// 内容签名。生成规则:
// A)提取请求方法method(GET或POST);
// B)提取请求url信息,包括Host字段的IP或域名和URI的path部分,注意不包括Host的端口和Path的querystring。请在请求中带上Host字段,否则将视为无效请求。比如openapi.xg.qq.com/v2/push/single_device或者10.198.18.239/v2/push/single_device;
// C)将请求参数(不包括sign参数)格式化成K=V方式,注意:计算sign时所有参数不应进行urlencode;
// D)将格式化后的参数以K的字典序升序排列,拼接在一起,注意字典序中大写字母在前;
// E)拼接请求方法、url、排序后格式化的字符串以及应用的secret_key;
// F)将E形成字符串计算MD5值,形成一个32位的十六进制(字母小写)字符串,即为本次请求sign(签名)的值;
// Sign=MD5($http_method$url$k1=$v1$k2=$v2$secret_key); 该签名值基本可以保证请求是合法者发送且参数没有被修改,但无法保证不被偷窥。
// 例如: POST请求到接口http://openapi.xg.qq.com/v2/push/single_device,有四个参数,access_id=123,timestamp=1386691200,Param1=Value1,Param2=Value2,secret_key为abcde。则上述E步骤拼接出的字符串为POSTopenapi.xg.qq.com/v2/push/single_deviceParam1=Value1Param2=Value2access_id=123timestamp=1386691200abcde,注意字典序中大写在前。计算出该字符串的MD5为ccafecaef6be07493cfe75ebc43b7d53,以此作为sign参数的值
func (xgpush *XGPush) sign(method string, device_type int, params map[string]string) (err error) {
var secret_key string
switch device_type {
case XGPushDeviceType_IOS:
params["environment"] = xgpush.Param_environment
params["access_id"] = xgpush.Param_ios_access_id
secret_key = xgpush.Param_ios_secret_key
case XGPushDeviceType_Android:
params["access_id"] = xgpush.Param_android_access_id
secret_key = xgpush.Param_android_secret_key
default:
return ErrUnknownDeviceType
}
if _, found := params["timestamp"]; !found {
params["timestamp"] = strconv.FormatInt(time.Now().Unix(), 10)
}
//params["valid_time"] = XGPUSH_VALID_TIME
h := md5.New()
io.WriteString(h, XGPUSH_METHOD)
io.WriteString(h, XGPUSH_V2_BASE_URL)
io.WriteString(h, method)
var kvs []string
for key, value := range params {
kvs = append(kvs, key+"="+value)
}
sort.Sort(sort.StringSlice(kvs))
for _, kv := range kvs {
io.WriteString(h, kv)
}
io.WriteString(h, secret_key)
params["sign"] = fmt.Sprintf("%x", h.Sum(nil))
return
}
// mysql_real_escape_string() “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and Control+Z
func escapeString(txt string) string {
var (
esc string
buf bytes.Buffer
)
last := 0
for ii, bb := range txt {
switch bb {
case 0:
esc = `\0`
case '\n':
esc = `\n`
case '\r':
esc = `\r`
case '\\':
esc = `\\`
case '\'':
esc = `\'`
case '"':
esc = `\"`
case '\032':
esc = `\Z`
default:
continue
}
io.WriteString(&buf, txt[last:ii])
io.WriteString(&buf, esc)
last = ii + 1
}
io.WriteString(&buf, txt[last:])
return buf.String()
}
//--------------------------------------
//文件管理逻辑
//
//KindEditor提交参数:
//dir{"image", "flash", "media", "file"},默认"image"
//path,默认"",格式:"2014年","2014年1月","201401-<filename>"
//order,默认"name"
//
//返回给KindEditor的参数:
//moveup_dir_path": "",
//"current_dir_path": "",
//"current_url": "/ke4/php/../attached/",
//"total_count": 5,
//"file_list": [
//
//{
// "is_dir": false,
// "has_file": false,
// "filesize": 208736,
// "is_photo": true,
// "filetype": "jpg",
// "filename": "1241601537255682809.jpg",
// "datetime": "2011-08-02 15:32:43"
//},
//{
// "is_dir": true,
// "has_file": (file.listFiles() != null),
// "filesize": 0L,
// "is_photo": false,
// "filetype": "",
// "filename": file.getName(),
// "datetime": "2011-08-02 15:32:43"
//},
//--------------------------------------
//martini handler
func ListFilesHandlers() []martini.Handler {
var bind = binding.Bind(ListReqData{})
var listHandler = func(data ListReqData, w http.ResponseWriter, r *http.Request) {
if strings.ToUpper(data.Dir) != "IMAGE" {
data.Err(w, "dir should be IMAGE")
return
}
//根据path建立KindList
list := &KindList{CurrentDirPath: strings.TrimSuffix(data.Path, "/")}
