From c8ceb9f40e616becd87853e54469ad2e6777a1d9 Mon Sep 17 00:00:00 2001 From: chenweijian <820961417@qq.com> Date: Thu, 29 Jun 2023 15:53:29 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B4=BE=E5=AF=B9=E7=94=B3=E8=AF=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- myerr/bizerr/bizCode.go | 1 + route/invite_r/party_invite.go | 31 ++++++++++--------- route/middleHandle.go | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 16 deletions(-) diff --git a/myerr/bizerr/bizCode.go b/myerr/bizerr/bizCode.go index 17dad29..b418077 100755 --- a/myerr/bizerr/bizCode.go +++ b/myerr/bizerr/bizCode.go @@ -6,6 +6,7 @@ import ( var ( // 一般性错误 + HttpSecret = myerr.NewBusinessCode(1000, "http secret err", myerr.BusinessData{}) TokenInvalid = myerr.NewBusinessCode(1001, "token invalid", myerr.BusinessData{}) ExternalIdNoExist = myerr.NewBusinessCode(1003, "externalId no exist", myerr.BusinessData{}) CodeNoExist = myerr.NewBusinessCode(1005, "code no exist", myerr.BusinessData{}) diff --git a/route/invite_r/party_invite.go b/route/invite_r/party_invite.go index 27fa0de..e99cf6c 100644 --- a/route/invite_r/party_invite.go +++ b/route/invite_r/party_invite.go @@ -10,7 +10,6 @@ import ( "hilo-user/domain/model/invite_m" "hilo-user/domain/model/promotion_m" "hilo-user/domain/model/user_m" - "hilo-user/myerr" "hilo-user/myerr/bizerr" "hilo-user/req" "hilo-user/resp" @@ -129,11 +128,11 @@ func InviteApplyList(c *gin.Context) (*mycontext.MyContext, error) { myCtx := mycontext.CreateMyContext(c.Keys) type paramStr struct { - PageIndex int `form:"pageIndex" binding:"required"` - PageSize int `form:"pageSize" binding:"required"` - BeginTime string `form:"beginTime" binding:"required"` - EndTime string `form:"endTime" binding:"required"` - Type int `form:"type" binding:"required"` + PageIndex int `form:"pageIndex" binding:"required"` + PageSize int `form:"pageSize" binding:"required"` + BeginTime time.Time `form:"beginTime" binding:"required" time_format:"2006-01-02"` + EndTime time.Time `form:"endTime" binding:"required" time_format:"2006-01-02"` + Type int `form:"type" binding:"required"` } var param paramStr @@ -144,15 +143,15 @@ func InviteApplyList(c *gin.Context) (*mycontext.MyContext, error) { return myCtx, bizerr.InvalidParameter } - beginTime, err := time.ParseInLocation(utils.DATE_FORMAT, param.BeginTime, time.Local) - if err != nil { - return nil, myerr.WrapErr(err) - } - endTime, err := time.ParseInLocation(utils.DATE_FORMAT, param.EndTime, time.Local) - if err != nil { - return nil, myerr.WrapErr(err) - } - endTime = utils.GetDayEndTime(endTime) + //beginTime, err := time.ParseInLocation(utils.DATE_FORMAT, param.BeginTime, time.Local) + //if err != nil { + // return nil, myerr.WrapErr(err) + //} + //endTime, err := time.ParseInLocation(utils.DATE_FORMAT, param.EndTime, time.Local) + //if err != nil { + // return nil, myerr.WrapErr(err) + //} + param.EndTime = utils.GetDayEndTime(param.EndTime) userId, err := req.GetUserId(c) if err != nil { return myCtx, err @@ -168,7 +167,7 @@ func InviteApplyList(c *gin.Context) (*mycontext.MyContext, error) { } } - list, total, err := invite_m.GetApplyList(model, agentIds, param.PageIndex, param.PageSize, param.Type, beginTime, endTime) + list, total, err := invite_m.GetApplyList(model, agentIds, param.PageIndex, param.PageSize, param.Type, param.BeginTime, param.EndTime) if err != nil { model.Log.Errorf("GetApplyList param:%v, err:%v", param, err) return myCtx, err diff --git a/route/middleHandle.go b/route/middleHandle.go index 1442553..8cc05d9 100755 --- a/route/middleHandle.go +++ b/route/middleHandle.go @@ -2,6 +2,8 @@ package route import ( "bytes" + "crypto/md5" + "fmt" "git.hilo.cn/hilo-common/mycontext" "git.hilo.cn/hilo-common/mylogrus" "git.hilo.cn/hilo-common/resource/config" @@ -12,6 +14,7 @@ import ( "hilo-user/resp" "io/ioutil" "runtime/debug" + "strconv" "strings" "time" ) @@ -133,3 +136,54 @@ func LoggerHandle(c *gin.Context) { latency := end.Sub(start) mycontext.CreateMyContext(c.Keys).Log.Infof("request end fullPath:%v,url:%v, method: %v, traceId:%v, latency:%v userId:%v", c.FullPath(), reqUri, method, traceId, latency, userId) } + +//http信息解密(web) +func HttpWebSecretHandle(c *gin.Context) { + traceId, _ := c.Keys[mycontext.TRACEID] + + timestamp := c.GetHeader("timestamp") //时间戳,单位秒 + nonce := c.GetHeader("nonce") //随机数字 + signature := c.GetHeader("signature") //sha1加密结果 + mylogrus.MyLog.Debugf("handle secret begin timestamp:%v, nonce:%v, signature:%v traceId:%v", timestamp, nonce, signature, traceId) + + if nonce == "hilo" { + mylogrus.MyLog.Infof("no check http secret handle") + } else { + if timestamp == "" || nonce == "" || signature == "" { + resp.ResponseBusiness(c, bizerr.HttpSecret) + c.Abort() + return + } + timestampInt, err := strconv.ParseInt(timestamp, 10, 64) + if err != nil { + resp.ResponseBusiness(c, bizerr.HttpSecret) + c.Abort() + return + } + nowTimestamp := time.Now().Unix() + v := nowTimestamp - timestampInt + //10分钟内有效,改成60分钟,20210402产品让我改成60分钟,原因:依旧有用户时间戳不对,达到了30分钟 + if v < -60*60 || v > 60*60 { + mylogrus.MyLog.Warnf("handle secret err, timestampInt:%v, nowTimestamp:%v, v:%v, traceId:%v", timestampInt, nowTimestamp, v, traceId) + //2021/11/05 产品让我关的,因为中东用户时间戳有问题 + /* ResponseBusiness(c, bizerr.HttpSecret) + c.Abort() + return*/ + } + str := timestamp + config.GetConfigApp().WEB_SECRET + nonce + //避免web的暴露,让用户知道app的api加密方式。 + h := md5.New() + //h := sha1.New() + h.Write([]byte(str)) + newSignature := fmt.Sprintf("%x", h.Sum(nil)) + + //newSignature := string(sha1.New().Sum([]byte(str))[:]) + if signature != newSignature { + mylogrus.MyLog.Errorf("handle secret err signature:%v, newSignature:%v, traceId:%v", signature, newSignature, traceId) + resp.ResponseBusiness(c, bizerr.HttpSecret) + c.Abort() + return + } + } + c.Next() +} -- 2.22.0