-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathquery-string-param-sign.js
52 lines (43 loc) · 1.33 KB
/
query-string-param-sign.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
const express = require('express');
const crypto = require('crypto');
const bodyParser = require('body-parser');
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
// 静态文件服务
app.use('/api', express.static('data'));
// 示例数据目录
const dataDir = 'data';
// 定义一个简单的签名验证中间件
const validateSign = (req, res, next) => {
const sign = req.query.sign;
const secretKey = 'my-secret-key'; // 替换为你的密钥
// 生成签名的原始字符串
const originalString = JSON.stringify(req.query);
// 使用 HMAC-SHA256 算法生成签名
const expectedSign = crypto
.createHmac('sha256', secretKey)
.update(originalString)
.digest('hex');
// 验证签名是否匹配
if (sign === expectedSign) {
next();
} else {
res.status(403).json({ error: 'Invalid sign' });
}
};
// 列表接口
app.get('/api/items', validateSign, (req, res) => {
// 这里可以替换为从数据库加载数据
const items = [
{ id: 1, name: 'Item 1' },
{ id: 2, name: 'Item 2' },
{ id: 3, name: 'Item 3' },
];
res.json({ items });
});
// 启动服务器
const port = 3000;
app.listen(port, () => {
console.log(`Server is running on http://localhost:${port}`);
});