Go回调签名校验

client 是shell脚本

#!/bin/bash

url="http://localhost:8088/api"
secret_key="7!18!&mahrLxWADnJZDNMtN0"
data="your_data"

signature=$(echo -n "$data" | openssl dgst -sha256 -hmac "$secret_key" -binary | base64)

response=$(curl -X POST -H "Signature: $signature" -d "$data" "$url")
echo "Response: $response"

Go服务端

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
)

const secretKey = "7!18!&mahrLxWADnJZDNMtN0"

func generateSignature(data, secretKey string) string {
	hmacSha256 := hmac.New(sha256.New, []byte(secretKey))
	hmacSha256.Write([]byte(data))
	expectedSig := base64.StdEncoding.EncodeToString(hmacSha256.Sum(nil))
	return expectedSig
}

func verifySignature(signature, data, secretKey string) bool {
	expectedSig := generateSignature(data, secretKey)
	return signature == expectedSig
}

func apiHandler(w http.ResponseWriter, r *http.Request) {
	signature := r.Header.Get("Signature")

	body, err := ioutil.ReadAll(r.Body)
	fmt.Println("body", body)
	fmt.Println("body str", string(body))
	if err != nil {
		http.Error(w, "Failed to read request body", http.StatusInternalServerError)
		return
	}

	data := string(body)
	if verifySignature(signature, data, secretKey) {
		fmt.Fprintf(w, "Signature verification passed")
	} else {
		fmt.Fprintf(w, "Signature verification failed")
	}
}

func main() {
	http.HandleFunc("/api", apiHandler)

	log.Fatal(http.ListenAndServe(":8088", nil))
}