Home Explore Help
Register Sign In
yicangzongtai
/
Base_data_tower
Watch 10
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ba904b79f5
Branches Tags
Base_data_to...
/
uni_modules
/
uni-id-pages
/
uniCloud
/
cloudfunctions
/
uni-id-co
/
middleware
/
verify-request-sign.js

verify-request-sign.js 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. const crypto = require('crypto')
    2. 

  2. const createConfig = require('uni-config-center')
    3. 

  3. const { verifyHttpInfo } = require('uni-cloud-s2s')
    4. 

  4. 

  5. const { ERROR } = require('../common/error')
    6. 

  6. const s2sConfig = createConfig({
    7. 

  7.   pluginId: 'uni-cloud-s2s'
    8. 

  8. })
    9. 

  9. const needSignFunctions = new Set([
    10. 

  10.   'externalRegister',
    11. 

  11.   'externalLogin',
    12. 

  12.   'updateUserInfoByExternal'
    13. 

  13. ])
    14. 

  14. 

  15. module.exports = function () {
    16. 

  16.   const methodName = this.getMethodName()
    17. 

  17.   const { source } = this.getUniversalClientInfo()
    18. 

  18. 

  19.   // 指定接口需要鉴权
    20. 

  20.   if (!needSignFunctions.has(methodName)) return
    21. 

  21. 

  22.   // 非 HTTP 方式请求拒绝访问
    23. 

  23.   if (source !== 'http') {
    24. 

  24.     throw {
    25. 

  25.       errCode: ERROR.ILLEGAL_REQUEST
    26. 

  26.     }
    27. 

  27.   }
    28. 

  28. 

  29.   // 支持 uni-cloud-s2s 验证请求
    30. 

  30.   if (s2sConfig.hasFile('config.json')) {
    31. 

  31.     try {
    32. 

  32.       if (!verifyHttpInfo(this.getHttpInfo())) {
    33. 

  33.         throw {
    34. 

  34.           errCode: ERROR.ILLEGAL_REQUEST
    35. 

  35.         }
    36. 

  36.       }
    37. 

  37.     } catch (e) {
    38. 

  38.       if (e.errSubject === 'uni-cloud-s2s') {
    39. 

  39.         throw {
    40. 

  40.           errCode: ERROR.ILLEGAL_REQUEST,
    41. 

  41.           errMsg: e.errMsg
    42. 

  42.         }
    43. 

  43.       }
    44. 

  44.       throw e
    45. 

  45.     }
    46. 

  46. 

  47.     return
    48. 

  48.   }
    49. 

  49. 

  50.   if (!this.config.requestAuthSecret || typeof this.config.requestAuthSecret !== 'string') {
    51. 

  51.     throw {
    52. 

  52.       errCode: ERROR.CONFIG_FIELD_REQUIRED,
    53. 

  53.       errMsgValue: {
    54. 

  54.         field: 'requestAuthSecret'
    55. 

  55.       }
    56. 

  56.     }
    57. 

  57.   }
    58. 

  58. 

  59.   const timeout = 20 * 1000 // 请求超过20秒不能再请求,防止重放攻击
    60. 

  60.   const { headers, body: _body } = this.getHttpInfo()
    61. 

  61.   const { 'uni-id-nonce': nonce, 'uni-id-timestamp': timestamp, 'uni-id-signature': signature } = headers
    62. 

  62.   const body = JSON.parse(_body).params || {}
    63. 

  63.   const bodyStr = Object.keys(body)
    64. 

  64.     .sort()
    65. 

  65.     .filter(item => typeof body[item] !== 'object')
    66. 

  66.     .map(item => `${item}=${body[item]}`)
    67. 

  67.     .join('&')
    68. 

  68. 

  69.   if (isNaN(Number(timestamp)) || (Number(timestamp) + timeout) < Date.now()) {
    70. 

  70.     throw {
    71. 

  71.       errCode: ERROR.ILLEGAL_REQUEST
    72. 

  72.     }
    73. 

  73.   }
    74. 

  74. 

  75.   const reSignature = crypto.createHmac('sha256', `${this.config.requestAuthSecret + nonce}`).update(`${timestamp}${bodyStr}`).digest('hex')
    76. 

  76. 

  77.   if (signature !== reSignature.toUpperCase()) {
    78. 

  78.     throw {
    79. 

  79.       errCode: ERROR.ILLEGAL_REQUEST
    80. 

  80.     }
    81. 

  81.   }
    82. 

  82. }
    83. 

  83.