-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsignature.go
84 lines (69 loc) · 1.9 KB
/
signature.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package pusher
import (
"crypto/hmac"
"crypto/md5"
"crypto/sha256"
"encoding/hex"
"errors"
"net/http"
"net/url"
"sort"
"strings"
"time"
"github.com/spf13/viper"
)
// Verify signature
// @doc https://pusher.com/docs/channels/library_auth_reference/rest-api#authentication
func Verify(r *http.Request) (bool, error) {
query := r.URL.Query()
if !checkVersion(query.Get("auth_version")) {
return false, errors.New("invalid version")
}
timestamp, _ := Str2Int64(query.Get("auth_timestamp"))
if !checkTimestamp(timestamp, viper.GetInt64("TIMESTAMP_GRACE")) {
return false, errors.New("invalid timestamp")
}
signature := query.Get("auth_signature")
query.Del("auth_signature")
queryString := prepareQueryString(query)
stringToSign := strings.Join([]string{strings.ToUpper(r.Method), r.URL.Path, queryString}, "\n")
return HmacSignature(stringToSign, viper.GetString("APP_SECRET")) == signature, nil
}
// HmacSignature ...
func HmacSignature(toSign, secret string) string {
return hex.EncodeToString(hmacBytes([]byte(toSign), []byte(secret)))
}
func checkVersion(version string) bool {
return version == "1.0"
}
func checkTimestamp(timestamp, grace int64) bool {
if (time.Now().Unix() - timestamp) >= grace {
return false
}
return true
}
func checkBodyMD5(toSign []byte, md5Str string) bool {
return md5Hex(toSign) == md5Str
}
func prepareQueryString(params url.Values) string {
var keys []string
for key := range params {
keys = append(keys, strings.ToLower(key))
}
sort.Strings(keys)
var pieces []string
for _, key := range keys {
pieces = append(pieces, key+"="+params.Get(key))
}
return strings.Join(pieces, "&")
}
func hmacBytes(toSign, secret []byte) []byte {
_authSignature := hmac.New(sha256.New, secret)
_authSignature.Write(toSign)
return _authSignature.Sum(nil)
}
func md5Hex(toSign []byte) string {
h := md5.New()
h.Write(toSign)
return hex.EncodeToString(h.Sum(nil))
}