优化鉴权代码，调整成可配置密钥

guosuying2012 · Apr 5, 2020 · 42dbb1b · 42dbb1b
1 parent 7c28295
commit 42dbb1b
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 34 deletions.
diff --git a/src/define.h b/src/define.h
@@ -5,13 +5,15 @@
 
 #include <cpr/cpr.h>
 #include <plog/Log.h>
-#include <jwt-cpp/jwt.h>
 
 #include <boost/uuid/uuid.hpp>
 #include <boost/uuid/uuid_io.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/uuid/uuid_generators.hpp>
 
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
 #include <string>
 #include <chrono>
 
@@ -46,4 +48,48 @@ static int endsWith(const std::string& strSrc, const std::string& strSub)
     return strSrc.rfind(strSub) == (strSrc.length()-strSub.length()) ? 1 : 0;
 }
 
+// ---- md5摘要哈希 ---- //
+static std::string md5(const std::string &srcStr)
+{
+    // 调用md5哈希
+    unsigned char mdStr[33] = {0};
+    MD5((const unsigned char *)srcStr.c_str(), srcStr.length(), mdStr);
+
+    // 哈希后的字符串
+    //encodedStr = std::string((const char *)mdStr);
+
+    // 哈希后的十六进制串 32字节
+    char buf[65] = {0};
+    char tmp[3] = {0};
+    for (int i = 0; i < 32; i++)
+    {
+        sprintf(tmp, "%02x", mdStr[i]);
+        strcat(buf, tmp);
+    }
+    buf[32] = '\0'; // 后面都是0，从32字节截断
+    return std::string(buf);
+}
+
+// ---- sha256摘要哈希 ---- //
+static std::string sha256(const std::string &srcStr)
+{
+    // 调用sha256哈希
+    unsigned char mdStr[33] = {0};
+    SHA256((const unsigned char *)srcStr.c_str(), srcStr.length(), mdStr);
+
+    // 哈希后的字符串
+    //encodedStr = std::string((const char *)mdStr);
+
+    // 哈希后的十六进制串 32字节
+    char buf[65] = {0};
+    char tmp[3] = {0};
+    for (int i = 0; i < 32; i++)
+    {
+        sprintf(tmp, "%02x", mdStr[i]);
+        strcat(buf, tmp);
+    }
+    buf[32] = '\0'; // 后面都是0，从32字节截断
+    return std::string(buf);
+}
+
 #endif
diff --git a/src/service/ArticleService.cpp b/src/service/ArticleService.cpp
@@ -98,6 +98,12 @@ void ArticleService::article(const std::string& strArticleId)
             return;
         }
 
+        if (!pArticle)
+        {
+            response().out() << json_serializer(response::not_found, action(), "未找到博客");
+            return;
+        }
+
         //修改
         if (request().request_method() == "PUT")
         {
@@ -133,7 +139,9 @@ void ArticleService::add_article()
     const jwt::decoded_jwt decoded(strToken);
     try
     {
-        auto verify = jwt::verify().allow_algorithm(jwt::algorithm::hs256{"yengsu"}).with_issuer("yengsu");
+        auto verify = jwt::verify()
+                .allow_algorithm(jwt::algorithm::hs256{authorization_secret()})
+                .with_issuer(authorization_issuer());
         verify.verify(decoded);
     }
     catch (const std::exception& ex)
@@ -213,7 +221,7 @@ void ArticleService::add_article()
     }
 }
 
-void ArticleService::modify_article(dbo::ptr<Article> pArticle)
+void ArticleService::modify_article(dbo::ptr<Article>& pArticle)
 {
     bool bIsAdmin = false;
 
@@ -222,7 +230,9 @@ void ArticleService::modify_article(dbo::ptr<Article> pArticle)
     jwt::decoded_jwt decoded(strToken);
     try
     {
-        auto verify = jwt::verify().allow_algorithm(jwt::algorithm::hs256{"yengsu"}).with_issuer("yengsu");
+        auto verify = jwt::verify()
+                .allow_algorithm(jwt::algorithm::hs256{authorization_secret()})
+                .with_issuer(authorization_issuer());
         verify.verify(decoded);
     }
     catch (const std::exception& ex)
@@ -233,6 +243,13 @@ void ArticleService::modify_article(dbo::ptr<Article> pArticle)
         return;
     }
 
+    if (!pArticle)
+    {
+        //失败，未找到相关
+        response().out() << json_serializer(response::not_found, action(), "修改失败,未找到该博文");
+        return;
+    }
+
     try
     {
         //管理员专用通道
@@ -255,13 +272,6 @@ void ArticleService::modify_article(dbo::ptr<Article> pArticle)
 
     try
     {
-        if (!pArticle)
-        {
-            //失败，未找到相关
-            response().out() << json_serializer(response::not_found, action(), "修改失败,未找到该博文");
-            return;
-        }
-
         char strBuffer[request().raw_post_data().second + 1];
         memcpy(strBuffer, static_cast<char*>(request().raw_post_data().first), request().raw_post_data().second);
         dbo::ptr<Article> pModify = dbo::make_ptr<Article>();
@@ -302,7 +312,7 @@ void ArticleService::modify_article(dbo::ptr<Article> pArticle)
     }
 }
 
