commit fb12d0d6aa746eb651785ab489b9f0c644433d5e
author guangcheng.qin <guangcheng.qin@supwisdom.com> 周四 8月 08 17:06:36 2019 +0800
committer guangcheng.qin <guangcheng.qin@supwisdom.com> 周四 8月 08 17:06:36 2019 +0800
tree 84bdcebd8cea9eced520f3a3b7710d3d1cba00f8
parent c3ba644785e787342488267d0332045bab4fdba4

更改web验证方式为jwt方式，添加定时更新jwt功能

webservice.go

diff --git a/webservice.go b/webservice.go
index 5d0c750..91b3209 100644
--- a/webservice.go
+++ b/webservice.go
@@ -3,7 +3,7 @@
 import (
 	"bytes"
 	"crypto/hmac"
-	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
 	"encoding/json"
@@ -42,7 +42,10 @@
 	// DefaultTimeout default time
 	DefaultTimeout     int
 	sessionKey         string
+	jwt                string
+	expiredAt          int64
 	sslVerify          bool
+	startTime          int64
 	httpConnectionPool sync.Pool
 }
 
@@ -121,7 +124,6 @@
 	timeout int) (*resty.Response, error) {
 
 	fullURL := w.BaseURL + uri
-
 	resty.SetTimeout(time.Duration(timeout) * time.Second)
 	resp, err := resty.R().
 		SetQueryParams(params).
@@ -138,7 +140,7 @@
 
 // SignWithKey sign with key
 func (w *WebSession) SignWithKey(key, message string) string {
-	mac := hmac.New(sha1.New, []byte(key))
+	mac := hmac.New(sha256.New, []byte(key))
 	mac.Write([]byte(message))
 	res := mac.Sum(nil)
 	return hex.EncodeToString(res)
@@ -187,7 +189,6 @@
 	param["sign"] = w.Sign(w.AppID + w.TermID + w.sessionKey + ts)
 
 	fullURL := w.BaseURL + uri
-
 	r, err := resty.R().
 		SetHeader("Content-Type", "application/json").
 		SetBody(param).
@@ -230,7 +231,6 @@
 	if !certs.AppendCertsFromPEM(ca) {
 		return nil, ErrBadCAPEM
 	}
-
 	resty.SetTLSClientConfig(&tls.Config{
 		InsecureSkipVerify: true,
 		RootCAs:            certs,
@@ -250,14 +250,14 @@
 	type FormJSON struct {
 		AppID       string `json:"app_id"`
 		TermID      string `json:"term_id"`
-		AccessToken string `json:"access_token"`
+		AccessToken string `json:"token"`
 	}
 
-	uri := fmt.Sprintf("/authservice/getauth/%v/getaccesstoken", w.AppID)
+	uri := "/auth/gettoken"
 
 	params := make(map[string]string)
-	params["term_id"] = w.TermID
-	r, err := w.doGet(uri, params, 5)
+	params["appid"] = w.AppID
+	r, err := w.doGet(uri, params, 10)
 
 	if err != nil {
 		return "", err
@@ -267,7 +267,6 @@
 	}
 
 	body := r.Body()
-
 	s := &FormJSON{}
 	err = json.Unmarshal(body, &s)
 	if err != nil {
@@ -283,19 +282,19 @@
 		TermID     string `json:"term_id"`
 		SessionKey string `json:"session_key"`
 		CardKey    string `json:"card_key"`
+		Jwt        string `json:"jwt"`
+		ExpiredAt  string `json:"expiredAt"`
 	}
 
-	uri := fmt.Sprintf("/authservice/getauth/%v", w.AppID)
+	uri := "/auth/authentication"
 
 	params := make(map[string]string)
-	params["term_id"] = w.TermID
-	params["access_token"] = token
+	params["appid"] = w.AppID
 	params["timestamp"] = w.GetTimestamp()
-	params["v"] = "1"
-	params["sign"] = w.Sign(token + params["timestamp"])
-	params["sign_method"] = "HMAC"
+	params["sign"] = w.Sign(token)
+	params["sign_method"] = "HMAC-SHA256"
 
-	r, err := w.doGet(uri, params, 5)
+	r, err := w.doGet(uri, params, 10)
 	if err != nil {
 		log.Errorf("err = %v\n", err)
 		return err
@@ -314,7 +313,46 @@
 		log.Errorf("json unmarshal err %v", err)
 		return err
 	}
-	w.sessionKey = s.SessionKey
+	w.jwt = s.Jwt
+	//JWT is valid for 20 minutes
+	w.expiredAt = 20 * 60
+	w.startTime = time.Now().Unix()
+	return nil
+}
+
+func (w *WebSession) updateJwt() error {
+	type FormJSON struct {
+		AppID string `json:"app_id"`
+		Jwt   string `json:"jwt"`
+	}
+	nowTime := time.Now().Unix()
+	if nowTime-w.startTime >= w.expiredAt {
+		uri := "/auth/refresh"
+
+		params := make(map[string]string)
+		params["appid"] = w.AppID
+
+		fullURL := w.BaseURL + uri
+		log.Debugf("CallService: %v", fullURL)
+		r, err := resty.R().
+			SetHeader("Authorization", "Bearer "+w.jwt).
+			Get(fullURL)
+		if err != nil || r.StatusCode() != 200 {
+			log.Errorf("Status=%v, err=%v", r.StatusCode(), err)
+			return err
+		}
+
+		body := r.Body()
+
+		s := &FormJSON{}
+		err = json.Unmarshal(body, &s)
+		if err != nil {
+			log.Errorf("json unmarshal err %v", err)
+			return err
+		}
+		w.jwt = s.Jwt
+		w.startTime = nowTime
+	}
 	return nil
 }
 
@@ -351,10 +389,14 @@
 }
 
 // CallService2 call epay service
-func (w *WebSession) CallService2(path string, params map[string]interface{}, timeout int,
-	signField ...string) (response *ServiceResponse, err error) {
+func (w *WebSession) CallService2(path string, params map[string]interface{},
+	timeout int, signField ...string) (response *ServiceResponse, err error) {
 	err = nil
 
+	if err = w.updateJwt(); err != nil {
+		log.Errorf("updateJwt err = %v", err)
+		return
+	}
 	formData := make(map[string]string)
 	if params != nil {
 		for k, v := range params {
@@ -366,20 +408,10 @@
 	ts := w.GetTimestamp()
 	formData["timestamp"] = ts
 
-	signData := ""
-	for _, k := range signField {
-		if v, ok := formData[k]; ok {
-			signData += v
-		}
-	}
-	signData += ts + w.sessionKey
-	log.Debugf("Sign: key[%v] data[%v]\n", w.sessionKey, signData)
-	formData["sign_method"] = "HMAC"
-	formData["sign"] = w.SignWithKey(w.AppSecret, signData)
-
 	fullURL := w.BaseURL + path
-	log.Debugf("CallService: %v\n", fullURL)
+	log.Debugf("CallService: %v", fullURL)
 	r, err := resty.R().
+		SetHeader("Authorization", "Bearer "+w.jwt).
 		SetHeader("Accept", "application/json").
 		SetFormData(formData).
 		Post(fullURL)
@@ -389,7 +421,7 @@
 	}
 
 	if r.StatusCode() != 200 {
-		log.Errorf("Request Error %v\n", r.StatusCode())
+		log.Errorf("Request Error %v", r.StatusCode())
 		err = fmt.Errorf("Request Error, StatusCode : %v", r.StatusCode())
 		return
 	}