大屏居民信息接口-请求头校验

5 years ago · b8acd62c5f
11 changed files with 268 additions and 5 deletions
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/constant/Constant.java
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/constant/Constant.java
@ -119,4 +119,14 @@ public interface Constant {
     * 动作记录时机 后
     */
    String BEHAVIOR_RECORDING_TIME_AFTER = "1";
+
+    /**
+     * AccessToken header
+     */
+    String ACCESS_TOKEN = "AccessToken";
+
+    /**
+     * 时间戳
+     */
+    String TIMESTAMP = "Timestamp";
 }
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/exception/ErrorCode.java
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/exception/ErrorCode.java
@ -40,4 +40,8 @@ public interface ErrorCode {
    int JSON_FORMAT_ERROR = 10016;
    int PARSING_ERROR = 10017;
    int INVALID_ERROR = 10018;
+    int ACCESS_TOKEN_NOT_EMPTY = 10022;
+    int ACCESS_TOKEN_INVALID = 10023;
+    int TIMESTAMP_NOT_EMPTY = 10024;
+
 }
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/properties/ScreenPopulationProperties.java
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/properties/ScreenPopulationProperties.java
@ -0,0 +1,29 @@
+package com.elink.esua.epdc.commons.tools.properties;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 党群e事通接口配置
+ *
+ * @Author：songyunpeng
+ * @Date：2020/8/20 13:22
+ */
+@Configuration
+@ConfigurationProperties(prefix = "js.screen.population")
+public class ScreenPopulationProperties {
+
+
+    /**
+     * 锦水居民信息采集大屏接口appId
+     */
+    private String screenAppId;
+
+    public String getScreenAppId() {
+        return screenAppId;
+    }
+
+    public void setScreenAppId(String screenAppId) {
+        this.screenAppId = screenAppId;
+    }
+}
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/utils/MD5Util.java
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/java/com/elink/esua/epdc/commons/tools/utils/MD5Util.java
@ -0,0 +1,93 @@
+package com.elink.esua.epdc.commons.tools.utils;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * MD5加密生成摘要
+ *
+ * @Author：liuchuang
+ * @Date：2020/8/25 17:27
+ */
+public class MD5Util {
+
+    /**
+     * 对一段String生成MD5加密信息
+     *
+     * @param message 要加密的String
+     * @return java.lang.String
+     * @author Liuchuang
+     * @since 2020/8/26 9:56
+     */
+    public static String getMD5(String message) {
+        try {
+            MessageDigest md = MessageDigest.getInstance("MD5");
+            byte[] b = md.digest(message.getBytes("utf-8"));
+            return byteToHexStringSingle(b);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+    /**
+     * 对文件全文生成MD5摘要
+     *
+     * @param file 要加密的文件
+     * @return java.lang.String
+     * @author Liuchuang
+     * @since 2020/8/26 9:58
+     */
+    public static String getMD5(File file) {
+        FileInputStream fis = null;
+        try {
+            MessageDigest md = MessageDigest.getInstance("MD5");
+            fis = new FileInputStream(file);
+            byte[] buffer = new byte[2048];
+            int length = -1;
+            long s = System.currentTimeMillis();
+            while ((length = fis.read(buffer)) != -1) {
+                md.update(buffer, 0, length);
+            }
+            byte[] b = md.digest();
+            return byteToHexStringSingle(b);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            return null;
+        } finally {
+            try {
+                fis.close();
+            } catch (IOException ex) {
+                ex.printStackTrace();
+            }
+        }
+    }
+
+    /**
+     * 独立把byte[]数组转换成十六进制字符串表示形式
+     *
+     * @param byteArray
+     * @return java.lang.String
+     * @author Liuchuang
+     * @since 2020/8/26 9:59
+     */
+    public static String byteToHexStringSingle(byte[] byteArray) {
+        StringBuffer md5StrBuff = new StringBuffer();
+        for (int i = 0; i < byteArray.length; i++) {
+            if (Integer.toHexString(0xFF & byteArray[i]).length() == 1) {
+                md5StrBuff.append("0").append(
+                Integer.toHexString(0xFF & byteArray[i]));
+            } else {
+                md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
+            }
+        }
+
+        return md5StrBuff.toString();
+    }
+}
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_en_US.properties
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_en_US.properties
@ -19,4 +19,7 @@
 10015=Please delete the user under the department first
 10016=The parameter format is incorrect. Please use JSON format.
