From c6448e6a6e873de612d6a12fa90277b4dc207929 Mon Sep 17 00:00:00 2001
From: pppscn <35696959@qq.com>
Date: Wed, 3 Mar 2021 14:49:32 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DPost=E9=80=9A=E7=9F=A5?=
 =?UTF-8?q?=E9=AA=8C=E7=AD=BE=E6=97=B6=E9=97=B4=E6=88=B3=E7=BC=BA=E5=A4=B1?=
 =?UTF-8?q?=20by=20xiaoyuanhost?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../idormy/sms/forwarder/utils/SenderWebNotifyMsg.java |  3 ++-
 doc/POST_WEB.md                                        | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/app/src/main/java/com/idormy/sms/forwarder/utils/SenderWebNotifyMsg.java b/app/src/main/java/com/idormy/sms/forwarder/utils/SenderWebNotifyMsg.java
index 54560215..500c2cec 100644
--- a/app/src/main/java/com/idormy/sms/forwarder/utils/SenderWebNotifyMsg.java
+++ b/app/src/main/java/com/idormy/sms/forwarder/utils/SenderWebNotifyMsg.java
@@ -49,7 +49,8 @@ public class SenderWebNotifyMsg {
             byte[] signData = mac.doFinal(stringToSign.getBytes("UTF-8"));
             String sign = URLEncoder.encode(new String(Base64.encode(signData, Base64.NO_WRAP)), "UTF-8");
             Log.i(TAG, "sign:" + sign);
-            builder.addFormDataPart("content", content);
+            builder.addFormDataPart("timestamp", String.valueOf(timestamp));
+            builder.addFormDataPart("sign", sign);
         }
 
         RequestBody body = builder.build();
diff --git a/doc/POST_WEB.md b/doc/POST_WEB.md
index d2fe704a..901de5c2 100644
--- a/doc/POST_WEB.md
+++ b/doc/POST_WEB.md
@@ -13,13 +13,15 @@ https://api.sl.allmything.com/api/msg/pushMsg?token=p9EM2K4Po01UIJr3sISbRmBFYWCH
 |  ----  | ----  | ----  |
 | from  | string  | 来源手机号 |
 | content  | string  | 短信内容 |
+| timestamp  | string |  当前时间戳，单位是毫秒，（建议验证与请求调用时间误差不能超过1小时，防止重放欺骗） |
 | sign  | string  | 当设置secret时，生成的sign签名，用于发送端校验，规则见下方sign校验规则 |
 
+* sign部分参考借鉴了[阿里钉钉群机器人的sign生成](https://developers.dingtalk.com/document/app/custom-robot-access)
 ### sign校验规则
 把timestamp+"\n"+密钥当做签名字符串，使用HmacSHA256算法计算签名，然后进行Base64 encode，最后再把签名参数再进行urlEncode，得到最终的签名（需要使用UTF-8字符集）
 |  参数    |  说明  |
 |  ----   | ----  |
-| timestamp   |  当前时间戳，单位是毫秒，与请求调用时间误差不能超过1小时 |
+| timestamp   |  当前时间戳，单位是毫秒，（建议验证与请求调用时间误差不能超过1小时，防止重放欺骗） |
 | secret   | 密钥，web通知设置页面，secret |
 
 示例：
@@ -48,7 +50,7 @@ public class Test {
 ```
 
 ```python
-#python 3.8 
+#python 3.8
 import time
 import hmac
 import hashlib
@@ -66,7 +68,7 @@ print(timestamp)
 print(sign)
 
 ```
-```python  
+```python
 #python 2.7
 import time
 import hmac
@@ -85,5 +87,3 @@ print(timestamp)
 print(sign)
 
 ```
-
-