-void ArticleService::delete_article(dbo::ptr<Article> pArticle)
+void ArticleService::delete_article(dbo::ptr<Article>& pArticle)
 {
     bool bIsAdmin = false;
 
@@ -311,7 +321,9 @@ void ArticleService::delete_article(dbo::ptr<Article> pArticle)
     jwt::decoded_jwt decoded(strToken);
     try
     {
-        auto verify = jwt::verify().allow_algorithm(jwt::algorithm::hs256{"yengsu"}).with_issuer("yengsu");
+        auto verify = jwt::verify()
+                .allow_algorithm(jwt::algorithm::hs256{authorization_secret()})
+                .with_issuer(authorization_issuer());
         verify.verify(decoded);
     }
     catch (const std::exception& ex)
@@ -322,6 +334,13 @@ void ArticleService::delete_article(dbo::ptr<Article> pArticle)
         return;
     }
 
+    if (!pArticle)
+    {
+        //失败，未找到相关
+        response().out() << json_serializer(response::not_found, action(), "删除失败,未找到博文.");
+        return;
+    }
+
     try
     {
         //管理员专用通道
@@ -344,13 +363,6 @@ void ArticleService::delete_article(dbo::ptr<Article> pArticle)
 
     try
     {
-        if (!pArticle)
-        {
-            //失败，未找到相关
-            response().out() << json_serializer(response::not_found, action(), "删除失败,未找到博文.");
-            return;
-        }
-
         pArticle.remove();
         response().out() << json_serializer(response::ok, action(), "删除成功");
     }
@@ -379,7 +391,9 @@ void ArticleService::move_to(const std::string strArticleId, const std::string&
     jwt::decoded_jwt decoded(strToken);
     try
     {
-        auto verify = jwt::verify().allow_algorithm(jwt::algorithm::hs256{"yengsu"}).with_issuer("yengsu");
+        auto verify = jwt::verify()
+                .allow_algorithm(jwt::algorithm::hs256{authorization_secret()})
+                .with_issuer(authorization_issuer());
         verify.verify(decoded);
     }
     catch (const std::exception& ex)

diff --git a/src/service/ArticleService.h b/src/service/ArticleService.h
@@ -17,8 +17,8 @@ class ArticleService : public BaseService
 
 private:
     void add_article();
-    void modify_article(Wt::Dbo::ptr<Article> pArticle);
-    void delete_article(Wt::Dbo::ptr<Article> pArticle);
+    void modify_article(Wt::Dbo::ptr<Article>& pArticle);
+    void delete_article(Wt::Dbo::ptr<Article>& pArticle);
     void move_to(const std::string strArticleId, const std::string& strMoveTo, const std::string strId);
 
 	void article(const std::string& strArticleId);

diff --git a/src/service/BaseService.cpp b/src/service/BaseService.cpp
@@ -6,8 +6,8 @@
 #include "utils/JsonSerializer.h"
 
 #include <cppcms/http_response.h>
+#include <cppcms/http_request.h>
 #include <cppcms/url_dispatcher.h>
-#include <cppcms/http_context.h>
 
 BaseService::BaseService(cppcms::service &srv)
 	: application(srv)
@@ -16,11 +16,7 @@ BaseService::BaseService(cppcms::service &srv)
 
 void BaseService::main(std::string strUrl)
 {
-	if (!strUrl.empty())
-	{
-		m_strAction = strUrl;
-	}
-
+    m_strAction = request().getenv("PATH_INFO");
     response().content_type("application/json; charset=utf-8");
     if(!dispatcher().dispatch(strUrl))
     {

diff --git a/src/service/BaseService.h b/src/service/BaseService.h
@@ -5,10 +5,14 @@
 #ifndef XIAOSU_BASESERVICE_H
 #define XIAOSU_BASESERVICE_H
 
+#include "define.h"
 #include "utils/DboInstence.h"
-#include <string>
+
 #include <cppcms/application.h>
 #include <cppcms/string_key.h>
+#include <jwt-cpp/jwt.h>
+
+#include <string>
 
 class BaseService : public cppcms::application
 {
@@ -18,19 +22,30 @@ class BaseService : public cppcms::application
 
     void main(std::string url) override;
 
-	inline cppcms::string_key action() const
-	{
-		return this->m_strAction;
+    inline cppcms::string_key action() const
+    {
+        return m_strAction;
 	}
 
 	inline std::unique_ptr<Wt::Dbo::Session>& dbo_session() const
 	{
         return DboInstance::Instance().Session();
 	}
 
+    inline std::string authorization_issuer()
+    {
+        const std::string& strIssuer = settings().get<std::string>("authorization.issuer");
+        return md5(jwt::base::encode<jwt::alphabet::base64url>(strIssuer));
+    }
+
+    inline std::string authorization_secret()
+    {
+        const std::string& strIssuer = settings().get<std::string>("authorization.secret");
+        return sha256(jwt::base::encode<jwt::alphabet::base64url>(strIssuer));
+    }
+
 private:
 	cppcms::string_key m_strAction;
 };
 
-
 #endif //XIAOSU_BASESERVICE_H