elink-star
/
epmet-cloud-lingshan
forked from luyan/epmet-cloud-lingshan
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

修改:传参方式修改 half

master
wxz 4 years ago
parent
e9377ae529
commit
64aca2e5de
18 changed files with 212 additions and 104 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      epmet-commons/epmet-commons-openapi/pom.xml
  2. 7
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/HeaderFieldKeys.java
  3. 10
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestBodyFieldKeys.java
  4. 11
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestParamKeys.java
  5. 36
      epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
  6. 4
      epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
  7. 10
      epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
  8. 29
      epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
  9. 17
      epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
  10. 6
      epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
  11. 5
      epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
  12. 19
      epmet-gateway/src/main/java/com/epmet/utils/ServerHttpRequestUtils.java
  13. 5
      epmet-gateway/src/main/resources/bootstrap.yml
  14. 9
      epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
  15. 18
      epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java
  16. 91
      epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
  17. 20
      epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
  18. 2
      pom.xml

17
epmet-commons/epmet-commons-openapi/pom.xml
View File

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<version>2.0.0</version>
<parent>
<artifactId>epmet-commons</artifactId>
<groupId>com.epmet</groupId>
<version>2.0.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>epmet-commons-openapi</artifactId>
</project>

7
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/HeaderFieldKeys.java
View File

@ -1,7 +0,0 @@
package com.epmet.commons.openapi.constants;
public interface HeaderFieldKeys {
String APP_ID = "AppId";
}

10
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestBodyFieldKeys.java
View File

@ -1,10 +0,0 @@
package com.epmet.commons.openapi.constants;
/**
* 请求体字段key
*/
public interface RequestBodyFieldKeys {
String APP_ID = "appId";
}

11
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestParamKeys.java
View File

@ -1,11 +0,0 @@
package com.epmet.commons.openapi.constants;
/**
* url请求参数key
*/
public class RequestParamKeys {
public static String APP_ID = "app_id";
public static String AUTH_TYPE = "auth_type";
}

36
epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
View File

@ -2,10 +2,7 @@ package com.epmet.commons.security.sign.openapi;
import com.epmet.commons.tools.utils.Md5Util; import com.epmet.commons.tools.utils.Md5Util;
import java.util.Arrays; import java.util.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/** /**
* OpenApi签名工具 * OpenApi签名工具
@ -62,16 +59,41 @@ public class OpenApiSignUtils {
return sb.toString(); return sb.toString();
} }
public static void main(String[] args) { public static void main(String[] args) {
//generateGetAccessTokenSign();
generateGetOrgDetailSign();
}
private static void generateGetAccessTokenSign() {
long now = System.currentTimeMillis();
System.out.println(now);
HashMap<String, String> content = new HashMap<>(); HashMap<String, String> content = new HashMap<>();
content.put("orgId", "aaa"); content.put("appId", "7d98b8af2d05752b4225709c4cfd4bd0");
content.put("test", ""); content.put("timestamp", String.valueOf(now));
content.put("nonce", "aaa");
String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44"; String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";
String sign = createSign(content, secret); String sign = createSign(content, secret);
System.out.println(sign); System.out.println(sign);
} }
private static void generateGetOrgDetailSign() {
long now = System.currentTimeMillis();
String uuid = UUID.randomUUID().toString();
System.out.println("时间戳:" + now);
System.out.println("随机数:" + uuid);
HashMap<String, String> content = new HashMap<>();
content.put("orgId", "aaa");
content.put("test", null);
content.put("timestamp", String.valueOf(now));
content.put("nonce", uuid);
String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";
String sign = createSign(content, secret);
System.out.println("签名:" + sign);
}
} }

