355 lines
10 KiB
Go
355 lines
10 KiB
Go
package dingdingapi
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
r "math/rand"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
"git.rosy.net.cn/baseapi"
|
|
"git.rosy.net.cn/baseapi/utils"
|
|
)
|
|
|
|
const (
|
|
CBTagCheckURL = "check_url"
|
|
|
|
CBTagUserAddOrg = "user_add_org"
|
|
CBTagUserModifyOrg = "user_modify_org"
|
|
CBTagUserLeaveOrg = "user_leave_org"
|
|
)
|
|
|
|
const (
|
|
KeyMsgSignature = "msg_signature"
|
|
KeyEventType = "EventType"
|
|
KeyUserID = "UserId"
|
|
SuccessResponse = "success"
|
|
)
|
|
|
|
type CallbackResponse struct {
|
|
MsgSignature string `json:"msg_signature"`
|
|
Timestamp string `json:"timeStamp"`
|
|
Nonce string `json:"nonce"`
|
|
Encrypt string `json:"encrypt"`
|
|
}
|
|
|
|
type DingTalkCrypto struct {
|
|
Token string
|
|
EncodingAESKey string
|
|
SuiteKey string
|
|
BKey []byte
|
|
Block cipher.Block
|
|
}
|
|
|
|
func (a *API) Err2CallbackResponse(err error) *CallbackResponse {
|
|
if err == nil {
|
|
return a.PackCallbackResult(SuccessResponse)
|
|
}
|
|
return a.PackCallbackResult(err.Error())
|
|
}
|
|
|
|
func (a *API) SetCallbackToken(token string) {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
a.callbackToken = token
|
|
}
|
|
|
|
func (a *API) SetCallbackAESKey(b string) {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
a.callbackAESKey = b
|
|
}
|
|
|
|
func (a *API) GetCallbackToken() string {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
return a.callbackToken
|
|
}
|
|
|
|
func (a *API) GetCallbackAESKey() string {
|
|
a.locker.RLock()
|
|
defer a.locker.RUnlock()
|
|
return a.callbackAESKey
|
|
}
|
|
|
|
func (a *API) PackCallbackResult(result string) (response *CallbackResponse) {
|
|
timestamp := utils.Int64ToStr(time.Now().Unix())
|
|
nonce := utils.GetUUID()
|
|
encryptedResult, sign, err := a.Encrypt(result, timestamp, nonce)
|
|
if err == nil {
|
|
response = &CallbackResponse{
|
|
Encrypt: encryptedResult,
|
|
Timestamp: timestamp,
|
|
Nonce: nonce,
|
|
MsgSignature: sign,
|
|
}
|
|
//response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response))
|
|
}
|
|
return response
|
|
}
|
|
|
|
func (a *API) calculateCallbackSign(data map[string]interface{}) (sign string) {
|
|
strList := []string{
|
|
a.GetCallbackToken(),
|
|
}
|
|
for k, v := range data {
|
|
if k != KeyMsgSignature {
|
|
strList = append(strList, v.(string))
|
|
}
|
|
}
|
|
sort.Sort(sort.StringSlice(strList))
|
|
return fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, ""))))
|
|
}
|
|
|
|
func (a *API) Encrypt(msg, timestamp, nonce string) (encryptedMsg, sign string, err error) {
|
|
//aesKey := a.GetCallbackAESKey()
|
|
//buf := bytes.NewBuffer(nil)
|
|
//buf.WriteString(utils.GetUUID()[:16])
|
|
//binary.Write(buf, binary.BigEndian, int32(len(msg)))
|
|
//buf.WriteString(msg)
|
|
//buf.WriteString(a.corpID)
|
|
//binResult, err := utils.AESCBCEncpryt(buf.Bytes(), []byte(aesKey), []byte(aesKey[:16]))
|
|
//encryptedMsg = base64.StdEncoding.EncodeToString(binResult)
|
|
c := NewDingTalkCrypto(a.callbackToken, a.callbackAESKey, a.appID)
|
|
return c.GetEncryptMsg(msg, timestamp, nonce)
|
|
}
|
|
|
|
func (a *API) Decrypt(sign, timestr, nonce, msg string) (decryptedMsg string, err error) {
|
|
//binMsg, err := base64.StdEncoding.DecodeString(msg)
|
|
//if err == nil {
|
|
// aesKey := a.GetCallbackAESKey()
|
|
// binResult, err2 := utils.AESCBCDecpryt(binMsg, aesKey, aesKey[:16])
|
|
// if err = err2; err == nil {
|
|
// var msgLen int32
|
|
// if err = binary.Read(bytes.NewBuffer(binResult[16:]), binary.BigEndian, &msgLen); err == nil {
|
|
// // baseapi.SugarLogger.Debug(msgLen)
|
|
