diff --git a/epmet-commons/epmet-commons-openapi/pom.xml b/epmet-commons/epmet-commons-openapi/pom.xml
deleted file mode 100644
index 61a6197357..0000000000
--- a/epmet-commons/epmet-commons-openapi/pom.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
-
- 2.0.0
-
- epmet-commons
- com.epmet
- 2.0.0
-
- 4.0.0
-
- epmet-commons-openapi
-
-
-
\ No newline at end of file
diff --git a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/HeaderFieldKeys.java b/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/HeaderFieldKeys.java
deleted file mode 100644
index 35dfff71db..0000000000
--- a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/HeaderFieldKeys.java
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.epmet.commons.openapi.constants;
-
-public interface HeaderFieldKeys {
-
- String APP_ID = "AppId";
-
-}
diff --git a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestBodyFieldKeys.java b/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestBodyFieldKeys.java
deleted file mode 100644
index 3c461a6c69..0000000000
--- a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestBodyFieldKeys.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package com.epmet.commons.openapi.constants;
-
-/**
- * 请求体字段key
- */
-public interface RequestBodyFieldKeys {
-
- String APP_ID = "appId";
-
-}
diff --git a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestParamKeys.java b/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestParamKeys.java
deleted file mode 100644
index 08c6c092b1..0000000000
--- a/epmet-commons/epmet-commons-openapi/src/main/java/com/epmet/commons/openapi/constants/RequestParamKeys.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package com.epmet.commons.openapi.constants;
-
-/**
- * url请求参数key
- */
-public class RequestParamKeys {
-
- public static String APP_ID = "app_id";
- public static String AUTH_TYPE = "auth_type";
-
-}
diff --git a/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java b/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
index 306bb5ab3d..9a64226174 100644
--- a/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
+++ b/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
@@ -2,10 +2,7 @@ package com.epmet.commons.security.sign.openapi;
import com.epmet.commons.tools.utils.Md5Util;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
/**
* OpenApi签名工具
@@ -62,16 +59,41 @@ public class OpenApiSignUtils {
return sb.toString();
}
-
public static void main(String[] args) {
+ //generateGetAccessTokenSign();
+ generateGetOrgDetailSign();
+ }
+
+ private static void generateGetAccessTokenSign() {
+ long now = System.currentTimeMillis();
+ System.out.println(now);
HashMap content = new HashMap<>();
- content.put("orgId", "aaa");
- content.put("test", "");
+ content.put("appId", "7d98b8af2d05752b4225709c4cfd4bd0");
+ content.put("timestamp", String.valueOf(now));
+ content.put("nonce", "aaa");
String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";
String sign = createSign(content, secret);
System.out.println(sign);
}
+
+ private static void generateGetOrgDetailSign() {
+ long now = System.currentTimeMillis();
+ String uuid = UUID.randomUUID().toString();
+ System.out.println("时间戳:" + now);
+ System.out.println("随机数:" + uuid);
+
+ HashMap content = new HashMap<>();
+ content.put("orgId", "aaa");
+ content.put("test", null);
+ content.put("timestamp", String.valueOf(now));
+ content.put("nonce", uuid);
+
+ String secret = "3209ee9f41704482be1a1fb5873a25376f2899191ca846119d44168316bc3e44";
+
+ String sign = createSign(content, secret);
+ System.out.println("签名:" + sign);
+ }
}
diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
index e22f5f7983..f83a55d32f 100644
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
@@ -147,7 +147,9 @@ public enum EpmetErrorCode {
// open api异常
OPEN_API_SIGN_ERROR(9100, "签名错误"),
- OPEN_API_SIGN_TOKEN_EXPIRED(9101, "Token过期");
+ OPEN_API_TOKEN_EXPIRED(9101, "Token过期"),
+ OPEN_API_PARAMS_MISSING(9102, "参数不完整"),
+ OPEN_API_PARAMS_APPID_DIFF(9103, "app_id不一致"); // app_id在请求参数中和在token中不一致
private int code;
private String msg;
diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
index 4d21946025..dd5ca2e18a 100644
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
@@ -396,4 +396,14 @@ public class RedisKeys {
