Skip to content

U
uni-starter

Wheat_Liu / uni-starter
与 Fork 源项目一致

Fork自 DCloud / uni-starter

通知 1
Star 0
Fork 0
U
uni-starter

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
verify-request-sign.js 1.3 KB
Newer Older
DCloud_JSON's avatar
更新uni-id-co  
DCloud_JSON 已提交
1 2 3 4 
const crypto = require('crypto')
const { ERROR } = require('../common/error')
const needSignFunctions = new Set([
  'externalRegister',
DCloud_JSON's avatar
2.1.2  
DCloud_JSON 已提交
5 6 
  'externalLogin',
  'updateUserInfoByExternal'
DCloud_JSON's avatar
更新uni-id-co  
DCloud_JSON 已提交
7 8 9 10 11 12 13 
])

module.exports = function () {
  const methodName = this.getMethodName()
  const { source } = this.getUniversalClientInfo()
  // 指定接口需要鉴权
  if (!needSignFunctions.has(methodName)) return
DCloud_JSON's avatar
2.1.2  
DCloud_JSON 已提交
14 15 16 17 18 19 20 
  
  // 非 HTTP 方式请求不需要鉴权
  if (source !== 'http') {
    throw {
      errCode: ERROR.ILLEGAL_REQUEST
    }
  }
DCloud_JSON's avatar
更新uni-id-co  
DCloud_JSON 已提交
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 

  const timeout = 20 * 1000 // 请求超过20秒不能再请求,防止重放攻击
  const { headers, body: _body } = this.getHttpInfo()
  const { 'uni-id-nonce': nonce, 'uni-id-timestamp': timestamp, 'uni-id-signature': signature } = headers
  const body = JSON.parse(_body).params || {}
  const bodyStr = Object.keys(body)
    .sort()
    .filter(item => typeof body[item] !== 'object')
    .map(item => `${item}=${body[item]}`)
    .join('&')

  if (isNaN(Number(timestamp)) || (Number(timestamp) + timeout) < Date.now()) {
    throw {
      errCode: ERROR.ILLEGAL_REQUEST
    }
  }

  const reSignature = crypto.createHmac('sha256', `${this.config.requestAuthSecret + nonce}`).update(`${timestamp}${bodyStr}`).digest('hex')

  if (signature !== reSignature.toUpperCase()) {
    throw {
      errCode: ERROR.ILLEGAL_REQUEST
    }
  }
}