 10017=Parsing {0} error
-10018=Invalid {0}
+10018=Invalid {0}
+10022=AccessToken cannot be empty
+10024=Timestamp cannot be empty
+10023=AccessToken is invalid
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_zh_CN.properties
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_zh_CN.properties
@ -19,4 +19,7 @@
 10015=\u8BF7\u5148\u5220\u9664\u90E8\u95E8\u4E0B\u7684\u7528\u6237
 10016=\u53C2\u6570\u683C\u5F0F\u4E0D\u6B63\u786E\uFF0C\u8BF7\u4F7F\u7528JSON\u683C\u5F0F
 10017=\u89E3\u6790{0}\u51FA\u9519
-10018=\u65E0\u6548\u7684{0}
+10018=\u65E0\u6548\u7684{0}
+10022=AccessToken\u4E0D\u80FD\u4E3A\u7A7A
+10024=Timestamp\u4E0D\u80FD\u4E3A\u7A7A
+10023=AccessToken\u65E0\u6548
--- a/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_zh_TW.properties
+++ b/esua-epdc/epdc-commons/epdc-commons-tools/src/main/resources/i18n/messages_common_zh_TW.properties
@ -19,4 +19,7 @@
 10015=\u8ACB\u5148\u522A\u9664\u90E8\u9580\u4E0B\u7684\u7528\u6236
 10016=\u53C3\u6578\u683C\u5F0F\u4E0D\u6B63\u78BA\uFF0C\u8ACB\u4F7F\u7528JSON\u683C\u5F0F
 10017=\u89E3\u6790{0}\u51FA\u932F
-10018=\u7121\u6548\u7684{0}
+10018=\u7121\u6548\u7684{0}
+10022=AccessToken\u4E0D\u80FD\u70BA\u7A7A
+10024=Timestamp\u4E0D\u80FD\u70BA\u7A7A
+10023=AccessToken\u65E0\u6548
--- a/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/annotation/ReportData.java
+++ b/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/annotation/ReportData.java
@ -0,0 +1,15 @@
+package com.elink.esua.epdc.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * 居民信息采集 - 接口验证
+ *
+ * @author Liuchuang
+ * @since 2020/8/25 17:09
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface ReportData {
+}
--- a/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/aspect/ScreenPopulationAop.java
+++ b/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/aspect/ScreenPopulationAop.java
@ -0,0 +1,97 @@
+package com.elink.esua.epdc.aspect;
+
+import com.elink.esua.epdc.commons.tools.constant.Constant;
+import com.elink.esua.epdc.commons.tools.exception.ErrorCode;
+import com.elink.esua.epdc.commons.tools.exception.RenException;
+import com.elink.esua.epdc.commons.tools.properties.ScreenPopulationProperties;
+import com.elink.esua.epdc.commons.tools.utils.MD5Util;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * 居民信息大屏接口验证
+ *
+ * @author songyunpeng
+ * @Date 20-04-28
+ */
+@Aspect
+@Component
+public class ScreenPopulationAop {
+
+    @Autowired
+    private ScreenPopulationProperties screenPopulationProperties;
+
+    /**
+     * 使用org.slf4j.Logger,这是Spring实现日志的方法
+     */
+    private final Logger logger = LogManager.getLogger(getClass());
+
+    /**
+     * 定义AOP扫描路径
+     * 第一个注解只扫描aopTest方法
+     */
+    @Pointcut("@annotation(com.elink.esua.epdc.annotation.ReportData)")
+    public void ScreenPopulation() {
+    }
+
+    /**
+     * 前置
+     */
+    @Before("ScreenPopulation()")
+    public void deBefore(JoinPoint joinPoint) {
+        HttpServletRequest request = currentRequest();
+        if (Objects.isNull(request)) {
+            logger.info("without request, skip");
+            return;
+        }
+        // 从header中获取token
+        String headerAccessToken = request.getHeader(Constant.ACCESS_TOKEN);
+        // 如果header中不存在token，则从参数中获取token
+        if(StringUtils.isBlank(headerAccessToken)){
+            headerAccessToken = request.getParameter(Constant.ACCESS_TOKEN);
+            if(StringUtils.isBlank(headerAccessToken)){
+                throw new RenException(ErrorCode.ACCESS_TOKEN_NOT_EMPTY);
+            }
+        }
+
+        // 从header中获取Timestamp
+        String ts = request.getHeader(Constant.TIMESTAMP);
+        if (StringUtils.isBlank(ts)) {
+            ts = request.getParameter(Constant.TIMESTAMP);
+            if(StringUtils.isBlank(ts)){
+                throw new RenException(ErrorCode.TIMESTAMP_NOT_EMPTY);
+            }
+        }
+
+        // 校验AccessToken
+        String accessToken = MD5Util.getMD5(screenPopulationProperties.getScreenAppId().concat(ts));
+        if (!headerAccessToken.equals(accessToken)) {
+            throw new RenException(ErrorCode.ACCESS_TOKEN_INVALID);
+        }
+        return;
+    }
+    /**
+     * Return request current thread bound or null if none bound.
+     *
+     * @return Current request or null
+     */
+    private HttpServletRequest currentRequest() {
+        // Use getRequestAttributes because of its return null if none bound
+        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        return Optional.ofNullable(servletRequestAttributes).map(ServletRequestAttributes::getRequest).orElse(null);
+    }
+
+}
--- a/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/controller/ApiScreenPopulationController.java
+++ b/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/java/com/elink/esua/epdc/controller/ApiScreenPopulationController.java
@ -1,6 +1,6 @@
 package com.elink.esua.epdc.controller;

-import com.elink.esua.epdc.commons.tools.annotation.ReportData;
+import com.elink.esua.epdc.annotation.ReportData;
 import com.elink.esua.epdc.commons.tools.utils.Result;
 import com.elink.esua.epdc.commons.tools.validator.ValidatorUtils;
 import com.elink.esua.epdc.dto.DeptOption;
--- a/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/resources/application.yml
+++ b/esua-epdc/epdc-module/epdc-api/epdc-api-server/src/main/resources/application.yml
@ -145,4 +145,10 @@ rocketmq:
    group: @rocketmq.producer.group@
  consumer:
    group: @rocketmq.consumer.group@
-    points-group: @rocketmq.consumer.points.group@
+    points-group: @rocketmq.consumer.points.group@
+
+
+js:
+  screen:
+    population:
+      screenAppId: 9ce9fc63460401e7a3b3a6cab3b9c126