英文:
Authorization string is not same when generate with golang and JS
问题
我有问题,关于使用Golang生成正确的API访问授权字符串。我尝试使用JS,字符串可以正常使用,而来自Golang的字符串无法用于身份验证。你能帮我检查一下有什么不同并纠正我吗?
这是我的Golang代码:
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date := "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
Golang的结果是dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=
JS的代码:
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;
console.log("date", date)
console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log({authorisation})
结果是nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=
英文:
I have problem with Golang to generate the correct the correct Authorization string for API access. I try with JS and the string is okay to use while the string from golang can not be used for authentication. Can you help me check what is the different and correct me?
Here is my golang code:
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date = "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
The result from golang is dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=
The code on JS
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;
console.log("date", date)
console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log({authorisation})
The result is nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=
答案1
得分: 1
这两个代码片段有不同的数据需要签名。JS代码中使用了一些环境变量,可能会有所不同。我已经从Go代码中获取了这些值。
Go代码:Go Playground示例
// You can edit this code!
// Click here and start typing.
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"log"
)
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date := "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
host := "api-worldcheck.refinitiv.com"
dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
JS代码:
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
function generateAuthHeader(dataToSign) {
var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";
var dataToSign =
"(request-target): get " +
url +
"groups\n" +
"host: " +
host +
"\n" +
"date: " +
date;
console.log("date", date);
console.log("dataToSign", dataToSign);
var hmac = generateAuthHeader(dataToSign);
var authorisation =
'Signature keyId="' +
apiKey +
'",algorithm="hmac-sha256",headers="(request-target) host date",signature="' +
hmac +
'"';
console.log(authorisation);
<!-- language: lang-html -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
<!-- end snippet -->
两者的签名都是pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb。
英文:
Both the snippets have different data to sign. The JS has some env vars that are used which might be different. I have taken those values from the Go code.
Go code: Go Playground example
// You can edit this code!
// Click here and start typing.
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"log"
)
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date := "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
host := "api-worldcheck.refinitiv.com"
dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
JS Code:
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-js -->
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";
var dataToSign = "(request-target): get " + url + "groups\n" +
"host: " + host + "\n" +
"date: " + date;
console.log("date", date)
console.log("dataToSign", dataToSign)
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log(authorisation);
<!-- language: lang-html -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
<!-- end snippet -->
Both have the signature as pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论