feature(issue 1272): FeiShu group chat robot adds signature verification function

pull/1360/head
yujianbo 2 years ago
parent 5d40f66e7c
commit cafd199d56

@ -33,7 +33,13 @@ import lombok.Data;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows; import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter; import java.time.format.DateTimeFormatter;
import java.util.Arrays; import java.util.Arrays;
@ -81,7 +87,13 @@ public class LarkSendMessageHandler implements SendMessageHandler {
} else { } else {
larkAlarmTxt = StringUtil.replace(larkAlarmTxt, larkAlarmTimeoutReplaceJson, ""); larkAlarmTxt = StringUtil.replace(larkAlarmTxt, larkAlarmTimeoutReplaceJson, "");
} }
String timestamp=String.valueOf(System.currentTimeMillis()).substring(0,10);;
String sign = genSign(notifyConfig.getSecret(), timestamp);
String text = String.format(larkAlarmTxt, String text = String.format(larkAlarmTxt,
timestamp,
sign,
alarmNotifyRequest.getActive(), alarmNotifyRequest.getActive(),
alarmNotifyRequest.getNotifyTypeEnum(), alarmNotifyRequest.getNotifyTypeEnum(),
alarmNotifyRequest.getThreadPoolId(), alarmNotifyRequest.getThreadPoolId(),
@ -154,6 +166,31 @@ public class LarkSendMessageHandler implements SendMessageHandler {
} }
} }
private String verifySign(String secret, long timestamp) throws Exception {
//把timestamp+"\n"+密钥当做签名字符串
String stringToSign = timestamp + "\n" + secret;
//使用HmacSHA256算法计算签名
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(stringToSign.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] signData = mac.doFinal(new byte[]{});
return new String(Base64.encodeBase64(signData));
}
/**
* generate Signature
*/
private String genSign(String secret, String timestamp) throws NoSuchAlgorithmException, InvalidKeyException {
//把timestamp+"\n"+密钥当做签名字符串
String stringToSign = timestamp + "\n" + secret;
//使用HmacSHA256算法计算签名
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(stringToSign.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] signData = mac.doFinal(new byte[]{});
return new String(Base64.encodeBase64(signData));
}
/** /**
* Lark robot response. * Lark robot response.
*/ */

@ -1,5 +1,7 @@
{ {
"msg_type": "interactive", "msg_type": "interactive",
"timestamp":"%s",
"sign": "%s",
"card": { "card": {
"config": { "config": {
"wide_screen_mode": true "wide_screen_mode": true

Loading…
Cancel
Save