霍比REST签名请求-验证失败

Question

我对Huobi (密码交换) REST请求-签名有问题。规则是明确的(例如这里)。"v1/account/acounts“示例-- GET不带params：

1. URL：AccessKeyId=dbye2sf5t7-d5829459-bf3aee27-67f62&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2020-11-11T12%3A17%3A57
2. 预签名文本：GET\napi.huobi.pro\n/v1/account/accounts\nAccessKeyId=dbye2sf5t7-d5829459-bf3aee27-67f62&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2020-11-11T12%3A17%3A57
3. Hmac Hmac 256-使用私钥(已验证的这里)：auZl70i2qsUb7+U9yYEEY1bwzLypWIM7qF1pBAJcvfc=对预签名文本进行签名。
4. 要获取的URL：https://api.huobi.pro/v1/account/accounts?AccessKeyId=dbye2sf5t7-d5829459-bf3aee27-67f62&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2020-11-11T12%3A17%3A57&Signature=auZl70i2qsUb7%2BU9yYEEY1bwzLypWIM7qF1pBAJcvfc%3D

答复是：

{"status":"error","err-code":"api-signature-not-valid","err-msg":"Signature not valid: Verification failure [校验失败]","data":null}

我做错什么了？我搜索了很多代码示例，没有发现错误.

Answer 1

同一个端点出现了这个问题。我不知道你用什么代码来签署你的请求。这是我的：

class HuobiAuth(requests.auth.AuthBase):
    def __init__(self, api_key: str, secret_key: str) -> None:
        self.api_key: str = api_key
        self.secret_key: str = secret_key

    @staticmethod
    def create_sign(p_params: Dict, method: str, host_url: str, request_path: str, secret_key: str):
        sorted_params = sorted(p_params.items(), key=lambda d: d[0], reverse=False)
        # encode_params = urllib.urlencode(sorted_params)
        encode_params = urllib.parse.urlencode(sorted_params)
        payload = [method, host_url, request_path, encode_params]
        payload = '\n'.join(payload)
        payload = payload.encode(encoding='UTF8')
        secret_key = secret_key.encode(encoding='UTF8')
        digest = hmac.new(secret_key, payload, digestmod=hashlib.sha256).digest()
        signature = base64.b64encode(digest)
        signature = signature.decode()
        return signature

    def __call__(self, request: requests.PreparedRequest) -> requests.PreparedRequest:
        timestamp = datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S')
        params_to_sign = {'AccessKeyId': self.api_key,
                          'SignatureMethod': 'HmacSHA256',
                          'SignatureVersion': '2',
                          'Timestamp': timestamp}
        host_name = urllib.parse.urlparse(request.url).hostname.lower()
        params_to_sign['Signature'] = self.create_sign(params_to_sign, request.method, host_name, request.path_url, self.secret_key)
        request.url += '?' + urllib.parse.urlencode(params_to_sign)
        return request

我最初的问题是，我没有使用request.method，而是有一个硬编码的"POST"，我肯定是从原始源复制的。

示例用法：

requests.post(url, json=your_data, auth=HuobiAuth(key, secret))