epmet-cloud-lingshan/epmet-gateway/src/main/java/com/epmet/auth/ExtAppMD5AuthProcessor.java

package com.epmet.auth;

import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.redis.RedisKeys;
import com.epmet.commons.tools.redis.RedisUtils;
import com.epmet.commons.tools.utils.Md5Util;
import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.utils.SpringContextUtils;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;

/**
 * md5 认证处理器
 */
@Component
public class ExtAppMD5AuthProcessor extends ExtAppAuthProcessor {

    private static Logger logger = LoggerFactory.getLogger(ExtAppMD5AuthProcessor.class);

    //@Autowired
    //private EpmetCommonServiceOpenFeignClient commonServiceOpenFeignClient;

    @Autowired
    private RedisUtils redisUtils;

    @Override
    public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
        if (ts == null) {
            throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "需要传入时间戳参数");
        }
        String secret;
        if (StringUtils.isBlank(secret = getTokenFromCache(appId))) {
            throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), String.format("根据AppId:%s没有找到对应的秘钥", appId));
        }

        String localDigest = Md5Util.md5(secret.concat(":") + ts);
        if (!localDigest.equals(token)) {
            // 调用方生成的摘要跟本地生成的摘要不匹配
            throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "签名不匹配，认证失败");
        }

        if (!validTimeStamp(ts)) {
            logger.error("AccessToken已经超时，请求被拒绝");
            throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AccessToken已经超时，请求被拒绝");
        }
    }

    /**
     * 通过APP ID查询对应的秘钥
     *
     * @param appId
     * @return
     */
    public String getTokenFromCache(String appId) {
        String secret = (String) redisUtils.get(RedisKeys.getExternalAppSecretKey(appId));
        if (StringUtils.isBlank(secret)) {
            EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
            Result<String> result = commonService.getSecret(appId);
            if (!result.success()) {
                throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), result.getInternalMsg());
            }

            secret = result.getData();
            redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret);
        }
        return secret;
    }

}
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`package com.epmet.auth;`

			`import com.epmet.commons.tools.exception.EpmetErrorCode;`
			`import com.epmet.commons.tools.exception.RenException;`
			`import com.epmet.commons.tools.redis.RedisKeys;`
			`import com.epmet.commons.tools.redis.RedisUtils;`
			`import com.epmet.commons.tools.utils.Md5Util;`
			`import com.epmet.commons.tools.utils.Result;`
			`import com.epmet.commons.tools.utils.SpringContextUtils;`
			`import com.epmet.feign.EpmetCommonServiceOpenFeignClient;`
			`import org.apache.commons.lang3.StringUtils;`
			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`
			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.stereotype.Component;`
将外部应用认证-jwt方式-的customerId放到头里面，以便业务服务取用 5 years ago			`import org.springframework.web.server.ServerWebExchange;`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago
			`/**`
			`* md5 认证处理器`
			`*/`
			`@Component`
			`public class ExtAppMD5AuthProcessor extends ExtAppAuthProcessor {`

			`private static Logger logger = LoggerFactory.getLogger(ExtAppMD5AuthProcessor.class);`

			`//@Autowired`
			`//private EpmetCommonServiceOpenFeignClient commonServiceOpenFeignClient;`

			`@Autowired`
			`private RedisUtils redisUtils;`

			`@Override`
将外部应用认证-jwt方式-的customerId放到头里面，以便业务服务取用 5 years ago			`public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`if (ts == null) {`
			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "需要传入时间戳参数");`
			`}`
			`String secret;`
			`if (StringUtils.isBlank(secret = getTokenFromCache(appId))) {`
			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), String.format("根据AppId:%s没有找到对应的秘钥", appId));`
			`}`

			`String localDigest = Md5Util.md5(secret.concat(":") + ts);`
			`if (!localDigest.equals(token)) {`
			`// 调用方生成的摘要跟本地生成的摘要不匹配`
			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "签名不匹配，认证失败");`
			`}`

			`if (!validTimeStamp(ts)) {`
			`logger.error("AccessToken已经超时，请求被拒绝");`
			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AccessToken已经超时，请求被拒绝");`
			`}`
			`}`

			`/**`
			`* 通过APP ID查询对应的秘钥`
			`*`
			`* @param appId`
			`* @return`
			`*/`
			`public String getTokenFromCache(String appId) {`
			`String secret = (String) redisUtils.get(RedisKeys.getExternalAppSecretKey(appId));`
			`if (StringUtils.isBlank(secret)) {`
			`EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);`
			`Result<String> result = commonService.getSecret(appId);`
			`if (!result.success()) {`
			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), result.getInternalMsg());`
			`}`

			`secret = result.getData();`
			`redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret);`
			`}`
			`return secret;`
			`}`

			`}`