Home Page >  News List >> Tech >> Tech

Java Microservices WebApi public interface request signature verification

Tech 2023-07-04 10:21:02 Source: Network
AD

,API,,,.

,API
,
,
,.
.

header

| header | | |
| AppId | string | Id |
| Ticks | string | 197011UTC |
| RequestId | string | GUID,, |
| Sign| string | , |

  1. "{AppId}{Ticks}{RequestId}{AppSecret}"
  2. MD5,MD5HeaderSign
  3. APP(AppId,AppSecret),

AppId

  1. AppId,
  2. ,AppID(,)
  3. AppId,,
        model.AppId = context.Request.Headers["AppId"];        if (String.IsNullOrEmpty(model.AppId))        {            await this.ResponseValidFailedAsync(context, 501);            return;        }        var cacheSvc = context.RequestServices.GetRequiredService<IMemoryCache>();        var cacheAppIdKey = $"RequestValidSign:APPID:{model.AppId}";        var curConfig = cacheSvc.GetOrCreate<AppConfigModel>(cacheAppIdKey, (e) =>        {            e.SlidingExpiration = TimeSpan.FromHours(1);            var configuration = context.RequestServices.GetRequiredService<IConfiguration>();            var listAppConfig = configuration.GetSection(AppConfigModel.ConfigSectionKey).Get<AppConfigModel[]>();            return listAppConfig.SingleOrDefault(x => x.AppId == model.AppId);        });        if (curConfig == null)        {            await this.ResponseValidFailedAsync(context, 502);            return;        }

  2. (5)
  3. 197011UTC
            var ticksString = context.Request.Headers["Ticks"].ToString();            if (String.IsNullOrEmpty(ticksString))            {                await this.ResponseValidFailedAsync(context, 503);                return;            }            model.Ticks = long.Parse(context.Request.Headers["Ticks"].ToString());            var diffTime = DateTime.UtcNow - (new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddMilliseconds(model.Ticks));            var expirTime = TimeSpan.FromSeconds(300);//            if (diffTime > expirTime)            {                await this.ResponseValidFailedAsync(context, 504);                return;            }

ID

  1. ID
  2. ID
  3. IDID
            model.RequestId = context.Request.Headers["RequestId"];            if (String.IsNullOrEmpty(model.RequestId))            {                await this.ResponseValidFailedAsync(context, 505);                return;            }            var cacheKey = $"RequestValidSign:RequestId:{model.AppId}:{model.RequestId}";            if (cacheSvc.TryGetValue(cacheKey, out _))            {                await this.ResponseValidFailedAsync(context, 506);                return;            }            else                cacheSvc.Set(cacheKey, model.RequestId, expirTime);

1.
2.$"{AppId}{Ticks}{RequestId}{AppSecret}"
3.MD5Sign
4.

    public bool Valid()    {        var validStr = $"{AppId}{Ticks}{RequestId}{AppSecret}";        return validStr.ToMD5String() == Sign;    }            model.Sign = context.Request.Headers["Sign"];            if (!model.Valid())            {                await this.ResponseValidFailedAsync(context, 507);                return;            }