public static String getOpenApiAccessTokenKey(String accessToken) {
return rootPrefix.concat("openapi:accesstoken:").concat(accessToken);
}
+
+ /**
+ * @Description 获取OpenApi请求随机数nonce
+ * @return
+ * @author wxz
+ * @date 2021.03.24 17:49
+ */
+ public static String getOpenApiNonceKey(String nonce) {
+ return rootPrefix.concat("openapi:nonce:").concat(nonce);
+ }
}
diff --git a/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
index 728c3b54e0..5954b2bd30 100644
--- a/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
@@ -26,25 +26,19 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
@Autowired
private JwtUtils jwtTokenUtils;
- @Autowired
- private RedisUtils redisUtils;
-
@Override
public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
- // 这种方式不需要其他平台传appId,因此我们自己从redis中取
- appId = (String) redisUtils.get(RedisKeys.getOpenApiAccessTokenKey(token));
-
// 1.token过期校验
if (StringUtils.isBlank(appId)) {
- throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(),
- EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg());
+ throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
+ EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
}
String secret = getSecret(appId);
if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
- throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(),
- EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg());
+ throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
+ EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
}
// 2.验签
@@ -53,13 +47,18 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
// 2. 获取claims
Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
- appId = claims.get("appId", String.class);
+ String appIdInAccessToken = claims.get("appId", String.class);
- if (!StringUtils.isBlank(appId)) {
- ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
- mutate.header("AppId", appId);
- exchange.mutate().request(mutate.build()).build();
+ if (!appId.equals(appIdInAccessToken)) {
+ // 参数列表的appId和token中封装的不一致
+ throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
+ EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
}
+
+ // 3.将app_id放入header中
+ ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
+ mutate.header("AppId", appId);
+ exchange.mutate().request(mutate.build()).build();
}
/**
diff --git a/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
index b2ac9f477e..1b928ac295 100644
--- a/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
@@ -4,6 +4,7 @@ import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.filter.CpProperty;
+import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -13,6 +14,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
+import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
/**
@@ -67,6 +69,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
for (String url : cpProperty.getExternalOpenUrls()) {
if (antPathMatcher.match(url, requestUri)) {
inPaths = true;
+ break;
}
}
@@ -74,6 +77,13 @@ public class ExternalAuthProcessor extends AuthProcessor {
throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放");
}
+ // 放行白名单
+ for (String url : cpProperty.getExternalAuthUrlsWhiteList()) {
+ if (antPathMatcher.match(url, requestUri)) {
+ return exchange;
+ }
+ }
+
HttpHeaders headers = request.getHeaders();
String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);
@@ -99,7 +109,12 @@ public class ExternalAuthProcessor extends AuthProcessor {
}
md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else if (APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) {
- fetchTokenAuthProcessor.auth(null, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
+ String paramName = "app_id";
+ String appId = ServerHttpRequestUtils.getRequestParam(request, paramName);
+ if (StringUtils.isBlank(appId)) {
+ throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode(),"缺少参数".concat(paramName));
+ }
+ fetchTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
} else {
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
}
diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
index bb97dc2be7..c01c553b75 100644
--- a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
@@ -10,6 +10,7 @@ import com.epmet.commons.tools.utils.IpUtils;
import com.epmet.commons.tools.utils.Result;
import com.epmet.constant.AuthTypeConstant;
