ffad3..7cb6f442 100644
--- a/server/gamesapi/middleware/caforward.go
+++ b/server/gamesapi/middleware/caforward.go
@@ -12,6 +12,7 @@ import (
 	net_url "net/url"
 	"strings"
 	"errors"
+	"github.com/google/uuid"
 	"github.com/gin-gonic/gin"
 )
 
@@ -38,12 +39,17 @@ func CaForward(c *gin.Context) {
 	if !q5.StrContains(newUrl, "?") {
 		newUrl = newUrl + "?"
 	}
+	params := []*[]string{}
+	nonce := uuid.New().String()
+	nowTime := f5.GetApp().GetRealSeconds()
+	u := net_url.Values{}
 	{
-		u := net_url.Values{}
 		for k, v := range c.Request.URL.Query() {
 			u.Set(k, v[0])
+			q5.AppendSlice(&params, &[]string{k, v[0]})
 		}
-		newUrl += u.Encode()
+		u.Set("__nonce", nonce)
+		u.Set("__timestamp", q5.ToString(nowTime))
 	}
 
 	var httpRequest *http.Request
@@ -51,6 +57,8 @@ func CaForward(c *gin.Context) {
 	switch strings.ToUpper(c.Request.Method) {
 	case "GET": {
 		service.SApiForward.IncGetTimes()
+		u.Set("__sign", service.SApiForward.Sign(params, nonce, nowTime, ""))
+		newUrl += u.Encode()
 		httpRequest, createErr = http.NewRequest("GET", newUrl, nil)
 		if !f5.IsOnlineEnv() {
 			f5.GetSysLog().Info("CaForward method:%s newUrl:%s ", c.Request.Method, newUrl)
@@ -59,6 +67,8 @@ func CaForward(c *gin.Context) {
 	case "POST": {
 		service.SApiForward.IncPostTimes()
 		if postData, err := c.GetRawData(); err == nil {
+			u.Set("__sign", service.SApiForward.Sign(params, nonce, nowTime, string(postData)))
+			newUrl += u.Encode()
 			httpRequest, createErr = http.NewRequest("POST", newUrl, bytes.NewBuffer(postData))
 			contentType := c.GetHeader("Content-Type")
 			if contentType != "" {
diff --git a/server/gamesapi/mt/Config.go b/server/gamesapi/mt/Config.go
index 840186ab..e30ac592 100644
--- a/server/gamesapi/mt/Config.go
+++ b/server/gamesapi/mt/Config.go
@@ -26,6 +26,10 @@ func (this *ConfigTable) GetMaxConcurrentNum() int32 {
 	return this.selfConf.GetMaxConcurrentNum()
 }
 
+func (this *ConfigTable) GetRedirectSecretKey() string {
+	return this.selfConf.GetRedirectSecretKey()
+}
+
 func (this *ConfigTable) PostInit1() {
 	this.selfConf = this.GetById(int64(0))
 	if this.selfConf == nil {
diff --git a/server/gamesapi/mtb/mtb.auto_gen.go b/server/gamesapi/mtb/mtb.auto_gen.go
index 1910015b..5e7f8578 100644
--- a/server/gamesapi/mtb/mtb.auto_gen.go
+++ b/server/gamesapi/mtb/mtb.auto_gen.go
@@ -21,6 +21,7 @@ type Config struct {
         redirect_url string
         max_concurrent_num int32
         request_over_time int32
+        redirect_secret_key string
 
         _flags1_ uint64
         _flags2_ uint64
@@ -106,6 +107,14 @@ func (this *Config) HasRequestOverTime() bool {
         return (this._flags1_ & (uint64(1) << 7)) > 0
 }
 
+func (this *Config) GetRedirectSecretKey() string {
+        return this.redirect_secret_key
+}
+
+func (this *Config) HasRedirectSecretKey() bool {
+        return (this._flags1_ & (uint64(1) << 8)) > 0
+}
+
 
 func (this *GamesapiCluster) LoadFromKv(kv map[string]interface{}) {
         f5.ReadMetaTableField(&this.instance_id, "instance_id", &this._flags1_, 1, kv)
@@ -121,4 +130,5 @@ func (this *Config) LoadFromKv(kv map[string]interface{}) {
         f5.ReadMetaTableField(&this.redirect_url, "redirect_url", &this._flags1_, 5, kv)
         f5.ReadMetaTableField(&this.max_concurrent_num, "max_concurrent_num", &this._flags1_, 6, kv)
         f5.ReadMetaTableField(&this.request_over_time, "request_over_time", &this._flags1_, 7, kv)
+        f5.ReadMetaTableField(&this.redirect_secret_key, "redirect_secret_key", &this._flags1_, 8, kv)
 }
diff --git a/server/gamesapi/proto/mt.proto b/server/gamesapi/proto/mt.proto
index 5b4f6a76..f5392619 100644
--- a/server/gamesapi/proto/mt.proto
+++ b/server/gamesapi/proto/mt.proto
@@ -18,4 +18,5 @@ message Config
     optional string redirect_url = 5;
     optional int32 max_concurrent_num = 6;
     optional int32 request_over_time = 7;
+    optional string redirect_secret_key = 8;
 }
diff --git a/server/gamesapi/service/sapi_forward.go b/server/gamesapi/service/sapi_forward.go
index e8f8c299..1a57e5be 100644
--- a/server/gamesapi/service/sapi_forward.go
+++ b/server/gamesapi/service/sapi_forward.go
@@ -100,3 +100,16 @@ func (this *sApiForward) getOrCreate(c *SApiForwardLockCache, accountId string)
 		return u
 	}
 }
+
+func (this *sApiForward) Sign(params []*[]string, nonce string, timeStamp int64, postData string) string {
+	sign := ""
+	signData := ""
+	q5.Sort(params, func (a *[]string, b *[]string) bool {
+		return (*a)[0] < (*b)[0]
+	})
+	for _, v := range params {
+		signData += (*v)[0] + "=" + (*v)[1] + "&"
+	}
+	signData += q5.Md5Str(nonce + q5.ToString(timeStamp) + postData + mt.Table.Config.GetRedirectSecretKey())
+	return sign
+}