diff --git a/cas/client.go b/cas/client.go index 0b4901b..e636cd3 100644 --- a/cas/client.go +++ b/cas/client.go @@ -99,15 +99,15 @@ func NewAPIClient(cfg *Configuration) *APIClient { c.JobApi = (*JobApiService)(&c.common) c.VaultApi = (*VaultApiService)(&c.common) + var du = cfg.SignExpire + if du == 0 { + du = DefaultAuthTimeout + } if cfg.AccessSecret != "" { - var du = cfg.SecretExpire - if du == 0 { - du = DefaultAuthTimeout - } c.ConfigurationAuthor = &ConfigurationModeSecret{ AccessKey: cfg.AccessKey, AccessSecret: cfg.AccessSecret, - SecretExpire: du, + SignExpire: cfg.SignExpire, } } else { c.ConfigurationAuthor = &ConfigurationModeSignKey{ @@ -115,6 +115,7 @@ func NewAPIClient(cfg *Configuration) *APIClient { SignKey: cfg.SignKey, SignKeyStart: cfg.SignKeyStart, SignKeyEnd: cfg.SignKeyEnd, + SignExpire: cfg.SignExpire, } } //use serverURL replace basePath @@ -311,7 +312,7 @@ func statusCode4XX(code int) bool { type ConfigurationModeSecret struct { AccessKey string AccessSecret string - SecretExpire time.Duration + SignExpire time.Duration } func (c *ConfigurationModeSecret) Authorization(method, url, host string, @@ -340,7 +341,7 @@ func (c *ConfigurationModeSecret) Authorization(method, url, host string, //cal signKey var signKey, timeRange string var now = time.Now() - timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(c.SecretExpire).Unix()) + timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(c.SignExpire).Unix()) mac := hmac.New(sha1.New, []byte(accessSecret)) mac.Write([]byte(timeRange)) signKey = hex.EncodeToString(mac.Sum(nil)) @@ -393,6 +394,7 @@ type ConfigurationModeSignKey struct { SignKey string SignKeyStart int64 SignKeyEnd int64 + SignExpire time.Duration } func (c *ConfigurationModeSignKey) Authorization(method, url, host string, @@ -441,9 +443,21 @@ func (c *ConfigurationModeSignKey) Authorization(method, url, host string, var stringToSign bytes.Buffer stringToSign.WriteString("sha1\n") - stringToSign.WriteString(timeRange) - stringToSign.WriteByte('\n') + var signStart, signEnd int64 + now := time.Now().Unix() + signStart = now - int64(c.SignExpire.Seconds())/2 + signEnd = now + int64(c.SignExpire.Seconds())/2 + if signStart < c.SignKeyStart { + signStart = c.SignKeyStart + } + if signEnd > c.SignKeyEnd { + signEnd = c.SignKeyEnd + } + signRange := fmt.Sprintf("%d;%d", signStart, signEnd) + + stringToSign.WriteString(signRange) + stringToSign.WriteByte('\n') //fmt.Println("stringToSign:", formatString.String(), stringToSign.String()) h := sha1.New() @@ -456,7 +470,7 @@ func (c *ConfigurationModeSignKey) Authorization(method, url, host string, var sign = hex.EncodeToString(mac2.Sum(nil)) return fmt.Sprintf(`q-sign-algorithm=sha1&q-ak=%s&q-sign-time=%s&q-key-time=%s&q-header-list=%s&q-url-param-list=%s&q-signature=%s`, - c.AccessKey, timeRange, timeRange, + c.AccessKey, signRange, timeRange, strings.Join(headerKeys, ";"), strings.Join(paramKeys, ";"), sign) } diff --git a/cas/configuration.go b/cas/configuration.go index 1669914..052d82d 100644 --- a/cas/configuration.go +++ b/cas/configuration.go @@ -73,11 +73,10 @@ type Configuration struct { AppId string `json:"appid"` AccessKey string `json:"access_key"` AccessSecret string `json:"access_secret"` - SecretExpire time.Duration `json:"secret_expire"` - - SignKey string `json:"sign_key"` - SignKeyStart int64 `json:"sign_key_start"` - SignKeyEnd int64 `json:"sing_key_end"` + SignExpire time.Duration `json:"secret_expire"` + SignKey string `json:"sign_key"` + SignKeyStart int64 `json:"sign_key_start"` + SignKeyEnd int64 `json:"sing_key_end"` BasePath string `json:"basePath,omitempty"` Host string `json:"host,omitempty"` diff --git a/cmd/cascmd/configcmd.go b/cmd/cascmd/configcmd.go index 26cfc88..15406ee 100644 --- a/cmd/cascmd/configcmd.go +++ b/cmd/cascmd/configcmd.go @@ -55,7 +55,7 @@ func (p *configCmd) SetFlags(f *flag.FlagSet) { f.StringVar(&p.key, "key", "", "user api key, required") f.StringVar(&p.secret, "secret", "", "user api secret, using secret mode") - f.StringVar(&p.expire, "expire", "86400s", "set access secret expire") + f.StringVar(&p.expire, "expire", "86400s", "set sign time expire") f.StringVar(&p.sign, "sign", "", "set signkey, using signkey mode") f.Int64Var(&p.start, "start", 0, "set signkey start, if 'sign' set, this opition is required") @@ -82,11 +82,12 @@ func (p *configCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{} if p.secret != "" { conf.AccessSecret = p.secret - conf.SecretExpire = du + conf.SignExpire = du } else { conf.SignKey = p.sign conf.SignKeyStart = p.start conf.SignKeyEnd = p.end + conf.SignExpire = du } if err := saveConf(p.configFile, conf); err != nil { diff --git a/cmd/signkey/main.go b/cmd/signkey/main.go index e7eb7fd..6487646 100644 --- a/cmd/signkey/main.go +++ b/cmd/signkey/main.go @@ -20,23 +20,40 @@ import ( "encoding/hex" "flag" "fmt" + "time" ) -func init() { - var secretKey string +const ( + LAYOUT = "2006-01-02 15:04:05" +) + +func main() { + var secret string var after, at string - flag.StringVar(&secretKey, "key", "", "set secret key") + flag.StringVar(&secret, "secret", "", "set secret key") flag.StringVar(&after, "after", "", "set key expire time from now") flag.StringVar(&at, "at", "", "set key expire at time") flag.Parse() - _, _, _ = secretKey, after, at -} -func main() { - // timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(expire).Unix()) - timeRange := "1589817600;1609430400" - mac := hmac.New(sha1.New, []byte("SgkibEafTCm7D7lAXGoCRSFm7OJzPgiW")) + if after == "" { + after = time.Now().Format(LAYOUT) + } + + start, err := time.Parse(LAYOUT, after) + if err != nil { + fmt.Println("parse start", err) + return + } + fmt.Println("start:", start.Unix()) + end, err := time.Parse(LAYOUT, at) + if err != nil { + fmt.Println("parse end", err) + return + } + fmt.Println("end:", end.Unix()) + timeRange := fmt.Sprintf("%d;%d", start.Unix(), end.Unix()) + mac := hmac.New(sha1.New, []byte(secret)) mac.Write([]byte(timeRange)) signKey := hex.EncodeToString(mac.Sum(nil)) - fmt.Println(signKey) + fmt.Println("sign_key", signKey) }