-
Notifications
You must be signed in to change notification settings - Fork 1
/
mac.go
99 lines (75 loc) · 1.87 KB
/
mac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package qbox
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"github.com/service-sdk/go-sdk-qn/v2/operation/internal/x/bytes.v7/seekable"
"io"
"net/http"
)
type Mac struct {
accessKey string
secretKey []byte
}
func NewMac(accessKey, secretKey string) (mac *Mac) {
return &Mac{accessKey, []byte(secretKey)}
}
// GetAccessKey 获取 accessKey
func (mac *Mac) GetAccessKey() string {
return mac.accessKey
}
// GetSecretKey 获取 secretKey
func (mac *Mac) GetSecretKey() string {
return string(mac.secretKey)
}
func (mac *Mac) Sign(data []byte) (token string) {
h := hmac.New(sha1.New, mac.secretKey)
h.Write(data)
sign := base64.URLEncoding.EncodeToString(h.Sum(nil))
return mac.accessKey + ":" + sign[:27]
}
func (mac *Mac) SignWithData(b []byte) (token string) {
blen := base64.URLEncoding.EncodedLen(len(b))
key := mac.accessKey
nkey := len(key)
ret := make([]byte, nkey+30+blen)
base64.URLEncoding.Encode(ret[nkey+30:], b)
h := hmac.New(sha1.New, mac.secretKey)
h.Write(ret[nkey+30:])
digest := h.Sum(nil)
copy(ret, key)
ret[nkey] = ':'
base64.URLEncoding.Encode(ret[nkey+1:], digest)
ret[nkey+29] = ':'
return string(ret)
}
func (mac *Mac) SignRequest(req *http.Request, incbody bool) (token string, err error) {
h := hmac.New(sha1.New, mac.secretKey)
u := req.URL
data := u.Path
if u.RawQuery != "" {
data += "?" + u.RawQuery
}
_, _ = io.WriteString(h, data+"\n")
if incbody {
s2, err2 := seekable.New(req)
if err2 != nil {
return "", err2
}
h.Write(s2.Bytes())
}
sign := base64.URLEncoding.EncodeToString(h.Sum(nil))
token = mac.accessKey + ":" + sign
return
}
func (mac *Mac) VerifyCallback(req *http.Request) (bool, error) {
auth := req.Header.Get("Authorization")
if auth == "" {
return false, nil
}
token, err := mac.SignRequest(req, true)
if err != nil {
return false, err
}
return auth == "QBox "+token, nil
}