client 是shell脚本
#!/bin/bash
url="http://localhost:8088/api"
secret_key="7!18!&mahrLxWADnJZDNMtN0"
data="your_data"
signature=$(echo -n "$data" | openssl dgst -sha256 -hmac "$secret_key" -binary | base64)
response=$(curl -X POST -H "Signature: $signature" -d "$data" "$url")
echo "Response: $response"
Go服务端
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"io/ioutil"
"log"
"net/http"
)
const secretKey = "7!18!&mahrLxWADnJZDNMtN0"
func generateSignature(data, secretKey string) string {
hmacSha256 := hmac.New(sha256.New, []byte(secretKey))
hmacSha256.Write([]byte(data))
expectedSig := base64.StdEncoding.EncodeToString(hmacSha256.Sum(nil))
return expectedSig
}
func verifySignature(signature, data, secretKey string) bool {
expectedSig := generateSignature(data, secretKey)
return signature == expectedSig
}
func apiHandler(w http.ResponseWriter, r *http.Request) {
signature := r.Header.Get("Signature")
body, err := ioutil.ReadAll(r.Body)
fmt.Println("body", body)
fmt.Println("body str", string(body))
if err != nil {
http.Error(w, "Failed to read request body", http.StatusInternalServerError)
return
}
data := string(body)
if verifySignature(signature, data, secretKey) {
fmt.Fprintf(w, "Signature verification passed")
} else {
fmt.Fprintf(w, "Signature verification failed")
}
}
func main() {
http.HandleFunc("/api", apiHandler)
log.Fatal(http.ListenAndServe(":8088", nil))
}