mirror of
https://github.com/simon987/task_tracker.git
synced 2025-04-19 18:16:45 +00:00
Add timestamp in hmac auth
This commit is contained in:
simon987
parent
258a3c56eb
commit
840a4173bb
25
api/task.go
25
api/task.go
@ -10,6 +10,7 @@ import (
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/dchest/siphash"
|
||||
"github.com/simon987/task_tracker/storage"
|
||||
"math"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
@ -17,7 +18,7 @@ import (
|
||||
func (api *WebAPI) SubmitTask(r *Request) {
|
||||
|
||||
worker, err := api.validateSignature(r)
|
||||
if worker == nil {
|
||||
if err != nil {
|
||||
r.Json(JsonResponse{
|
||||
Ok: false,
|
||||
Message: err.Error(),
|
||||
@ -138,11 +139,32 @@ func (api *WebAPI) GetTaskFromProject(r *Request) {
|
||||
func (api WebAPI) validateSignature(r *Request) (*storage.Worker, error) {
|
||||
|
||||
widStr := string(r.Ctx.Request.Header.Peek("X-Worker-Id"))
|
||||
timeStampStr := string(r.Ctx.Request.Header.Peek("Timestamp"))
|
||||
signature := r.Ctx.Request.Header.Peek("X-Signature")
|
||||
|
||||
if widStr == "" {
|
||||
return nil, errors.New("worker id not specified")
|
||||
}
|
||||
if timeStampStr == "" {
|
||||
return nil, errors.New("date is not specified")
|
||||
}
|
||||
|
||||
timestamp, err := time.Parse(time.RFC1123, timeStampStr)
|
||||
if err != nil {
|
||||
logrus.WithError(err).WithFields(logrus.Fields{
|
||||
"date": timeStampStr,
|
||||
}).Warn("Can't parse Timestamp")
|
||||
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if math.Abs(float64(timestamp.Unix()-time.Now().Unix())) > 60 {
|
||||
logrus.WithError(err).WithFields(logrus.Fields{
|
||||
"date": timeStampStr,
|
||||
}).Warn("Invalid Timestamp")
|
||||
|
||||
return nil, errors.New("invalid Timestamp")
|
||||
}
|
||||
|
||||
wid, err := strconv.ParseInt(widStr, 10, 64)
|
||||
if err != nil {
|
||||
@ -172,6 +194,7 @@ func (api WebAPI) validateSignature(r *Request) (*storage.Worker, error) {
|
||||
|
||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||
mac.Write(body)
|
||||
mac.Write([]byte(timeStampStr))
|
||||
|
||||
expectedMac := make([]byte, 64)
|
||||
hex.Encode(expectedMac, mac.Sum(nil))
|
||||
|
||||
@ -14,6 +14,7 @@ import (
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
|
||||
type SessionContext struct {
|
||||
@ -39,12 +40,17 @@ func Post(path string, x interface{}, worker *storage.Worker, s *http.Client) *h
|
||||
handleErr(err)
|
||||
|
||||
if worker != nil {
|
||||
|
||||
ts := time.Now().Format(time.RFC1123)
|
||||
|
||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||
mac.Write(body)
|
||||
mac.Write([]byte(ts))
|
||||
sig := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
||||
req.Header.Add("X-Signature", sig)
|
||||
req.Header.Add("Timestamp", ts)
|
||||
}
|
||||
|
||||
r, err := s.Do(req)
|
||||
@ -64,12 +70,16 @@ func Get(path string, worker *storage.Worker, s *http.Client) *http.Response {
|
||||
|
||||
if worker != nil {
|
||||
|
||||
ts := time.Now().Format(time.RFC1123)
|
||||
|
||||
mac := hmac.New(crypto.SHA256.New, worker.Secret)
|
||||
mac.Write([]byte(path))
|
||||
mac.Write([]byte(ts))
|
||||
sig := hex.EncodeToString(mac.Sum(nil))
|
||||
|
||||
req.Header.Add("X-Worker-Id", strconv.FormatInt(worker.Id, 10))
|
||||
req.Header.Add("X-Signature", sig)
|
||||
req.Header.Add("Timestamp", ts)
|
||||
}
|
||||
|
||||
r, err := s.Do(req)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user