nestjs后端代码
controller
@Get('md5hmacSHA1b64')postMd5hmacSHA1b64(@Req() request: Request, @Query() query) {// 获取GET请求参数const queryParamsMap = new Map(Object.entries(query));return this.handleMd5hmacSHA1b64(queryParamsMap, request);}@Post('md5hmacSHA1b64')@UseInterceptors(NoFilesInterceptor())getMd5hmacSHA1b64(@Req() request: Request, @Body() formData) {//@Body() formData 支持 x-www-form-urlencoded 和 application/json 类型的请求, 但是不支持普通表单 form-data//form-data支持文件上传, x-www-form-urlencoded不支持文件上传//使用 @UseInterceptors(NoFilesInterceptor()) 让@Body()支持form-data键值对形式的非文件上传场景console.log('formData:', formData);//提取formData的键值对const query2 = new Map(Object.entries(formData));console.log('query2:', query2);return this.handleMd5hmacSHA1b64(query2, request);}private handleMd5hmacSHA1b64(queryParamsMap: Map<string, any>,request: Request,) {//获取header列表//const queryHeadersMap = new Map(Object.entries(request.headers));//queryHeadersMap 只取出指定header accessKeyId nonce timestampconst queryHeadersMap2 = new Map(Object.entries(request.headers).filter((item) =>item[0] === 'accesskeyid' ||item[0] === 'nonce' ||item[0] === 'timestamp' ||item[0] === 'sign',),);//queryHeadersMap2 的 key accesskeyid 替换为 accessKeyIdqueryHeadersMap2.forEach((value, key) => {if (key === 'accesskeyid') {queryHeadersMap2.set('accessKeyId', value);queryHeadersMap2.delete('accesskeyid');}});//将上面两个map合并const allMap = new Map([...queryParamsMap, ...queryHeadersMap2]);return this.epgService.md5hmacSHA1b64(allMap);}private handleMd5hmacSHA1b64(queryParamsMap: Map<string, any>,request: Request,) {//获取header列表//const queryHeadersMap = new Map(Object.entries(request.headers));//queryHeadersMap 只取出指定header accessKeyId nonce timestampconst queryHeadersMap2 = new Map(Object.entries(request.headers).filter((item) =>item[0] === 'accesskeyid' ||item[0] === 'nonce' ||item[0] === 'timestamp' ||item[0] === 'sign',),);//queryHeadersMap2 的 key accesskeyid 替换为 accessKeyIdqueryHeadersMap2.forEach((value, key) => {if (key === 'accesskeyid') {queryHeadersMap2.set('accessKeyId', value);queryHeadersMap2.delete('accesskeyid');}});//将上面两个map合并const allMap = new Map([...queryParamsMap, ...queryHeadersMap2]);return this.epgService.md5hmacSHA1b64(allMap);}service代码
md5hmacSHA1b64(allMap: Map<string, any>) {const accessKeyId =process.env.ACCESS_KEY_ID;const accessKeySecret = process.env.ACCESS_KEY_SECRET;console.log(allMap);//遍历allMap列表,拷贝到headerMapconst sign = allMap.get('sign');console.log("sign", sign)const headerMap = {};for (const key of allMap.keys()) {// 去掉名为sign的keyif (key !== 'sign') {headerMap[key] = allMap.get(key);}}console.log('headerMap=', headerMap)//accessKeyId 替换为约定的accessKeyIdheaderMap['accessKeyId'] = accessKeyId;//对headerMap按字母排序const sortHeaderMap = {};Object.keys(headerMap).sort().forEach((key) => {sortHeaderMap[key] = headerMap[key];});console.log('sortHeaderMap=', sortHeaderMap);//对排序后的header拼接字符串 形如 key1=value1&key2=value2&key3=value3的形式,最后一项没有&let str = '';for (const key in sortHeaderMap) {str += key + '=' + sortHeaderMap[key] + '&';}str = str.substring(0, str.length - 1);//base64const base64 = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(str));//hmacsha1const hmacsha1 = CryptoJS.HmacSHA1(base64, accessKeySecret);//md5const md5 = CryptoJS.MD5(hmacsha1).toString();//判断sign==md5 若相等 返回check 字段为okreturn {str,md5hmacSHA1b64: md5,check: sign === md5?'ok':'no',};}postman接口
header定义
pre-Request预处理脚本
// 辅助函数:补零
function padZero(num) {return num.toString().padStart(2, '0');
}
// 生成16位随机数,用于nonce
function generateRandom16bit() {return Math.random().toString(16).substring(2, 18);
}
//验证请求GET POST ok
let accessKeyId = "UC1"; //签名Key
let accessKeySecret = "UC2"; //签名secret
//let accessKeyId = pm.request.headers.get("accessKeyId");let param = {};
console.log("param:",param)// 获取当前时间戳
const now = new Date();
// 时间戳 格式化为指定样式 yyyyMMddHHmmss
const formattedTimestamp = now.getFullYear().toString() + // 年份padZero(now.getMonth() + 1) + // 月份,注意月份是从0开始的,所以加1padZero(now.getDate()) +padZero(now.getHours()) +padZero(now.getMinutes()) +padZero(now.getSeconds());//16位随机数
let nonce = generateRandom16bit()//头部参数
param['accessKeyId']=accessKeyId
param['nonce']=nonce
param['timestamp']=formattedTimestamp//Get 参数
let queryParam = pm.request.url.query.members;
console.log("queryParam:",queryParam)
for (let i in queryParam){param[queryParam[i].key] = queryParam[i].value;
}
//POST参数
let postParam = request.data;
console.log("postParam:",postParam)
if(typeof(postParam) == "string"){try{let dataJson = JSON.parse(postParam);// 将解析后的数据合并到param对象中Object.assign(param, dataJson);}catch(err){console.log(err)}
}else{Object.assign(param, postParam);
}console.log("allParam:",param)
//Post
//取key
var keys = [];
for (let k in param){if (k == 'sign'){continue;}keys.push(k);
}
//排序
keys.sort();//取value
var kv = [];
for (let k of keys){kv.push(k + '=' + param[k]) }//拼接
var str = kv.join('&');console.log("str=",str)
//签名计算算法md5(hmacsha1(base64(str)))
const base64 = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(str));
const hmacsha1 = CryptoJS.HmacSHA1(base64, accessKeySecret);
const md5 = CryptoJS.MD5(hmacsha1).toString();//设置环境变量
postman.setEnvironmentVariable("nonce", nonce);
postman.setEnvironmentVariable("timestamp", formattedTimestamp);
postman.setEnvironmentVariable("sign", md5);
前端怎么做)
)
)
)
及QSharedMemory用法)
】)
