feat: add web signature configuration items

fufuok · Apr 3, 2024 · bcb6282 · bcb6282
1 parent dd575ce
commit bcb6282
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/config/config.go b/config/config.go
@@ -111,6 +111,10 @@ type WebConf struct {
 	BlacklistLRUCapacity uint32 `json:"blacklist_lru_capacity"`
 	BlacklistLRULifetime uint32 `json:"blacklist_lru_lifetime"`
 
+	// 接口签名密钥生命周期和签名密钥值
+	SignTTL int64  `json:"sign_ttl"`
+	SignKey string `json:"-"`
+
 	CertFile string `json:"-"`
 	KeyFile  string `json:"-"`
 }
@@ -310,6 +314,12 @@ func parseWebConfig(cfg *MainConf) {
 		cfg.WebConf.BodyLimit = BodyLimit
 	}
 
+	// 接口签名密钥和生命周期
+	cfg.WebConf.SignKey = xcrypto.GetenvDecrypt(WebSignKeyEnvName, cfg.SYSConf.BaseSecretValue)
+	if cfg.WebConf.SignTTL < int64(WebSignTTLMin) {
+		cfg.WebConf.SignTTL = int64(WebSignTTLDefault)
+	}
+
 	// 证书文件存在时开启 HTTPS
 	cfg.WebConf.CertFile = os.Getenv(WebCertFileEnvName)
 	cfg.WebConf.KeyFile = os.Getenv(WebKeyFileEnvName)

diff --git a/config/default.go b/config/default.go
@@ -109,6 +109,12 @@ var (
 	WebCertFileEnvName = "WEB_CERT_FILE"
 	WebKeyFileEnvName  = "WEB_KEY_FILE"
 
+	// WebSignKeyEnvName 接口签名密钥加密串环境变量名
+	WebSignKeyEnvName = "WEB_SIGN_KEY"
+	// WebSignTTLDefault 接口签名有效生命周期(秒数, 默认: 60, 最小 5)
+	WebSignTTLDefault = 60
+	WebSignTTLMin     = 5
+
 	// WebLogInfoKey 接口日志附带请求信息, 上下文键名
 	WebLogInfoKey = "_WLIK_"