cross server怎么取出自定义头部的Token
客户端是这样发送post请求的
with vHttp do
begin
ContentType := ‘application/json‘;
UserAgent := ‘Embarcadero URI Client/1.0‘;
vHttp.CustomHeaders[‘Authorization‘] := ‘Bearer ‘+‘aaaaaaaaaaaaabbbbbbbbbbbcccccccccc‘;//Access_Token;
服务端这么取token:
class function TNetCrossMiddleware.AuthenticateDigest( AAuthGetPasswordProc: TAuthGetPasswordProc; const ARealm: string): TCrossHttpRouterProc2; begin Result := procedure(const ARequest: ICrossHttpRequest; const AResponse: ICrossHttpResponse; var AHandled: Boolean) var LUserName, LCorrectPassword: string; LNonce, LUserResponse, LCorrectResponse: string; LAuthStr: string; A1, A2, HA1, HA2: string; LAuthParams: TDelimitParams; begin // Authorization: Digest username="admin", realm="test realm", nonce="2468217498b46028705d401192459edd", uri="/login?key=value1", response="1d663058353e8f5831328728c29a6a1a", qop=auth, nc=00000006, cnonce="5d63a594e16feba2" LAuthStr := ARequest.Header[‘Authorization‘]; if (LAuthStr <> ‘‘) then begin if (LAuthStr.StartsWith(‘Digest‘)) then LAuthStr := LAuthStr.Substring(7) else LAuthStr := ‘‘; end; LCorrectPassword := #0; if (LAuthStr <> ‘‘) then begin LAuthParams := TDelimitParams.Create; try LAuthParams.Delimiter := ‘,‘; LAuthParams.Decode(LAuthStr); LUserName := LAuthParams[‘username‘].Replace(‘"‘, ‘‘); // 获取用户名对应的正确密码 if Assigned(AAuthGetPasswordProc) then AAuthGetPasswordProc(ARequest, LUserName, LCorrectPassword); {$region ‘计算摘要‘} A1 := Format(‘%s:%s:%s‘, [LUserName, ARealm, LCorrectPassword]); A2 := Format(‘%s:%s‘, [ARequest.Method, LAuthParams[‘uri‘].Replace(‘"‘, ‘‘)]); HA1 := TUtils.BytesToHex(THashMD5.GetHashBytes(A1)); HA2 := TUtils.BytesToHex(THashMD5.GetHashBytes(A2)); LCorrectResponse := HA1 + ‘:‘ + LAuthParams[‘nonce‘].Replace(‘"‘, ‘‘) + ‘:‘ + LAuthParams[‘nc‘].Replace(‘"‘, ‘‘) + ‘:‘ + LAuthParams[‘cnonce‘].Replace(‘"‘, ‘‘) + ‘:auth‘ + ‘:‘ + HA2; LCorrectResponse := TUtils.BytesToHex(THashMD5.GetHashBytes(LCorrectResponse)); {$endregion} // 客户端已计算好的摘要 LUserResponse := LAuthParams[‘response‘].Replace(‘"‘, ‘‘); finally FreeAndNil(LAuthParams); end; end; // 比对客户端与服务端的摘要是否匹配 if (LAuthStr = ‘‘) or (LUserResponse <> LCorrectResponse) then begin AHandled := True; LNonce := TUtils.BytesToHex(THashMD5.GetHashBytes(DateTimeToStr(Now))); AResponse.Header[‘WWW-authenticate‘] := Format( ‘Digest realm="%s", qop=auth, nonce="%s"‘, [ARealm, LNonce]); AResponse.SendStatus(401); Exit; end; AHandled := False; end; end;
原文:https://www.cnblogs.com/hnxxcxg/p/13951970.html