4
epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
View File

@ -147,7 +147,9 @@ public enum EpmetErrorCode {
// open api异常 // open api异常
OPEN_API_SIGN_ERROR(9100, "签名错误"), OPEN_API_SIGN_ERROR(9100, "签名错误"),
OPEN_API_SIGN_TOKEN_EXPIRED(9101, "Token过期"); OPEN_API_TOKEN_EXPIRED(9101, "Token过期"),
OPEN_API_PARAMS_MISSING(9102, "参数不完整"),
OPEN_API_PARAMS_APPID_DIFF(9103, "app_id不一致"); // app_id在请求参数中和在token中不一致
private int code; private int code;
private String msg; private String msg;

10
epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
View File

@ -396,4 +396,14 @@ public class RedisKeys {
public static String getOpenApiAccessTokenKey(String accessToken) { public static String getOpenApiAccessTokenKey(String accessToken) {
return rootPrefix.concat("openapi:accesstoken:").concat(accessToken); return rootPrefix.concat("openapi:accesstoken:").concat(accessToken);
} }
/**
* @Description 获取OpenApi请求随机数nonce
* @return
* @author wxz
* @date 2021.03.24 17:49
*/
public static String getOpenApiNonceKey(String nonce) {
return rootPrefix.concat("openapi:nonce:").concat(nonce);
}
} }

29
epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
View File

@ -26,25 +26,19 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
@Autowired @Autowired
private JwtUtils jwtTokenUtils; private JwtUtils jwtTokenUtils;
@Autowired
private RedisUtils redisUtils;
@Override @Override
public void auth(String appId, String token, Long ts, ServerWebExchange exchange) { public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
// 这种方式不需要其他平台传appId,因此我们自己从redis中取
appId = (String) redisUtils.get(RedisKeys.getOpenApiAccessTokenKey(token));
// 1.token过期校验 // 1.token过期校验
if (StringUtils.isBlank(appId)) { if (StringUtils.isBlank(appId)) {
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(), throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg()); EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
} }
String secret = getSecret(appId); String secret = getSecret(appId);
if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) { if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(), throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg()); EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
} }
// 2.验签 // 2.验签
@ -53,13 +47,18 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
// 2. 获取claims // 2. 获取claims
Claims claims = jwtTokenUtils.getClaimByToken(token, secret); Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
appId = claims.get("appId", String.class); String appIdInAccessToken = claims.get("appId", String.class);
if (!StringUtils.isBlank(appId)) { if (!appId.equals(appIdInAccessToken)) {
ServerHttpRequest.Builder mutate = exchange.getRequest().mutate(); // 参数列表的appId和token中封装的不一致
mutate.header("AppId", appId); throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
exchange.mutate().request(mutate.build()).build(); EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
} }
// 3.将app_id放入header中
ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
mutate.header("AppId", appId);
exchange.mutate().request(mutate.build()).build();
} }
/** /**

17
epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
View File

@ -4,6 +4,7 @@ import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.exception.RenException;
import com.epmet.filter.CpProperty; import com.epmet.filter.CpProperty;
import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -13,6 +14,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher; import org.springframework.util.AntPathMatcher;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
/** /**
@ -67,6 +69,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
for (String url : cpProperty.getExternalOpenUrls()) { for (String url : cpProperty.getExternalOpenUrls()) {
if (antPathMatcher.match(url, requestUri)) { if (antPathMatcher.match(url, requestUri)) {
inPaths = true; inPaths = true;
break;
} }
} }
@ -74,6 +77,13 @@ public class ExternalAuthProcessor extends AuthProcessor {
throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放"); throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放");
} }
// 放行白名单
for (String url : cpProperty.getExternalAuthUrlsWhiteList()) {
if (antPathMatcher.match(url, requestUri)) {
return exchange;
}
}
HttpHeaders headers = request.getHeaders(); HttpHeaders headers = request.getHeaders();
String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY); String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);
@ -99,7 +109,12 @@ public class ExternalAuthProcessor extends AuthProcessor {
} }
md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange); md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else if (APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) { } else if (APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) {
fetchTokenAuthProcessor.auth(null, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange); String paramName = "app_id";
String appId = ServerHttpRequestUtils.getRequestParam(request, paramName);
if (StringUtils.isBlank(appId)) {
throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode(),"缺少参数".concat(paramName));
}
fetchTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else { } else {
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型"); throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
} }

