add check header

help.go

@@ -0,0 +1,16 @@
+package main
+
+import (
+	"io/ioutil"
+	"net/http"
+)
+
+func helpHandler(w http.ResponseWriter, r *http.Request) {
+	content, err := ioutil.ReadFile("./help.html")
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.Write(content)
+}

help.html

@@ -9,6 +9,31 @@
 <body>
   <h2>接口说明</h2>
   <h3>/sms</h3>
+  <p>
+    接口校验 说明: (Header)
+  </p>
+  <table cellpadding="10" cellspacing="10">
+    <tr>
+      <th>参数</th>
+      <th>类型</th>
+      <th>说明</th>
+    </tr>
+    <tr>
+      <td>x-appid</td>
+      <td>string</td>
+      <td>应用APPID</td>
+    </tr>
+    <tr>
+      <td>x-timestamp</td>
+      <td>int64</td>
+      <td>接口请求时间, UTC, 自 1970-1-1 以来的毫秒数 </td>
+    </tr>
+    <tr>
+      <td>x-sign</td>
+      <td>string</td>
+      <td>校验位，计算方式 = md5(appid + secret + timestamp)</td>
+    </tr>
+  </table>
   <p>
     Body 说明: (格式 json)
   </p>

main.go

@@ -3,39 +3,33 @@ package main
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 )
 
-const _accessKeyId string = "LTAI5tGjnZY6k799BHxhmqcm"
-const _accessKeySecret string = "eU1DmULbgHe2dnIg3P93634PO2vEh5"
 const _addr string = ":8081"
 
 func smsHandler(w http.ResponseWriter, r *http.Request) {
+	if err := authHeader(r); err != nil {
+		http.Error(w, err.Error()+"\n访问 /help 查看使用帮助", http.StatusInternalServerError)
+		return
+	}
+
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		http.Error(w, err.Error()+"\n访问 /help 查看使用帮助", http.StatusInternalServerError)
+		return
 	}
 
 	if err := SendSMS(&body); err != nil {
 		http.Error(w, err.Error()+"\n访问 /help 查看使用帮助", http.StatusInternalServerError)
+		return
 	}
 
 	fmt.Fprintf(w, "success")
 }
 
-func helpHandler(w http.ResponseWriter, r *http.Request) {
-	content, err := ioutil.ReadFile("./help.html")
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-	}
-
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	w.Write(content)
-}
-
 func main() {
 	http.HandleFunc("/sms", smsHandler)
 	http.HandleFunc("/help", helpHandler)

sms.go

@@ -8,6 +8,9 @@ import (
 	"github.com/alibabacloud-go/tea/tea"
 )
 
+const _accessKeyId string = "LTAI5tGjnZY6k799BHxhmqcm"
+const _accessKeySecret string = "eU1DmULbgHe2dnIg3P93634PO2vEh5"
+
 var client *dysmsapi20170525.Client
 
 func CreateClient(accessKeyId string, accessKeySecret string) (_result *dysmsapi20170525.Client, _err error) {

utils.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+func md5Str(plain, salt string) string {
+	data := plain + salt
+	return fmt.Sprintf("%x", md5.Sum([]byte(data)))
+}
+
+func authHeader(r *http.Request) error {
+	appid := r.Header.Get("x-appid")
+	timestamp := r.Header.Get("x-timestamp")
+	sign := r.Header.Get("x-sign")
+
+	if appid == "" || timestamp == "" || sign == "" {
+		return errors.New("没有找到校验头信息")
+	}
+
+	millisec, err := strconv.ParseInt(timestamp, 10, 64)
+	if err != nil {
+		return errors.New("校验日期格式不正确")
+	}
+
+	tm := time.UnixMilli(millisec)
+	if time.Since(tm) > time.Minute*5 {
+		return errors.New("请求超时")
+	}
+
+	secret := appid + timestamp
+
+	checkStr := md5Str(appid+secret, timestamp)
+	if sign != checkStr {
+		return errors.New("非法请求")
+	}
+
+	return nil
+}