switch length := len([]rune(list.CurrentDirPath)); length {
case 0: //""
listYears(r, list)
case 5: //"2014年, 2014年"
if err := listMonths(r, list); err != nil {
data.Err(w, err.Error())
return
}
case 7, 8: //"2014年4月"
if err := listFiles(&data, list); err != nil {
data.Err(w, err.Error())
return
}
default:
data.Err(w, `Path wrong:`+data.Path)
return
}
io.WriteString(w, data.Callback+"(")
resJson(w, list)
io.WriteString(w, ")")
}
return []martini.Handler{bind, listHandler}
}
/**
* 登录处理
*/
func doLogin(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
manageName := r.Form["manage_name"][0]
password := r.Form["password"][0]
code := r.Form["code"][0]
if manageName == "" || password == "" || code == "" {
io.WriteString(w, "<script type='text/javascript'>location.href='/login'</script>")
}
//判断验证码是否正确
imagecode := getSession(w, r, imageCodeKey)
if code == imagecode {
//判断账号和密码是否正确
userInfo, err := checkLogin(manageName, getSha1(password))
if err != nil {
io.WriteString(w, "<script type='text/javascript'>location.href='/login'</script>")
} else {
setSession(w, r, manageIdKey, userInfo["manage_id"])
io.WriteString(w, "<script type='text/javascript'>location.href='/admin'</script>")
}
} else {
io.WriteString(w, "<script type='text/javascript'>location.href='/login'</script>")
}
}
//生成节点id
func GenerateId() Id {
random := rand.New(rand.NewSource(time.Now().UnixNano()))
h := sha1.New()
io.WriteString(h, time.Now().String())
io.WriteString(h, string(random.Int()))
return h.Sum(nil)
}
// Generate JSON output
func jsonify(w http.ResponseWriter, r *http.Request, question []dns.Question, answer []dns.RR, authority []dns.RR, additional []dns.RR) {
var answerArray, authorityArray, additionalArray []*Section
callback := r.URL.Query().Get("callback")
for _, answer := range answer {
answerArray = append(answerArray, &Section{answer.Header().Name, dns.TypeToString[answer.Header().Rrtype], dns.ClassToString[answer.Header().Class], answer.Header().Ttl, answer.Header().Rdlength, rdata(answer)})
}
for _, authority := range authority {
authorityArray = append(authorityArray, &Section{authority.Header().Name, dns.TypeToString[authority.Header().Rrtype], dns.ClassToString[authority.Header().Class], authority.Header().Ttl, authority.Header().Rdlength, rdata(authority)})
}
for _, additional := range additional {
additionalArray = append(additionalArray, &Section{additional.Header().Name, dns.TypeToString[additional.Header().Rrtype], dns.ClassToString[additional.Header().Class], additional.Header().Ttl, additional.Header().Rdlength, rdata(additional)})
}
if json, err := json.MarshalIndent(Message{[]*Question{&Question{question[0].Name, dns.TypeToString[question[0].Qtype], dns.ClassToString[question[0].Qclass]}}, answerArray, authorityArray, additionalArray}, "", " "); err == nil {
if callback != "" {
io.WriteString(w, callback+"("+string(json)+");")
} else {
io.WriteString(w, string(json))
}
}
}
// bEncode encodes s using base64 encoding and writes it to buf.
func (e WordEncoder) bEncode(buf *bytes.Buffer, charset, s string) {
w := base64.NewEncoder(base64.StdEncoding, buf)
// If the charset is not UTF-8 or if the content is short, do not bother
// splitting the encoded-word.
if !isUTF8(charset) || base64.StdEncoding.EncodedLen(len(s)) <= maxContentLen {
io.WriteString(w, s)
w.Close()
return
}
var currentLen, last, runeLen int
for i := 0; i < len(s); i += runeLen {
// Multi-byte characters must not be split accross encoded-words.
