signkey OK now

modify secret expire to sign expire

cas/client.go

@@ -99,22 +99,23 @@ func NewAPIClient(cfg *Configuration) *APIClient {
 	c.JobApi = (*JobApiService)(&c.common)
 	c.VaultApi = (*VaultApiService)(&c.common)
 
+	var du = cfg.SignExpire
+	if du == 0 {
+		du = DefaultAuthTimeout
+	}
 	if cfg.AccessSecret != "" {
-		var du = cfg.SecretExpire
-		if du == 0 {
-			du = DefaultAuthTimeout
-		}
 		c.ConfigurationAuthor = &ConfigurationModeSecret{
 			AccessKey:    cfg.AccessKey,
 			AccessSecret: cfg.AccessSecret,
-			SecretExpire: du,
+			SignExpire:   cfg.SignExpire,
 		}
 	} else {
 		c.ConfigurationAuthor = &ConfigurationModeSignKey{
 			AccessKey:    cfg.AccessKey,
 			SignKey:      cfg.SignKey,
 			SignKeyStart: cfg.SignKeyStart,
 			SignKeyEnd:   cfg.SignKeyEnd,
+			SignExpire:   cfg.SignExpire,
 		}
 	}
 	//use serverURL replace basePath
@@ -311,7 +312,7 @@ func statusCode4XX(code int) bool {
 type ConfigurationModeSecret struct {
 	AccessKey    string
 	AccessSecret string
-	SecretExpire time.Duration
+	SignExpire   time.Duration
 }
 
 func (c *ConfigurationModeSecret) Authorization(method, url, host string,
@@ -340,7 +341,7 @@ func (c *ConfigurationModeSecret) Authorization(method, url, host string,
 	//cal signKey
 	var signKey, timeRange string
 	var now = time.Now()
-	timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(c.SecretExpire).Unix())
+	timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(c.SignExpire).Unix())
 	mac := hmac.New(sha1.New, []byte(accessSecret))
 	mac.Write([]byte(timeRange))
 	signKey = hex.EncodeToString(mac.Sum(nil))
@@ -393,6 +394,7 @@ type ConfigurationModeSignKey struct {
 	SignKey      string
 	SignKeyStart int64
 	SignKeyEnd   int64
+	SignExpire   time.Duration
 }
 
 func (c *ConfigurationModeSignKey) Authorization(method, url, host string,
@@ -441,9 +443,21 @@ func (c *ConfigurationModeSignKey) Authorization(method, url, host string,
 
 	var stringToSign bytes.Buffer
 	stringToSign.WriteString("sha1\n")
-	stringToSign.WriteString(timeRange)
-	stringToSign.WriteByte('\n')
 
+	var signStart, signEnd int64
+	now := time.Now().Unix()
+	signStart = now - int64(c.SignExpire.Seconds())/2
+	signEnd = now + int64(c.SignExpire.Seconds())/2
+	if signStart < c.SignKeyStart {
+		signStart = c.SignKeyStart
+	}
+	if signEnd > c.SignKeyEnd {
+		signEnd = c.SignKeyEnd
+	}
+	signRange := fmt.Sprintf("%d;%d", signStart, signEnd)
+
+	stringToSign.WriteString(signRange)
+	stringToSign.WriteByte('\n')
 	//fmt.Println("stringToSign:", formatString.String(), stringToSign.String())
 
 	h := sha1.New()
@@ -456,7 +470,7 @@ func (c *ConfigurationModeSignKey) Authorization(method, url, host string,
 	var sign = hex.EncodeToString(mac2.Sum(nil))
 
 	return fmt.Sprintf(`q-sign-algorithm=sha1&q-ak=%s&q-sign-time=%s&q-key-time=%s&q-header-list=%s&q-url-param-list=%s&q-signature=%s`,
-		c.AccessKey, timeRange, timeRange,
+		c.AccessKey, signRange, timeRange,
 		strings.Join(headerKeys, ";"),
 		strings.Join(paramKeys, ";"), sign)
 }

cas/configuration.go

@@ -73,11 +73,10 @@ type Configuration struct {
 	AppId        string        `json:"appid"`
 	AccessKey    string        `json:"access_key"`
 	AccessSecret string        `json:"access_secret"`
-	SecretExpire time.Duration `json:"secret_expire"`
-
-	SignKey      string `json:"sign_key"`
-	SignKeyStart int64  `json:"sign_key_start"`
-	SignKeyEnd   int64  `json:"sing_key_end"`
+	SignExpire   time.Duration `json:"secret_expire"`
+	SignKey      string        `json:"sign_key"`
+	SignKeyStart int64         `json:"sign_key_start"`
+	SignKeyEnd   int64         `json:"sing_key_end"`
 
 	BasePath      string            `json:"basePath,omitempty"`
 	Host          string            `json:"host,omitempty"`

cmd/cascmd/configcmd.go

@@ -55,7 +55,7 @@ func (p *configCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&p.key, "key", "", "user api key, required")
 
 	f.StringVar(&p.secret, "secret", "", "user api secret, using secret mode")
-	f.StringVar(&p.expire, "expire", "86400s", "set access secret expire")
+	f.StringVar(&p.expire, "expire", "86400s", "set sign time expire")
 
 	f.StringVar(&p.sign, "sign", "", "set signkey, using signkey mode")
 	f.Int64Var(&p.start, "start", 0, "set signkey start, if 'sign' set, this opition is required")
@@ -82,11 +82,12 @@ func (p *configCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 
 	if p.secret != "" {
 		conf.AccessSecret = p.secret
-		conf.SecretExpire = du
+		conf.SignExpire = du
 	} else {
 		conf.SignKey = p.sign
 		conf.SignKeyStart = p.start
 		conf.SignKeyEnd = p.end
+		conf.SignExpire = du
 	}
 
 	if err := saveConf(p.configFile, conf); err != nil {

cmd/signkey/main.go

@@ -20,23 +20,40 @@ import (
 	"encoding/hex"
 	"flag"
 	"fmt"
+	"time"
 )
 
-func init() {
-	var secretKey string
+const (
+	LAYOUT = "2006-01-02 15:04:05"
+)
+
+func main() {
+	var secret string
 	var after, at string
-	flag.StringVar(&secretKey, "key", "", "set secret key")
+	flag.StringVar(&secret, "secret", "", "set secret key")
 	flag.StringVar(&after, "after", "", "set key expire time from now")
 	flag.StringVar(&at, "at", "", "set key expire at time")
 	flag.Parse()
-	_, _, _ = secretKey, after, at
-}
 
-func main() {
-	// timeRange = fmt.Sprintf(`%d;%d`, now.Unix(), now.Add(expire).Unix())
-	timeRange := "1589817600;1609430400"
-	mac := hmac.New(sha1.New, []byte("SgkibEafTCm7D7lAXGoCRSFm7OJzPgiW"))
+	if after == "" {
+		after = time.Now().Format(LAYOUT)
+	}
+
+	start, err := time.Parse(LAYOUT, after)
+	if err != nil {
+		fmt.Println("parse start", err)
+		return
+	}
+	fmt.Println("start:", start.Unix())
+	end, err := time.Parse(LAYOUT, at)
+	if err != nil {
+		fmt.Println("parse end", err)
+		return
+	}
+	fmt.Println("end:", end.Unix())
+	timeRange := fmt.Sprintf("%d;%d", start.Unix(), end.Unix())
+	mac := hmac.New(sha1.New, []byte(secret))
 	mac.Write([]byte(timeRange))
 	signKey := hex.EncodeToString(mac.Sum(nil))
-	fmt.Println(signKey)
+	fmt.Println("sign_key", signKey)
 }