elink-star
/
epmet-cloud-lingshan
forked from luyan/epmet-cloud-lingshan
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

调整完了openApi参数模式,待测试

master
wxz 4 years ago
parent
03eb70fc4e
commit
8de86b0716
17 changed files with 121 additions and 108 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/HeaderFieldKeys.java
  2. 10
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/RequestBodyFieldKeys.java
  3. 11
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/RequestParamKeys.java
  4. 8
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/AuthTypes.java
  5. 10
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/InClusterHeaderKeys.java
  6. 14
      epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/RequestParamKeys.java
  7. 15
      epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
  8. 13
      epmet-gateway/pom.xml
  9. 16
      epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
  10. 22
      epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
  11. 6
      epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
  12. 6
      epmet-module/epmet-common-service/common-service-server/pom.xml
  13. 14
      epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
  14. 11
      epmet-module/epmet-ext/epmet-ext-server/pom.xml
  15. 41
      epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
  16. 23
      epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
  17. 2
      epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/service/impl/OpenApiAccessTokenServiceImpl.java

7
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/HeaderFieldKeys.java
View File

@ -1,7 +0,0 @@
package com.epmet.openapi;
public interface HeaderFieldKeys {
String APP_ID = "AppId";
}

10
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/RequestBodyFieldKeys.java
View File

@ -1,10 +0,0 @@
package com.epmet.openapi;
/**
* 请求体字段key
*/
public interface RequestBodyFieldKeys {
String APP_ID = "appId";
}

11
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/RequestParamKeys.java
View File

@ -1,11 +0,0 @@
package com.epmet.openapi;
/**
* url请求参数key
*/
public class RequestParamKeys {
public static String APP_ID = "app_id";
public static String AUTH_TYPE = "auth_type";
}

8
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/AuthTypes.java
View File

@ -0,0 +1,8 @@
package com.epmet.openapi.constant;
/**
* 认证方式
*/
public interface AuthTypes {
String TAKE_TOKEN = "take_token";
}

10
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/InClusterHeaderKeys.java
View File

@ -0,0 +1,10 @@
package com.epmet.openapi.constant;
/**
* 集群内的Header key
*/
public interface InClusterHeaderKeys {
String APP_ID = "AppId";
}

14
epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/openapi/constant/RequestParamKeys.java
View File

@ -0,0 +1,14 @@
package com.epmet.openapi.constant;
/**
* url请求参数key
*/
public class RequestParamKeys {
public static String APP_ID = "app_id";
public static String AUTH_TYPE = "auth_type";
public static String TIMESTAMP = "timestamp";
public static String SIGN = "sign";
public static String NONCE = "nonce";
}

15
epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
View File

@ -17,7 +17,7 @@ public class OpenApiSignUtils {
*/ */
public static String createSign(Map<String, String> contentMap, String signKey) { public static String createSign(Map<String, String> contentMap, String signKey) {
String str2beSigned = mapToSignStr(contentMap); String str2beSigned = mapToSignStr(contentMap);
str2beSigned = str2beSigned.concat("&signKey=").concat(signKey); str2beSigned = str2beSigned.concat("&sign_key=").concat(signKey);
return Md5Util.md5(str2beSigned); return Md5Util.md5(str2beSigned);
} }
@ -68,15 +68,21 @@ public class OpenApiSignUtils {
long now = System.currentTimeMillis(); long now = System.currentTimeMillis();
System.out.println(now); System.out.println(now);
String uuid = UUID.randomUUID().toString();
HashMap<String, String> content = new HashMap<>(); HashMap<String, String> content = new HashMap<>();
content.put("appId", "7d98b8af2d05752b4225709c4cfd4bd0"); content.put("app_id", "7d98b8af2d05752b4225709c4cfd4bd0");
content.put("timestamp", String.valueOf(now)); content.put("timestamp", String.valueOf(now));
content.put("nonce", "aaa"); content.put("nonce", uuid);
content.put("auth_type", "take_token");
String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44"; String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";
String sign = createSign(content, secret); String sign = createSign(content, secret);
System.out.println(sign);
System.out.println("时间戳:" + now);
System.out.println("随机数:" + uuid);
System.out.println("签名:" + sign);
} }
private static void generateGetOrgDetailSign() { private static void generateGetOrgDetailSign() {
@ -90,6 +96,7 @@ public class OpenApiSignUtils {
content.put("test", null); content.put("test", null);
content.put("timestamp", String.valueOf(now)); content.put("timestamp", String.valueOf(now));
content.put("nonce", uuid); content.put("nonce", uuid);
content.put("auth_type", "take_token");
String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44"; String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";