// See RFC 2047, section 5.3.
_, runeLen = utf8.DecodeRuneInString(s[i:])
if currentLen+runeLen <= maxBase64Len {
currentLen += runeLen
} else {
io.WriteString(w, s[last:i])
w.Close()
e.splitWord(buf, charset)
last = i
currentLen = runeLen
}
}
io.WriteString(w, s[last:])
w.Close()
}
func commandHandler(res http.ResponseWriter, req *http.Request) {
req.ParseForm()
command := new(SlackCommand)
decoder := schema.NewDecoder()
err := decoder.Decode(command, req.PostForm)
if err != nil {
res.WriteHeader(400)
io.WriteString(res, "Invalid form data\n")
return
}
if command.Token != config.IncomingToken {
res.WriteHeader(403)
io.WriteString(res, "Invalid token\n")
return
}
user, created := userStore.GetOrAdd(command.UserID)
if created {
user.UserName = command.UserName
}
commandFunc, exists := commands[command.getSubCommand()]
if !exists {
commandFunc = commands["help"]
}
err = commandFunc(command, user)
if err != nil {
res.WriteHeader(400)
io.WriteString(res, err.Error())
}
}
func (l List) Quote(w io.Writer, t Type) error {
_, err := io.WriteString(w, "[ ")
if err != nil {
return err
}
lt, isList := t.(ListType)
if !isList {
return fmt.Errorf("internal error: %v is not a list", t.Name())
}
for i, v := range l {
if i != 0 {
_, err = io.WriteString(w, ", ")
if err != nil {
return err
}
}
if err := v.Quote(w, lt.Elem); err != nil {
return err
}
}
_, err = io.WriteString(w, " ]")
return err
}
func RegisterHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
tmpl, _ := template.ParseFiles("./static/adduser.html")
tmpl.Execute(w, "")
return
}
username := r.FormValue("user")
pwd := r.FormValue("pwd")
pwdConfirm := r.FormValue("pwd_confirm")
user := dao.QueryUserByUserName(username)
if user != nil {
io.WriteString(w, "user "+username+"alread exists")
return
}
if pwd == "" || pwd != pwdConfirm {
io.WriteString(w, "password confirm error, not the same one!")
return
}
user = new(dao.User)
user.UserName = username
user.Name = username
user.Pwd = wb_util.CreateMD5String(pwd)
dao.CreateUser(user)
dao.RegistUser(user)
msg := "register success!!!"
tmpl, _ := template.ParseFiles("./static/success.html")
tmpl.Execute(w, msg)
}
func (svc *GoPushService) handlePing(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
serve404(w)
return
}
v, _ := url.ParseQuery(r.URL.RawQuery)
center := v.Get("center")
callback := v.Get("callback") // For JSONP
if _, ok := svc.lastState[center]; center == "" || !ok {
serve404(w)
return
}
if callback == "" { // Normal response
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.WriteHeader(http.StatusOK)
io.WriteString(w, svc.lastState[center])
} else { // JSONP response
w.Header().Set("Content-Type", "application/javascript; charset=utf-8")
w.WriteHeader(http.StatusOK)
marshaled, _ := json.Marshal(svc.lastState[center])
io.WriteString(w, callback+"("+string(marshaled)+");")
}
}
func pushHandler(w http.ResponseWriter, r *http.Request, backend *dbBackend) {
decoder := json.NewDecoder(r.Body)
decoder.UseNumber()
var ent map[string]interface{}
e := decoder.Decode(&ent)
if nil != e {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, e.Error())
return
}
job, e := createJobFromMap(backend, ent)
if nil != e {
w.WriteHeader(http.StatusInternalServerError)
io.WriteString(w, e.Error())
return
}
e = backend.create(job)
if nil != e {
w.WriteHeader(http.StatusInternalServerError)
io.WriteString(w, e.Error())
return
}
w.WriteHeader(http.StatusOK)
io.WriteString(w, "OK")
return
}
func testJobHandler(w http.ResponseWriter, r *http.Request, backend *dbBackend) {
decoder := json.NewDecoder(r.Body)
decoder.UseNumber()
var ent map[string]interface{}
e := decoder.Decode(&ent)
if nil != e {
w.WriteHeader(http.StatusBadRequest)
io.WriteString(w, e.Error())
return
}
job, e := createJobFromMap(backend, ent)
if nil != e {
w.WriteHeader(http.StatusInternalServerError)
io.WriteString(w, e.Error())
return
}
if args, _ := job.attributes(); args != nil {
if _, ok := args["content"]; !ok {
args["content"] = "this is test job message."
