kbmmw 做REST 服務簽名認證的一種方式
阿新 • • 發佈:2018-09-16
map() make 分享圖片 請求參數 func end finall bject service
一般對外提供提供REST 服務,由於信息安全的問題, 都要采用簽名認證,今天簡單說一下在KBMMW 中如何
實現簡單的簽名服務?
整個簽名服務,模仿阿裏大魚的認證方式,大家可以根據實際情況自己修改。
沒有太多的解釋,直接上馬
[kbmMW_Rest(‘method:get, path:getwithcheck‘)] [kbmMW_Method] function getwithcheck( [kbmMW_Rest(‘value: "$p1", required: true‘)] const p1:string; [kbmMW_Rest(‘value: "$p2", required: true‘)] const p2:string; [kbmMW_Rest(‘value: "$p3", required: true‘)] const p3:string; [kbmMW_Rest(‘value: "$AccessKeyId", required: true‘)] const AccessKeyId:string; [kbmMW_Rest(‘value: "$Timestamp", required: true‘)] const Timestamp:string; [kbmMW_Rest(‘value: "$Action", required: true‘)] const Action:string; [kbmMW_Rest(‘value: "$Signature", required: true‘)] const Signature:string):string; end; const AppSecret=‘sdjhidbTdlfdsj133edyeR‘; appkey=‘xaliontestok‘; function MakeSign(const AParams: TStringList; constAppSecret: string): string; implementation uses kbmMWExceptions, mainp; {$R *.dfm} function specialUrlEncode(const sStr:string):string; begin // URLEncode後再增加三種字符替換:加號(+)替換成 %20、星號(*)替換成 %2A、%7E 替換回波浪號(~) Result :=TNetEncoding.URL.EncodeForm(sStr); Result.Replace(‘+‘,‘%20‘).Replace(‘*‘,‘%2A‘).Replace(‘%7E‘,‘~‘); end; function MakeSign(const AParams: TStringList; const AppSecret: string): string; var I: Integer; sortedQueryString :string; stringToSign: string; sSign :string; outs: TStringList; pn,pv:string; skey:Tbytes; begin outs:= AParams; outs.UseLocale:=True; outs.Sort; // 參數拼接 sortedQueryString:= ‘‘; for I := 0 to outs.Count - 1 do begin pn:=specialUrlEncode(outs.Names[I]); pv:=specialUrlEncode(outs.Values[outs.Names[I]]); sortedQueryString:= sortedQueryString +pn + ‘=‘+ pv+‘&‘; end; setlength(sortedQueryString,length(sortedQueryString)-1); stringToSign :=‘GET&%2F&‘ + specialUrlEncode(sortedQueryString); skey:=THashSHA1.GetHMACAsBytes(Tencoding.UTF8.GetBytes(stringToSign), Tencoding.UTF8.GetBytes(AppSecret+‘&‘)); sSign := TBase64Encoding.Create.EncodeBytesToString(skey); Result :=specialUrlEncode(sSign); end; function TkbmMWCustomHTTPSmartService1.getwithcheck(const p1, p2, p3, AccessKeyId, Timestamp, Action, Signature: string): string; var inputp:Tstringlist; inputsign:string; begin inputp:=Tstringlist.Create; inputp.Values[‘P1‘]:=p1; inputp.Values[‘P2‘]:=p2; inputp.Values[‘P3‘]:=p3; inputp.Values[‘AccessKeyId‘]:=AccessKeyId; inputp.Values[‘Timestamp‘]:=Timestamp; inputp.Values[‘Action‘]:=Action; // inputp.Values[‘Signature‘]=Signature; inputsign:= MakeSign(inputp,AppSecret); if inputsign<>specialUrlEncode(Signature) then begin Result:=‘{result:{"ok":"error","value":"sign error"}}‘; exit; end; if appkey<>AccessKeyId then begin Result:=‘{result:{"ok":"error","value":"can not find appkey"}}‘; exit; end; Result:=‘{"result":{"ok":"ok","value":"‘+Action+‘"}}‘;; end;
客戶端也很簡單