13
epmet-gateway/pom.xml
View File

@ -76,6 +76,11 @@
<version>2.0.0</version> <version>2.0.0</version>
<scope>compile</scope> <scope>compile</scope>
</dependency> </dependency>
<dependency>
<groupId>com.epmet</groupId>
<artifactId>epmet-commons-openapi</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies> </dependencies>
<build> <build>
@ -237,8 +242,8 @@
<!-- redis配置 --> <!-- redis配置 -->
<spring.redis.index>0</spring.redis.index> <spring.redis.index>0</spring.redis.index>
<spring.redis.host>192.168.1.130</spring.redis.host> <spring.redis.host>118.190.150.119</spring.redis.host>
<spring.redis.port>6379</spring.redis.port> <spring.redis.port>47379</spring.redis.port>
<spring.redis.password>123456</spring.redis.password> <spring.redis.password>123456</spring.redis.password>
<!-- nacos --> <!-- nacos -->
<nacos.register-enabled>false</nacos.register-enabled> <nacos.register-enabled>false</nacos.register-enabled>
@ -309,8 +314,8 @@
<!-- <gateway.routes.gov-project-server.uri>http://localhost:8102</gateway.routes.gov-project-server.uri>--> <!-- <gateway.routes.gov-project-server.uri>http://localhost:8102</gateway.routes.gov-project-server.uri>-->
<gateway.routes.gov-project-server.uri>lb://gov-project-server</gateway.routes.gov-project-server.uri> <gateway.routes.gov-project-server.uri>lb://gov-project-server</gateway.routes.gov-project-server.uri>
<!-- 24、公共服务 --> <!-- 24、公共服务 -->
<gateway.routes.common-service-server.uri>lb://common-service-server</gateway.routes.common-service-server.uri> <!--<gateway.routes.common-service-server.uri>lb://common-service-server</gateway.routes.common-service-server.uri>-->
<!-- <gateway.routes.common-service-server.uri>http://localhost:8103</gateway.routes.common-service-server.uri>--> <gateway.routes.common-service-server.uri>http://localhost:8103</gateway.routes.common-service-server.uri>
<!-- 25、党建园地 --> <!-- 25、党建园地 -->
<gateway.routes.resi-home-server.uri>lb://resi-home-server</gateway.routes.resi-home-server.uri> <gateway.routes.resi-home-server.uri>lb://resi-home-server</gateway.routes.resi-home-server.uri>
<!-- <gateway.routes.resi-home-server.uri>http://localhost:8104</gateway.routes.resi-home-server.uri>--> <!-- <gateway.routes.resi-home-server.uri>http://localhost:8104</gateway.routes.resi-home-server.uri>-->

