Documentation
¶
Index ¶
- Constants
- func GetStrToSign(urlPath, reqMethod string, reqForm url.Values, reqBody []byte, ...) (strToSign, errCode string, success bool)deprecated
- func GetTestSign(urlPath, reqMethod string, reqForm url.Values, bodyJson []byte, ...) (sign, signedUri string, signedForm url.Values)deprecated
- func GetValidStr(queryObj interface{}) (validStr string)
- func StrToSignHMACSHA256Base64(strToSign, appSecret string) (sign string)
- func ValidStrToSign(validStr, key string) (sign string)
- func ValidStrToSignHMACSHA256(validStr, key string) (sign string)
- func VerifySign(urlPath, reqMethod string, reqForm url.Values, reqBody []byte, ...) (strToSign, errCode, sign string, success bool)deprecated
- type SignBody
- type SignOption
- type SignVerifyOption
Constants ¶
const ( ErrorNoQueryParam = "ErrorNoQueryParam" ErrorWrongAppKey = "ErrorWrongAppKey" ErrorNoAppKey = "ErrorNoAppKey" ErrorNoTimestamp = "ErrorNoTimestamp" ErrorWrongTimestamp = "ErrorWrongTimestamp" ErrorInvalidTimestamp = "ErrorInvalidTimestamp" ErrorFutureTimestamp = "ErrorFutureTimestamp" ErrorTSExpired = "ErrorTSExpired" ErrorNonceTooShort = "ErrorNonceTooShort" ErrorNonceTooLong = "ErrorNonceTooLong" ErrorNoSignature = "ErrorNoSignature" ErrorWrongSign = "ErrorWrongSign" ErrorNonceExist = "ErrorNonceExist" ErrorCheckNonce = "ErrorCheckNonce" // 默认的签名有效期: DEFAULT_SIGN_DURATION = time.Second * 300 SIGN_NONCE_PREFIX = "sign_nonce:" // API请求时所带的用于计算签名的一次性随机字符串 )
Variables ¶
This section is empty.
Functions ¶
func GetStrToSign
deprecated
func GetStrToSign(urlPath, reqMethod string, reqForm url.Values, reqBody []byte, appKeyAndSecret map[string]string, signDuration time.Duration) (strToSign, errCode string, success bool)
Deprecated: use (*SignVerifyOption)GetStrToSign instead. 调用api时的签名计算func urlPath: 例如/v1/articles/15 不包含query参数 reqMethod: GET, DELETE, POST, PUT, PATCH reqForm: http包中的request.Form,在 调用 _ = c.Request.ParseForm() 之后,参数将会解析到Form中; 测试时可包装成url.Values reqForm中需要包含的参数有ak, ts, nc reqBody: 如果请求是POST或PUT或PATCH,body中的json_body appKeyAndSecret:包含所有appKey和appSecret的map,形式如:{"xxxx(app_key_1)": "xxxx(app_secret_1)", "xxxx(app_key_2)": "xxxx(app_secret_2)"} signDuration:timestamp距离现在是否超过有效期,如这里提供0,则用默认值300秒 strToSign: 计算签名前的字符串 errCode: 自定义的错误编码 success: 是否成功获拼接出 strToSign
func GetTestSign
deprecated
func GetValidStr ¶
func GetValidStr(queryObj interface{}) (validStr string)
GetValidStr 提供一个结构体的实例,得到用于生成签名的原始字符串 方法参考微信支付:https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=4_3 1.参数以字典序排序 2.如果参数的值为空不参与签名 3.参数名和参数值区分大小写 3.参数之间以&连接,is the original value instead of url encoded value,不要转为url encoded value。 4.除本package的结构体外,任意结构体都可用于签名,只需结构体中参与签名的参数名加tag: sign:"partner_code" 5.sign参数不参与签名,仅将生成的签名与该sign值做校验 例如:valid_string = partner_code=xxx&time=xxx&nonce_str=xxx&credential_code=xxx
