From 66aa7bfba5c40ae540b33baf1cb0e01675064e36 Mon Sep 17 00:00:00 2001 From: wxz Date: Wed, 19 Aug 2020 13:36:58 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A4=96=E9=83=A8=E5=BA=94=E7=94=A8=E9=89=B4?= =?UTF-8?q?=E6=9D=83=E5=A2=9E=E5=8A=A0=E6=97=B6=E9=97=B4=E6=88=B3=E5=88=A4?= =?UTF-8?q?=E6=96=AD=EF=BC=8C=E5=85=81=E8=AE=B85=E5=88=86=E9=92=9F?= =?UTF-8?q?=E4=B9=8B=E5=86=85=E7=9A=84=E8=AF=B7=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../impl/ExternalAppAuthServiceImpl.java | 23 +++++++++++++++++++ .../externalapp/ExtAppJwtTokenUtils.java | 3 ++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java index 52b82011c9..283b7b41ef 100644 --- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java +++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java @@ -29,6 +29,8 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService { @Autowired private ExternalAppSecretDao externalAppSecretDao; + private int diffMillins = 1000 * 60 * 5; + @Override public ExternalAppAuthResultDTO auth(String appId, String token) { String secret; @@ -47,6 +49,18 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService { String appIdIn = (String)claim.get("appId"); String customerId = (String)claim.get("customerId"); + Long timestamp = (Long)claim.get("ts"); + + //校验时间戳,允许5分钟误差 + if (StringUtils.isAnyBlank(appIdIn, customerId) || timestamp == null) { + logger.error("access token不完整。{},{},{}", appIdIn, customerId, timestamp); + return fillAuthResult(false, "access token不完整。", null); + } + + if (!validTimeStamp(timestamp)) { + logger.error("服务器存在时差过大,请求被拒绝", appId, appIdIn); + return fillAuthResult(false, "服务器存在时差过大,请求被拒绝", null); + } if (!appId.equals(appIdIn)) { logger.error("AppId不对应,token外部的:{}, token内部解析出来的:{}", appId, appIdIn); @@ -55,6 +69,15 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService { return fillAuthResult(true, "解析成功", customerId); } + private boolean validTimeStamp(Long timestamp) { + long now = System.currentTimeMillis(); +// System.out.println(new Date(timestamp)); + if (Math.abs(now - timestamp) > diffMillins) { + return false; + } + return true; + } + /** * 通过APP ID查询对应的秘钥 * @param appId diff --git a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java index 8ef9a4cde4..7355f867cd 100644 --- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java +++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java @@ -76,7 +76,8 @@ public class ExtAppJwtTokenUtils { public static void genToken() { HashMap claim = new HashMap<>(); claim.put("appId", "1"); -// claim.put("customerId", "c1"); + claim.put("customerId", "c1"); + claim.put("ts", System.currentTimeMillis() - 1000 * 60 * 4); String abc = new ExtAppJwtTokenUtils().createToken(claim, "4a762660254c57996343f8ee42fbc0a6"); System.out.println(abc);