6
epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
View File

@ -10,6 +10,7 @@ import com.epmet.commons.tools.utils.IpUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.constant.AuthTypeConstant; import com.epmet.constant.AuthTypeConstant;
import com.epmet.constant.TokenHeaderKeyConstant; import com.epmet.constant.TokenHeaderKeyConstant;
import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -111,6 +112,11 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
// } // }
//} //}
String authType = ServerHttpRequestUtils.getRequestParam(request, RequestBodyField.);
if (StringUtils.isNotBlank(authType) && ExternalAuthProcessor.APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) {
return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
}
boolean needExternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY)); boolean needExternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY));
boolean needInternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.AUTHORIZATION_TOKEN_HEADER_KEY)); boolean needInternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.AUTHORIZATION_TOKEN_HEADER_KEY));

5
epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
View File

@ -32,6 +32,11 @@ public class CpProperty {
*/ */
private List<String> externalOpenUrls; private List<String> externalOpenUrls;
/**
* 对外开放url白名单
*/
private List<String> externalAuthUrlsWhiteList;
/** /**
* 不处理token直接通过 * 不处理token直接通过
*/ */

19
epmet-gateway/src/main/java/com/epmet/utils/ServerHttpRequestUtils.java
View File

@ -0,0 +1,19 @@
package com.epmet.utils;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.util.MultiValueMap;
public class ServerHttpRequestUtils {
/**
* @Description 从url中获取appId
* @return
* @author wxz
* @date 2021.03.25 15:13
*/
public static String getRequestParam(ServerHttpRequest request, String paramName) {
MultiValueMap<String, String> queryParams = request.getQueryParams();
return queryParams.getFirst(paramName);
}
}

5
epmet-gateway/src/main/resources/bootstrap.yml
View File

@ -474,6 +474,11 @@ epmet:
- /epmetuser/customerstaff/customerlist - /epmetuser/customerstaff/customerlist
- /message/template/** - /message/template/**
- /data/aggregator/project/projectdistribution - /data/aggregator/project/projectdistribution
# 对外开放接口认证白名单
externalAuthUrlsWhiteList:
- /epmet/ext/open-api/get-access-token
swaggerUrls: swaggerUrls:
jwt: jwt:

9
epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
View File

@ -1,17 +1,12 @@
package com.epmet.dto.form; package com.epmet.dto.form;
import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import lombok.Data; import lombok.Data;
import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotBlank;
@Data @Data
public class AccessTokenFormDTO { public class AccessTokenFormDTO extends OpenApiBaseFormDTO {
public interface GetAccessTokenGroup {}
// 签名字符串密文
@NotBlank(message = "签名字段不能为空", groups = { GetAccessTokenGroup.class })
private String sign;
// 应用id // 应用id
@NotBlank(message = "AppId字段不能为空", groups = { GetAccessTokenGroup.class }) @NotBlank(message = "AppId字段不能为空", groups = { GetAccessTokenGroup.class })

18
epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java
View File

@ -2,12 +2,30 @@ package com.epmet.dto.form.openapi;
import lombok.Data; import lombok.Data;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
/** /**
* open api基础类 * open api基础类
*/ */
@Data @Data
public class OpenApiBaseFormDTO { public class OpenApiBaseFormDTO {
public interface GetAccessTokenGroup {}
@NotBlank(message = "签名不能为空", groups = { GetAccessTokenGroup.class })
private String sign; private String sign;
/**
* 时间戳ms
*/
@NotNull(message = "时间戳不能为空", groups = { GetAccessTokenGroup.class })
private Long timestamp;
/**
* 随机数每次请求唯一
*/
@NotBlank(message = "随机字段nonce不能为空", groups = { GetAccessTokenGroup.class })
private String nonce;
} }

91
epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiCheckSignAspect.java → epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
View File