16
epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
View File

@ -9,6 +9,8 @@ import com.epmet.commons.tools.redis.RedisUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.utils.SpringContextUtils; import com.epmet.commons.tools.utils.SpringContextUtils;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.openapi.constant.InClusterHeaderKeys;
import com.epmet.openapi.constant.RequestParamKeys;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -28,12 +30,6 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
@Override @Override
public void auth(String appId, String token, Long ts, ServerWebExchange exchange) { public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
// 1.token过期校验
if (StringUtils.isBlank(appId)) {
throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
}
String secret = getSecret(appId); String secret = getSecret(appId);
if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) { if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
@ -47,7 +43,7 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
// 2. 获取claims // 2. 获取claims
Claims claims = jwtTokenUtils.getClaimByToken(token, secret); Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
String appIdInAccessToken = claims.get("appId", String.class); String appIdInAccessToken = claims.get(RequestParamKeys.APP_ID, String.class);
if (!appId.equals(appIdInAccessToken)) { if (!appId.equals(appIdInAccessToken)) {
// 参数列表的appId和token中封装的不一致 // 参数列表的appId和token中封装的不一致
@ -57,16 +53,16 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
// 3.将app_id放入header中 // 3.将app_id放入header中
ServerHttpRequest.Builder mutate = exchange.getRequest().mutate(); ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
mutate.header("AppId", appId); mutate.header(InClusterHeaderKeys.APP_ID, new String[]{appId});
exchange.mutate().request(mutate.build()).build(); exchange.mutate().request(mutate.build()).build();
} }
/** /**
* @Description 获取秘钥
* @return * @return
* @Description 获取秘钥
* @author wxz * @author wxz
* @date 2021.03.23 14:12 * @date 2021.03.23 14:12
*/ */
private String getSecret(String appId) { private String getSecret(String appId) {
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class); EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
Result<String> result = commonService.getSecret(appId); Result<String> result = commonService.getSecret(appId);

22
epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
View File

@ -4,6 +4,8 @@ import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.exception.RenException;
import com.epmet.filter.CpProperty; import com.epmet.filter.CpProperty;
import com.epmet.openapi.constant.AuthTypes;
import com.epmet.openapi.constant.RequestParamKeys;
import com.epmet.utils.ServerHttpRequestUtils; import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -40,9 +42,6 @@ public class ExternalAuthProcessor extends AuthProcessor {
public static final String APP_AUTH_TYPE_JWT = "jwt"; public static final String APP_AUTH_TYPE_JWT = "jwt";
// 调用方生成md5 // 调用方生成md5
public static final String APP_AUTH_TYPE_MD5 = "md5"; public static final String APP_AUTH_TYPE_MD5 = "md5";
// 获取token方式
public static final String APP_AUTH_TYPE_FETCH_TOKEN = "fetchToken";
@Autowired @Autowired
private ExtAppJwtAuthProcessor jwtAuthProcessor; private ExtAppJwtAuthProcessor jwtAuthProcessor;
@ -89,7 +88,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY); String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);
String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY); String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY);
String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY); String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY);
String authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY); String authType = getAuthType(headers, request);
logger.info("外部应用请求认证拦截Aspect执行,token:{}, ts:{}, customerId:{}, authType:{}", logger.info("外部应用请求认证拦截Aspect执行,token:{}, ts:{}, customerId:{}, authType:{}",
token, ts, customerId, authType); token, ts, customerId, authType);
@ -108,11 +107,10 @@ public class ExternalAuthProcessor extends AuthProcessor {
throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空"); throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空");
} }
md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange); md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else if (APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) { } else if (AuthTypes.TAKE_TOKEN.equals(authType)) {
String paramName = "app_id"; String appId = ServerHttpRequestUtils.getRequestParam(request, RequestParamKeys.APP_ID);
String appId = ServerHttpRequestUtils.getRequestParam(request, paramName);
if (StringUtils.isBlank(appId)) { if (StringUtils.isBlank(appId)) {
throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode(),"缺少参数".concat(paramName)); throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode(),"缺少参数".concat(RequestParamKeys.APP_ID));
} }
fetchTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange); fetchTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else { } else {
@ -129,4 +127,12 @@ public class ExternalAuthProcessor extends AuthProcessor {
return exchange; return exchange;
} }
private String getAuthType(HttpHeaders headers, ServerHttpRequest request) {
String authType = ServerHttpRequestUtils.getRequestParam(request, RequestParamKeys.AUTH_TYPE);
if (StringUtils.isBlank(authType)) {
authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY);
}
return authType;
}
} }