}
}
e = job.invokeJob()
if nil != e {
w.WriteHeader(http.StatusInternalServerError)
io.WriteString(w, e.Error())
return
}
w.WriteHeader(http.StatusOK)
io.WriteString(w, "OK")
return
}
func countsHandler(w http.ResponseWriter, r *http.Request, backend *dbBackend) {
var all_size, failed_size, queued_size, active_size int64
var e error
all_size, e = backend.count(nil)
if nil != e {
goto failed
}
failed_size, e = backend.count(map[string]interface{}{"@failed_at": "[notnull]"})
if nil != e {
goto failed
}
queued_size, e = backend.count(map[string]interface{}{"@failed_at": nil, "locked_by": nil})
if nil != e {
goto failed
}
active_size, e = backend.count(map[string]interface{}{"@failed_at": nil, "locked_by": "[notnull]"})
if nil != e {
goto failed
}
w.Header()["Content-Type"] = []string{"application/json; charset=utf-8"}
io.WriteString(w, fmt.Sprintf(`{"all":%v,"failed":%v,"active":%v,"queued":%v}`, all_size, failed_size, active_size, queued_size))
return
failed:
w.Header()["Content-Type"] = []string{"text/plain; charset=utf-8"}
w.WriteHeader(http.StatusInternalServerError)
io.WriteString(w, e.Error())
return
}
// create a csrf token
func (cf *Csrf) genToken(salt, secret string) string {
h := sha1.New()
io.WriteString(h, salt)
io.WriteString(h, "-")
io.WriteString(h, secret)
return salt + "-" + base64.StdEncoding.EncodeToString(h.Sum(nil))
}
func (o Object) Quote(w io.Writer, t Type) error {
_, err := io.WriteString(w, "{ ")
if err != nil {
return err
}
ot, isObject := t.(ObjectType)
if !isObject {
return fmt.Errorf("internal error: %v is not an object", t.Name())
}
for i, v := range o {
if i != 0 {
_, err = io.WriteString(w, ", ")
if err != nil {
return err
}
}
_, err = fmt.Fprintf(w, `%v: `, strconv.Quote(ot[i].Name))
if err != nil {
return err
}
if err := v.Quote(w, ot[i].Type); err != nil {
return err
}
}
_, err = io.WriteString(w, " }")
return err
}
func getAuthSignature(authToken, cert string) string {
h := sha1.New()
io.WriteString(h, authToken)
io.WriteString(h, cert)
return fmt.Sprintf("%x", h.Sum(nil))
}
// openEvent writes the "header" part of the JSON message.
