添加签名计算

2024-07-24 23:22:35 +08:00 · 2024-07-24 23:22:35 +08:00 · ce6b0634f5
parent e7f7b1b3ac
commit ce6b0634f5
3 changed files with 126 additions and 5 deletions
--- a/snowy-common/src/main/java/vip/xiaonuo/common/filter/SignatureInterceptor.java
+++ b/snowy-common/src/main/java/vip/xiaonuo/common/filter/SignatureInterceptor.java
@ -0,0 +1,113 @@
+package vip.xiaonuo.common.filter;
+
+import cn.hutool.extra.spring.SpringUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.core.env.Environment;
+import org.springframework.web.servlet.HandlerInterceptor;
+import vip.xiaonuo.common.exception.CommonException;
+
+import java.util.Comparator;
+import java.util.Map;
+import java.util.TreeMap;
+
+/**
+ * 签名过滤器
+ */
+public class SignatureInterceptor implements HandlerInterceptor {
+
+    @Override
+    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception {
+
+        /*从header中读取appSign*/
+        String sign = httpServletRequest.getHeader("appSign");
+        if (StringUtils.isEmpty(sign)) {
+            throw new CommonException("没有签名信息!", 40052050);
+        }
+
+        String appTime = httpServletRequest.getParameter("appTime");
+        if (StringUtils.isEmpty(appTime)) {
+            throw new CommonException("请在Parameter中传入时间戳（毫秒级）!", 40052051);
+        }
+
+        Map<String, String[]> bodyData = SignatureInterceptor.sortMapByKey(httpServletRequest.getParameterMap());
+
+        if (bodyData == null) {
+            throw new CommonException("没有请求参数!", 40052052);
+        }
+
+        String original = SignatureInterceptor.transformationUri(bodyData);
+
+        if (StringUtils.isEmpty(sign) || !this.isMatching(sign, original)) {
+            throw new CommonException("应用签名验证不通过!", 40024053);
+        }
+
+        return true;
+    }
+
+    public static String makeSign(String appId, String appKey, String body) {
+        String sha1 = DigestUtils.sha1Hex(appKey + body + appKey);
+        return DigestUtils.md5Hex(sha1 + appId);
+    }
+
+    public static Map<String, String[]> sortMapByKey(Map<String, String[]> map) {
+        if (map == null || map.isEmpty()) {
+            return null;
+        }
+        Map<String, String[]> sortMap = new TreeMap<>(Comparator.naturalOrder());
+        sortMap.putAll(map);
+        return sortMap;
+    }
+
+    public void parseBodySign(String sign, Map<String, String[]> body) throws CommonException {
+
+    }
+
+    public Boolean isMatching(String sign, String original) {
+        Environment environment = SpringUtil.getBean(Environment.class);
+        String securityAccessKey = environment.getProperty("spring.enjoy-buy.security-access-key");
+        String securityAccessSecret = environment.getProperty("spring.enjoy-buy.security-access-secret");
+        String upSign = this.makeSign(securityAccessKey, securityAccessSecret, original);
+
+        return sign.equalsIgnoreCase(upSign);
+
+    }
+
+    public static String transformationUri(Map<String, String[]> map) {
+
+        StringBuilder stringBuilder = new StringBuilder();
+
+        for (String key : map.keySet()) {
+            Object value = map.get(key);
+            if ("appSign".equalsIgnoreCase(key) || value == null || StringUtils.isEmpty(value.toString())) {
+                continue;
+            }
+
+            stringBuilder.append(key);
+            stringBuilder.append("=");
+            if (map.get(key).getClass().isArray()) {
+                Object[] objects = (Object[]) map.get(key);
+                StringBuilder valueBuilder = new StringBuilder();
+                for (Object o : objects) {
+                    valueBuilder.append(o);
+                    valueBuilder.append(",");
+                }
+                valueBuilder.deleteCharAt(valueBuilder.length() - 1);
+                stringBuilder.append(valueBuilder);
+            } else {
+                stringBuilder.append(map.get(key));
+            }
+            stringBuilder.append("&");
+        }
+
+        if (stringBuilder.length() > 0) {
+            stringBuilder.deleteCharAt(stringBuilder.length() - 1);
+        }
+
+        return stringBuilder.toString();
+    }
+
+
+}
--- a/snowy-plugin/snowy-plugin-auth/src/main/java/vip/xiaonuo/auth/core/config/AuthConfigure.java
+++ b/snowy-plugin/snowy-plugin-auth/src/main/java/vip/xiaonuo/auth/core/config/AuthConfigure.java
@ -28,6 +28,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import vip.xiaonuo.auth.core.enums.SaClientTypeEnum;
 import vip.xiaonuo.auth.core.util.StpClientLoginUserUtil;
 import vip.xiaonuo.auth.core.util.StpLoginUserUtil;
+import vip.xiaonuo.common.filter.SignatureInterceptor;

 import java.util.List;

@ -56,6 +57,10 @@ public class AuthConfigure implements WebMvcConfigurer {
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册注解拦截器，并排除不需要注解鉴权的接口地址 (与登录拦截器无关，只是说明哪些接口不需要被拦截器拦截，此处都拦截)
        registry.addInterceptor(new SaInterceptor()).addPathPatterns("/**");
+        registry.addInterceptor(new SignatureInterceptor())
+                .addPathPatterns("/**")
+                /*排除文档相关地址*/
+                .excludePathPatterns("/doc**", "/webjars/**", "/v3/api-docs/**");
    }

    @Primary
--- a/snowy-web-app/src/main/resources/application.properties
+++ b/snowy-web-app/src/main/resources/application.properties
@ -27,9 +27,9 @@ spring.servlet.multipart.max-file-size=100MB

 # mysql
 spring.datasource.dynamic.datasource.master.driver-class-name=com.mysql.cj.jdbc.Driver
-spring.datasource.dynamic.datasource.master.url=jdbc:mysql://localhost:3306/snowy?useUnicode=true&characterEncoding=utf-8&useSSL=false&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&useInformationSchema=true
-spring.datasource.dynamic.datasource.master.username=root
-spring.datasource.dynamic.datasource.master.password=123456
+spring.datasource.dynamic.datasource.master.url=jdbc:mysql://10.10.10.7:3306/membershipsystem?useUnicode=true&characterEncoding=utf-8&useSSL=false&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&useInformationSchema=true
+spring.datasource.dynamic.datasource.master.username=MembershipSystem
+spring.datasource.dynamic.datasource.master.password=ZtCMBHbjwanJWxbm
 spring.datasource.dynamic.strict=true

 # postgres
@ -100,9 +100,9 @@ spring.jackson.serialization.write-dates-as-timestamps=true
 # redis configuration
 #########################################
 spring.data.redis.database=1
-spring.data.redis.host=127.0.0.1
+spring.data.redis.host=10.10.10.3
 spring.data.redis.port=6379
-spring.data.redis.password=
+spring.data.redis.password=121121Jie
 spring.data.redis.timeout=10s

 spring.data.redis.lettuce.pool.max-active=200
@ -201,3 +201,6 @@ springdoc.group-configs[6].packages-to-scan=vip.xiaonuo.sys
 # common configuration
 snowy.config.common.front-url=http://localhost:81
 snowy.config.common.backend-url=http://localhost:82
+
+spring.enjoy-buy.security-access-key=wxd504412d92c5ffe7
+spring.enjoy-buy.security-access-secret=0c7bf34850bb54158d261e5914e807ee