6
epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
View File

@ -10,6 +10,8 @@ import com.epmet.commons.tools.utils.IpUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.constant.AuthTypeConstant; import com.epmet.constant.AuthTypeConstant;
import com.epmet.constant.TokenHeaderKeyConstant; import com.epmet.constant.TokenHeaderKeyConstant;
import com.epmet.openapi.constant.AuthTypes;
import com.epmet.openapi.constant.RequestParamKeys;
import com.epmet.utils.ServerHttpRequestUtils; import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -112,8 +114,8 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
// } // }
//} //}
String authType = ServerHttpRequestUtils.getRequestParam(request, RequestBodyField.); String authType = ServerHttpRequestUtils.getRequestParam(request, RequestParamKeys.AUTH_TYPE);
if (StringUtils.isNotBlank(authType) && ExternalAuthProcessor.APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) { if (StringUtils.isNotBlank(authType) && AuthTypes.TAKE_TOKEN.equals(authType)) {
return AuthTypeConstant.AUTH_TYPE_EXTERNAL; return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
} }

6
epmet-module/epmet-common-service/common-service-server/pom.xml
View File

@ -150,7 +150,7 @@
<!-- 数据库配置--> <!-- 数据库配置-->
<spring.datasource.druid.url> <spring.datasource.druid.url>
<![CDATA[jdbc:mysql://192.168.1.130:3306/epmet_common_service?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]> <![CDATA[jdbc:mysql://118.190.150.119:47306/epmet_common_service?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]>
</spring.datasource.druid.url> </spring.datasource.druid.url>
<!-- <spring.datasource.druid.username>root</spring.datasource.druid.username>--> <!-- <spring.datasource.druid.username>root</spring.datasource.druid.username>-->
<!-- <spring.datasource.druid.password>root</spring.datasource.druid.password>--> <!-- <spring.datasource.druid.password>root</spring.datasource.druid.password>-->
@ -158,8 +158,8 @@
<spring.datasource.druid.password>EpmEt-db-UsEr</spring.datasource.druid.password> <spring.datasource.druid.password>EpmEt-db-UsEr</spring.datasource.druid.password>
<!-- redis配置 --> <!-- redis配置 -->
<spring.redis.index>0</spring.redis.index> <spring.redis.index>0</spring.redis.index>
<spring.redis.host>192.168.1.130</spring.redis.host> <spring.redis.host>118.190.150.119</spring.redis.host>
<spring.redis.port>6379</spring.redis.port> <spring.redis.port>47379</spring.redis.port>
<spring.redis.password>123456</spring.redis.password> <spring.redis.password>123456</spring.redis.password>
<!-- nacos --> <!-- nacos -->
<nacos.register-enabled>false</nacos.register-enabled> <nacos.register-enabled>false</nacos.register-enabled>

14
epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
View File

@ -1,14 +0,0 @@
package com.epmet.dto.form;
import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import lombok.Data;
import javax.validation.constraints.NotBlank;
@Data
public class AccessTokenFormDTO extends OpenApiBaseFormDTO {
// 应用id
@NotBlank(message = "AppId字段不能为空", groups = { GetAccessTokenGroup.class })
private String appId;
}