例如,提供struct{ PartnerCode string `sign:"partner_code"` Time string `sign:"time"` // UTC毫秒时间戳,取当前UTC时间的毫秒数时间戳,Long类型,5分钟内有效 NonceStr string `sign:"nonce_str"` CredentialCode string `sign:"credential_code"`
注意:struct中的各项都需要是string
func StrToSignHMACSHA256Base64 ¶
使用HMAC-SHA256算法,传入as(AppSecret)计算签名 sign = base64(HmacSHA256(as,strToSign)) appSecret: 分配给app或web的密钥,以此作为加密的key。
func ValidStrToSign ¶
签名规则(与下面的func的签名结果不同) 1. 拼接API密钥匙 valid_str + "&key=xxxxx" 2. SHA256进行签名,并转为Hex小写字符串
func ValidStrToSignHMACSHA256 ¶
签名规则(与下面的func的签名结果不同) 1. 拼接API密钥匙 valid_str + "&key=xxxxx" 2. HMAC-SHA256进行签名,并转为Hex小写字符串
func VerifySign
deprecated
func VerifySign(urlPath, reqMethod string, reqForm url.Values, reqBody []byte, appKeyAndSecret map[string]string, signDuration time.Duration, redisClient *redis.RedisClient) (strToSign, errCode, sign string, success bool)
Deprecated: use (*SignVerifyOption)VerifySign instead. 验证调用api的签名是否有效,签名sn已经在reqForm中了,参数名为"sn" sign: 通过参数计算出来的签名,用于与请求中的签名sn做对比
Types ¶
type SignBody ¶ added in v1.0.10
type SignBody struct { UrlPath string // 例如/v1/articles/15 不包含query参数 RequestMethod string // GET, DELETE, POST, PUT, PATCH ReqForm url.Values // http包中的request.Form,在 调用 _ = c.Request.ParseForm() 之后,参数将会解析到Form中; 测试时可包装成url.Values。需要包含的参数有ak, ts, nc。如不需要每次签名都唯一,可仅包含ak ReqBodyJson []byte // reqBody: 如果请求是POST或PUT或PATCH,body中的json_body }
SignBody 签名的body
type SignOption ¶ added in v1.0.10
type SignOption struct { AppKeyAndSecret map[string]string // 所支持的appKey和对应的appSecret,map key为appKey, value为appSecret UniqueSign bool // 如果为true,则app key、timestamp和nonce都会参与签名,同时signDuration、redisClient这两项为必要项;如为false,则不考虑ts和nc,仅用ak来参与签名 SignDuration time.Duration // 签名中的timestamp距离现在的有效期,如这里为0,则默认为300秒 }
Signature Option 生成签名时所需的配置
func (*SignOption) GetStrToSign ¶ added in v1.0.10
func (option *SignOption) GetStrToSign(body *SignBody) (strToSign string, errCode string, success bool)
可替代上面的 GetStrToSign() function,与其目的相同,不同之处: - 增加了ts和nc不参与签名的签名方式 - 取消了timestamp在现在之后(即请求还未发生)的判断
func (*SignOption) GetTestSign ¶ added in v1.0.10
func (option *SignOption) GetTestSign(body *SignBody, appKeyForTest string) (signedUri, sign string, signedForm url.Values)
生成测试用的api signature,并返回签名后的url.Values
type SignVerifyOption ¶ added in v1.0.10
type SignVerifyOption struct { AppKeyAndSecret map[string]string // 所支持的appKey和对应的appSecret,map key为appKey, value为appSecret UniqueSign bool // 如果为true,则app key、timestamp和nonce都会参与签名,同时signDuration、redisClient这两项为必要项;如为false,则不考虑ts和nc,仅用ak来参与签名 SignDuration time.Duration // 签名中的timestamp距离现在的有效期,如这里为0,则默认为300秒 RedisClient *redis.RedisClient // 用于存取nonce的的redis客户端 RedisKeyPrefix string // redis中nonce的key的前章,默认为"sign_nonce_" }
Signature Verification Option 验证签名所需的配置
func (*SignVerifyOption) VerifySign ¶ added in v1.0.10
func (option *SignVerifyOption) VerifySign(body *SignBody) (success bool, errCode string)
可替代上面的 GetStrToSign() function,与其目的相同,不同之处: 1. 增加了ts和nc不参与签名的签名方式 2. 可自定义nonce在缓存中的cache key prefix