验证消息真实性
uses IdHashSHA, IdGlobal; function SHA1(Input: String): String; begin with TIdHashSHA1.Create do try Result := LowerCase(HashBytesAsHex(TidBytes(Bytesof(Input)))); finally Free; end; end; function CheckSignature(ARequestInfo: TIdHTTPRequestInfo): boolean; var signature, timestamp, nonce, echostr: String; tmpstr: TStringList; temp: String; begin tmpstr := TStringList.Create; try signature := ARequestInfo.Params.Values[‘signature‘]; timestamp := ARequestInfo.Params.Values[‘timestamp‘]; nonce := ARequestInfo.Params.Values[‘nonce‘]; echostr := ARequestInfo.Params.Values[‘echostr‘]; tmpstr.Add(Token); tmpstr.Add(timestamp); tmpstr.Add(nonce); tmpstr.Sort; temp := StringReplace(tmpstr.text, #13#10, ‘‘, [rfReplaceAll]); Result := SHA1(temp) = signature; finally tmpstr.Free; end; end; procedure TForm1.IdHTTPServerCommandGet(AContext: TIdContext; ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo); begin if CheckSignature(ARequestInfo) then if ARequestInfo.Params.Values[‘echostr‘] <> ‘‘ then begin AResponseInfo.ContentType := ‘text/html; charset=UTF-8‘; AResponseInfo.ContentText := ARequestInfo.Params.Values[‘echostr‘]; end; end;
原文地址:http://www.cnblogs.com/devinlee/p/4282546.html
时间: 2024-10-22 11:35:54