Added generation of signature based on request.

author: Andrew <saintruler@gmail.com> 2021-04-28 15:10:48 +0400
committer: Andrew <saintruler@gmail.com> 2021-04-28 15:10:48 +0400
commit: 355dab5bdc924202b1d877b18ae31f04154a4aee (patch)
tree: 3c1f46f43945d8462f3a0f24e2397094b75d9f25
parent: 9c4348d402441dc8bac2cb3ecc41efc825307f0b (diff)
2 files changed, 54 insertions, 21 deletions
diff --git a/http-server/main.go b/http-server/main.go
index 55306e8..e2402b2 100644
--- a/http-server/main.go
+++ b/http-server/main.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"crypto/sha256"
+	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -8,6 +10,7 @@ import (
 	"net/http"
 	"os"
 	"strconv"
+	"strings"
 	"time"
 )
 
@@ -16,9 +19,8 @@ type Response struct {
 }
 
 type Request struct {
-	User      string
-	Data      string
-	Signature string
+	User string
+	Data string
 }
 
 type Message struct {
@@ -27,16 +29,31 @@ type Message struct {
 	Timestamp int64
 }
 
-func parseRequest(w http.ResponseWriter, r *http.Request) (Request, error) {
-	var resp Request
+func parseRequest(w http.ResponseWriter, r *http.Request) (Request, string, error) {
+	var req Request
 
 	body, _ := io.ReadAll(r.Body)
-	err := json.Unmarshal(body, &resp)
+	bodyStr := string(body)
+	parts := strings.Split(bodyStr, ".")
+	if len(parts) != 2 {
+		_ = badRequest(w)
+		return req, "", errors.New("request doesn't contain exactly two parts")
+	}
+
+	payload := parts[0]
+	signature := parts[1]
+
+	requestBody, err := base64.StdEncoding.DecodeString(payload)
+	if err != nil {
+		return req, "", err
+	}
+
+	err = json.Unmarshal(requestBody, &req)
 	if err != nil {
 		_ = badRequest(w)
-		return resp, err
+		return req, "", err
 	}
-	return resp, nil
+	return req, signature, nil
 }
 
 func jsonResponse(w http.ResponseWriter, resp Response) error {
@@ -75,11 +92,14 @@ func register(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req, err := parseRequest(w, r)
+	req, signature, err := parseRequest(w, r)
 	if err != nil {
 		return
 	}
 
+	// TODO(andrew): Разобраться с процессом регистрации с подписью
+	_ = fmt.Sprintf("%s", signature)
+
 	userRegistered, err := db.checkUserRegistered(req.User)
 	if err != nil {
 		_ = serverError(w)
@@ -117,7 +137,7 @@ func register(w http.ResponseWriter, r *http.Request) {
 	})
 }
 
-func handleAuthentication(req Request) (error, error) {
+func handleAuthentication(req Request, signature string) (error, error) {
 	userRegistered, dbError := db.checkUserRegistered(req.User)
 	if dbError != nil {
 		return nil, dbError
@@ -132,8 +152,13 @@ func handleAuthentication(req Request) (error, error) {
 		return nil, err
 	}
 
-	// TODO(andrew): Добавить проверку подписи req.Signature
-	fmt.Sprintf("%s", key)
+	// TODO(andrew): Добавить проверку подписи signature
+	reqBytes, _ := json.Marshal(req)
+	req64 := base64.StdEncoding.EncodeToString(reqBytes)
+	h := sha256.Sum256([]byte(req64))
+	generatedSignature := fmt.Sprintf("%x", h)
+	fmt.Println(generatedSignature == signature)
+	fmt.Println(key)
 
 	return nil, nil
 }
@@ -144,12 +169,12 @@ func sendMessage(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req, err := parseRequest(w, r)
+	req, signature, err := parseRequest(w, r)
 	if err != nil {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req)
+	authErr, dbErr := handleAuthentication(req, signature)
 	if authErr != nil {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
@@ -188,12 +213,12 @@ func pollMessages(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req, err := parseRequest(w, r)
+	req, signature, err := parseRequest(w, r)
 	if err != nil {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req)
+	authErr, dbErr := handleAuthentication(req, signature)
 	if authErr != nil {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
@@ -233,12 +258,12 @@ func getUserKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req, err := parseRequest(w, r)
+	req, signature, err := parseRequest(w, r)
 	if err != nil {
 		return
 	}
 
-	authErr, dbErr := handleAuthentication(req)
+	authErr, dbErr := handleAuthentication(req, signature)
 	if authErr != nil {
 		w.WriteHeader(http.StatusForbidden)
 		_ = jsonResponse(w, Response{
diff --git a/http-tester.py b/http-tester.py
index 28206dc..7cb5197 100644
--- a/http-tester.py
+++ b/http-tester.py
@@ -9,16 +9,24 @@ URL = "http://localhost:8080/api"
 
 def sign_data(data):
     dump = json.dumps(data, separators=[",", ":"])
+    print(dump)
     payload = b64encode(dump.encode())
+    print(payload.decode())
     signature = sha256(payload).hexdigest()
+    print(signature)
     return f"{payload.decode()}.{signature}"
 
 
 def test_get_user_key():
     data = {
-        "user": "ivan",
-        "data": "andrew"
+        "User": "ivan",
+        "Data": "andrew"
     }
 
     signed_data = sign_data(data)
-    requests.post(f"{URL}/register", data=signed_data)
+    resp = requests.post(f"{URL}/getUserKey", data=signed_data)
+    print(resp.status_code)
+    print(resp.json())
+
+
+test_get_user_key()
+\ No newline at end of file
author	Andrew <saintruler@gmail.com>	2021-04-28 15:10:48 +0400
committer	Andrew <saintruler@gmail.com>	2021-04-28 15:10:48 +0400
commit	355dab5bdc924202b1d877b18ae31f04154a4aee (patch)
tree	3c1f46f43945d8462f3a0f24e2397094b75d9f25
parent	9c4348d402441dc8bac2cb3ecc41efc825307f0b (diff)