diff --git a/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs b/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs index 2950578f3..cc4d4a6b9 100644 --- a/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs +++ b/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs @@ -131,7 +131,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization } var queryDictionary = new Dictionary(); - var queryStringCollection = httpContext.Request.Query.OrderBy(q => q.Key); + var queryStringCollection = httpContext.Request.Query; foreach (var queryString in queryStringCollection) { if (queryString.Key.Equals(AbpOpenApiConsts.SignatureFieldName)) @@ -140,8 +140,8 @@ namespace LINGYUN.Abp.OpenApi.Authorization } queryDictionary.Add(queryString.Key, queryString.Value.ToString()); } - - var requiredSign = CalculationSignature(httpContext.Request.Path.Value, appDescriptor.AppSecret, queryDictionary); + queryDictionary.TryAdd("appSecret", appDescriptor.AppSecret); + var requiredSign = CalculationSignature(httpContext.Request.Path.Value, queryDictionary); if (!string.Equals(requiredSign, sign.ToString())) { exception = new BusinessException( @@ -205,10 +205,10 @@ namespace LINGYUN.Abp.OpenApi.Authorization await context.Response.WriteAsync(errorInfo.Message); } - private static string CalculationSignature(string url, string appSecret, IDictionary queryDictionary) + private static string CalculationSignature(string url, IDictionary queryDictionary) { var queryString = BuildQuery(queryDictionary); - var encodeUrl = UrlEncode(string.Concat(url, "?", queryString, appSecret)); + var encodeUrl = UrlEncode(string.Concat(url, "?", queryString)); return encodeUrl.ToMd5(); } @@ -216,7 +216,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization private static string BuildQuery(IDictionary queryStringDictionary) { StringBuilder sb = new StringBuilder(); - foreach (var queryString in queryStringDictionary) + foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key)) { sb.Append(queryString.Key) .Append('=') diff --git a/aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs b/aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs index 1df55147b..beff7aba8 100644 --- a/aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs +++ b/aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs @@ -68,8 +68,12 @@ namespace OpenApi "&t=", timeStamp); var quertString = ReverseQueryString(requestUrl); + // 密钥参与计算 + quertString.Add("appSecret", appSecret); // 对请求参数签名 - var sign = CalculationSignature(baseUrl, appSecret, quertString); + var sign = CalculationSignature(baseUrl, quertString); + // 移除密钥 + quertString.Remove("appSecret"); // 签名随请求传递 quertString.Add("sign", sign); // 重新拼接请求参数 @@ -125,14 +129,13 @@ namespace OpenApi return queryDic; } - private static string CalculationSignature(string url, string appSecret, IDictionary queryDictionary) + private static string CalculationSignature(string url, IDictionary queryDictionary) { var queryString = BuildQuery(queryDictionary); var requestUrl = string.Concat( url, url.Contains('?') ? "" : "?", - queryString, - appSecret); + queryString); var encodeUrl = UrlEncode(requestUrl); return encodeUrl.ToMd5(); } @@ -140,7 +143,7 @@ namespace OpenApi private static string BuildQuery(IDictionary queryStringDictionary) { StringBuilder sb = new StringBuilder(); - foreach (var queryString in queryStringDictionary) + foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key)) { sb.Append(queryString.Key) .Append('=')