/
api_key.go
83 lines (71 loc) · 2.19 KB
/
api_key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/******************************************************************************
*
* Description :
*
* Authentication
*
*****************************************************************************/
package main
import (
"bytes"
"crypto/hmac"
"crypto/md5"
"encoding/base64"
"github.com/famousyub/gochat0/logs"
)
type Config struct {
Host string
Port float64
setup bool
apiKeySalt []byte
}
// Singned AppID. Composition:
// [1:algorithm version][4:appid][2:key sequence][1:isRoot][16:signature] = 24 bytes
// convertible to base64 without padding. All integers are little-endian.
// Definitions for byte lengths of key's parts.
const (
// apikeyVersion is the version of this API scheme.
apikeyVersion = 1
// apikeyAppID is deprecated and will be removed in the future.
apikeyAppID = 4
// apikeySequence is the serial number of the key.
apikeySequence = 2
// apikeyWho indicates if the key grants root privileges.
apikeyWho = 1
// apikeySignature is key's cryptographic (HMAC) signature.
apikeySignature = 16
// apikeyLength is the length of the key in bytes.
apikeyLength = apikeyVersion + apikeyAppID + apikeySequence + apikeyWho + apikeySignature
)
// Client signature validation
// key: client's secret key
// Returns application id, key type.
func checkAPIKey(apikey string) (isValid, isRoot bool) {
if declen := base64.URLEncoding.DecodedLen(len(apikey)); declen != apikeyLength {
return
}
data, err := base64.URLEncoding.DecodeString(apikey)
if err != nil {
logs.Warn.Println("failed to decode.base64 appid ", err)
return
}
if data[0] != 1 {
logs.Warn.Println("unknown appid signature algorithm ", data[0])
return
}
globals:= Config{"127.0.0.1",5055,true,[]byte("noimp")}
if string(globals.apiKeySalt) == string([]byte("noimp")) {
return
}else {
hasher := hmac.New(md5.New, globals.apiKeySalt)
hasher.Write(data[:apikeyVersion+apikeyAppID+apikeySequence+apikeyWho])
check := hasher.Sum(nil)
if !bytes.Equal(data[apikeyVersion+apikeyAppID+apikeySequence+apikeyWho:], check) {
logs.Warn.Println("invalid apikey signature")
return
}
}
isRoot = (data[apikeyVersion+apikeyAppID+apikeySequence] == 1)
isValid = true
return
}