| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- package middlewares
- import (
- "bytes"
- "sparkteam-dash/pkg/utils"
- "time"
- "github.com/gin-gonic/gin"
- "github.com/spf13/cast"
- )
- func CheckTokenV2() gin.HandlerFunc {
- return func(ctx *gin.Context) {
- auth, stamp := ctx.GetHeader("X-Grave-Sign"), ctx.GetHeader("X-Grave-Stamp")
- data := bytes.Buffer{}
- data.WriteString("grave-")
- data.WriteString(stamp)
- if utils.Md5Content(data.Bytes()) != auth {
- ctx.JSON(403, gin.H{"msg": "sign invalid"})
- ctx.Abort()
- return
- }
- ctx.Next()
- }
- }
- // CheckTokenV3 签名参数放置到url中,防止无法通过跨域传送域名
- func CheckTokenV3() gin.HandlerFunc {
- return func(ctx *gin.Context) {
- auth, stamp := ctx.Query("sign"), ctx.Query("stamp")
- if auth == "dev" {
- ctx.Next()
- return
- }
- data := bytes.Buffer{}
- data.WriteString("sparkteam-")
- data.WriteString(stamp)
- stampInt := cast.ToInt64(stamp)
- if stampInt <= 0 || (stampInt+300 < time.Now().Unix()) {
- ctx.JSON(403, gin.H{"msg": "sign invalid"})
- ctx.Abort()
- return
- }
- if auth == "" || stamp == "" || utils.Md5Content(data.Bytes()) != auth {
- ctx.JSON(403, gin.H{"msg": "sign invalid"})
- ctx.Abort()
- return
- }
- ctx.Next()
- }
- }
|
