From c315cdeebac26eb6f0290e80493cae9a77b632b5 Mon Sep 17 00:00:00 2001
From: Patrick Peng Sun <patrick@lawipac.com>
Date: Thu, 6 Jul 2017 14:54:31 +1000
Subject: [PATCH] check signature check teim stamp too old or too new.

---
 server.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/server.go b/server.go
index d2be4cb..0a9c1a7 100644
--- a/server.go
+++ b/server.go
@@ -11,7 +11,9 @@ import (
 	"net/url"
 	"os"
 	"sort"
+	"strconv"
 	"strings"
+	"time"
 )
 
 //apiV1Main  version 1 main entry for all wechat callbacks
@@ -148,6 +150,9 @@ func checkSignature(r *http.Request) bool {
 }
 
 func verifySignature(signature, timestamp, nonce, token string) bool {
+	if timestampTooOldStr(timestamp) {
+		return false
+	}
 	//sort token, timestamp, nonce  and join them
 	strs := []string{token, timestamp, nonce}
 	sort.Strings(strs)
@@ -160,6 +165,24 @@ func verifySignature(signature, timestamp, nonce, token string) bool {
 	return signature == calculated
 }
 
+func timestampTooOldStr(timestamp string) bool {
+	ts, err := strconv.Atoi(timestamp)
+	if err != nil {
+		return true
+	}
+	return timestampTooOld(int32(ts))
+}
+
+func timestampTooOld(ts int32) bool {
+	//diff > 3min from now
+	now := int32(time.Now().Unix())
+	diff := now - ts
+	if diff < 0 {
+		diff = -diff
+	}
+	return diff > 180 //3 minutes, 180 seconds
+}
+
 // func checkSignature1() bool {
 // 	s1 := "e39de9f2e28079c01ebb4b803dfc3442b819545c"
 // 	t1 := "1492970761"