【优化】增加抖音回调验签

DotNet/Hotfix/Helper/HttpHelper.cs

@@ -4,6 +4,7 @@ using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography;
 using System.Text;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json;
@@ -122,5 +123,30 @@ namespace ET.Server
             Log.Debug($"http请求错误...statusCode:{statusCode}, url:{url}");
             return null;
         }
+
+        /// <summary>
+        /// 签名验证
+        /// </summary>
+        /// <param name="header"> = {
+        ///                             "x-nonce-str": "123456",
+        ///                             "x-timestamp": "456789",
+        ///                             "x-roomid":    "268",
+        ///                             "x-msg-type":  "live_gift",
+        ///                         } </param>
+        /// <param name="bodyStr"> = "abc123你好"</param>
+        /// <param name="secret"> = "oumuamua410"</param>
+        /// <returns>PDcKhdlsrKEJif6uMKD2dw==</returns>
+        public static string Signature(Dictionary<string, string> header, string bodyStr, string secret)
+        {
+            List<string> keyList = new List<string>(4);
+            keyList.AddRange(header.Select(keyValuePair => keyValuePair.Key));
+            keyList.Sort();
+            List<string> kvList = new List<string>(4);
+            kvList.AddRange(keyList.Select(key => key + "=" + header[key]));
+            string urlParams = string.Join("&", kvList);
+            string rawData = urlParams + bodyStr + secret;
+            byte[] hashBytes = MD5.HashData(Encoding.UTF8.GetBytes(rawData));
+            return Convert.ToBase64String(hashBytes);
+        }
     }
 }

DotNet/Hotfix/Scenes/Game/GameDouyinComponentSystem.cs

@@ -179,31 +179,5 @@ namespace ET.Server
                 }
             }
         }
-
-        /// <summary>
-        /// 签名验证
-        /// </summary>
-        /// <param name="header"> = {
-        ///                             "x-nonce-str": "123456",
-        ///                             "x-timestamp": "456789",
-        ///                             "x-roomid":    "268",
-        ///                             "x-msg-type":  "live_gift",
-        ///                         } </param>
-        /// <param name="bodyStr"> = "abc123你好"</param>
-        /// <param name="secret"> = "oumuamua410"</param>
-        /// <returns>PDcKhdlsrKEJif6uMKD2dw==</returns>
-        public static string Signature(Dictionary<string, string> header, string bodyStr, string secret)
-        {
-            List<string> keyList = new List<string>(4);
-            keyList.AddRange(header.Select(keyValuePair => keyValuePair.Key));
-            keyList.Sort();
-
-            List<string> kvList = new List<string>(4);
-            kvList.AddRange(keyList.Select(key => key + "=" + header[key]));
-            string urlParams = string.Join("&", kvList);
-            string rawData = MD5Helper.StringMD5(urlParams + bodyStr + secret);
-            byte[] bytes = Encoding.GetEncoding("UTF-8").GetBytes(rawData);
-            return Convert.ToBase64String(bytes);
-        }
     }
 }

DotNet/Hotfix/Scenes/Router/HttpDouyinApiCallbackHandler.cs

@@ -13,7 +13,11 @@ namespace ET.Server
     {
         public async ETTask Handle(Entity domain, HttpListenerContext context)
         {
+            string xnoncestr = context.Request.Headers["x-nonce-str"];
+            string xtimestamp = context.Request.Headers["x-timestamp"];
+            string xsignature = context.Request.Headers["x-signature"];
             string xroomId = context.Request.Headers["x-roomid"];
+            string msgType = context.Request.Headers["x-msg-type"];
 
             if (string.IsNullOrEmpty(xroomId))
             {
@@ -21,10 +25,6 @@ namespace ET.Server
                 return;
             }
 
-            string msgType = context.Request.Headers["x-msg-type"];
-
-            Log.Debug($"抖音推送数据http回调 - msgType={msgType}");
-
             if (string.IsNullOrEmpty(msgType))
             {
                 Log.Error($"抖音推送数据http回调 找不到请求头:x-msg-type");
@@ -39,6 +39,21 @@ namespace ET.Server
                 return;
             }
 
+            // 验签
+            Dictionary<string, string> header = new Dictionary<string, string>();
+            header.Add("x-nonce-str", xnoncestr);
+            header.Add("x-timestamp", (string.IsNullOrEmpty(xtimestamp)? 0 : long.Parse(xtimestamp)).ToString());
+            header.Add("x-roomid", xroomId);
+            header.Add("x-msg-type", msgType);
+
+            string res = HttpHelper.Signature(header, bodyStr, DouyinConst.SignatureSecret);
+
+            if (!xsignature.Equals(res))
+            {
+                Log.Warning($"抖音推送数据http回调 验签数据不合法 xsignature={xsignature}, res={res}");
+                return;
+            }
+
             long roomId = long.Parse(xroomId);
 
             switch (msgType)

DotNet/Model/Const/ConstGame.cs

@@ -28,6 +28,8 @@ namespace ET.Server
         public const string Appid = "tt1f2a69978016076d10";
         /** 小程序的 APP Secret，可以在开发者后台获取 **/
         public const string Secret = "0a2d84c09dcab30b26a82da1c93da78544ad6f6e";
+        /** 推送回调验签 **/
+        public const string SignatureSecret = "oumuamua410";
         /** POST 获取开放能力接口的调用凭证 **/
         public const string GetAccessTokenUrl = "https://developer.toutiao.com/api/apps/v2/token";
         /** POST 获取直播间信息 **/