@ -26,6 +26,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.beans.IntrospectionException; import java.beans.IntrospectionException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.lang.reflect.Parameter; import java.lang.reflect.Parameter;
@ -33,10 +34,15 @@ import java.util.Arrays;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
/**
* OpenApi检查请求切面
* 1.验签防止参数篡改
* 2.timestamp+nonce防止请求重放攻击
*/
@Aspect @Aspect
@Component @Component
@Order(1) @Order(1)
public class OpenApiCheckSignAspect { public class OpenApiRequestCheckAspect {
@Autowired @Autowired
private RedisUtils redisUtils; private RedisUtils redisUtils;
@ -53,27 +59,60 @@ public class OpenApiCheckSignAspect {
* @date 2021.03.24 13:39 * @date 2021.03.24 13:39
*/ */
@Before("execution(* com.epmet.controller.*Controller*.*(..)) && @annotation(com.epmet.annotation.OpenApiCheckSign)") @Before("execution(* com.epmet.controller.*Controller*.*(..)) && @annotation(com.epmet.annotation.OpenApiCheckSign)")
public void checkSign(JoinPoint point) { public void check(JoinPoint point) {
Object[] args = point.getArgs(); Object[] args = point.getArgs();
MethodSignature methodSignature = (MethodSignature) point.getSignature(); MethodSignature methodSignature = (MethodSignature) point.getSignature();
Method method = methodSignature.getMethod(); Method method = methodSignature.getMethod();
Parameter[] parameters = method.getParameters(); Parameter[] parameters = method.getParameters();
HttpServletRequest request = getRequest();
String appId = request.getHeader("AppId");
for (int i = 0; i < parameters.length; i++) { for (int i = 0; i < parameters.length; i++) {
if (parameters[i].isAnnotationPresent(RequestBody.class)) { if (parameters[i].isAnnotationPresent(RequestBody.class)) {
Map<String, String> argMap = null; Map<String, String> argMap;
try { try {
argMap = ConvertUtils.entityToMap(args[i]); argMap = ConvertUtils.entityToMap(args[i]);
} catch (Exception e) { } catch (Exception e) {
throw new RenException("验签参数转化发生异常"); throw new RenException("验签参数转化发生异常");
} }
if (!OpenApiSignUtils.checkSign(argMap, getSecret(getAppId()))) {
argMap.put("");
if (!OpenApiSignUtils.checkSign(argMap, getSecret(appId))) {
// 验签失败 // 验签失败
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode()); throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode());
} }
checkRepeatRequest(argMap);
} }
} }
} }
/**
* 检查请求重放
* @param argMap
*/
void checkRepeatRequest(Map<String, String> argMap) {
String timestampStr = argMap.get("timestamp");
if (StringUtils.isBlank(timestampStr)) {
throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode());
}
long timestamp = Long.valueOf(timestampStr).longValue();
long now = System.currentTimeMillis();
long requestTimeDiff = 60000;
if (Math.abs(now - timestamp) > requestTimeDiff) {
// 只允许1分钟之内的请求,允许服务器之间时差为1分钟
throw new RenException(String.format("请求已过时,允许时差为%s ms", requestTimeDiff));
}
String nonce = argMap.get("nonce");
String nonceInCache = redisUtils.getString(RedisKeys.getOpenApiNonceKey(nonce));
if (StringUtils.isNotBlank(nonceInCache)) {
throw new RenException("请求重复");
}
//将nonce缓存到redis,有效期1分钟
redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), "1", requestTimeDiff);
}
/** /**
* @return * @return
* @Description 取secret * @Description 取secret
@ -114,12 +153,42 @@ public class OpenApiCheckSignAspect {
* @author wxz * @author wxz
* @date 2021.03.24 12:53 * @date 2021.03.24 12:53
*/ */
public String getAppId() { //public String getAppId(Parameter[] parameters, Object[] args) {
HttpServletRequest request = getRequest(); // HttpServletRequest request = getRequest();
String appId = request.getHeader("AppId"); // String appId = request.getHeader("AppId");
if (StringUtils.isBlank(appId)) { // if (StringUtils.isBlank(appId)) {
throw new RenException("请求头中未携带AppId"); // for (int i = 0; i < parameters.length; i++) {
} // if (parameters[i].isAnnotationPresent(RequestBody.class)) {
return appId; // Object arg = args[i];
// try {
// appId = getAppIdFromDTO(arg);
// } catch (IllegalAccessException e) {
// e.printStackTrace();
// }
// }
// }
// }
// if (StringUtils.isBlank(appId)) {
// throw new RenException("未携带AppId");
// }
// return appId;
//}
//private String getAppIdFromDTO(Object dto) throws IllegalAccessException {
// Field[] declaredFields = dto.getClass().getDeclaredFields();
// for (int i = 0; i < declaredFields.length; i++) {
// Field field = declaredFields[i];
// String fieldName = field.getName();
// if ("appId".equals(fieldName)) {
// field.setAccessible(true);
// String value = (String) field.get(dto);
// return value;
// }
// }
// return null;
//}
public static void main(String[] args) {
System.out.println(System.currentTimeMillis());
} }
} }

