Skip to content

张磊 / FileStorageBeego

Go to a project
Toggle navigation
Toggle navigation pinning
50a21d60 by astaxie
Options

apiauth add more comments & improve

1 parent 5a087b28
Inline Side-by-side
Showing 2 changed files with 29 additions and 9 deletions
plugins/apiauth/apiauth.go
...@@ -21,10 +21,35 @@ ...@@ -21,10 +21,35 @@
21 // 21 //
22 // func main(){ 22 // func main(){
23 // // apiauth every request 23 // // apiauth every request
24 // beego.InsertFilter("*", beego.BeforeRouter,auth.APIAuth("appid","appkey")) 24 // beego.InsertFilter("*", beego.BeforeRouter,apiauth.APIBaiscAuth("appid","appkey"))
25 // beego.Run() 25 // beego.Run()
26 // } 26 // }
27 // 27 //
28 // Advanced Usage:
29 //
30 // func getAppSecret(appid string) string {
31 // // get appsecret by appid
32 // // maybe store in configure, maybe in database
33 // }
34 //
35 // beego.InsertFilter("*", beego.BeforeRouter,apiauth.APIAuthWithFunc(getAppSecret, 360))
36 //
37 // in the request user should include these params in the query
38 //
39 // 1. appid
40 //
41 // appid is asigned to the application
42 //
43 // 2. signature
44 //
45 // get the signature use apiauth.Signature()
46 //
47 // >>> should use url.QueryEscape()
48 //
49 // 3. timestamp:
50 //
51 // send the request time, the format is yyyy-mm-dd HH:ii:ss
52 //
28 package apiauth 53 package apiauth
29 54
30 import ( 55 import (
...@@ -34,7 +59,6 @@ import ( ...@@ -34,7 +59,6 @@ import (
34 "fmt" 59 "fmt"
35 "net/url" 60 "net/url"
36 "sort" 61 "sort"
37 "strings"
38 "time" 62 "time"
39 63
40 "github.com/astaxie/beego" 64 "github.com/astaxie/beego"
...@@ -83,7 +107,7 @@ func APIAuthWithFunc(f AppIdToAppSecret, timeout int) beego.FilterFunc { ...@@ -83,7 +107,7 @@ func APIAuthWithFunc(f AppIdToAppSecret, timeout int) beego.FilterFunc {
83 return 107 return
84 } 108 }
85 t := time.Now() 109 t := time.Now()
86 if (t.Second() - u.Second()) > timeout { 110 if t.Sub(u).Seconds() > float64(timeout) {
87 ctx.Output.SetStatus(403) 111 ctx.Output.SetStatus(403)
88 ctx.WriteString("timeout! the request time is long ago, please try again") 112 ctx.WriteString("timeout! the request time is long ago, please try again")
89 return 113 return
...@@ -117,12 +141,7 @@ func Signature(appsecret, method string, params url.Values, RequestURI string) ( ...@@ -117,12 +141,7 @@ func Signature(appsecret, method string, params url.Values, RequestURI string) (
117 sha256 := sha256.New 141 sha256 := sha256.New
118 hash := hmac.New(sha256, []byte(appsecret)) 142 hash := hmac.New(sha256, []byte(appsecret))
119 hash.Write([]byte(string_to_sign)) 143 hash.Write([]byte(string_to_sign))
120 sha := base64.StdEncoding.EncodeToString(hash.Sum(nil)) 144 return base64.StdEncoding.EncodeToString(hash.Sum(nil))
121 sha = url.QueryEscape(sha)
122 sha = strings.Replace(sha, "+", "%20", -1)
123 sha = strings.Replace(sha, "*", "%2A", -1)
124 sha = strings.Replace(sha, "%7E", "~", -1)
125 return sha
126 } 145 }
127 146
128 type valSorter struct { 147 type valSorter struct {
......
plugins/auth/basic.go
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
27 // 27 //
28 // 28 //
29 // Advanced Usage: 29 // Advanced Usage:
30 //
30 // func SecretAuth(username, password string) bool { 31 // func SecretAuth(username, password string) bool {
31 // return username == "astaxie" && password == "helloBeego" 32 // return username == "astaxie" && password == "helloBeego"
32 // } 33 // }
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!