303 lines
8.6 KiB
Go
303 lines
8.6 KiB
Go
package dingdingapi
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
"git.rosy.net.cn/baseapi"
|
|
"git.rosy.net.cn/baseapi/utils"
|
|
)
|
|
|
|
const (
|
|
CBTagCheckURL = "check_url"
|
|
|
|
CBTagUserAddOrg = "user_add_org"
|
|
CBTagUserModifyOrg = "user_modify_org"
|
|
CBTagUserLeaveOrg = "user_leave_org"
|
|
)
|
|
|
|
const (
|
|
KeyMsgSignature = "msg_signature"
|
|
KeyEventType = "EventType"
|
|
KeyUserID = "UserId"
|
|
SuccessResponse = "success"
|
|
)
|
|
|
|
type CallbackResponse struct {
|
|
MsgSignature string `json:"msg_signature"`
|
|
Timestamp string `json:"timeStamp"`
|
|
Nonce string `json:"nonce"`
|
|
Encrypt string `json:"encrypt"`
|
|
}
|
|
|
|
type DingTalkCrypto struct {
|
|
Token string
|
|
EncodingAESKey string
|
|
SuiteKey string
|
|
BKey []byte
|
|
Block cipher.Block
|
|
}
|
|
|
|
func (a *API) Err2CallbackResponse(err error) *CallbackResponse {
|
|
if err == nil {
|
|
return a.PackCallbackResult(SuccessResponse)
|
|
}
|
|
return a.PackCallbackResult(err.Error())
|
|
}
|
|
|
|
func (a *API) SetCallbackToken(token string) {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
a.callbackToken = token
|
|
}
|
|
|
|
func (a *API) SetCallbackAESKey(b []byte) {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
a.callbackAESKey = b
|
|
}
|
|
|
|
func (a *API) GetCallbackToken() string {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
return a.callbackToken
|
|
}
|
|
|
|
func (a *API) GetCallbackAESKey() []byte {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
return a.callbackAESKey
|
|
}
|
|
|
|
func (a *API) PackCallbackResult(result string) (response *CallbackResponse) {
|
|
encryptedResult, err := a.Encrypt(result)
|
|
if err == nil {
|
|
response = &CallbackResponse{
|
|
Encrypt: encryptedResult,
|
|
Timestamp: utils.Int64ToStr(time.Now().Unix()),
|
|
Nonce: utils.GetUUID(),
|
|
}
|
|
response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response))
|
|
}
|
|
return response
|
|
}
|
|
|
|
func (a *API) calculateCallbackSign(data map[string]interface{}) (sign string) {
|
|
strList := []string{
|
|
a.GetCallbackToken(),
|
|
}
|
|
for k, v := range data {
|
|
if k != KeyMsgSignature {
|
|
strList = append(strList, v.(string))
|
|
}
|
|
}
|
|
sort.Sort(sort.StringSlice(strList))
|
|
return fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, ""))))
|
|
}
|
|
|
|
func (a *API) Encrypt(msg string) (encryptedMsg string, err error) {
|
|
aesKey := a.GetCallbackAESKey()
|
|
buf := bytes.NewBuffer(nil)
|
|
buf.WriteString(utils.GetUUID()[:16])
|
|
binary.Write(buf, binary.BigEndian, int32(len(msg)))
|
|
buf.WriteString(msg)
|
|
buf.WriteString(a.corpID)
|
|
binResult, err := utils.AESCBCEncpryt(buf.Bytes(), aesKey, aesKey[:16])
|
|
encryptedMsg = base64.StdEncoding.EncodeToString(binResult)
|
|
return encryptedMsg, err
|
|
}
|
|
|
|
func (a *API) Decrypt(sign, timestr, nonce, msg string) (decryptedMsg string, err error) {
|
|
//binMsg, err := base64.StdEncoding.DecodeString(msg)
|
|
//if err == nil {
|
|
// aesKey := a.GetCallbackAESKey()
|
|