11
epmet-module/epmet-ext/epmet-ext-server/pom.xml
View File

@ -21,6 +21,11 @@
</properties> </properties>
<dependencies> <dependencies>
<dependency>
<groupId>com.epmet</groupId>
<artifactId>epmet-commons-openapi</artifactId>
<version>2.0.0</version>
</dependency>
<dependency> <dependency>
<groupId>com.epmet</groupId> <groupId>com.epmet</groupId>
<artifactId>common-service-client</artifactId> <artifactId>common-service-client</artifactId>
@ -239,14 +244,14 @@
<!-- 数据库配置--> <!-- 数据库配置-->
<spring.datasource.druid.url> <spring.datasource.druid.url>
<![CDATA[jdbc:mysql://192.168.1.130:3306/epmet_third?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]> <![CDATA[jdbc:mysql://118.190.150.119:47306/epmet_third?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]>
</spring.datasource.druid.url> </spring.datasource.druid.url>
<spring.datasource.druid.username>epmet_third_user</spring.datasource.druid.username> <spring.datasource.druid.username>epmet_third_user</spring.datasource.druid.username>
<spring.datasource.druid.password>EpmEt-db-UsEr</spring.datasource.druid.password> <spring.datasource.druid.password>EpmEt-db-UsEr</spring.datasource.druid.password>
<!-- redis配置 --> <!-- redis配置 -->
<spring.redis.index>0</spring.redis.index> <spring.redis.index>0</spring.redis.index>
<spring.redis.host>192.168.1.130</spring.redis.host> <spring.redis.host>118.190.150.119</spring.redis.host>
<spring.redis.port>6379</spring.redis.port> <spring.redis.port>47379</spring.redis.port>
<spring.redis.password>123456</spring.redis.password> <spring.redis.password>123456</spring.redis.password>
<!-- nacos --> <!-- nacos -->
<nacos.register-enabled>false</nacos.register-enabled> <nacos.register-enabled>false</nacos.register-enabled>

41
epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
View File

@ -9,6 +9,7 @@ import com.epmet.commons.tools.redis.RedisUtils;
import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.ConvertUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.openapi.constant.RequestParamKeys;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.JoinPoint; import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Aspect;
@ -31,6 +32,7 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.lang.reflect.Parameter; import java.lang.reflect.Parameter;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -66,26 +68,41 @@ public class OpenApiRequestCheckAspect {
Parameter[] parameters = method.getParameters(); Parameter[] parameters = method.getParameters();
HttpServletRequest request = getRequest(); HttpServletRequest request = getRequest();
String appId = request.getHeader("AppId");
Map<String, String> argMap = new HashMap<>();
for (int i = 0; i < parameters.length; i++) { for (int i = 0; i < parameters.length; i++) {
if (parameters[i].isAnnotationPresent(RequestBody.class)) { if (parameters[i].isAnnotationPresent(RequestBody.class)) {
Map<String, String> argMap;
try { try {
argMap = ConvertUtils.entityToMap(args[i]); argMap = ConvertUtils.entityToMap(args[i]);
} catch (Exception e) { } catch (Exception e) {
throw new RenException("验签参数转化发生异常"); throw new RenException("验签参数转化发生异常");
} }
argMap.put(""); break;
if (!OpenApiSignUtils.checkSign(argMap, getSecret(appId))) {
// 验签失败
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode());
}
checkRepeatRequest(argMap);
} }
} }
fillRequestParamsInfoArgMap(argMap, request);
if (!OpenApiSignUtils.checkSign(argMap, getSecret(argMap.get(RequestParamKeys.APP_ID)))) {
// 验签失败
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode());
}
checkRepeatRequest(argMap);
}
private void fillRequestParamsInfoArgMap(Map<String, String> argMap, HttpServletRequest request) {
fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.APP_ID);
fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.AUTH_TYPE);
fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.NONCE);
fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.TIMESTAMP);
fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.SIGN);
}
private void fillRequestParamsInfoArgMap(Map<String, String> argMap, HttpServletRequest request, String paramName) {
String paramValue = request.getParameter(paramName);
if (StringUtils.isNotBlank(paramName)) {
argMap.put(paramName, paramValue);
}
} }
/** /**
@ -93,7 +110,7 @@ public class OpenApiRequestCheckAspect {
* @param argMap * @param argMap
*/ */
void checkRepeatRequest(Map<String, String> argMap) { void checkRepeatRequest(Map<String, String> argMap) {
String timestampStr = argMap.get("timestamp"); String timestampStr = argMap.get(RequestParamKeys.TIMESTAMP);
if (StringUtils.isBlank(timestampStr)) { if (StringUtils.isBlank(timestampStr)) {
throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode()); throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode());
} }
@ -104,13 +121,13 @@ public class OpenApiRequestCheckAspect {
// 只允许1分钟之内的请求,允许服务器之间时差为1分钟 // 只允许1分钟之内的请求,允许服务器之间时差为1分钟
throw new RenException(String.format("请求已过时,允许时差为%s ms", requestTimeDiff)); throw new RenException(String.format("请求已过时,允许时差为%s ms", requestTimeDiff));
} }
String nonce = argMap.get("nonce"); String nonce = argMap.get(RequestParamKeys.NONCE);
String nonceInCache = redisUtils.getString(RedisKeys.getOpenApiNonceKey(nonce)); String nonceInCache = redisUtils.getString(RedisKeys.getOpenApiNonceKey(nonce));
if (StringUtils.isNotBlank(nonceInCache)) { if (StringUtils.isNotBlank(nonceInCache)) {
throw new RenException("请求重复"); throw new RenException("请求重复");
} }
//将nonce缓存到redis,有效期1分钟 //将nonce缓存到redis,有效期1分钟
redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), "1", requestTimeDiff); redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), System.currentTimeMillis(), requestTimeDiff);
} }
/** /**