// decryptedMsg = string(binResult[16+4 : 16+4+msgLen])
|
|
// }
|
|
// }
|
|
//}
|
|
c := NewDingTalkCrypto(a.callbackToken, a.callbackAESKey, a.appID)
|
|
return c.GetDecryptMsg(sign, timestr, nonce, msg)
|
|
}
|
|
|
|
func (a *API) RegisterCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) {
|
|
a.locker.Lock()
|
|
// oldCallbackToken := a.callbackToken
|
|
// oldCallbackAESKey := a.callbackAESKey
|
|
a.callbackToken = token
|
|
data, _ := base64.StdEncoding.DecodeString(aesKey + "=")
|
|
a.callbackAESKey = string(data)
|
|
a.locker.Unlock()
|
|
|
|
if len(callbackTagList) > 0 { // 为0做测试用
|
|
_, err = a.AccessAPI("call_back/register_call_back", nil, map[string]interface{}{
|
|
"call_back_tag": callbackTagList,
|
|
"token": token,
|
|
"aes_key": aesKey,
|
|
"url": urlStr,
|
|
})
|
|
}
|
|
// if err != nil {
|
|
// a.locker.Lock()
|
|
// defer a.locker.Unlock()
|
|
// a.callbackToken = oldCallbackToken
|
|
// a.callbackAESKey = oldCallbackAESKey
|
|
// }
|
|
return err
|
|
}
|
|
|
|
func (a *API) GetCallback() (callbackInfo map[string]interface{}, err error) {
|
|
result, err := a.AccessAPI("call_back/get_call_back", nil, nil)
|
|
if err == nil {
|
|
return result, nil
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
func (a *API) UpdateCallback(callbackTagList []string, token, aesKey, urlStr string) (err error) {
|
|
a.locker.Lock()
|
|
oldCallbackToken := a.callbackToken
|
|
oldCallbackAESKey := a.callbackAESKey
|
|
a.callbackToken = token
|
|
data, _ := base64.StdEncoding.DecodeString(aesKey + "=")
|
|
a.callbackAESKey = string(data)
|
|
a.locker.Unlock()
|
|
|
|
if len(callbackTagList) > 0 { // 为0做测试用
|
|
_, err = a.AccessAPI("call_back/update_call_back", nil, map[string]interface{}{
|
|
"call_back_tag": callbackTagList,
|
|
"token": token,
|
|
"aes_key": aesKey,
|
|
"url": urlStr,
|
|
})
|
|
}
|
|
if err != nil {
|
|
a.locker.Lock()
|
|
defer a.locker.Unlock()
|
|
a.callbackToken = oldCallbackToken
|
|
a.callbackAESKey = oldCallbackAESKey
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (a *API) DeleteCallback() (err error) {
|
|
_, err = a.AccessAPI("call_back/delete_call_back", nil, nil)
|
|
return err
|
|
}
|
|
|
|
func (a *API) GetCallbackMsg(formMap map[string]interface{}, bodyData []byte) (msgMap map[string]interface{}, callbackResponse *CallbackResponse) {
|
|
var bodyMap map[string]interface{}
|
|
var err error
|
|
err = utils.UnmarshalUseNumber(bodyData, &bodyMap)
|
|
if err == nil {
|
|
encrypt := utils.Interface2String(bodyMap["encrypt"])
|
|
dataMap := map[string]interface{}{
|
|
// KeyMsgSignature: formMap["signature"],
|
|
"nonce": formMap["nonce"],
|
|
"timestamp": formMap["timestamp"],
|
|
"encrypt": encrypt,
|
|
}
|
|
signRemote := formMap["signature"].(string)
|
|
signMine := a.calculateCallbackSign(dataMap)
|
|
if signMine != signRemote {
|
|
baseapi.SugarLogger.Infof("signRemote:%s, signMine:%s, formMap:%s, bodyData:%s", signRemote, signMine, utils.Format4Output(formMap, true), string(bodyData))
|
|
err = errors.New("sign not match")
|
|
} else {
|
|
var descryptMsg string
|
|
if descryptMsg, err = a.Decrypt(formMap["signature"].(string), formMap["timestamp"].(string), formMap["nonce"].(string), encrypt); err == nil {
|
|
err = utils.UnmarshalUseNumber([]byte(descryptMsg), &msgMap)
|
|
} else {
|
|
baseapi.SugarLogger.Debugf("dingdingapi GetCallbackMsg, Decrypt err :", err)
|
|
}
|
|
}
|
|
}
|
|
return msgMap, nil
|
|
}
|
|
|
|
func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto {
|
|
token = "ITKIL2FeFHZa48fEK9g3dbJ1DOww7shOrIZ2f"
|
|
encodingAESKey = "EjTgnEa377fEcgzlQUbcgTzxPNznRjpOuSPgQAwv9aA"
|
|
suiteKey = "ding7iu9cptairtcls0c"
|
|
bkey, _ := base64.StdEncoding.DecodeString(encodingAESKey + "=")