// binResult, err2 := utils.AESCBCDecpryt(binMsg, aesKey, aesKey[:16])
|
|
// if err = err2; err == nil {
|
|
// var msgLen int32
|
|
// if err = binary.Read(bytes.NewBuffer(binResult[16:]), binary.BigEndian, &msgLen); err == nil {
|
|
// // baseapi.SugarLogger.Debug(msgLen)
|
|
// decryptedMsg = string(binResult[16+4 : 16+4+msgLen])
|
|
// }
|
|
// }
|
|
//}
|
|
c := NewDingTalkCrypto(a.GetCallbackToken(), string(a.GetCallbackAESKey()), a.GetAppID())
|
|
return c.GetDecryptMsg(sign, timestr, nonce, msg)
|
|
}
|
|
|
|
func (a *API) RegisterCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) {
|
|
a.locker.Lock()
|
|
// oldCallbackToken := a.callbackToken
|
|
// oldCallbackAESKey := a.callbackAESKey
|
|
a.callbackToken = token
|
|
a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=")
|
|
a.locker.Unlock()
|
|
|
|
if len(callbackTagList) > 0 { // 为0做测试用
|
|
_, err = a.AccessAPI("call_back/register_call_back", nil, map[string]interface{}{
|
|
"call_back_tag": callbackTagList,
|
|
"token": token,
|
|
"aes_key": aesKey,
|
|
"url": urlStr,
|
|
})
|
|
}
|
|
// if err != nil {
|
|
// a.locker.Lock()
|
|
// defer a.locker.Unlock()
|
|
// a.callbackToken = oldCallbackToken
|
|
// a.callbackAESKey = oldCallbackAESKey
|
|
// }
|
|
return err
|
|
}
|
|
|
|
func (a *API) GetCallback() (callbackInfo map[string]interface{}, err error) {
|
|
result, err := a.AccessAPI("call_back/get_call_back", nil, nil)
|
|
if err == nil {
|
|
return result, nil
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
func (a *API) UpdateCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) {
|
|
a.locker.Lock()
|
|
oldCallbackToken := a.callbackToken
|
|
oldCallbackAESKey := a.callbackAESKey
|
|
a.callbackToken = token
|
|
a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=")
|
|
a.locker.Unlock()
|
|
|
|
if len(callbackTagList) > 0 { // 为0做测试用
|
|
_, err = a.AccessAPI("call_back/update_call_back", nil, map[string]interface{}{
|
|
"call_back_tag": callbackTagList,
|
|
"token": token,
|
|
"aes_key": aesKey,
|
|
"url": urlStr,
|
|
})
|
|
}
|
|
if err != nil {
|
|
a.locker.Lock()
|
|
defer a.locker.Unlock()
|
|
a.callbackToken = oldCallbackToken
|
|
a.callbackAESKey = oldCallbackAESKey
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (a *API) DeleteCallback() (err error) {
|
|
_, err = a.AccessAPI("call_back/delete_call_back", nil, nil)
|
|
return err
|
|
}
|
|
|
|
func (a *API) GetCallbackMsg(formMap map[string]interface{}, bodyData []byte) (msgMap map[string]interface{}, callbackResponse *CallbackResponse) {
|
|
var bodyMap map[string]interface{}
|
|
var err error
|
|
err = utils.UnmarshalUseNumber(bodyData, &bodyMap)
|
|
if err == nil {
|
|
encrypt := utils.Interface2String(bodyMap["encrypt"])
|
|
dataMap := map[string]interface{}{
|
|
// KeyMsgSignature: formMap["signature"],
|
|
"nonce": formMap["nonce"],
|
|
"timestamp": formMap["timestamp"],
|
|
"encrypt": encrypt,
|
|
}
|
|
signRemote := formMap["signature"].(string)
|
|
signMine := a.calculateCallbackSign(dataMap)
|
|
if signMine != signRemote {
|
|
