const request = require('superagent'); const moment = require('moment'); const crypto = require('crypto'); module.exports = { entry(app, router, opts) { function isTimestampWithin5Minutes(timestamp) { const timestampMoment = moment.unix(timestamp); const currentMoment = moment(); // 计算时间差(单位:秒) const timeDifferenceInSeconds = currentMoment.diff(timestampMoment, 'seconds'); // 检查时间差是否小于等于5分钟(300秒) return timeDifferenceInSeconds <= 300; } const getSignToken = async function (ctx) { let error = { statusCode: -1, message: '获取token失败', token: '' }; let signRlt = null; try { const { apiUrl, singleAccount, singlePwd } = opts; const appKey = 'd037044023914e76'; const appSecret = 'dc5b21a91cd840cabc7751d3e81dd8aa'; const { code, rnd, sign } = ctx.headers; const bridgeCode = 'G94441900L1430'; if (!code || !rnd || !sign) { error = { statusCode: -1, message: '缺少参数或参数有误', token: '' }; ctx.status = 200; ctx.body = error; return; } // 验证时间戳,超过5分钟即超时 if (!isTimestampWithin5Minutes(rnd)) { error = { statusCode: -1, message: '时间戳已过期,超过5分钟', token: '' }; ctx.status = 200; ctx.body = error; return; } const signData = appKey + bridgeCode + rnd + appSecret; const checkSign = crypto.createHash('sha1').update(signData).digest('hex').toUpperCase(); if (checkSign !== sign) { error = { statusCode: -1, message: '数据签名验证失败', token: '' }; ctx.status = 200; ctx.body = error; return; } const res = await request.post(`${apiUrl}/project/login`).set('Content-Type', 'application/json').send({ username: singleAccount, password: singlePwd, p: 'default', }); signRlt = res.body.token || null; error = null; ctx.status = 200; ctx.body = { statusCode: 1, message: '操作成功', token: signRlt }; } catch (e) { ctx.fs.logger.error(e); ctx.status = 200; ctx.body = error; } }; router.post('/verify/getSignToken', getSignToken); }, };