package dingdingapi import ( "bytes" "crypto/sha1" "encoding/base64" "encoding/binary" "errors" "fmt" "sort" "strings" "time" "git.rosy.net.cn/baseapi" "git.rosy.net.cn/baseapi/utils" ) const ( CBTagCheckURL = "check_url" CBTagUserAddOrg = "user_add_org" CBTagUserModifyOrg = "user_modify_org" CBTagUserLeaveOrg = "user_leave_org" ) const ( KeyMsgSignature = "msg_signature" KeyEventType = "EventType" KeyUserID = "UserId" SuccessResponse = "success" ) type CallbackResponse struct { MsgSignature string `json:"msg_signature"` Timestamp string `json:"timeStamp"` Nonce string `json:"nonce"` Encrypt string `json:"encrypt"` } func (a *API) Err2CallbackResponse(err error) *CallbackResponse { if err == nil { return a.PackCallbackResult(SuccessResponse) } return a.PackCallbackResult(err.Error()) } func (a *API) GetCallbackToken() string { a.locker.RLock() defer a.locker.RUnlock() return a.callbackToken } func (a *API) GetCallbackAESKey() []byte { a.locker.RLock() defer a.locker.RUnlock() return a.callbackAESKey } func (a *API) PackCallbackResult(result string) (response *CallbackResponse) { encryptedResult, err := a.Encrypt(result) if err == nil { response = &CallbackResponse{ Encrypt: encryptedResult, Timestamp: utils.Int64ToStr(time.Now().Unix()), Nonce: utils.GetUUID(), } response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response)) } return response } func (a *API) calculateCallbackSign(data map[string]interface{}) (sign string) { strList := []string{ a.GetCallbackToken(), } for k, v := range data { if k != KeyMsgSignature { strList = append(strList, v.(string)) } } sort.Sort(sort.StringSlice(strList)) return fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, "")))) } func (a *API) Encrypt(msg string) (encryptedMsg string, err error) { aesKey := a.GetCallbackAESKey() buf := bytes.NewBuffer(nil) buf.WriteString(utils.GetUUID()[:16]) binary.Write(buf, binary.BigEndian, int32(len(msg))) buf.WriteString(msg) buf.WriteString(a.corpID) binResult, err := utils.AESCBCEncpryt(buf.Bytes(), aesKey, aesKey[:16]) encryptedMsg = base64.StdEncoding.EncodeToString(binResult) return encryptedMsg, err } func (a *API) Decrypt(msg string) (decryptedMsg string, err error) { binMsg, err := base64.StdEncoding.DecodeString(msg) if err == nil { aesKey := a.GetCallbackAESKey() binResult, err2 := utils.AESCBCDecpryt(binMsg, aesKey, aesKey[:16]) if err = err2; err == nil { var msgLen int32 if err = binary.Read(bytes.NewBuffer(binResult[16:]), binary.BigEndian, &msgLen); err == nil { baseapi.SugarLogger.Debug(msgLen) decryptedMsg = string(binResult[16+4 : 16+4+msgLen]) } } } return decryptedMsg, err } func (a *API) RegisterCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) { a.locker.Lock() // oldCallbackToken := a.callbackToken // oldCallbackAESKey := a.callbackAESKey a.callbackToken = token a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=") a.locker.Unlock() if len(callbackTagList) > 0 { // 为0做测试用 _, err = a.AccessAPI("call_back/register_call_back", nil, map[string]interface{}{ "call_back_tag": callbackTagList, "token": token, "aes_key": aesKey, "url": urlStr, }) } // if err != nil { // a.locker.Lock() // defer a.locker.Unlock() // a.callbackToken = oldCallbackToken // a.callbackAESKey = oldCallbackAESKey // } return err } func (a *API) GetCallback() (callbackInfo map[string]interface{}, err error) { result, err := a.AccessAPI("call_back/get_call_back", nil, nil) if err == nil { return result, nil } return nil, err } func (a *API) UpdateCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) { a.locker.Lock() oldCallbackToken := a.callbackToken oldCallbackAESKey := a.callbackAESKey a.callbackToken = token a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=") a.locker.Unlock() if len(callbackTagList) > 0 { // 为0做测试用 _, err = a.AccessAPI("call_back/update_call_back", nil, map[string]interface{}{ "call_back_tag": callbackTagList, "token": token, "aes_key": aesKey, "url": urlStr, }) } if err != nil { a.locker.Lock() defer a.locker.Unlock() a.callbackToken = oldCallbackToken a.callbackAESKey = oldCallbackAESKey } return err } func (a *API) DeleteCallback() (err error) { _, err = a.AccessAPI("call_back/delete_call_back", nil, nil) return err } func (a *API) GetCallbackMsg(formMap map[string]interface{}, bodyData []byte) (msgMap map[string]interface{}, callbackResponse *CallbackResponse) { var bodyMap map[string]interface{} var err error err = utils.UnmarshalUseNumber(bodyData, &bodyMap) if err == nil { encrypt := utils.Interface2String(bodyMap["encrypt"]) dataMap := map[string]interface{}{ // KeyMsgSignature: formMap["signature"], "nonce": formMap["nonce"], "timestamp": formMap["timestamp"], "encrypt": encrypt, } signRemote := formMap["signature"].(string) signMine := a.calculateCallbackSign(dataMap) if signMine != signRemote { baseapi.SugarLogger.Infof("signRemote:%s, signMine:%s, formMap:%s, bodyData:%s", signRemote, signMine, utils.Format4Output(formMap, true), string(bodyData)) err = errors.New("sign not match") } else { var descryptMsg string if descryptMsg, err = a.Decrypt(encrypt); err == nil { baseapi.SugarLogger.Debugf("dingding GetCallbackMsg descryptMsg:%s", descryptMsg) err = utils.UnmarshalUseNumber([]byte(descryptMsg), &msgMap) } } } return nil, a.Err2CallbackResponse(err) }