认证文档 | 大装置帮助中心
跳到主要内容

认证文档

服务端使用 HMAC 方式进行身份认证,需要在请求Header中额外添加两个字段 X-DateAuthorization

curl https:/aidmp.cn-sh-01.sensecoreapi.dev/aids/aidmp/data/v2/dataSpaces/{data_space_id}/repos/{repo_id}/overview\
  -H 'X-Date: Wed, 26 Jul 2023 11:36:03 GMT' \
  -H 'Authorization: hmac accesskey="xxx", algorithm="hmac-sha256", headers="x-date", signature="m4b9mgep/FTiwTFutiqbwsemCjYxv3SUN9YZO7ZvKFc="' \
  ...

用户需要先从SenseCore的控制台首页获取AccessKey和SecretKey,然后通过如下方式计算上述两个字段的值。

bash示例

#!/bin/bash
# 配置
ACCESS_KEY_ID="{ACCESS_KEY_ID}"
ACCESS_KEY_SECRET="{ACCESS_KEY_SECRET}"
URL="https://aidmp.cn-sh-03.sensecoreapi.dev/aids/aidmp/data/v2/resources?display_name=test_zuiquan_001"
METHOD="GET"

# 解析 URL
url_part=$(echo "$URL" | sed -E 's|^https?://||')
host=$(echo "$url_part" | cut -d'/' -f1)
path_query=$(echo "$URL" | sed -E 's|^https?://[^/]+||')
[ -z "$path_query" ] && path_query="/"

# 生成时间戳和签名内容
date_str=$(date -u +"%a, %d %b %Y %H:%M:%S GMT")
method_lower=$(echo "$METHOD" | tr '[:upper:]' '[:lower:]')
sign_content="date: ${date_str}\nhost: ${host}\n@request-target: ${method_lower} ${path_query}"

# 计算签名
signature=$(echo -e "$sign_content" | openssl dgst -sha256 -hmac "$ACCESS_KEY_SECRET" -binary | base64)
auth_header="hmac accesskey=\"${ACCESS_KEY_ID}\", algorithm=\"hmac-sha256\", headers=\"date host @request-target\", signature=\"${signature}\""

# 发送请求
curl -X "$METHOD" "$URL" -H "Date: $date_str" -H "Authorization: $auth_header"
echo ""

上述命令需使用bash/zsh执行,若使用sh执行,得到的签名值会有误

python 示例

import hashlib
import hmac
import requests
import base64
from urllib import parse
from datetime import datetime,timezone

GMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
# Access key
ACCESS_KEY_ID = "{ACCESS_KEY_ID}"
ACCESS_KEY_SECRET = "{ACCESS_KEY_SECRET}"

def hmac_sha256(key, message):
    key = key.encode('UTF-8')
    message = message.encode('UTF-8')
    h = hmac.new(key, message, hashlib.sha256)
    return base64.b64encode(h.digest()).decode()

def get_headers(url: str, method: str) -> dict:
    url_info = parse.urlparse(url)
    now_datetime = datetime.now(timezone.utc).strftime(GMT_FORMAT)
    url_info = parse.urlparse(url)
    path = url_info.path
    if url_info.query != "":
        path += f"?{url_info.query}"    
    host = url_info.hostname
    if url_info.port:
        host = f"{host}:{url_info.port}"
    # Compute signature
    str_headers = "date host @request-target"
    str_host = f"host: {host}"
    str_date = f"date: {now_datetime}"
    str_request_line = f"@request-target: {method.lower()} {path}"
    str_sign_content = f"{str_date}\n{str_host}\n{str_request_line}"
    str_signature = hmac_sha256(ACCESS_KEY_SECRET, str_sign_content)
    str_authorization = f"hmac accesskey=\"{ACCESS_KEY_ID}\", algorithm=\"hmac-sha256\", headers=\"{str_headers}\", signature=\"{str_signature}\""   
    
    headers = {
        "Date": now_datetime,
        "Authorization": str_authorization,
    }
    return headers

url = "https://aidmp.cn-sh-03.sensecoreapi.dev/aids/aidmp/data/v2/resources?display_name=test01"
headers = get_headers(url,"GET")
req = requests.get(url,headers=headers)
print(req.text)