Asp.Net Core

/// <summary>/// /// </summary>public class RequestValidSignMiddleware{    private readonly RequestDelegate _next;    public RequestValidSignMiddleware(RequestDelegate next)    {        _next = next;    }    public async Task InvokeAsync(HttpContext context)    {        var model = new RequestValidSignModel();        //1.AppId,        //2.,AppID(,)        //3.AppId,,        model.AppId = context.Request.Headers["AppId"];        if (String.IsNullOrEmpty(model.AppId))        {            await this.ResponseValidFailedAsync(context, 501);            return;        }        var cacheSvc = context.RequestServices.GetRequiredService<IMemoryCache>();        var cacheAppIdKey = $"RequestValidSign:APPID:{model.AppId}";        var curConfig = cacheSvc.GetOrCreate<AppConfigModel>(cacheAppIdKey, (e) =>        {            e.SlidingExpiration = TimeSpan.FromHours(1);            var configuration = context.RequestServices.GetRequiredService<IConfiguration>();            var listAppConfig = configuration.GetSection(AppConfigModel.ConfigSectionKey).Get<AppConfigModel[]>();            return listAppConfig.SingleOrDefault(x => x.AppId == model.AppId);        });        if (curConfig == null)        {            await this.ResponseValidFailedAsync(context, 502);            return;        }        //1./APP,AppSecret        //2.AppSecret(),AppSecret        //3.AppSecretBase64        //4.AppSecretAppSecret,,        //5.AppSecret,.        model.AppSecret = curConfig.AppSecret;        var headerSecret = context.Request.Headers["AppSecret"].ToString();        if (!String.IsNullOrEmpty(headerSecret))        {            var secretBuffer = new byte[1024];            var secretIsBase64 = Convert.TryFromBase64String(headerSecret, new Span<byte>(secretBuffer), out var bytesWritten);            if (secretIsBase64 && Encoding.UTF8.GetString(secretBuffer, 0, bytesWritten) == curConfig.AppSecret)                await _next(context);            else            {                await this.ResponseValidFailedAsync(context, 508);                return;            }        }        else        {            //1.            //2.(5)            //197011UTC            var ticksString = context.Request.Headers["Ticks"].ToString();            if (String.IsNullOrEmpty(ticksString))            {                await this.ResponseValidFailedAsync(context, 503);                return;            }            model.Ticks = long.Parse(context.Request.Headers["Ticks"].ToString());            var diffTime = DateTime.UtcNow - (new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddMilliseconds(model.Ticks));            var expirTime = TimeSpan.FromSeconds(300);//            if (diffTime > expirTime)            {                await this.ResponseValidFailedAsync(context, 504);                return;            }            //1.ID            //2.ID            //3.IDID            model.RequestId = context.Request.Headers["RequestId"];            if (String.IsNullOrEmpty(model.RequestId))            {                await this.ResponseValidFailedAsync(context, 505);                return;            }            var cacheKey = $"RequestValidSign:RequestId:{model.AppId}:{model.RequestId}";            if (cacheSvc.TryGetValue(cacheKey, out _))            {                await this.ResponseValidFailedAsync(context, 506);                return;            }            else                cacheSvc.Set(cacheKey, model.RequestId, expirTime);            //1.            //2.$"{AppId}{Ticks}{RequestId}{AppSecret}"            //3.MD5Sign            //4.            model.Sign = context.Request.Headers["Sign"];            if (!model.Valid())            {                await this.ResponseValidFailedAsync(context, 507);                return;            }            await _next(context);        }    }    /// <summary>    ///     /// </summary>    /// <param name="context"></param>    /// <param name="status"></param>    /// <returns></returns>    public async Task ResponseValidFailedAsync(HttpContext context, int status)    {        context.Response.StatusCode = 500;        await context.Response.WriteAsJsonAsync(new ComResult() { Success = false, Status = status, Msg = "" }, Extention.DefaultJsonSerializerOptions, context.RequestAborted);    }}public class AppConfigModel{    public const string ConfigSectionKey = "AppConfig";    /// <summary>    /// Id    /// </summary>    public string AppId { get; set; }    /// <summary>    ///     /// </summary>    public string AppSecret { get; set; }}public class RequestValidSignModel : AppConfigModel{    /// <summary>    ///     /// Date.now()    /// 1970  1  1  00:00:00 (UTC)     /// </summary>    public long Ticks { get; set; }    /// <summary>    /// ID    /// </summary>    public string RequestId { get; set; }    /// <summary>    ///     /// </summary>    public string Sign { get; set; }    public bool Valid()    {        var validStr = $"{AppId}{Ticks}{RequestId}{AppSecret}";        return validStr.ToMD5String() == Sign;    }}

,Program/

/// <summary>/// /// </summary>public static class RequestValidSignMiddlewareExtensions{    public static IApplicationBuilder UseRequestValidSign(this IApplicationBuilder builder)    {        return builder.UseMiddleware<RequestValidSignMiddleware>();    }}///Program.csapp.UseRequestValidSign();

