Merge pull request #612 from ArtisanCloud/develop

Develop

Author: Matrix-X

src/kernel/support/signer.go

@@ -9,13 +9,15 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"github.com/ArtisanCloud/PowerLibs/v3/object"
 	"os"
 	"strings"
 	"time"
+
+	"github.com/ArtisanCloud/PowerLibs/v3/object"
 )
 
 // 请求报文签名相关常量
@@ -189,9 +191,9 @@ func SignSHA256WithRSA(source string, privateKey *rsa.PrivateKey) (signature str
 	return base64.StdEncoding.EncodeToString(signatureByte), nil
 }
 
-func SignSHA256WithHMac(sessionKey []byte, input string) ([]byte, error) {
+func SignSHA256WithHMac(sessionKey []byte, input string) (string, error) {
 	if len(sessionKey) == 0 {
-		return nil, errors.New("session key is empty")
+		return "", errors.New("session key is empty")
 	}
 
 	// Create a new HMAC SHA256 object
@@ -200,11 +202,11 @@ func SignSHA256WithHMac(sessionKey []byte, input string) ([]byte, error) {
 	// Write the input string to the HMAC object
 	inputBytes := []byte(input)
 	if _, err := hmac.Write(inputBytes); err != nil {
-		return nil, err
+		return "", err
 	}
 
 	// Get the HMAC signature
 	signature := hmac.Sum(nil)
 
-	return signature, nil
+	return hex.EncodeToString(signature), nil
 }

src/kernel/support/signer_test.go

@@ -5,12 +5,14 @@ import (
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"github.com/go-playground/assert/v2"
 	"strings"
 	"testing"
+
+	"github.com/go-playground/assert/v2"
 )
 
 const (
@@ -109,19 +111,6 @@ func TestSha256WithRsa(t *testing.T) {
 	}
 }
 
-// 辅助函数：比较两个字节切片是否相等
-func compareByteSlices(a, b []byte) bool {
-	if len(a) != len(b) {
-		return false
-	}
-	for i, v := range a {
-		if v != b[i] {
-			return false
-		}
-	}
-	return true
-}
-
 // 测试函数
 func TestSignSHA256WithHMac(t *testing.T) {
 	testCases := []struct {
@@ -173,7 +162,7 @@ func TestSignSHA256WithHMac(t *testing.T) {
 			// 1. 计算预期结果
 			expectedHmac := hmac.New(sha256.New, tc.sessionKey)
 			expectedHmac.Write([]byte(tc.input))
-			expectedSig := expectedHmac.Sum(nil)
+			expectedSig := hex.EncodeToString(expectedHmac.Sum(nil))
 
 			// 2. 调用 SignSHA256WithHMac 函数
 			sig, err := SignSHA256WithHMac(tc.sessionKey, tc.input)
@@ -188,7 +177,7 @@ func TestSignSHA256WithHMac(t *testing.T) {
 			} else {
 				if err != nil {
 					t.Errorf("Unexpected error: %v", err)
-				} else if !compareByteSlices(sig, expectedSig) {
+				} else if sig != expectedSig {
 					t.Errorf("Signature mismatch. Expected: %x, Got: %x", expectedSig, sig)
 				}
 			}

src/miniProgram/auth/client.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"context"
+
 	"github.com/ArtisanCloud/PowerLibs/v3/object"
 	"github.com/ArtisanCloud/PowerWeChat/v3/src/kernel"
 	response2 "github.com/ArtisanCloud/PowerWeChat/v3/src/kernel/response"
@@ -57,9 +58,8 @@ func (comp *Client) CheckSession(ctx context.Context, openId string, sessionKey
 	}
 	params := &object.StringMap{
 		"appid":      config.GetString("app_id", ""),
-		"secret":     config.GetString("secret", ""),
 		"openid":     openId,
-		"signature":  string(sign),
+		"signature":  sign,
 		"sig_method": "hmac_sha256",
 	}
 
@@ -82,9 +82,8 @@ func (comp *Client) ResetUserSessionKey(ctx context.Context, openId string, sess
 	}
 	params := &object.StringMap{
 		"appid":      config.GetString("app_id", ""),
-		"secret":     config.GetString("secret", ""),
 		"openid":     openId,
-		"signature":  string(sign),
+		"signature":  sign,
 		"sig_method": "hmac_sha256",
 	}