23
epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
View File

@ -1,16 +1,11 @@
package com.epmet.controller; package com.epmet.controller;
import com.epmet.annotation.OpenApiCheckSign; import com.epmet.annotation.OpenApiCheckSign;
import com.epmet.commons.security.sign.openapi.OpenApiSignUtils;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisKeys;
import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.redis.RedisUtils;
import com.epmet.commons.tools.utils.ConvertUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.commons.tools.validator.ValidatorUtils;
import com.epmet.dto.form.AccessTokenFormDTO;
import com.epmet.dto.form.openapi.OpenApiBaseFormDTO; import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.service.OpenApiAccessTokenService; import com.epmet.service.OpenApiAccessTokenService;
@ -18,13 +13,7 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.beans.IntrospectionException;
import java.lang.reflect.InvocationTargetException;
@RestController @RestController
@RequestMapping("open-api") @RequestMapping("open-api")
@ -49,12 +38,8 @@ public class OpenApiAccessTokenController {
*/ */
@OpenApiCheckSign @OpenApiCheckSign
@PostMapping("get-access-token") @PostMapping("get-access-token")
public Result<String> getAccessToken(@RequestBody AccessTokenFormDTO input) { public Result<String> getAccessToken(@RequestParam("app_id") String appId) {
// 1.校验参数 // 1.取secret
ValidatorUtils.validateEntity(input, OpenApiBaseFormDTO.GetAccessTokenGroup.class);
String appId = input.getAppId();
// 2.取secret
String secret = (String)redisUtils.get(RedisKeys.getExternalAppSecretKey(appId)); String secret = (String)redisUtils.get(RedisKeys.getExternalAppSecretKey(appId));
if (StringUtils.isBlank(secret)) { if (StringUtils.isBlank(secret)) {
Result<String> result = commonServiceOpenFeignClient.getSecret(appId); Result<String> result = commonServiceOpenFeignClient.getSecret(appId);
@ -68,7 +53,7 @@ public class OpenApiAccessTokenController {
redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret); redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret);
} }
//4.生成token //2.生成token
String accessToken = openApiAccessTokenService.getAccessToken(appId, secret); String accessToken = openApiAccessTokenService.getAccessToken(appId, secret);
return new Result<String>().ok(accessToken); return new Result<String>().ok(accessToken);
} }

2
epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/service/impl/OpenApiAccessTokenServiceImpl.java
View File

@ -30,7 +30,7 @@ public class OpenApiAccessTokenServiceImpl implements OpenApiAccessTokenService
String token = jwtTokenUtils.createToken(claim, openApiConfig.getAccessTokenExpire(), secret); String token = jwtTokenUtils.createToken(claim, openApiConfig.getAccessTokenExpire(), secret);
// 缓存token // 缓存token
redisUtils.set(RedisKeys.getOpenApiAccessTokenKey(token), appId, openApiConfig.getAccessTokenExpire()); redisUtils.set(RedisKeys.getOpenApiAccessTokenKey(appId), token, openApiConfig.getAccessTokenExpire());
return token; return token;
} }

Write Preview
Loading…
Cancel
Save