redirect now has signature check

crmpixel.go

 
 func createNewCookie(r *http.Request) (ret http.Cookie, info crmdLead) {
 	info = crmCreateNewAnonymousLeadByHTTPRequest(r)
-	ret = createNewCookieByLeadID(info.ID)
+	ret = cookieFromLeadID(info.ID)
 	return
 }
 
-func createNewCookieByLeadID(leadID string) (ret http.Cookie) {
+func cookieFromLeadID(leadID string) (ret http.Cookie) {
+	return cookieCreateLongTerm(cookLeadID, leadID)
+}
+
+func cookieCreateLongTerm(name, value string) (ret http.Cookie) {
 	expiration := time.Now().Add(10 * 365 * 24 * time.Hour)
-	cookieValue := buildBiukopCLValue(leadID)
-	ret = http.Cookie{Name: cookLeadID, Value: cookieValue, Expires: expiration}
+	signedValue := cookieSignValue(value)
+	ret = http.Cookie{Name: name, Value: signedValue, Expires: expiration}
+	return
+}
+
+func cookieCreate(name, value string, expireInSeconds int) (ret http.Cookie) {
+	expiration := time.Now().Add(time.Duration(expireInSeconds) * time.Second)
+	signedValue := cookieSignValue(value)
+	ret = http.Cookie{Name: name, Value: signedValue, Expires: expiration}
 	return
 }
 
 	return
 }
 
-func buildBiukopCLValue(id string) (ret string) {
+func cookieSignValue(id string) (ret string) {
 	rand.Seed(time.Now().Unix())
 	nonce := fmt.Sprintf("%d", rand.Intn(655352017))
 	timestamp, signature := buildBiukopCLsignature(id, nonce)
 //
 func setTrackingCookieAndRecirect(w http.ResponseWriter, r *http.Request) {
 
-	rq := r.URL.RawQuery
-	m, _ := url.ParseQuery(rq)
+	//check signature and then perform redirect
+	if !checkSignatureByToken(r, IntraAPIConfig.CRMSecrete) {
+		response403Handler(w)
+		return
+	}
+
+	m, err := url.ParseQuery(r.URL.RawQuery)
+	if err != nil {
+		response400Handler(w)
+		return
+	}
+
+	url, ok := m["url"]
+	if !ok {
+		response400Handler(w)
+		return
+	}
 
 	//set cookie if any
 	leadID, ok := m["lid"]
 	if ok {
 		log.Println("setlead cookie :" + leadID[0])
-		cookie := createNewCookieByLeadID(leadID[0])
+		cookie := cookieFromLeadID(leadID[0])
 		http.SetCookie(w, &cookie)
 	} else {
 		cookie := crmpixelCookie(r)
 		http.SetCookie(w, &cookie)
 	}
 
-	url, ok := m["url"]
+	//get expire settings if any
+	expire := 7200 //2 hours
+	expireTime, ok := m["expire"]
 	if ok {
-		http.Redirect(w, r, url[0], 307) //302 temp redirect
-		return
+		expire, _ = strconv.Atoi(expireTime[0])
 	}
-	w.WriteHeader(http.StatusNotFound)
-	fmt.Fprintf(w, "Not Found URL")
+
+	//set all cookie from url
+	for k, v := range m {
+		if k == "lid" || k == "url" || k == "expire" { //skip lead id and URL and expire
+			continue
+		}
+		log.Printf("set cookie %s=%s", k, v)
+		cookie := cookieCreate(k, v[0], expire)
+		http.SetCookie(w, &cookie)
+	}
+
+	//perform redirect
+	http.Redirect(w, r, url[0], 307) //302 temp redirect
+	return
 }

crmpixel_test.go

 }
 
 func buildReqRedirect() (req *http.Request) {
-	req, err := http.NewRequest("GET", "/redirect?url=url=http%3A%2F%2Fkidshealth.org%2Fen%2Fparents%2Ffas.html", nil)
+	req, err := http.NewRequest("GET", "/spa/redirect?url=url=http%3A%2F%2Fkidshealth.org%2Fen%2Fparents%2Ffas.html", nil)
 	if err != nil {
 		log.Fatal(err)
 	}

main.go

 	http.HandleFunc("/crmfiles/", crmAttachmentHandler)
 	http.HandleFunc("/dumprequest", dumpReuestHandler)
 	http.HandleFunc("/MP_verify_6JqVkftKr39GMakA.txt", mpDomainAuthSecret)
-	http.HandleFunc("/redirect", setTrackingCookieAndRecirect)
+	http.HandleFunc("/spa/redirect", setTrackingCookieAndRecirect)
 	http.HandleFunc("/iapi/getAccessToken", supplyAccessToken)
 	http.HandleFunc("/iapi/createWechatQr", iapiCreateWechatQrCode)
 	http.HandleFunc("/crmpixel.png", crmpixel) //tracking pixel.
 	w.Header().Set("Access-Control-Expose-Headers", "Set-Cookie,myheader,*")
 	w.Header().Set("myheader", "myheader-data")
 
-	// expiration := time.Now().Add(10 * 365 * 24 * time.Hour)
+	// expiration := time.Now().Add(time.Duration(300) * time.Second)
 	// str := time.Now().String()
 	// cookie := http.Cookie{Name: "username", Value: str, Expires: expiration}
 	// http.SetCookie(w, &cookie)
+	// cookie1 := http.Cookie{Name: "username1", Value: str, Expires: expiration}
+	// http.SetCookie(w, &cookie1)
 
 	fmt.Fprintf(w, `{"status":"OK"}`)
 	for _, c := range r.Cookies() {

menuClick.go

 
 	if found && err == nil {
 		url := ""
-		first := "截至" + time.Now().Format("2006-01-02 15:04:06 Mon MST -07") + " 您的积分，奖品，余额，如下\n\n" +
+		AEST, _ := time.LoadLocation("Australia/Sydney")
+		first := "截至" + time.Now().In(AEST).Format("2006-01-02 15:04") + "(澳洲东部时间) 您的积分，奖品，余额，如下\n\n" +
 			"积分：无"
 		name := info.LastName
 		addr := info.EmailAddress
 		card := info.ID
 		balance := "澳币 $0 "
-		remark := "奖品：无\n\n余额可联络财务兑现，奖品余额30过期" + "\n请确保您的姓名，地址信息正确"
+		remark := "奖品：无\n\n余额可联络财务兑现，奖品余额30天过期" + "\n请确保您的姓名，地址信息正确"
 		templateSendAccountBalance(ss.OpenID, url, first, remark, name, addr, card, balance)
 	}
 

procGetBasicUserInfo.go

 	a.Description = ""
 	a.PicURL = ""
 	a.Title = "点击这里编辑您的资料"
-	u := GlobalPath.ThisSiteURL + "redirect?lid=" + m.ID + "&url=" + GlobalPath.ThisSiteURL + "spa/editprofile"
+	u := GlobalPath.ThisSiteURL + "spa/redirect?lid=" + m.ID + "&url=" + GlobalPath.ThisSiteURL + "spa/editprofile"
 	a.URL = buildSignatureAppend2Url(u, IntraAPIConfig.CRMSecrete)
 	return a
 }

spa/403.html

                 <div class="col s12 valign center"> 
                     <h3>Not Autorized</h3> 
                     <p>Oops! 你没有访问权限</p>
+                    <p>您的请求已经过期</p>
                 </div>
             </div>
             <div class="row">