Swagger

Swagger
Header,Header

/// <summary>/// Swagger/// </summary>public class RequestValidSignSwaggerOperationFilter : IOperationFilter{    public void Apply(OpenApiOperation operation, OperationFilterContext context)    {        if (operation.Parameters == null)            operation.Parameters = new List<OpenApiParameter>();        operation.Parameters.Add(new OpenApiParameter        {            Name = "AppId",            In = ParameterLocation.Header,            Required = true,            Description = "ID",            Schema = new OpenApiSchema            {                Type = "string"            }        });        operation.Parameters.Add(new OpenApiParameter        {            Name = "Ticks",            In = ParameterLocation.Header,            Required = true,            Description = "",            Example = new OpenApiString(((long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds).ToString()),            Schema = new OpenApiSchema            {                Type = "string"            }        });        operation.Parameters.Add(new OpenApiParameter        {            Name = "RequestId",            In = ParameterLocation.Header,            Required = true,            Description = "ID",            Example = new OpenApiString(Guid.NewGuid().ToString()),            Schema = new OpenApiSchema            {                Type = "string"            }        });        operation.Parameters.Add(new OpenApiParameter        {            Name = "Sign",            In = ParameterLocation.Header,            Required = true,            Description = "",            //{AppId}{Ticks}{RequestId}{AppSecret}            Example = new OpenApiString("MD5({AppId}{Ticks}{RequestId}{AppSecret})"),            Schema = new OpenApiSchema            {                Type = "string"            }        });        operation.Parameters.Add(new OpenApiParameter        {            Name = "AppSecret",            In = ParameterLocation.Header,            Description = "()",            Example = new OpenApiString("BASE64({AppSecret})"),            Schema = new OpenApiSchema            {                Type = "string"            }        });    }}///Program.csSwaggerHeaderbuilder.Services.AddSwaggerGen(c =>{    c.OperationFilter<RequestValidSignSwaggerOperationFilter>();});

HttpClient,
,AppId,Ticks,RequestId,Sign

        public async Task<string> GetIPAsync(CancellationToken token)        {            this.SetSignHeader();            var result = await Client.GetStringAsync("/Get", token);            return result;        }        public void SetSignHeader()        {            this.Client.DefaultRequestHeaders.Clear();            var ticks = ((long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds).ToString();            var requestId = Guid.NewGuid().ToString();            var signString = $"{this.Config.AppId}{ticks}{requestId}{this.Config.AppSecret}";            var sign = this.GetMD5(signString);            this.Client.DefaultRequestHeaders.Add("AppId", this.Config.AppId);            this.Client.DefaultRequestHeaders.Add("Ticks", ticks);            this.Client.DefaultRequestHeaders.Add("RequestId", requestId);            this.Client.DefaultRequestHeaders.Add("Sign", sign);        }        public string GetMD5(string value)        {            using (MD5 md5 = MD5.Create())            {                byte[] inputBytes = Encoding.UTF8.GetBytes(value);                byte[] hashBytes = md5.ComputeHash(inputBytes);                StringBuilder sb = new StringBuilder();                for (int i = 0; i < hashBytes.Length; i++)                {                    sb.Append(hashBytes[i].ToString("x2"));                }                return sb.ToString();            }        }

,

,

,


Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])

Mobile advertising space rental

Tag: Java Microservices WebApi public interface request signature verification

Guess you like

  • Tech
    Seres: A Pioneer in ESG Practices, Driving Sustainable Development of China's New Energy Vehicle Industry Seres: A Pioneer in ESG Practices, Driving Sustainable Development of China's New Energy Vehicle Industry

    Seres: A Pioneer in ESG Practices, Driving Sustainable Development of China's New Energy Vehicle IndustryAs the global automotive industry accelerates its transformation towards electrification, intelligence, connectivity, and decarbonization, ESG (Environmental, Social, and Governance) standards are increasingly becoming crucial indicators of automakers' sustainable development capabilities and social responsibility. Seres, representing a new type of productive force, actively responds to the national strategy of "carbon peaking and carbon neutrality...

