fix
This commit is contained in:
laodaming
parent
108167430d
commit
4b8af75652
|
|
@ -4,8 +4,10 @@ import (
|
|||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"fusenapi/server/feishu-sync/internal/svc"
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
|
|
@ -51,10 +53,14 @@ func (l *WebhookLogic) Webhook(w http.ResponseWriter, r *http.Request) {
|
|||
logx.Error("读取请求body失败", err)
|
||||
return
|
||||
}
|
||||
logx.Info("收到头消息:", r.Header)
|
||||
logx.Info("收到body消息:", string(bodyBytes))
|
||||
//验证消息合法性
|
||||
if !l.VerifyWebhook(r.Header, bodyBytes, "DmiHQ2bHhKiR3KK4tIjLShbs13eErxKA") {
|
||||
//计算签名
|
||||
timestamp := r.Header.Get("X-Lark-Request-Timestamp")
|
||||
nonce := r.Header.Get("X-Lark-Request-Nonce")
|
||||
encryptKey := "DmiHQ2bHhKiR3KK4tIjLShbs13eErxKA"
|
||||
signature := r.Header.Get("X-Lark-Signature")
|
||||
sign := l.calculateSignature(timestamp, nonce, encryptKey, bodyBytes)
|
||||
if signature != sign {
|
||||
logx.Error("非法的消息,签名验证不通过", sign, "====", signature)
|
||||
return
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
|
@ -103,23 +109,17 @@ func (l *WebhookLogic) Webhook(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
|
||||
// func (l *WebhookLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
|
||||
// // httpx.OkJsonCtx(r.Context(), w, resp)
|
||||
// }
|
||||
func (l *WebhookLogic) VerifyWebhook(header http.Header, bodyBytes []byte, encryptKey string) bool {
|
||||
b := []byte(header.Get("X-Lark-Request-Timestamp") + header.Get("X-Lark-Request-Nonce") + encryptKey)
|
||||
b = append(b, bodyBytes...)
|
||||
// 计算签名
|
||||
func (l *WebhookLogic) calculateSignature(timestamp, nonce, encryptKey string, body []byte) string {
|
||||
var b strings.Builder
|
||||
b.WriteString(timestamp)
|
||||
b.WriteString(nonce)
|
||||
b.WriteString(encryptKey)
|
||||
b.Write(body) //bodystring 指整个请求体,不要在反序列化后再计算
|
||||
bs := []byte(b.String())
|
||||
h := sha256.New()
|
||||
_, err := h.Write(b)
|
||||
if err != nil {
|
||||
logx.Error(err)
|
||||
return false
|
||||
}
|
||||
hashKey := h.Sum(nil)
|
||||
if string(hashKey) != header.Get("X-Lark-Signature") {
|
||||
logx.Error("无效的消息", string(b), ":------:", string(hashKey), ":-----:", header.Get("X-Lark-Signature"))
|
||||
return false
|
||||
}
|
||||
return true
|
||||
h.Write(bs)
|
||||
bs = h.Sum(nil)
|
||||
sig := fmt.Sprintf("%x", bs)
|
||||
return sig
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user