Node.js 使用sha512、base64、UTC时间戳和Javascript/Node的API授权

我正在尝试访问我们的支付提供商API，但我一直收到403响应（禁止）。我已经三次检查了凭证，它们是正确的。以下是身份验证说明：

对API的每个请求都必须使用授权HTTP请求头进行身份验证

将时间戳放在“timestamp”标题中。该值应为以UTC格式创建和发送消息的时间

使用以下公式计算每个请求的授权标头

例如：

完整的文件

以下是我得到的代码：

import axios from "axios";
import CryptoJS from "crypto-js";

// Below function returns the date in the following format "#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#" in UTC time. 
//Code for customFormat is omitted but it returns a string in the expected for`enter code here`mat.
 
      function customDate() {
        let now = new Date();
        return now.customFormat("#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#");
      }

      let timeStamp = customDate();
      let id = 123456; //Not the actual id, but same format (6 digits).
      let secret = "AaBb123C345De"; //Not the actual secret. Actual secret is a long string of digits and letters
      let body = "";

      let hashString = CryptoJS.SHA512(
        `${body}${secret}${timeStamp}`
      ).toString();

      hashString = hashString.replace(/\-/, "");

      console.log(timeStamp);

      axios
        .get(
          "https://paymentadminapi.svea.com/api/v1/orders/123",
          {
            headers: {
              "Timestamp": timeStamp,
              "Authorization": "Svea " + btoa(`${id}:${hashString}`),
            },
          }
        )
        .then((res) => {
          console.log(res.data);
        })
        .catch((error) => {
          console.error(error);
        });

---

这应该得到一个特定的订单号（在这个示例代码中是123），但它不起作用（响应403），所以有人能告诉我我做错了什么吗？谢谢

我明白了。简单的人为错误。customDate以这种格式返回今天的日期，

2021-05-25 08:20:02

，但这是预期的格式，

2021-5-25 8:20:2

。数字小于10时为个位数

我将customDate函数替换为：

      const now = new Date();
      const year = now.getUTCFullYear();
      const month = now.getUTCMonth() +1; // January = 0
      const day = now.getUTCDate();
      const hour = now.getUTCHours();
      const minute = now.getUTCMinutes();
      const sec = now.getUTCSeconds();

      const timeStamp = `${year}-${month}-${day} ${hour}:${minute}:${sec}`;

现在它起作用了。也许有更好的方法以特定的UTC格式获取日期，但这对我来说很有效。

为什么要在sha输出中删除“-”呢？不确定：）。我在另一个使用sha512的代码片段中看到了它，所以我决定尝试一下。如果我把它放在那里或者移除它，现在就有区别了。问题是时间戳。请看下面我的答案。感谢您抽出时间回答我的问题。

import axios from "axios";
import CryptoJS from "crypto-js";

// Below function returns the date in the following format "#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#" in UTC time. 
//Code for customFormat is omitted but it returns a string in the expected for`enter code here`mat.
 
      function customDate() {
        let now = new Date();
        return now.customFormat("#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#");
      }

      let timeStamp = customDate();
      let id = 123456; //Not the actual id, but same format (6 digits).
      let secret = "AaBb123C345De"; //Not the actual secret. Actual secret is a long string of digits and letters
      let body = "";

      let hashString = CryptoJS.SHA512(
        `${body}${secret}${timeStamp}`
      ).toString();

      hashString = hashString.replace(/\-/, "");

      console.log(timeStamp);

      axios
        .get(
          "https://paymentadminapi.svea.com/api/v1/orders/123",
          {
            headers: {
              "Timestamp": timeStamp,
              "Authorization": "Svea " + btoa(`${id}:${hashString}`),
            },
          }
        )
        .then((res) => {
          console.log(res.data);
        })
        .catch((error) => {
          console.error(error);
        });

      const now = new Date();
      const year = now.getUTCFullYear();
      const month = now.getUTCMonth() +1; // January = 0
      const day = now.getUTCDate();
      const hour = now.getUTCHours();
      const minute = now.getUTCMinutes();
      const sec = now.getUTCSeconds();

      const timeStamp = `${year}-${month}-${day} ${hour}:${minute}:${sec}`;