baseapi.SugarLogger.Infof("signRemote:%s, signMine:%s, formMap:%s, bodyData:%s", signRemote, signMine, utils.Format4Output(formMap, true), string(bodyData))
|
|
err = errors.New("sign not match")
|
|
} else {
|
|
var descryptMsg string
|
|
if descryptMsg, err = a.Decrypt(formMap["signature"].(string), formMap["timestamp"].(string), formMap["nonce"].(string), encrypt); err == nil {
|
|
baseapi.SugarLogger.Debugf("dingding GetCallbackMsg descryptMsg:%s", descryptMsg)
|
|
err = utils.UnmarshalUseNumber([]byte(descryptMsg), &msgMap)
|
|
} else {
|
|
fmt.Println("err ", err)
|
|
}
|
|
}
|
|
return msgMap, a.Err2CallbackResponse(err)
|
|
}
|
|
return nil, a.Err2CallbackResponse(err)
|
|
}
|
|
|
|
func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto {
|
|
bkey, _ := base64.StdEncoding.DecodeString(encodingAESKey + "=")
|
|
block, _ := aes.NewCipher(bkey)
|
|
c := &DingTalkCrypto{
|
|
Token: token,
|
|
EncodingAESKey: encodingAESKey,
|
|
SuiteKey: suiteKey,
|
|
BKey: bkey,
|
|
Block: block,
|
|
}
|
|
return c
|
|
}
|
|
func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg string) (string, error) {
|
|
if !c.VerificationSignature(c.Token, timestamp, nonce, secretMsg, signature) {
|
|
return "", errors.New("ERROR: 签名不匹配")
|
|
}
|
|
decode, err := base64.StdEncoding.DecodeString(secretMsg)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if len(decode) < aes.BlockSize {
|
|
return "", errors.New("ERROR: 密文太短")
|
|
}
|
|
blockMode := cipher.NewCBCDecrypter(c.Block, c.BKey[:c.Block.BlockSize()])
|
|
plantText := make([]byte, len(decode))
|
|
blockMode.CryptBlocks(plantText, decode)
|
|
plantText = pkCS7UnPadding(plantText)
|
|
size := binary.BigEndian.Uint32(plantText[16:20])
|
|
plantText = plantText[20:]
|
|
corpID := plantText[size:]
|
|
fmt.Println("222222222222222222222222222222222222", string(plantText[:size]), corpID)
|
|
if string(corpID) != c.SuiteKey {
|
|
return "", errors.New("ERROR: CorpID匹配不正确")
|
|
}
|
|
return string(plantText[:size]), nil
|
|
}
|
|
|
|
// 数据签名
|
|
func (c *DingTalkCrypto) CreateSignature(token, timestamp, nonce, msg string) string {
|
|
params := make([]string, 0)
|
|
params = append(params, token)
|
|
params = append(params, timestamp)
|
|
params = append(params, nonce)
|
|
params = append(params, msg)
|
|
sort.Strings(params)
|
|
return sha1Sign(strings.Join(params, ""))
|
|
}
|
|
|
|
func sha1Sign(s string) string {
|
|
h := sha1.New()
|
|
h.Write([]byte(s))
|
|
bs := h.Sum(nil)
|
|
return fmt.Sprintf("%x", bs)
|
|
}
|
|
|
|
// 验证数据签名
|
|
func (c *DingTalkCrypto) VerificationSignature(token, timestamp, nonce, msg, sigture string) bool {
|
|
return c.CreateSignature(token, timestamp, nonce, msg) == sigture
|
|
}
|
|
|
|
// 解密补位
|
|
func pkCS7UnPadding(plantText []byte) []byte {
|
|
length := len(plantText)
|
|
unpadding := int(plantText[length-1])
|
|
return plantText[:(length - unpadding)]
|
|
}
|
|
|
|
// 加密补位
|
|
func pkCS7Padding(ciphertext []byte, blockSize int) []byte {
|
|
padding := blockSize - len(ciphertext)%blockSize
|
|
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
|
|
return append(ciphertext, padtext...)
|
|
}
|