1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
use std::{collections::HashMap, str::FromStr};
use chrono::Utc;
use jsonwebtoken::{crypto::sign, Algorithm, EncodingKey};
use reqwest::{
header::{HeaderName, HeaderValue},
Method, Request, Url,
};
use serde::{Deserialize, Serialize};
use crate::{Error, Result};
#[derive(Debug, Deserialize, Serialize)]
pub struct Signature {
pub access_key: String,
pub algorithm: String,
pub request_time: String,
pub sign: String,
pub signed_headers: String,
}
#[derive(Debug, Serialize, Ord, Eq, PartialOrd, PartialEq)]
struct SignHeader {
pub key: String,
pub value: String,
}
pub fn signature(
value: &mut Signature,
sign_headers: HashMap<String, String>,
secret_access_key: String,
seconds_offset: u64,
) -> Result<String> {
let request_time = value.request_time.parse::<i64>().map_err(Error::any)?;
let now = Utc::now().timestamp();
if now.abs_diff(request_time).gt(&seconds_offset) {
return Err(Error::Invalid("time span exceeds threshold".to_string()));
}
let algorithm = Algorithm::from_str(&value.algorithm).map_err(Error::any)?;
value.sign = Default::default();
let message = serde_json::to_string(&value).map_err(Error::any)?;
let mut sort_headers = Vec::new();
for h in value
.signed_headers
.split(';')
.collect::<Vec<&str>>()
.iter()
{
match sign_headers.get_key_value(*h) {
Some((k, v)) => sort_headers.push(SignHeader {
key: k.to_owned(),
value: v.to_owned(),
}),
None => return Err(Error::Invalid(format!("lack {}", *h))),
}
}
sort_headers.sort();
let signature = serde_json::to_string(&sort_headers).map_err(Error::any)?;
let sign_result = sign(
[message, signature].join(".").as_bytes(),
&EncodingKey::from_secret(secret_access_key.as_bytes()),
algorithm,
)
.map_err(Error::any)?;
Ok(sign_result)
}
pub fn query(
value: &mut Signature,
sign_headers: HashMap<String, String>,
secret_access_key: String,
seconds_offset: u64,
) -> Result<String> {
value.sign = signature(
value,
sign_headers.clone(),
secret_access_key,
seconds_offset,
)?;
let prefix = serde_urlencoded::to_string(value).map_err(Error::any)?;
let suffix = serde_urlencoded::to_string(sign_headers).map_err(Error::any)?;
Ok([prefix, suffix].join("&"))
}
pub fn request(
method: Method,
url: Url,
value: &mut Signature,
sign_headers: HashMap<String, String>,
secret_access_key: String,
) -> Result<Request> {
value.sign = signature(value, sign_headers.clone(), secret_access_key, 15)?;
let mut req = Request::new(method, url);
req.headers_mut().append(
HeaderName::from_static("access_key"),
HeaderValue::from_str(&value.access_key).map_err(Error::any)?,
);
req.headers_mut().append(
HeaderName::from_static("algorithm"),
HeaderValue::from_str(&value.algorithm).map_err(Error::any)?,
);
req.headers_mut().append(
HeaderName::from_static("request_time"),
HeaderValue::from_str(&value.request_time).map_err(Error::any)?,
);
req.headers_mut().append(
HeaderName::from_static("sign"),
HeaderValue::from_str(&value.sign).map_err(Error::any)?,
);
req.headers_mut().append(
HeaderName::from_static("signed_headers"),
HeaderValue::from_str(&value.signed_headers).map_err(Error::any)?,
);
for (k, v) in sign_headers.iter() {
req.headers_mut().append(
HeaderName::from_str(k).map_err(Error::any)?,
HeaderValue::from_str(v.as_str()).map_err(Error::any)?,
);
}
Ok(req)
}