    2024-12-17 16:20:26 1

    Detail
  • Tech
    OpenAI Officially Launches ChatGPT Search Engine: Fast, Accurate, and Sourced OpenAI Officially Launches ChatGPT Search Engine: Fast, Accurate, and Sourced

    OpenAI Officially Launches ChatGPT Search Engine: Fast, Accurate, and SourcedOn December 17th, OpenAI announced the full release of its highly anticipated ChatGPT search engine to all users. This news quickly generated significant buzz in the tech world, marking another major breakthrough for artificial intelligence in information retrieval...

    2024-12-17 10:56:22 1

    Detail
  • Tech
    My Health, My Guard: Huawei WATCH D2 Aids Precise Blood Pressure Management in the Winter Health Battle My Health, My Guard: Huawei WATCH D2 Aids Precise Blood Pressure Management in the Winter Health Battle

    My Health, My Guard: Huawei WATCH D2 Aids Precise Blood Pressure Management in the Winter Health BattleWith the arrival of winter, plummeting temperatures and dry weather usher in a high-incidence period for cardiovascular diseases. Blood pressure fluctuations are a significant contributing factor to cardiovascular events during winter, posing a serious threat to public health...

    2024-12-17 09:36:15 1

    Detail
  • Tech
    Investigation into the Chaos of Airline Seat Selection: Paid Seat Selection, Seat Locking Mechanisms, and Consumer Rights Protection Investigation into the Chaos of Airline Seat Selection: Paid Seat Selection, Seat Locking Mechanisms, and Consumer Rights Protection

    Investigation into the Chaos of Airline Seat Selection: Paid Seat Selection, Seat Locking Mechanisms, and Consumer Rights ProtectionIn recent years, the phenomenon of paid seat selection by domestic airlines has become increasingly prevalent, sparking considerable criticism and dissatisfaction among passengers. Many passengers have reported being unable to select seats in the front rows of economy class, emergency exits, or certain aisle or window seats free of charge...

    2024-12-15 16:45:48 1

    Detail
  • Tech
    Japanese Scientists Grow Human Organs in Pigs: A Balancing Act of Breakthrough and Ethics Japanese Scientists Grow Human Organs in Pigs: A Balancing Act of Breakthrough and Ethics

    Japanese Scientists Grow Human Organs in Pigs: A Balancing Act of Breakthrough and EthicsRecent news of Japanese scientists successfully growing human organs (including livers, kidneys, and hearts) in pigs has sent shockwaves around the globe. This groundbreaking advancement, while offering a glimmer of hope for the organ transplant crisis, has also ignited widespread ethical debate...

    2024-12-14 19:48:50 1

    Detail
  • Tech
    Pang Donglai and Sam's Club: Two Paths to Transformation in China's Retail Industry Pang Donglai and Sam's Club: Two Paths to Transformation in China's Retail Industry

    Pang Donglai and Sam's Club: Two Paths to Transformation in China's Retail IndustryRecently, social media has been abuzz with rumors of "Pang Donglai resellers earning 40,000 yuan per month" and "Pang Donglai resellers making millions," prompting the retailer to take action against these activities. This highlights Pang Donglai's explosive popularity this year...

    2024-12-14 17:57:03 1

    Detail
  • Tech
    In-Depth Analysis of China's Precision Reducer Industry: Technological Innovation and Market Competition In-Depth Analysis of China's Precision Reducer Industry: Technological Innovation and Market Competition

    In-Depth Analysis of China's Precision Reducer Industry: Technological Innovation and Market CompetitionPrecision reducers, crucial components for adjusting speed and transmitting torque, play a vital role in high-end technological fields such as robotics and CNC machine tools. Their minimal backlash and high accuracy make them indispensable core components of these precision devices...

