diff --git a/docs/WechatApi/Basic_SecurityAPI.md b/docs/WechatApi/Basic_SecureAPI.md similarity index 70% rename from docs/WechatApi/Basic_SecurityAPI.md rename to docs/WechatApi/Basic_SecureAPI.md index 4658eb4f..d53e7f6f 100644 --- a/docs/WechatApi/Basic_SecurityAPI.md +++ b/docs/WechatApi/Basic_SecureAPI.md @@ -20,13 +20,13 @@ var options = new WechatApiClientOptions() { // 其他配置项略 - SecurityApiEnabled = true, - SecurityApiSymmetricAlgorithm = Constants.SecurityApiSymmetricAlgorithms.AES, - SecurityApiSymmetricNumber = "AES/SM4 对称加密密钥编号", - SecurityApiSymmetricKey = "AES/SM4 对称加密密钥", - SecurityApiAsymmetricAlgorithm = Constants.SecurityApiAsymmetricAlgorithms.RSA, - SecurityApiAsymmetricNumber = "RSA/SM2 非对称加密私钥编号", - SecurityApiAsymmetricPrivateKey = "RSA/SM2 非对称加密私钥" + SecureApiEnabled = true, + SecureApiSymmetricAlgorithm = Constants.SecureApiSymmetricAlgorithms.AES, + SecureApiSymmetricNumber = "AES/SM4 对称加密密钥编号", + SecureApiSymmetricKey = "AES/SM4 对称加密密钥", + SecureApiAsymmetricAlgorithm = Constants.SecureApiAsymmetricAlgorithms.RSA, + SecureApiAsymmetricNumber = "RSA/SM2 非对称加密私钥编号", + SecureApiAsymmetricPrivateKey = "RSA/SM2 非对称加密私钥" }; var client = WechatApiClientBuilder.Create(options).Build(); ``` @@ -39,7 +39,7 @@ var client = WechatApiClientBuilder.Create(options).Build(); 默认情况下,启用安全鉴权模式后本库也只会对部分关键 API 自动加密及签名。 -完整的关键 API 清单可以参考项目目录下的 _src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecurityApiInterceptor_ 文件的 `SIGN_REQUIRED_URLS` 的常量。 +完整的关键 API 清单可以参考项目目录下的 _src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecureApiInterceptor_ 文件的 `SIGN_REQUIRED_URLS` 的常量。 如果你需要开启全部 API 加密及签名,请在上文的基础上额外设置: @@ -47,7 +47,7 @@ var client = WechatApiClientBuilder.Create(options).Build(); var options = new WechatApiClientOptions() { // 其他配置项略 - SecurityApiCustomRequestPathMatcher = (url) => + SecureApiCustomRequestPathMatcher = (url) => { if (url == "/sns/auth") return true; diff --git a/docs/WechatApi/README.md b/docs/WechatApi/README.md index 208d0793..9a89c834 100644 --- a/docs/WechatApi/README.md +++ b/docs/WechatApi/README.md @@ -92,7 +92,7 @@ else - [如何自定义额外的 API 接口?](./Basic_Extensions.md) -- [如何接入安全鉴权模式?](./Basic_SecurityAPI.md) +- [如何接入安全鉴权模式?](./Basic_SecureAPI.md) --- diff --git a/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiAsymmetricAlgorithms.cs b/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiAsymmetricAlgorithms.cs similarity index 72% rename from src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiAsymmetricAlgorithms.cs rename to src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiAsymmetricAlgorithms.cs index 3b435200..90fe38cb 100644 --- a/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiAsymmetricAlgorithms.cs +++ b/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiAsymmetricAlgorithms.cs @@ -1,6 +1,6 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Constants { - public static class SecurityApiAsymmetricAlgorithms + public static class SecureApiAsymmetricAlgorithms { public const string RSA = "RSA"; diff --git a/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiSymmetricAlgorithms.cs