-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
64 lines (51 loc) · 1.17 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package api
import (
"bytes"
"crypto"
"crypto/hmac"
"encoding/hex"
"errors"
"github.com/valyala/fasthttp"
"math"
"os"
"time"
)
var Secret = []byte(getApiSecret())
func getApiSecret() string {
secret := os.Getenv("WS_BUCKET_SECRET")
if secret == "" {
return "default_secret"
} else {
return secret
}
}
func validateRequest(ctx *fasthttp.RequestCtx) error {
signature := ctx.Request.Header.Peek("X-Signature")
timeStampStr := string(ctx.Request.Header.Peek("Timestamp"))
if timeStampStr == "" {
return errors.New("date is not specified")
}
timestamp, err := time.Parse(time.RFC1123, timeStampStr)
if err != nil {
return err
}
if math.Abs(float64(timestamp.Unix()-time.Now().Unix())) > 60 {
return errors.New("invalid Timestamp")
}
var body []byte
if ctx.Request.Header.IsGet() {
body = ctx.Request.RequestURI()
} else {
body = ctx.Request.Body()
}
mac := hmac.New(crypto.SHA256.New, Secret)
mac.Write(body)
mac.Write([]byte(timeStampStr))
expectedMac := make([]byte, 64)
hex.Encode(expectedMac, mac.Sum(nil))
matches := bytes.Compare(expectedMac, signature) == 0
if !matches {
return errors.New("signature does not match")
}
return nil
}