postcat
postcat copied to clipboard
Postcatlab
1.希望增加Api签名计算完整插件
1.希望增加Api签名计算完整插件 2.希望能增加前置脚本保存功能
- 计算签名测试代码如下
- var jsonObj = eo.http.queryParam; //获取请求参数 var timestamp = new Date().getTime(); //生成时间搓 let map = new Map() Object.keys(jsonObj).forEach(val => { map.set(val, jsonObj[val]) }); let arrayObj = Array.from(map) arrayObj.sort((a, b) => { return a[0].localeCompare(b[0]) })
let content = "";
arrayObj.forEach( function (value, index, arrobj) { if (index != 0) { content += "&"; } content += value[0] + "=" + value[1];
}
); if (content != "") { content += "&"; } content += "timestamp=" + timestamp; //#根据服务端要求拼接时间搓 var prs = 'MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMVGbnbf6VJDDVK2YvYmrKY7xKGdlfeLmR98Sr7zBXdaM2UiO81Eq02b1rX5IOaWIezmn8M3+e/ZBLjDxDMlxKT5CV9T+VcX4u5ekGMA4MaWlBqLVPrTM6T43HgpfXzApqWHqZT/niIfd64YaBGOrZdbwyvOTwG/mnrOPVLqBst7AgMBAAECgYEAuwvz0xytAoV3DXTHUjMLQjarUr2zItqm3fagfHq6NRc+Yebaot84OUbIhxPnARtaoV9uHdBmV+cCFhnwXrqxvjvoPdRH2CeBIdW/JpBpf6zWjycWiI6kmtwToqFBXyznXwiulWzQPPq5HYKzoBNXeJ3y7L9wHe7uCAnudssbMJkCQQDmDN9UD9Ct7wnP40kwFcRuH6oL1qS4pHNalo0RdmNmOV/6gz+uXjwwY1/VCuLethS9JLDXmtxBSlgPJ0QueexNAkEA24cdoQ8y5E4rIlE+nYvuDEQnzTLBiw3H3UmYKrxX89AV0sSDLFZuIWGzAVkK+zI4u8Ou7vR1hS9b18QKsm3a5wJBAMOY6kGk+L8KYQNasp2pxEwFrCVIqOE9Ib9CBkt0p2sBGXP8KCbvhKl3tMGE8gR+N//htGJ9DwyMU3b+4d/KVnkCQFB+//dR2mhq3VgtEFe2uqgWyb1tchiqCfJzjO+Gtn15fLcXRb4ZRzLIX1oMK4GmjbUT8O5AB2O51OSORxncPFsCQQDZo237o+C+jYiKFc5H+vTIZs6AOBBDBT6kg6dFfjftqaoYCox1Dj1ukdSsjtaH6bZZBxs7KXdRkcwRFvIptg/f'; var privateKey = "-----BEGIN PRIVATE KEY-----\n" + prs + "\n-----END PRIVATE KEY-----"; var sign = eo.crypt.rsaSHA256(content, privateKey, "base64"); //#拼接的内容进行计算 eo.info("加密的签名字符串" + content); eo.info("签名" + sign); eo.http.header.set("timestamp", timestamp); //#请求头中填充时间错 eo.http.header.set("sign", sign); //#请求头中填充sign
来自群聊: 支付宝、微信一般都是采用这种方式签名的,一般我们放在服务端的网关中去做校验 并且会对参数做多重验证。 比如 时间错判断本地时间和服务器时间是否超时,然后对所有接口开启签名模式 防止恶意重复提交和刷接口 盗用数据等行为。