b/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiSymmetricAlgorithms.cs similarity index 73% rename from src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiSymmetricAlgorithms.cs rename to src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiSymmetricAlgorithms.cs index b8056411..7799308f 100644 --- a/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecurityApiSymmetricAlgorithms.cs +++ b/src/SKIT.FlurlHttpClient.Wechat.Api/Constants/SecureApiSymmetricAlgorithms.cs @@ -1,6 +1,6 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Constants { - public static class SecurityApiSymmetricAlgorithms + public static class SecureApiSymmetricAlgorithms { public const string AES = "AES"; diff --git a/src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecurityApiInterceptor.cs b/src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecureApiInterceptor.cs similarity index 96% rename from src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecurityApiInterceptor.cs rename to src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecureApiInterceptor.cs index fbc27bb1..468fa96f 100644 --- a/src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecurityApiInterceptor.cs +++ b/src/SKIT.FlurlHttpClient.Wechat.Api/Interceptors/WechatApiSecureApiInterceptor.cs @@ -17,7 +17,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors using SKIT.FlurlHttpClient.Internal; using SKIT.FlurlHttpClient.Wechat.Api.Constants; - internal class WechatApiSecurityApiInterceptor : HttpInterceptor + internal class WechatApiSecureApiInterceptor : HttpInterceptor { /** * REF: @@ -96,7 +96,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors private readonly string _asymmetricPrivateKey; private readonly Func? _customRequestPathMatcher; - public WechatApiSecurityApiInterceptor(string baseUrl, string appId, string symmetricAlg, string symmetricNum, string symmetricEncodingKey, string asymmetricAlg, string asymmetricNum, string asymmetricPrivateKey, Func? customRequestPathMatcher) + public WechatApiSecureApiInterceptor(string baseUrl, string appId, string symmetricAlg, string symmetricNum, string symmetricEncodingKey, string asymmetricAlg, string asymmetricNum, string asymmetricPrivateKey, Func? customRequestPathMatcher) { _baseUrl = baseUrl.TrimEnd('/'); _appId = appId; @@ -176,7 +176,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors string sData, sIV, sAuthTag; switch (_symmetricAlg) { - case SecurityApiSymmetricAlgorithms.AES: + case SecureApiSymmetricAlgorithms.AES: { try { @@ -203,7 +203,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors } break; - case SecurityApiSymmetricAlgorithms.SM4: + case SecureApiSymmetricAlgorithms.SM4: { try { @@ -257,7 +257,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors switch (_asymmetricAlg) { - case SecurityApiAsymmetricAlgorithms.RSA: + case SecureApiAsymmetricAlgorithms.RSA: { try { @@ -270,7 +270,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors } break; - case SecurityApiAsymmetricAlgorithms.SM2: + case SecureApiAsymmetricAlgorithms.SM2: { try { @@ -359,7 +359,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors switch (_symmetricAlg) { - case SecurityApiSymmetricAlgorithms.AES: + case SecureApiSymmetricAlgorithms.AES: { try { @@ -383,7 +383,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.Interceptors } break; - case SecurityApiSymmetricAlgorithms.SM4: + case SecureApiSymmetricAlgorithms.SM4: { try { diff --git a/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClient.cs b/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClient.cs index 7142066a..50dc0200 100644 --- a/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClient.cs +++ b/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClient.cs @@ -41,18 +41,18 @@ namespace SKIT.FlurlHttpClient.Wechat.Api FlurlClient.BaseUrl = options.Endpoint ?? WechatApiEndpoints.DEFAULT; FlurlClient.WithTimeout(options.Timeout <= 0 ? Timeout.InfiniteTimeSpan : TimeSpan.FromMilliseconds(options.Timeout)); - if (options.SecurityApiEnabled) + if (options.SecureApiEnabled) { - Interceptors.Add(new Interceptors.WechatApiSecurityApiInterceptor( + Interceptors.Add(new Interceptors.WechatApiSecureApiInterceptor( baseUrl: FlurlClient.BaseUrl, - appId: string.IsNullOrEmpty(options.SecurityApiAppId) ? options.AppId : options.SecurityApiAppId!, - symmetricAlg: options.SecurityApiSymmetricAlgorithm!, - symmetricNum: options.SecurityApiSymmetricNumber!, - symmetricEncodingKey: options.SecurityApiSymmetricEncodingKey!, - asymmetricAlg: options.SecurityApiAsymmetricAlgorithm!, - asymmetricNum: options.SecurityApiAsymmetricNumber!, - asymmetricPrivateKey: options.SecurityApiAsymmetricPrivateKey!, - customRequestPathMatcher: options.SecurityApiCustomRequestPathMatcher + appId: string.IsNullOrEmpty(options.SecureApiAppId) ? options.AppId : options.SecureApiAppId!, + symmetricAlg: options.SecureApiSymmetricAlgorithm!, + symmetricNum: options.SecureApiSymmetricNumber!, + symmetricEncodingKey: options.SecureApiSymmetricEncodingKey!, + asymmetricAlg: options.SecureApiAsymmetricAlgorithm!, + asymmetricNum: options.SecureApiAsymmetricNumber!, + asymmetricPrivateKey: options.SecureApiAsymmetricPrivateKey!, + customRequestPathMatcher: options.SecureApiCustomRequestPathMatcher )); } } diff --git a/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClientOptions.cs b/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClientOptions.cs index ba3d4e8d..6615befc 100644 --- a/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClientOptions.cs +++ b/src/SKIT.FlurlHttpClient.Wechat.Api/WechatApiClientOptions.cs @@ -81,52 +81,52 @@ namespace SKIT.FlurlHttpClient.Wechat.Api /// /// 获取或设置 API 安全鉴权模式是否开启。 /// - public bool SecurityApiEnabled { get; set; } + public bool SecureApiEnabled { get; set; } /// /// 获取或设置 API 安全鉴权模式所使用的 AppId。如果不指定将使用 。 /// - public string? SecurityApiAppId { get; set; } + public string? SecureApiAppId { get; set; } /// /// 获取或设置 API 安全鉴权模式对称加密算法。 /// - /// 默认值: + /// 默认值: /// /// - public string SecurityApiSymmetricAlgorithm { get; set; } = Constants.SecurityApiSymmetricAlgorithms.AES; + public string SecureApiSymmetricAlgorithm { get; set; } = Constants.SecureApiSymmetricAlgorithms.AES; /// /// 获取或设置 API 安全鉴权模式对称加密密钥编号。 /// - public string? SecurityApiSymmetricNumber { get; set; } + public string? SecureApiSymmetricNumber { get; set; } /// /// 获取或设置 API 安全鉴权模式对称加密密钥(经过 Base64 编码)。 /// - public string? SecurityApiSymmetricEncodingKey { get; set; } + public string? SecureApiSymmetricEncodingKey { get; set; } /// /// 获取或设置 API 安全鉴权模式非对称加密算法。 /// - /// 默认值: + /// 默认值: /// /// - public string SecurityApiAsymmetricAlgorithm { get; set; } = Constants.SecurityApiAsymmetricAlgorithms.RSA; + public string SecureApiAsymmetricAlgorithm { get; set; } = Constants.SecureApiAsymmetricAlgorithms.RSA; /// /// 获取或设置 API 安全鉴权模式非对称加密私钥编号。 /// - public string? SecurityApiAsymmetricNumber { get; set; } + public string? SecureApiAsymmetricNumber { get; set; } /// /// 获取或设置 API 安全鉴权模式非对称加密私钥。 /// - public string? SecurityApiAsymmetricPrivateKey { get; set; } + public string? SecureApiAsymmetricPrivateKey { get; set; } /// /// 获取或设置 API 安全鉴权模式自定义请求路径匹配器。如果不指定将只匹配关键 API。 /// - public Func? SecurityApiCustomRequestPathMatcher { get; set; } + public Func? SecureApiCustomRequestPathMatcher { get; set; } } } diff --git a/test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecurityApiTests.cs b/test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecureApiTests.cs similarity index 65% rename from test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecurityApiTests.cs rename to test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecureApiTests.cs index f980c49a..229e5fec 100644 --- a/test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecurityApiTests.cs +++ b/test/SKIT.FlurlHttpClient.Wechat.Api.UnitTests/TestCase_SecureApiTests.cs @@ -9,20 +9,20 @@ using Xunit; namespace SKIT.FlurlHttpClient.Wechat.Api.UnitTests { - public partial class TestCase_SecurityApiTests + public partial class TestCase_SecureApiTests { [Fact(DisplayName = "测试用例:API 安全鉴权模式")] - public async Task TestSecurityApiRequestSignature() + public async Task TestSecureApiRequestSignature() { var mockClient = WechatApiClientBuilder .Create(new WechatApiClientOptions() { AppId = "wxba6223c06417af7b", - SecurityApiEnabled = true, - SecurityApiSymmetricNumber = "fa05fe1e5bcc79b81ad5ad4b58acf787", - SecurityApiSymmetricEncodingKey = "otUpngOjU+nVQaWJIC3D/yMLV17RKaP6t4Ot9tbnzLY=", - SecurityApiAsymmetricNumber = "97845f6ed842ea860df6fdf65941ff56", - SecurityApiAsymmetricPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA3FoQOmOl5/CF5hF7ta4EzCy2LaU3Eu2k9DBwQ73J82I53Sx9\nLAgM1DH3IsYohRRx/BESfbdDI2powvr6QYKVIC+4Yavwg7gzhZRxWWmT1HruEADC\nZAgkUCu+9Il/9FPuitPSoIpBd07NqdkkRe82NBOfrKTdhge/5zd457fl7J81Q5VT\nIxO8vvq7FSw7k6Jtv+eOjR6SZOWbbUO7f9r4UuUkXmvdGv21qiqtaO1EMw4tUCEL\nzY73M7NpCH3RorlommYX3P6q0VrkDHrCE0/QMhmHsF+46E+IRcJ3wtEj3p/mO1Vo\nCpEhawC1U728ZUTwWNEii8hPEhcNAZTKaQMaTQIDAQABAoIBAQCXv5p/a5KcyYKc\n75tfgekh5wTLKIVmDqzT0evuauyCJTouO+4z/ZNAKuzEUO0kwPDCo8s1MpkU8boV\n1Ru1M8WZNePnt65aN+ebbaAl8FRzNvltoeg9VXIUmBvYcjzhOVAE4V2jW7M8A9QU\nzUpyswuED6OeFKfOHtYk2In2IipAqhfbyc6gn7uZSWTQsoO6hGBRQ7Ejx+vgwrbx\nZKVZ7UXbPHD0lOEPraA3PH/QUeUKpNwK2NXQoBxWcR283/HxFSAjjSSsGSBKsCnw\nDN55P2FQ0HNi5YrwUNT9190NIXSeygaRy1b+D+yBfm+yE7/qXwHLZCHsjO+2tMSS\n3KGjllTBAoGBAP9FPeYNKZuu5jt9RpZwXCc9E7Iz7bmM7zws6dun6dQH0xVVWFVm\niGIu07eqyB8HNagXseFzoXLV5EQx+3DaB0bAH+ZEpHGJJpAWSLusigssFUFuTvTF\nw+rC5hxOfidMa6+93SU5pWeJb0zJF8PRDaJ3UmwlwpYubF17sT4PD6p9AoGBANz7\nRlhRSFvggJjhEMpek3OIYWrrlRNO2MVcP7i/fGNTHhrw7OHcNGRof54QZ2Y0baL7\n1vHNokbK2mnT+cQXY/gXMmcE/eV4xyRGYiIL9nBdrkLerc43EYPv+evDvgyji6+y\n4np5cKqHrS8F+YzATk82Jt9HgdI2MvfbJTkSbmgRAoGAHNPL9rPb1An/VA6Ery6H\nKaM7Gy/EE+U3ixsjWbvvqxMrIkieDh7jHftdy2sM6Hwe8hmi6+vr+pTvD0h5tbfZ\nhILj11Q/Idc0NKdflVoZyMM0r0vuvLOsuVFDPUUb+AIoUxNk6vREmpmpqQk4ltN/\n763779yfyef6MuBqFrEKut0CgYB9FfsuuOv1nfINF7EybDCZAETsiee7ozEPHnWv\ndSzK6FytMV1VSBmcEI7UgUKWVu0MifOUsiq+WcsihmvmNLtQzoioSeoSP7ix7ulT\njmP0HQMsNPI7PW67uVZFv2pPqy/Bx8dtPlqpHN3KNV6Z7q0lJ2j/kHGK9UUKidDb\nKnS2kQKBgHZ0cYzwh9YnmfXx9mimF57aQQ8aFc9yaeD5/3G2+a/FZcHtYzUdHQ7P\nPS35blD17/NnhunHhuqakbgarH/LIFMHITCVuGQT4xS34kFVjFVhiT3cHfWyBbJ6\nGbQuzzFxz/UKDDKf3/ON41k8UP20Gdvmv/+c6qQjKPayME81elus\n-----END RSA PRIVATE KEY-----" + SecureApiEnabled = true, + SecureApiSymmetricNumber = "fa05fe1e5bcc79b81ad5ad4b58acf787", + SecureApiSymmetricEncodingKey = "otUpngOjU+nVQaWJIC3D/yMLV17RKaP6t4Ot9tbnzLY=", + SecureApiAsymmetricNumber = "97845f6ed842ea860df6fdf65941ff56", + SecureApiAsymmetricPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA3FoQOmOl5/CF5hF7ta4EzCy2LaU3Eu2k9DBwQ73J82I53Sx9\nLAgM1DH3IsYohRRx/BESfbdDI2powvr6QYKVIC+4Yavwg7gzhZRxWWmT1HruEADC\nZAgkUCu+9Il/9FPuitPSoIpBd07NqdkkRe82NBOfrKTdhge/5zd457fl7J81Q5VT\nIxO8vvq7FSw7k6Jtv+eOjR6SZOWbbUO7f9r4UuUkXmvdGv21qiqtaO1EMw4tUCEL\nzY73M7NpCH3RorlommYX3P6q0VrkDHrCE0/QMhmHsF+46E+IRcJ3wtEj3p/mO1Vo\nCpEhawC1U728ZUTwWNEii8hPEhcNAZTKaQMaTQIDAQABAoIBAQCXv5p/a5KcyYKc\n75tfgekh5wTLKIVmDqzT0evuauyCJTouO+4z/ZNAKuzEUO0kwPDCo8s1MpkU8boV\n1Ru1M8WZNePnt65aN+ebbaAl8FRzNvltoeg9VXIUmBvYcjzhOVAE4V2jW7M8A9QU\nzUpyswuED6OeFKfOHtYk2In2IipAqhfbyc6gn7uZSWTQsoO6hGBRQ7Ejx+vgwrbx\nZKVZ7UXbPHD0lOEPraA3PH/QUeUKpNwK2NXQoBxWcR283/HxFSAjjSSsGSBKsCnw\nDN55P2FQ0HNi5YrwUNT9190NIXSeygaRy1b+D+yBfm+yE7/qXwHLZCHsjO+2tMSS\n3KGjllTBAoGBAP9FPeYNKZuu5jt9RpZwXCc9E7Iz7bmM7zws6dun6dQH0xVVWFVm\niGIu07eqyB8HNagXseFzoXLV5EQx+3DaB0bAH+ZEpHGJJpAWSLusigssFUFuTvTF\nw+rC5hxOfidMa6+93SU5pWeJb0zJF8PRDaJ3UmwlwpYubF17sT4PD6p9AoGBANz7\nRlhRSFvggJjhEMpek3OIYWrrlRNO2MVcP7i/fGNTHhrw7OHcNGRof54QZ2Y0baL7\n1vHNokbK2mnT+cQXY/gXMmcE/eV4xyRGYiIL9nBdrkLerc43EYPv+evDvgyji6+y\n4np5cKqHrS8F+YzATk82Jt9HgdI2MvfbJTkSbmgRAoGAHNPL9rPb1An/VA6Ery6H\nKaM7Gy/EE+U3ixsjWbvvqxMrIkieDh7jHftdy2sM6Hwe8hmi6+vr+pTvD0h5tbfZ\nhILj11Q/Idc0NKdflVoZyMM0r0vuvLOsuVFDPUUb+AIoUxNk6vREmpmpqQk4ltN/\n763779yfyef6MuBqFrEKut0CgYB9FfsuuOv1nfINF7EybDCZAETsiee7ozEPHnWv\ndSzK6FytMV1VSBmcEI7UgUKWVu0MifOUsiq+WcsihmvmNLtQzoioSeoSP7ix7ulT\njmP0HQMsNPI7PW67uVZFv2pPqy/Bx8dtPlqpHN3KNV6Z7q0lJ2j/kHGK9UUKidDb\nKnS2kQKBgHZ0cYzwh9YnmfXx9mimF57aQQ8aFc9yaeD5/3G2+a/FZcHtYzUdHQ7P\nPS35blD17/NnhunHhuqakbgarH/LIFMHITCVuGQT4xS34kFVjFVhiT3cHfWyBbJ6\nGbQuzzFxz/UKDDKf3/ON41k8UP20Gdvmv/+c6qQjKPayME81elus\n-----END RSA PRIVATE KEY-----" }) .UseHttpClient(new MockHttpClient()) .Build(); @@ -44,7 +44,7 @@ namespace SKIT.FlurlHttpClient.Wechat.Api.UnitTests } } - partial class TestCase_SecurityApiTests + partial class TestCase_SecureApiTests { private const string MOCK_RESP_HEADER_RESULT = "x-result";