The main function of the api interface sign signature is to prevent illegal tampering of parameters and improve the security of the interface.
The most common illegal tampering is to modify important sensitive parameters such as the amount. The value of sign is generally to sort all non-empty parameters in ascending order and then splice together +token+key+timestamp+nonce (random number), and then use some encryption algorithm Encrypt and pass as a parameter sign in the interface, or put sign in the request header.
If the interface is hijacked by a hacker during the network transmission process and modifies the parameter value, and then continues to call the interface, although the parameter value is modified, the hacker does not know how the sign is calculated, and does not know what the sign is. Value composition, I don’t know in what order they are spliced together, the most important thing is that I don’t know what the key in the signature string is, so hackers can tamper with the value of the parameter, but they can’t modify the value of sign, when the server calls the interface The value of sign will be recalculated according to the rules of sign and then compared with the value of the sign parameter passed by the interface. If it is equal, it means that the parameter value has not been tampered with. If it is not equal, it means that the parameter has been illegally tampered with, and the interface will not be executed.
The following is a way for Vue to implement sign signature, which can be used after making corresponding modifications according to actual needs
import MD5 from 'js-md5'
/**
* 签名算法
* @param data
* @returns {string}
*/
export function getSign(data) {
const keysSorted = Object.keys(data).sort()
let str = ''
for (let i = 0; i < keysSorted.length; i++) {
str += keysSorted[i] + '=' + (data[keysSorted[i]]!=null?data[keysSorted[i]]:'')
}
return MD5(str).toUpperCase()
}