fix: generateCosAuth添加host必填校验,防止空host导致签名失败

Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/dc4da37f-9c43-4bcb-8d12-24e3310ecc9c

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-04-11 00:27:26 +00:00 committed by GitHub
parent 339e55cf04
commit c07673ba97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions

View File

@ -47,6 +47,9 @@ function hmacSha1(key, str) {
}
function generateCosAuth(secretId, secretKey, method, pathname, host) {
if (!host) {
throw new Error('COS签名需要host参数');
}
const now = Math.floor(Date.now() / 1000);
const exp = now + 600; // 10分钟有效
const keyTime = `${now};${exp}`;
@ -56,7 +59,7 @@ function generateCosAuth(secretId, secretKey, method, pathname, host) {
const qIdx = pathname.indexOf('?');
const signPath = qIdx >= 0 ? pathname.substring(0, qIdx) : pathname;
const httpString = `${method.toLowerCase()}\n${signPath}\n\nhost=${host || ''}\n`;
const httpString = `${method.toLowerCase()}\n${signPath}\n\nhost=${host}\n`;
const sha1edHttpString = crypto.createHash('sha1').update(httpString).digest('hex');
const stringToSign = `sha1\n${keyTime}\n${sha1edHttpString}\n`;
const signature = hmacSha1(signKey, stringToSign).toString('hex');