    2024-12-14 16:04:26 1

    Detail
  • Tech
    Alibaba's "TAO" App Launches in Japan, Targeting High-Quality Service and Convenient Logistics Alibaba's

    Alibaba's "TAO" App Launches in Japan, Targeting High-Quality Service and Convenient LogisticsOn December 13th, the Nikkei reported that Alibaba Group held a briefing to officially announce its strengthened commitment to the Japanese e-commerce market with the launch of its e-commerce application, "TAO," specifically designed for Japanese consumers. The briefing highlighted three core competitive advantages of the "TAO" app: a robust delivery system built on partnerships with major Japanese logistics companies; a user-friendly interface with full Japanese language support; and high-quality product packaging with meticulous attention to detail...

    2024-12-13 13:22:23 1

    Detail
  • Tech
    In-depth Analysis of China's Cross-border E-commerce Industry Chain: Opportunities and Challenges Coexist In-depth Analysis of China's Cross-border E-commerce Industry Chain: Opportunities and Challenges Coexist

    In-depth Analysis of China's Cross-border E-commerce Industry Chain: Opportunities and Challenges CoexistA recent report by CITIC Securities revealed that China's cross-border e-commerce experienced rapid growth from 2010 to 2014. This period saw the rapid development of mobile internet infrastructure and increased penetration of overseas cross-border e-commerce giants in mainland China...

    2024-12-13 11:37:17 1

    Detail
  • Tech
    Sweet Potato Robotics: How a Unified Software and Hardware Computing Platform Accelerates Robotics Industry Development Sweet Potato Robotics: How a Unified Software and Hardware Computing Platform Accelerates Robotics Industry Development

    Sweet Potato Robotics: How a Unified Software and Hardware Computing Platform Accelerates Robotics Industry DevelopmentResearch institutions indicate that the robotics market is experiencing explosive growth. By 2029, the global robotics market is projected to reach $20 billion, with bolder predictions exceeding $100 billion...

    2024-12-13 06:36:34 1

    Detail
  • Tech
    China's Automotive Chip Industry: Challenges and the Path to Breakthrough China's Automotive Chip Industry: Challenges and the Path to Breakthrough

    China's Automotive Chip Industry: Challenges and the Path to BreakthroughSoaring Chip Demand, Low Domestic Production RateSince 2021, the US government has repeatedly imposed large-scale sanctions on China's semiconductor industry, restricting the export of advanced process chips and implementing technological blockades against Chinese companies. On December 2, 2024, the US government announced another round of export restrictions on China, adding over 140 Chinese companies to its trade restriction list, encompassing semiconductor manufacturing equipment, electronic design automation (EDA) tools, and other areas...

    2024-12-12 03:42:27 1

    Detail
  • Tech
    Yang Liwei: From China's First Taikonaut to a Cornerstone of the Space Program Yang Liwei: From China's First Taikonaut to a Cornerstone of the Space Program

    Yang Liwei: From China's First Taikonaut to a Cornerstone of the Space ProgramIn 2003, China's manned space program was still in its infancy, fraught with inexperience and significant risks. Yang Liwei, bearing the nation's hopes, embarked on this journey into the unknown...

    2024-12-12 03:27:26 1

    Detail
  • Tech
    China's Chip Industry Surge: From Largest Importer to World's Top Exporter China's Chip Industry Surge: From Largest Importer to World's Top Exporter

    China's Chip Industry Surge: From Largest Importer to World's Top ExporterA recent joint statement from four major Chinese industry associations urged businesses to exercise caution when sourcing products from politically unstable countries or regions, recommending prioritizing domestically produced alternatives to mitigate risks. This move is widely interpreted as a strong response to US semiconductor sanctions and reflects the remarkable progress of China's chip industry in recent years...

    2024-12-12 02:51:33 1

    Detail
  • Tech
    Tesla Model Y Hits Record Low Price: Is the Price War Back with a Vengeance? Tesla Model Y Hits Record Low Price: Is the Price War Back with a Vengeance?