20
epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
View File

@ -1,5 +1,6 @@
package com.epmet.controller; package com.epmet.controller;
import com.epmet.annotation.OpenApiCheckSign;
import com.epmet.commons.security.sign.openapi.OpenApiSignUtils; import com.epmet.commons.security.sign.openapi.OpenApiSignUtils;
import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.ExceptionUtils;
@ -10,6 +11,7 @@ import com.epmet.commons.tools.utils.ConvertUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.commons.tools.validator.ValidatorUtils;
import com.epmet.dto.form.AccessTokenFormDTO; import com.epmet.dto.form.AccessTokenFormDTO;
import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.service.OpenApiAccessTokenService; import com.epmet.service.OpenApiAccessTokenService;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -45,10 +47,11 @@ public class OpenApiAccessTokenController {
* @author wxz * @author wxz
* @date 2021.03.23 09:52 * @date 2021.03.23 09:52
*/ */
@OpenApiCheckSign
@PostMapping("get-access-token") @PostMapping("get-access-token")
public Result<String> getAccessToken(@RequestBody AccessTokenFormDTO input) { public Result<String> getAccessToken(@RequestBody AccessTokenFormDTO input) {
// 1.校验参数 // 1.校验参数
ValidatorUtils.validateEntity(input); ValidatorUtils.validateEntity(input, OpenApiBaseFormDTO.GetAccessTokenGroup.class);
String appId = input.getAppId(); String appId = input.getAppId();
// 2.取secret // 2.取secret
@ -65,21 +68,6 @@ public class OpenApiAccessTokenController {
redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret); redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret);
} }
// 3.验签
try {
if (!OpenApiSignUtils.checkSign(ConvertUtils.entityToMap(input), secret)) {
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode(), EpmetErrorCode.OPEN_API_SIGN_ERROR.getMsg());
}
} catch (RenException e) {
// 如果是自己抛出的异常则继续抛出
throw e;
} catch (Exception e) {
// 是其他意外发生的异常
String errorStackTrace = ExceptionUtils.getErrorStackTrace(e);
logger.error("验签发生未知异常:{}", errorStackTrace);
throw new RenException("验签发生未知异常,请查看ext服务详细日志");
}
//4.生成token //4.生成token
String accessToken = openApiAccessTokenService.getAccessToken(appId, secret); String accessToken = openApiAccessTokenService.getAccessToken(appId, secret);
return new Result<String>().ok(accessToken); return new Result<String>().ok(accessToken);

2
pom.xml
View File

@ -29,7 +29,7 @@
<module>epmet-module</module> <module>epmet-module</module>
<module>epmet-user</module> <module>epmet-user</module>
<module>epmet-openapi</module> <module>epmet-openapi</module>
</modules> </modules>
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

Write Preview
Loading…
Cancel
Save