func (d glogJSON) openEvent() {
io.WriteString(d.writer, `{"@source_host":`)
d.encoder.Encode(host) // uses glog package var
io.WriteString(d.writer, `,"@timestamp":`)
// ignore time information given, take new snapshot
d.encoder.Encode(timeNow()) // use testable function stored in var
}
func handle(conn net.Conn) {
defer conn.Close()
scanner := bufio.NewScanner(conn)
for scanner.Scan() {
ln := scanner.Text()
fs := strings.Fields(ln)
// skip blank lines
if len(fs) < 2 {
continue
}
switch fs[0] {
case "GET":
key := fs[1]
value := data[key]
fmt.Fprintf(conn, "%s\n", value)
case "SET":
if len(fs) != 3 {
io.WriteString(conn, "EXPECTED VALUE\n")
continue
}
key := fs[1]
value := fs[2]
data[key] = value
case "DEL":
default:
io.WriteString(conn, "INVALID COMMAND "+fs[0]+"\n")
}
}
}
func handleConn(conn net.Conn) {
defer conn.Close()
scanner := bufio.NewScanner(conn)
i := 0
for scanner.Scan() {
ln := scanner.Text()
fmt.Println(ln)
if i == 0 {
method := strings.Fields(ln)[0]
fmt.Println("METHOD", method)
} else {
// in headers now
if ln == "" {
break
}
}
i++
}
body := "hello world 2"
io.WriteString(conn, "HTTP/1.1 200 OK\r\n")
fmt.Fprintf(conn, "Content-Length: %d\r\n", len(body))
io.WriteString(conn, "\r\n")
io.WriteString(conn, body)
}
// GetMD5Plus is to hash by MD5 Plus salt
func GetMD5Plus(baseString string, strPlus string) string {
//1.ユーザが入力したパスワードに対してMD5で一度暗号化
//2.得られたMD5の値の前後に管理者自身だけが知っているランダムな文字列を追加
//3.再度MD5で暗号化
h := md5.New()
io.WriteString(h, baseString)
pwmd5 := fmt.Sprintf("%x", h.Sum(nil))
salt1 := "@#$%"
salt2 := "^&*()"
//salt1 + username + salt2+MD5を連結。
io.WriteString(h, salt1)
io.WriteString(h, salt2)
if strPlus != "" {
io.WriteString(h, strPlus)
}
io.WriteString(h, pwmd5)
ret := fmt.Sprintf("%x", h.Sum(nil))
//lg.Debugf("md5 Plus: %s\n", ret)
return ret
}
func (w *response) finishRequest() {
// If this was an HTTP/1.0 request with keep-alive and we sent a Content-Length
// back, we can make this a keep-alive response ...
if w.req.wantsHttp10KeepAlive() {
sentLength := w.header.Get("Content-Length") != ""
if sentLength && w.header.Get("Connection") == "keep-alive" {
w.closeAfterReply = false
}
}
if !w.wroteHeader {
w.WriteHeader(StatusOK)
}
errorKludge(w)
if w.chunking {
io.WriteString(w.conn.buf, "0\r\n")
// trailer key/value pairs, followed by blank line
io.WriteString(w.conn.buf, "\r\n")
}
w.conn.buf.Flush()
w.req.Body.Close()
if w.req.MultipartForm != nil {
w.req.MultipartForm.RemoveAll()
}
if w.contentLength != -1 && w.contentLength != w.written {
// Did not write enough. Avoid getting out of sync.
w.closeAfterReply = true
}
}
func TestYencodeBinary(t *testing.T) {
// open and read the input file
inbuf, err := ioutil.ReadFile("../test/test2.in")
if err != nil {
t.Fatalf("couldn't open test2.in: %s", err)
}
// open and read the yencode output file
testbuf, err := ioutil.ReadFile("../test/test2.ync")
if err != nil {
t.Fatalf("couldn't open test2.ync: %s", err)
}
// generate a dodgy message
out := new(bytes.Buffer)
io.WriteString(out, "=ybegin part=1 total=1 line=128 size=76800 name=test2.in\r\n")
io.WriteString(out, "=ypart begin=1 end=76800\r\n")
enc := newEncoder(out, LINE_LENGTH)
if err := enc.Encode(inbuf); err != nil {
t.Fatalf("write failed %s", err)
}
io.WriteString(out, "=yend size=76800 part=1 pcrc32=12AAC2CF\r\n")
// compare
if bytes.Compare(testbuf, out.Bytes()) != 0 {
t.Fatalf("data mismatch")
}
}
func (params Params) encodeFormUrlEncoded(writer io.Writer) (mime string, err error) {
var jsonStr []byte
written := false
for k, v := range params {
if written {
io.WriteString(writer, "&")
