Node.js 使用sha512、base64、UTC时间戳和Javascript/Node的API授权
我正在尝试访问我们的支付提供商API,但我一直收到403响应(禁止)。我已经三次检查了凭证,它们是正确的。以下是身份验证说明: 对API的每个请求都必须使用授权HTTP请求头进行身份验证 将时间戳放在“timestamp”标题中。该值应为以UTC格式创建和发送消息的时间 使用以下公式计算每个请求的授权标头 例如: 完整的文件 以下是我得到的代码:Node.js 使用sha512、base64、UTC时间戳和Javascript/Node的API授权,node.js,authentication,axios,cryptojs,Node.js,Authentication,Axios,Cryptojs,我正在尝试访问我们的支付提供商API,但我一直收到403响应(禁止)。我已经三次检查了凭证,它们是正确的。以下是身份验证说明: 对API的每个请求都必须使用授权HTTP请求头进行身份验证 将时间戳放在“timestamp”标题中。该值应为以UTC格式创建和发送消息的时间 使用以下公式计算每个请求的授权标头 例如: 完整的文件 以下是我得到的代码: import axios from "axios"; import CryptoJS from "crypto-js&q
import axios from "axios";
import CryptoJS from "crypto-js";
// Below function returns the date in the following format "#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#" in UTC time.
//Code for customFormat is omitted but it returns a string in the expected for`enter code here`mat.
function customDate() {
let now = new Date();
return now.customFormat("#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#");
}
let timeStamp = customDate();
let id = 123456; //Not the actual id, but same format (6 digits).
let secret = "AaBb123C345De"; //Not the actual secret. Actual secret is a long string of digits and letters
let body = "";
let hashString = CryptoJS.SHA512(
`${body}${secret}${timeStamp}`
).toString();
hashString = hashString.replace(/\-/, "");
console.log(timeStamp);
axios
.get(
"https://paymentadminapi.svea.com/api/v1/orders/123",
{
headers: {
"Timestamp": timeStamp,
"Authorization": "Svea " + btoa(`${id}:${hashString}`),
},
}
)
.then((res) => {
console.log(res.data);
})
.catch((error) => {
console.error(error);
});
这应该得到一个特定的订单号(在这个示例代码中是123),但它不起作用(响应403),所以有人能告诉我我做错了什么吗?谢谢 我明白了。简单的人为错误。customDate以这种格式返回今天的日期,
2021-05-25 08:20:02
,但这是预期的格式,2021-5-25 8:20:2
。数字小于10时为个位数
我将customDate函数替换为:
const now = new Date();
const year = now.getUTCFullYear();
const month = now.getUTCMonth() +1; // January = 0
const day = now.getUTCDate();
const hour = now.getUTCHours();
const minute = now.getUTCMinutes();
const sec = now.getUTCSeconds();
const timeStamp = `${year}-${month}-${day} ${hour}:${minute}:${sec}`;
现在它起作用了。也许有更好的方法以特定的UTC格式获取日期,但这对我来说很有效。为什么要在sha输出中删除“-”呢?不确定:)。我在另一个使用sha512的代码片段中看到了它,所以我决定尝试一下。如果我把它放在那里或者移除它,现在就有区别了。问题是时间戳。请看下面我的答案。感谢您抽出时间回答我的问题。
import axios from "axios";
import CryptoJS from "crypto-js";
// Below function returns the date in the following format "#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#" in UTC time.
//Code for customFormat is omitted but it returns a string in the expected for`enter code here`mat.
function customDate() {
let now = new Date();
return now.customFormat("#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#");
}
let timeStamp = customDate();
let id = 123456; //Not the actual id, but same format (6 digits).
let secret = "AaBb123C345De"; //Not the actual secret. Actual secret is a long string of digits and letters
let body = "";
let hashString = CryptoJS.SHA512(
`${body}${secret}${timeStamp}`
).toString();
hashString = hashString.replace(/\-/, "");
console.log(timeStamp);
axios
.get(
"https://paymentadminapi.svea.com/api/v1/orders/123",
{
headers: {
"Timestamp": timeStamp,
"Authorization": "Svea " + btoa(`${id}:${hashString}`),
},
}
)
.then((res) => {
console.log(res.data);
})
.catch((error) => {
console.error(error);
});
const now = new Date();
const year = now.getUTCFullYear();
const month = now.getUTCMonth() +1; // January = 0
const day = now.getUTCDate();
const hour = now.getUTCHours();
const minute = now.getUTCMinutes();
const sec = now.getUTCSeconds();
const timeStamp = `${year}-${month}-${day} ${hour}:${minute}:${sec}`;