feat(api/web): 实现API请求签名验证功能并优化测试环境配置
refactor(db): 重构查询条件类到query目录下 test: 添加登录流程测试脚本和测试数据 chore: 添加crypto-js依赖用于签名验证 ci: 配置测试环境数据库和端口设置
This commit is contained in:
张翔
@@ -0,0 +1,51 @@
|
||||
import hmac
|
||||
import hashlib
|
||||
import base64
|
||||
import time
|
||||
import json
|
||||
import requests
|
||||
|
||||
SECRET = 'NovalonManageSystemSecretKey2026'
|
||||
|
||||
def generate_signature(method, path, query='', body='', timestamp=None, nonce=None):
|
||||
if timestamp is None:
|
||||
timestamp = int(time.time() * 1000)
|
||||
if nonce is None:
|
||||
nonce = f"{int(timestamp)}-{hash(time.time())}"
|
||||
|
||||
string_to_sign = f"{method}\n{path}\n{query}\n{body}\n{timestamp}\n{nonce}"
|
||||
|
||||
signature = hmac.new(
|
||||
SECRET.encode('utf-8'),
|
||||
string_to_sign.encode('utf-8'),
|
||||
hashlib.sha256
|
||||
).digest()
|
||||
|
||||
signature_base64 = base64.b64encode(signature).decode('utf-8')
|
||||
|
||||
return signature_base64, timestamp, nonce
|
||||
|
||||
method = 'POST'
|
||||
path = '/api/auth/login'
|
||||
body = ''
|
||||
|
||||
signature, timestamp, nonce = generate_signature(method, path, body=body)
|
||||
|
||||
print(f"X-Signature: {signature}")
|
||||
print(f"X-Timestamp: {timestamp}")
|
||||
print(f"X-Nonce: {nonce}")
|
||||
|
||||
headers = {
|
||||
'Content-Type': 'application/json',
|
||||
'X-Signature': signature,
|
||||
'X-Timestamp': str(timestamp),
|
||||
'X-Nonce': nonce
|
||||
}
|
||||
|
||||
response = requests.post('http://localhost:8080/api/auth/login',
|
||||
headers=headers,
|
||||
data='{"username":"admin","password":"admin123"}',
|
||||
verify=False)
|
||||
|
||||
print(f"\nResponse Status: {response.status_code}")
|
||||
print(f"Response Body: {response.text}")
|
||||
Reference in New Issue
Block a user