|
|
block, _ := aes.NewCipher(bkey)
|
|
c := &DingTalkCrypto{
|
|
Token: token,
|
|
EncodingAESKey: encodingAESKey,
|
|
SuiteKey: suiteKey,
|
|
BKey: bkey,
|
|
Block: block,
|
|
}
|
|
return c
|
|
}
|
|
|
|
func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg string) (string, error) {
|
|
if !c.VerificationSignature(c.Token, timestamp, nonce, secretMsg, signature) {
|
|
return "", errors.New("ERROR: 签名不匹配")
|
|
}
|
|
decode, err := base64.StdEncoding.DecodeString(secretMsg)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if len(decode) < aes.BlockSize {
|
|
return "", errors.New("ERROR: 密文太短")
|
|
}
|
|
blockMode := cipher.NewCBCDecrypter(c.Block, c.BKey[:c.Block.BlockSize()])
|
|
plantText := make([]byte, len(decode))
|
|
blockMode.CryptBlocks(plantText, decode)
|
|
plantText = pkCS7UnPadding(plantText)
|
|
size := binary.BigEndian.Uint32(plantText[16:20])
|
|
plantText = plantText[20:]
|
|
corpID := plantText[size:]
|
|
if string(corpID) != c.SuiteKey {
|
|
return "", errors.New("ERROR: CorpID匹配不正确")
|
|
}
|
|
return string(plantText[:size]), nil
|
|
}
|
|
|
|
func (c *DingTalkCrypto) GetEncryptMsg(msg, timestamp, nonce string) (string, string, error) {
|
|
size := make([]byte, 4)
|
|
binary.BigEndian.PutUint32(size, uint32(len(msg)))
|
|
msg = randomString(16) + string(size) + msg + c.SuiteKey
|
|
plantText := pkCS7Padding([]byte(msg), c.Block.BlockSize())
|
|
if len(plantText)%aes.BlockSize != 0 {
|
|
return "", "", errors.New("ERROR: 消息体size不为16的倍数")
|
|
}
|
|
blockMode := cipher.NewCBCEncrypter(c.Block, c.BKey[:c.Block.BlockSize()])
|
|
chipherText := make([]byte, len(plantText))
|
|
blockMode.CryptBlocks(chipherText, plantText)
|
|
outMsg := base64.StdEncoding.EncodeToString(chipherText)
|
|
signature := c.CreateSignature(c.Token, timestamp, nonce, string(outMsg))
|
|
return string(outMsg), signature, nil
|
|
}
|
|
|
|
// 数据签名
|
|
func (c *DingTalkCrypto) CreateSignature(token, timestamp, nonce, msg string) string {
|
|
params := make([]string, 0)
|
|
params = append(params, token)
|
|
params = append(params, timestamp)
|
|
params = append(params, nonce)
|
|
params = append(params, msg)
|
|
sort.Strings(params)
|
|
return sha1Sign(strings.Join(params, ""))
|
|
}
|
|
|
|
func sha1Sign(s string) string {
|
|
h := sha1.New()
|
|
h.Write([]byte(s))
|
|
bs := h.Sum(nil)
|
|
return fmt.Sprintf("%x", bs)
|
|
}
|
|
|
|
// 验证数据签名
|
|
func (c *DingTalkCrypto) VerificationSignature(token, timestamp, nonce, msg, sigture string) bool {
|
|
return c.CreateSignature(token, timestamp, nonce, msg) == sigture
|
|
}
|
|
|
|
// 解密补位
|
|
func pkCS7UnPadding(plantText []byte) []byte {
|
|
length := len(plantText)
|
|
unpadding := int(plantText[length-1])
|
|
return plantText[:(length - unpadding)]
|
|
}
|
|
|
|
// 加密补位
|
|
func pkCS7Padding(ciphertext []byte, blockSize int) []byte {
|
|
padding := blockSize - len(ciphertext)%blockSize
|
|
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
|
|
return append(ciphertext, padtext...)
|
|
}
|
|
|
|
// 随机字符串
|
|
func randomString(n int, alphabets ...byte) string {
|
|
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
|
var bytes = make([]byte, n)
|
|
var randby bool
|
|
if num, err := rand.Read(bytes); num != n || err != nil {
|
|
r.Seed(time.Now().UnixNano())
|
|
randby = true
|
|
}
|
|
for i, b := range bytes {
|
|
if len(alphabets) == 0 {
|
|
if randby {
|
|
bytes[i] = alphanum[r.Intn(len(alphanum))]
|
|
} else {
|
|
bytes[i] = alphanum[b%byte(len(alphanum))]
|
|
}
|
|
} else {
|
|
if randby {
|
|
bytes[i] = alphabets[r.Intn(len(alphabets))]
|
|
} else {
|
|
bytes[i] = alphabets[b%byte(len(alphabets))]
|
|
}
|
|
}
|
|
}
|
|
return string(bytes)
|
|
}
|