我正在使用Moves API来获取一些健身数据。我希望使用storyline notifications,而不是定期查询API。在
它起作用了,我收到了来自API的请求,但我无法验证请求中提供的hmac sha1签名。在
文件上说:All notification requests are signed with Base64 encoded HMAC-SHA1
signature. The signature is calculated as HMAC_SHA1(
secret>,||), in other words the client
secret as the key and request body, timestamp and nonce concatenated
as the message data. HTTP headers are not included in the signature.
The headers X-Moves-Signature, X-Moves-Timestamp and X-Moves-Nonce
contain the signature, timestamp and nonce values. The timestamp is a
unix timestamp, seconds since Jan 01 1970 00:00:00 GMT.
我的实现:from hmac import new as hmac_new
from hashlib import sha1
def check_signature(signature, timestamp, nonce, client_secret, request_body):
msg = request_body + timestamp.encode('utf-8') + nonce.encode('utf-8')
hmac = hmac_new(key=client_secret, msg=msg, digestmod=sha1)
return hmac.digest().encode('base64') == signature
我收到了flask的请求,调用我的函数如下:
^{pr2}$
价值观:client-secret= mnMuu6rDMkeG5FL0Fm0ho2z14JUhMVWAntUnGz0VyXc446RtqP8J7ETfag0TQa58
request-body = {"userId": 34511428141091768, "storylineUpdates": [{"reason": "DataUpload", "endTime": "20150429T121602Z", "lastSegmentType": "place", "lastSegmentStartTime": "20150429T101434Z", "startTime": "20150429T101434Z"}]}
X-Moves-Nonce = eqVCO4bnNbN+8Hhiz7ZceA==
X-Moves-Signature = BRMwYCxglul01wbyXpfpdtiJh2Y=
X-Moves-Timestamp = 1430309780
my-digest = paWR/3yiJ8NT8KukorGVJlpmQeM=
my-hexdigest = a5a591ff7ca227c353f0aba4a2b195265a6641e3
moves_signature = BRMwYCxglul01wbyXpfpdtiJh2Y=
(客户端密码不再有效)。在
从值中可以看出,我的摘要和moves\u签名不相等。遗憾的是,我无法得到与招式相同的摘要,但我无法找到问题所在。有人知道怎么解决这个问题吗?在