package main

import (
	"crypto/md5"
	"errors"
	"fmt"
	"net/http"
	"strconv"
	"time"
)

func md5Str(plain, salt string) string {
	data := plain + salt
	return fmt.Sprintf("%x", md5.Sum([]byte(data)))
}

func authHeader(r *http.Request) error {
	appid := r.Header.Get("x-appid")
	timestamp := r.Header.Get("x-timestamp")
	sign := r.Header.Get("x-sign")

	if appid == "" || timestamp == "" || sign == "" {
		return errors.New("没有找到校验头信息")
	}

	millisec, err := strconv.ParseInt(timestamp, 10, 64)
	if err != nil {
		return errors.New("校验日期格式不正确")
	}

	tm := time.UnixMilli(millisec)
	if time.Since(tm) > time.Minute*5 {
		return errors.New("请求超时")
	}

	secret := appid + timestamp

	checkStr := md5Str(appid+secret, timestamp)
	if sign != checkStr {
		return errors.New("非法请求")
	}

	return nil
}