check signature logic seperated for internal purpose as well.

server.go

@@ -142,36 +142,40 @@ func checkSignature(r *http.Request) bool {
 	nonce, nok := m["nonce"]
 	token := APIConfig.Token
 	if sok && tok && nok {
-		//sort token, timestamp, nonce  and join them
-		strs := []string{token, timestamp[0], nonce[0]}
-		sort.Strings(strs)
-		s := strings.Join(strs, "")
-
-		//calculate sha1
-		h := sha1.New()
-		h.Write([]byte(s))
-		calculated := fmt.Sprintf("%x", h.Sum(nil))
-		return signature[0] == calculated
+		return verifySignature(signature[0], timestamp[0], nonce[0], token)
 	}
 	return false
 }
 
-func checkSignature1() bool {
-	s1 := "e39de9f2e28079c01ebb4b803dfc3442b819545c"
-	t1 := "1492970761"
-	n1 := "1850971833"
-	token := APIConfig.Token
-
-	strs := []string{token, t1, n1}
+func verifySignature(signature, timestamp, nonce, token string) bool {
+	//sort token, timestamp, nonce  and join them
+	strs := []string{token, timestamp, nonce}
 	sort.Strings(strs)
 	s := strings.Join(strs, "")
 
+	//calculate sha1
 	h := sha1.New()
 	h.Write([]byte(s))
-	us := fmt.Sprintf("%x", h.Sum(nil))
-	return s1 == us
+	calculated := fmt.Sprintf("%x", h.Sum(nil))
+	return signature == calculated
 }
 
+// func checkSignature1() bool {
+// 	s1 := "e39de9f2e28079c01ebb4b803dfc3442b819545c"
+// 	t1 := "1492970761"
+// 	n1 := "1850971833"
+// 	token := APIConfig.Token
+
+// 	strs := []string{token, t1, n1}
+// 	sort.Strings(strs)
+// 	s := strings.Join(strs, "")
+
+// 	h := sha1.New()
+// 	h.Write([]byte(s))
+// 	us := fmt.Sprintf("%x", h.Sum(nil))
+// 	return s1 == us
+// }
+
 //webrootHandler sending contents to client when request "/"
 //      essentially to prove the webserver is still alive
 //      echo query string to the client