    Tesla Model Y Hits Record Low Price: Is the Price War Back with a Vengeance?China's automotive market has witnessed unprecedented price wars in recent years, and 2024 seems to be escalating the conflict. Tesla's Model Y, with its historically low price, has reignited the price war...

    2024-12-12 02:38:37 1

    Detail
  • Tech
    12306 Official Debunks 90-Day Advance Booking for Spring Festival Travel Rush: Beware of Scams 12306 Official Debunks 90-Day Advance Booking for Spring Festival Travel Rush: Beware of Scams

    12306 Official Debunks 90-Day Advance Booking for Spring Festival Travel Rush: Beware of ScamsRecently, the official website of China Railway issued a statement strongly condemning a third-party platform for falsely advertising "Spring Festival travel rush ticket booking now open, with 90-day advance reservation available." The statement clarifies that this is purely a marketing ploy by the platform, seriously misleading passengers and disrupting the normal ticketing order...

    2024-12-12 02:01:05 1

    Detail
  • Tech
    Avoiding TV Buying Traps: A Deep Dive into 4K, HDR, 120Hz, and Other Key Specifications Avoiding TV Buying Traps: A Deep Dive into 4K, HDR, 120Hz, and Other Key Specifications

    Avoiding TV Buying Traps: A Deep Dive into 4K, HDR, 120Hz, and Other Key SpecificationsI'm renovating my home and, with government subsidies available, buying a cost-effective TV is a top priority. However, the TV market is a minefield...

    2024-12-11 22:45:54 1

    Detail
  • Tech
    NVIDIA's Q3 FY25 Earnings Report: Revenue Surges Past $35 Billion, Setting a New Record NVIDIA's Q3 FY25 Earnings Report: Revenue Surges Past $35 Billion, Setting a New Record

    NVIDIA's Q3 FY25 Earnings Report: Revenue Surges Past $35 Billion, Setting a New RecordNVIDIA announced its financial results for the third quarter of fiscal year 2025 (ended October 27, 2024) on November 21st, delivering astonishing results that redefined expectations for tech giants. The report revealed a staggering $35...

    2024-12-11 21:48:21 1

    Detail
  • Tech
    The European Commission Fines Meta 798 Million for Antitrust Violations: Facebook Marketplace Bundling Condemned The European Commission Fines Meta 798 Million for Antitrust Violations: Facebook Marketplace Bundling Condemned

    The European Commission Fines Meta 798 Million for Antitrust Violations: Facebook Marketplace Bundling CondemnedOn November 15th, the European Commission (EC) announced a record 798 million fine against Meta (formerly Facebook) for violating EU antitrust rules within the European Economic Area (EEA). This decision underscores the EU's strong stance against anti-competitive practices by large tech companies and its commitment to maintaining a fair competitive environment...

    2024-12-11 20:09:54 1

    Detail
  • Tech
    The Devastating Wuxi JD Logistics Park Fire: A Deep Dive into E-commerce Logistics Safety Risks and Mitigation Strategies The Devastating Wuxi JD Logistics Park Fire: A Deep Dive into E-commerce Logistics Safety Risks and Mitigation Strategies

    The Devastating Wuxi JD Logistics Park Fire: A Deep Dive into E-commerce Logistics Safety Risks and Mitigation StrategiesFollowing the recent Double Eleven shopping festival, a massive fire erupted at JD.com's Yupei Logistics Park in Wuxi, China...

    2024-12-11 20:09:05 1

    Detail
  • Tech
    Smart Robots: Stealing Your Job, and Your Love? Smart Robots: Stealing Your Job, and Your Love?

    Smart Robots: Stealing Your Job, and Your Love?The rapid advancement of smart robot technology is not only profoundly changing our work styles and lifestyles but also subtly infiltrating the most private corner of human emotion: love. Once mere cold machines executing pre-programmed instructions, robots now possess increasingly human-like capabilities, even simulating human emotions to become so-called "robot companions...

    2024-12-11 18:52:20 1

    Detail
Unite directoryCopyright @ 2011-2024 All Rights Reserved. Copyright Webmaster Search Directory System