mirror of
https://github.com/simon987/task_tracker.git
synced 2025-04-19 18:16:45 +00:00
Add timestamp in hmac auth
This commit is contained in:
simon987
parent
258a3c56eb
commit
840a4173bb
25
api/task.go
25
api/task.go
@ -10,6 +10,7 @@ import (
|
|||||||
"github.com/Sirupsen/logrus"
|
"github.com/Sirupsen/logrus"
|
||||||
"github.com/dchest/siphash"
|
"github.com/dchest/siphash"
|
||||||
"github.com/simon987/task_tracker/storage"
|
"github.com/simon987/task_tracker/storage"
|
||||||
|
"math"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
@ -17,7 +18,7 @@ import (
|
|||||||
func (api *WebAPI) SubmitTask(r *Request) {
|
func (api *WebAPI) SubmitTask(r *Request) {
|
||||||
|
|
||||||
worker, err := api.validateSignature(r)
|
worker, err := api.validateSignature(r)
|
||||||
if worker == nil {
|
if err != nil {
|
||||||
r.Json(JsonResponse{
|
r.Json(JsonResponse{
|
||||||
Ok: false,
|
Ok: false,
|
||||||
Message: err.Error(),
|
Message: err.Error(),
|
||||||
@ -138,11 +139,32 @@ func (api *WebAPI) GetTaskFromProject(r *Request) {
|
|||||||
func (api WebAPI) validateSignature(r *Request) (*storage.Worker, error) {
|
func (api WebAPI) validateSignature(r *Request) (*storage.Worker, error) {
|
||||||
|
|
||||||
widStr := string(r.Ctx.Request.Header.Peek("X-Worker-Id"))
|
widStr := string(r.Ctx.Request.Header.Peek("X-Worker-Id"))
|
||||||
|
timeStampStr := string(r.Ctx.Request.Header.Peek("Timestamp"))
|
||||||
signature := r.Ctx.Request.Header.Peek("X-Signature")
|
signature := r.Ctx.Request.Header.Peek("X-Signature")
|
||||||
|
|
||||||
if widStr == "" {
|
if widStr == "" {
|
||||||
return nil, errors.New("worker id not specified")
|
return nil, errors.New("worker id not specified")
|
||||||
}
|
}
|
||||||
|
if timeStampStr == "" {
|
||||||
|
return nil, errors.New("date is not specified")
|
||||||
|
}
|
||||||
|
|
||||||
|
timestamp, err := time.Parse(time.RFC1123, timeStampStr)
|
||||||
|
if err != nil {
|
||||||
|
logrus.WithError(err).WithFields(logrus.Fields{
|
||||||
|
"date": timeStampStr,
|
||||||
|
}).Warn("Can't parse Timestamp")
|
||||||
|
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if math.Abs(float64(timestamp.Unix()-time.Now().Unix())) > 60 {
|
||||||
|
logrus.WithError(err).WithFields(logrus.Fields{
|
||||||
|
"date": timeStampStr,
|
||||||
|
}).Warn("Invalid Timestamp")
|
||||||
|
|
||||||
|
return nil, errors.New("invalid Timestamp")
|
||||||
|
}
|
||||||
|
|
||||||
wid, err := strconv.ParseInt(widStr, 10, 64)
|
wid, err := strconv.ParseInt(widStr, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -172,6 +194,7 @@ func (api WebAPI) validateSignature(r *Request) (*storage.Worker, error) {
|
|||||||
|
|
||||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||||
mac.Write(body)
|
mac.Write(body)
|
||||||
|
mac.Write([]byte(timeStampStr))
|
||||||
|
|
||||||
expectedMac := make([]byte, 64)
|
expectedMac := make([]byte, 64)
|
||||||
hex.Encode(expectedMac, mac.Sum(nil))
|
hex.Encode(expectedMac, mac.Sum(nil))
|
||||||
|
|||||||
@ -14,6 +14,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
type SessionContext struct {
|
type SessionContext struct {
|
||||||
@ -39,12 +40,17 @@ func Post(path string, x interface{}, worker *storage.Worker, s *http.Client) *h
|
|||||||
handleErr(err)
|
handleErr(err)
|
||||||
|
|
||||||
if worker != nil {
|
if worker != nil {
|
||||||
|
|
||||||
|
ts := time.Now().Format(time.RFC1123)
|
||||||
|
|
||||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||||
mac.Write(body)
|
mac.Write(body)
|
||||||
|
mac.Write([]byte(ts))
|
||||||
sig := hex.EncodeToString(mac.Sum(nil))
|
sig := hex.EncodeToString(mac.Sum(nil))
|
||||||
|
|
||||||
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
||||||
req.Header.Add("X-Signature", sig)
|
req.Header.Add("X-Signature", sig)
|
||||||
|
req.Header.Add("Timestamp", ts)
|
||||||
}
|
}
|
||||||
|
|
||||||
r, err := s.Do(req)
|
r, err := s.Do(req)
|
||||||
@ -64,12 +70,16 @@ func Get(path string, worker *storage.Worker, s *http.Client) *http.Response {
|
|||||||
|
|
||||||
if worker != nil {
|
if worker != nil {
|
||||||
|
|
||||||
|
ts := time.Now().Format(time.RFC1123)
|
||||||
|
|
||||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||||
mac.Write([]byte(path))
|
mac.Write([]byte(path))
|
||||||
|
mac.Write([]byte(ts))
|
||||||
sig := hex.EncodeToString(mac.Sum(nil))
|
sig := hex.EncodeToString(mac.Sum(nil))
|
||||||
|
|
||||||
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
||||||
req.Header.Add("X-Signature", sig)
|
req.Header.Add("X-Signature", sig)
|
||||||
|
req.Header.Add("Timestamp", ts)
|
||||||
}
|
}
|
||||||
|
|
||||||
r, err := s.Do(req)
|
r, err := s.Do(req)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user