}
io.WriteString(writer, url.QueryEscape(k))
io.WriteString(writer, "=")
if reflect.TypeOf(v).Kind() == reflect.String {
io.WriteString(writer, url.QueryEscape(reflect.ValueOf(v).String()))
} else {
jsonStr, err = json.Marshal(v)
if err != nil {
return
}
io.WriteString(writer, url.QueryEscape(string(jsonStr)))
}
written = true
}
mime = _MIME_FORM_URLENCODED
return
}
func (dhtNode *KNode) GenToken(sender *NodeInfo) string {
h := sha1.New()
io.WriteString(h, sender.Ip.String())
io.WriteString(h, time.Now().String())
token := bytes.NewBuffer(h.Sum(nil)).String()
return token
}
func TestH12_FlushMidBody(t *testing.T) {
h12Compare{Handler: func(w ResponseWriter, r *Request) {
io.WriteString(w, "foo")
w.(Flusher).Flush()
io.WriteString(w, "bar")
}}.run(t)
}
func (g *Generator) Output(w io.Writer) {
sort.Sort(g.lastTmorphItems)
for _, item := range g.lastTmorphItems {
io.WriteString(w, item.String())
io.WriteString(w, "\n")
}
}
func main() {
flag.StringVar(&route, "path", "./", "Source of files")
flag.StringVar(&pattern, "pattern", "*", "Pattern search expression of searching files")
flag.StringVar(&ofilename, "output", "./output.json", "The JSON output file in which we save the results")
flag.Parse()
fmt.Println("Find Duplicated Files: Go Walk Hash Calculation...")
fmt.Println(" * Pattern:", pattern, "\n", " * Route:", route, "\n", " * Output filename: ", ofilename)
//Create ofilename
f, err := os.Create(ofilename)
if err != nil {
log.Fatal(err)
}
f.Close()
//OpenFile and write '[\n'
f, err = os.OpenFile(ofilename, os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
log.Fatal(err)
}
defer f.Close()
n, err := io.WriteString(f, "[\n")
if err != nil {
log.Fatal(n, err)
}
//Run the main procedure
i = 0
filepath.Walk(route, VisitFile)
//Write '\n]'
n, err = io.WriteString(f, "\n]")
if err != nil {
log.Fatal(n, err)
}
fmt.Println("Written ", i+1, " entries.")
}
func emptyTestServer() *httptest.Server {
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Influxdb-Version", SERVER_VERSION)
switch r.URL.Path {
case "/query":
values := r.URL.Query()
parser := influxql.NewParser(bytes.NewBufferString(values.Get("q")))
q, err := parser.ParseQuery()
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
stmt := q.Statements[0]
switch stmt.(type) {
case *influxql.ShowDatabasesStatement:
io.WriteString(w, `{"results":[{"series":[{"name":"databases","columns":["name"],"values":[["db"]]}]}]}`)
case *influxql.ShowDiagnosticsStatement:
io.WriteString(w, `{"results":[{}]}`)
}
case "/write":
w.WriteHeader(http.StatusOK)
}
}))
}
// authenticate authenticates ourselves with the X server.
// displayStr is the "12" out of ":12.0".
func authenticate(w *bufio.Writer, displayStr string) os.Error {
key, value, err := readAuth(displayStr)
if err != nil {
return err
}
// Assume that the authentication protocol is "MIT-MAGIC-COOKIE-1".
if len(key) != 18 || len(value) != 16 {
return os.NewError("unsupported Xauth")
}
// 0x006c means little-endian. 0x000b, 0x0000 means X major version 11, minor version 0.
// 0x0012 and 0x0010 means the auth key and value have lengths 18 and 16.
// The final 0x0000 is padding, so that the string length is a multiple of 4.
_, err = io.WriteString(w, "\x6c\x00\x0b\x00\x00\x00\x12\x00\x10\x00\x00\x00")
if err != nil {
return err
}
_, err = io.WriteString(w, key)
if err != nil {
return err
}
// Again, the 0x0000 is padding.
_, err = io.WriteString(w, "\x00\x00")
if err != nil {
return err
}
_, err = io.WriteString(w, value)
if err != nil {
return err
}
err = w.Flush()
if err != nil {
return err
}
return nil
}