function TForm1.SendSMS(const AppKey, AppSecret, ReceiveNumber, FreeSignName, TemplateCode, TemplateContent: string; var ResultMsg: string): Boolean; function specialUrlEncode(const sStr:string):string; begin // URLEncode後再增加三種字符替換:加號(+)替換成 %20、星號(*)替換成 %2A、%7E 替換回波浪號(~) Result :=TNetEncoding.URL.EncodeForm(sStr); Result.Replace(‘+‘,‘%20‘).Replace(‘*‘,‘%2A‘).Replace(‘%7E‘,‘~‘); end; function MakeSign(const AParams: TStringList; const AppSecret: string;var sortQueryStringTmp :String): string; var I: Integer; sortedQueryString :string; stringToSign: string; sSign :string; outs: TStringList; pn,pv:string; skey:Tbytes; begin outs:= AParams; outs.UseLocale:=True; outs.Sort; //SortString( AParams,outs); // 參數拼接 sortQueryStringTmp := ‘‘; for I := 0 to outs.Count - 1 do begin pn:=specialUrlEncode(outs.Names[I]); pv:=specialUrlEncode(outs.Values[outs.Names[I]]); sortQueryStringTmp := sortQueryStringTmp +pn + ‘=‘+ pv+‘&‘; end; setlength(sortQueryStringTmp,length(sortQueryStringTmp)-1); sortedQueryString:=sortQueryStringTmp; stringToSign :=‘GET&%2F&‘ + specialUrlEncode(sortedQueryString); skey:=THashSHA1.GetHMACAsBytes(Tencoding.UTF8.GetBytes(stringToSign), Tencoding.UTF8.GetBytes(AppSecret+‘&‘)); sSign := TBase64Encoding.Create.EncodeBytesToString(skey); Result :=specialUrlEncode(sSign); end; var HTTP: TNetHTTPClient; JO: TJSONObject; Params: TStringList; Response: string; code:TGUID; sortQueryStringTmp :string; signature :string; sURL :string; ResponseStr: TStringStream; begin Result := False; CreateGUID(code); HTTP := TNetHTTPClient.Create(nil); Params := TStringList.Create(); ResponseStr :=TStringStream.Create(‘‘, TEncoding.ASCII);//中文用UTF8 try //; // //請求參數中不允許出現以Signature為key的參數。參考代碼如下``` //String accessKeyId = “testId”;String accessSecret = “testSecret”; //java.text.SimpleDateFormat df = new java.text.SimpleDateFormat(“yyyy-MM-dd’T’HH:mm:ss’Z’”); //df.setTimeZone(new java.util.SimpleTimeZone(0, “GMT”));// 這裏一定要設置GMT時區 // //java.util.Map paras = new java.util.HashMap(); //// 1. 系統參數 //paras.put(“SignatureMethod”, “HMAC-SHA1”); //paras.put(“SignatureNonce”, java.util.UUID.randomUUID().toString()); //paras.put(“AccessKeyId”, accessKeyId); //paras.put(“SignatureVersion”, “1.0”); //paras.put(“Timestamp”, df.format(new java.util.Date())); //paras.put(“Format”, “XML”); // //// 2. 業務API參數 //paras.put(“Action”, “SendSms”); //paras.put(“Version”, “2017-05-25”); //paras.put(“RegionId”, “cn-hangzhou”); //paras.put(“PhoneNumbers”, “15300000001”); //paras.put(“SignName”, “阿裏雲短信測試專用”); //paras.put(“TemplateParam”, “{\”customer\”:\”test\”}”); //paras.put(“TemplateCode”, “SMS_71390007”); //paras.put(“OutId”, “123”); Params.Values[‘P2‘] := ‘HMAC-SHA1‘; Params.Values[‘P3‘] := GUIDToString(code); Params.Values[‘AccessKeyId‘] := AppKey; Params.Values[‘P1‘] := ‘1.0‘; // Params.Values[‘Timestamp‘] := FormatDateTime(‘yyyy-mm-dd hh:mm:ss‘, now - 1/3); Params.Values[‘Timestamp‘] := FormatDateTime(‘yyyy-MM-dd‘‘T‘‘HH:mm:ss‘‘Z‘‘‘, now-1/3); // Params.Values[‘Format‘] := ‘JSON‘; Params.Values[‘Action‘] := ‘SendSms‘; // Params.Values[‘Version‘] := ‘2017-05-25‘; // Params.Values[‘RegionId‘] := ‘cn-hangzhou‘; //Params.Values[‘PhoneNumbers‘] := ReceiveNumber; // Params.Values[‘SignName‘] := FreeSignName; // Params.Values[‘TemplateParam‘] := TemplateContent; // Params.Values[‘TemplateCode‘] := TemplateCode; signature:=MakeSign(Params,AppSecret,sortQueryStringTmp); sURL := ‘http://127.0.0.1/xalionrest/getwithcheck?signature=‘+signature+‘&‘+sortQueryStringTmp; Memo1.Lines.Text :=sURL; try resultmsg:=http.Get(sURL).ContentAsString ; Memo2.Lines.add( resultmsg); except on E: Exception do begin ResultMsg := E.Message; Exit; end; end; finally HTTP.Free; Params.Free; ResponseStr.Free; end; end;
運行結果,有圖有真相
打完收工。
kbmmw 做REST 服務簽名認證的一種方式