Skip to content

Commit

Permalink
fix(wxapi): 修复部分接口在安全鉴权模式下签名错误的问题
Browse files Browse the repository at this point in the history
  • Loading branch information
@fudiwei
fudiwei committed Aug 15, 2024
1 parent 56c1d51 commit d841ef9
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecureApiInterceptor.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ public override async Task BeforeCallAsync(HttpInterceptorContext context, Cance
return;

string urlpath = GetRequestUrlPath(context.FlurlCall.HttpRequestMessage.RequestUri);
string timestamp = DateTimeOffset.Now.ToLocalTime().ToUnixTimeSeconds().ToString();
long timestamp = DateTimeOffset.Now.ToLocalTime().ToUnixTimeSeconds();
string postData = "{}";
string postDataEncrypted;
if (context.FlurlCall.HttpRequestMessage?.Content is not null)
Expand Down Expand Up @@ -156,7 +156,7 @@ public override async Task BeforeCallAsync(HttpInterceptorContext context, Cance
JsonObject jsonObj = JsonObject.Parse(postData)!.AsObject();
jsonObj["_n"] = GenerateSymmetricEncryptionNonce(16);
jsonObj["_appid"] = _appId;
jsonObj["_timestamp"] = timestamp;
jsonObj["_timestamp"] = timestamp; // NOTICE: must be a number

NameValueCollection queryParams = HttpUtility.ParseQueryString(context.FlurlCall.HttpRequestMessage!.RequestUri.Query);
foreach (string? key in queryParams.AllKeys)
Expand Down Expand Up @@ -424,11 +424,21 @@ private string GenerateSymmetricEncryptionNonce(int byteLength)
return Convert.ToBase64String(bytes);
}

private string GenerateSymmetricEncryptionAssociatedData(string urlpath, string appId, long timestamp)
{
return GenerateSymmetricEncryptionAssociatedData(urlpath, appId, timestamp.ToString());
}

private string GenerateSymmetricEncryptionAssociatedData(string urlpath, string appId, string timestamp)
{
return $"{urlpath}|{appId}|{timestamp}|{_symmetricNum}";
}

private string GenerateAymmetricSigningData(string urlpath, string appId, long timestamp, string postdata)
{
return GenerateAymmetricSigningData(urlpath, appId, timestamp.ToString(), postdata);
}

private string GenerateAymmetricSigningData(string urlpath, string appId, string timestamp, string postdata)
{
return $"{urlpath}\n{appId}\n{timestamp}\n{postdata}";
Expand Down

0 comments on commit d841ef9

Please sign in to comment.