这个验签逻辑是不是判断错了

codingcn commented 3 years ago

func (cli *Client) DecryptUserInfo(sessionKey, rawData, encryptedData, signature, iv string) (*UserInfo, error) {

    if encrypt.NewSigner(false, rawData, sessionKey).CompareWith(signature) {
        return nil, errors.New("failed to validate signature")
    }

// 对比签名
func (sign *Signer) CompareWith(signature string) bool {
    return signature == sign.Sign()
}

为什么两个signature相等却判断为签名错误呢，代码应该写错了吧

https://github.com/medivhzhan/miniapp/blob/2e94375d23200d943a2f9cde2444862f7b114706/decrypt.go#L113

royalrick commented 3 years ago

写错了，谢谢🙏

royalrick commented 3 years ago

已经修复

royalrick / weapp

这个验签逻辑是不是判断错了 #52