import com.epmet.constant.TokenHeaderKeyConstant;
+import com.epmet.utils.ServerHttpRequestUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -111,6 +112,11 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory externalOpenUrls;
+ /**
+ * 对外开放url白名单
+ */
+ private List externalAuthUrlsWhiteList;
+
/**
* 不处理token,直接通过
*/
diff --git a/epmet-gateway/src/main/java/com/epmet/utils/ServerHttpRequestUtils.java b/epmet-gateway/src/main/java/com/epmet/utils/ServerHttpRequestUtils.java
new file mode 100644
index 0000000000..334134baa1
--- /dev/null
+++ b/epmet-gateway/src/main/java/com/epmet/utils/ServerHttpRequestUtils.java
@@ -0,0 +1,19 @@
+package com.epmet.utils;
+
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.util.MultiValueMap;
+
+public class ServerHttpRequestUtils {
+
+ /**
+ * @Description 从url中获取appId
+ * @return
+ * @author wxz
+ * @date 2021.03.25 15:13
+ */
+ public static String getRequestParam(ServerHttpRequest request, String paramName) {
+ MultiValueMap queryParams = request.getQueryParams();
+ return queryParams.getFirst(paramName);
+ }
+
+}
diff --git a/epmet-gateway/src/main/resources/bootstrap.yml b/epmet-gateway/src/main/resources/bootstrap.yml
index ce7d55ae65..436d4d9225 100644
--- a/epmet-gateway/src/main/resources/bootstrap.yml
+++ b/epmet-gateway/src/main/resources/bootstrap.yml
@@ -474,6 +474,11 @@ epmet:
- /epmetuser/customerstaff/customerlist
- /message/template/**
- /data/aggregator/project/projectdistribution
+
+ # 对外开放接口认证白名单
+ externalAuthUrlsWhiteList:
+ - /epmet/ext/open-api/get-access-token
+
swaggerUrls:
jwt:
diff --git a/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java b/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
index 4b315ae326..9fe569e75e 100644
--- a/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
+++ b/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/AccessTokenFormDTO.java
@@ -1,17 +1,12 @@
package com.epmet.dto.form;
+import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import lombok.Data;
import javax.validation.constraints.NotBlank;
@Data
-public class AccessTokenFormDTO {
-
- public interface GetAccessTokenGroup {}
-
- // 签名字符串密文
- @NotBlank(message = "签名字段不能为空", groups = { GetAccessTokenGroup.class })
- private String sign;
+public class AccessTokenFormDTO extends OpenApiBaseFormDTO {
// 应用id
@NotBlank(message = "AppId字段不能为空", groups = { GetAccessTokenGroup.class })
diff --git a/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java b/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java
index c9385ece77..68f46e351b 100644
--- a/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java
+++ b/epmet-module/epmet-ext/epmet-ext-client/src/main/java/com/epmet/dto/form/openapi/OpenApiBaseFormDTO.java
@@ -2,12 +2,30 @@ package com.epmet.dto.form.openapi;
import lombok.Data;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+
/**
* open api基础类
*/
@Data
public class OpenApiBaseFormDTO {
+ public interface GetAccessTokenGroup {}
+
+ @NotBlank(message = "签名不能为空", groups = { GetAccessTokenGroup.class })
private String sign;
+ /**
+ * 时间戳,ms
+ */
+ @NotNull(message = "时间戳不能为空", groups = { GetAccessTokenGroup.class })
+ private Long timestamp;
+
+ /**
+ * 随机数,每次请求唯一
+ */
+ @NotBlank(message = "随机字段nonce不能为空", groups = { GetAccessTokenGroup.class })
+ private String nonce;
+
}
diff --git a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiCheckSignAspect.java b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
similarity index 59%
rename from epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiCheckSignAspect.java
rename to epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
index 21953df71a..22f3280c25 100644
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiCheckSignAspect.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
@@ -26,6 +26,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.beans.IntrospectionException;
+import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Parameter;
@@ -33,10 +34,15 @@ import java.util.Arrays;
import java.util.Map;
import java.util.Set;
+/**
+ * OpenApi检查请求切面
+ * 1.验签防止参数篡改
+ * 2.timestamp+nonce防止请求重放攻击
+ */
@Aspect
@Component
@Order(1)
-public class OpenApiCheckSignAspect {
+public class OpenApiRequestCheckAspect {
@Autowired
private RedisUtils redisUtils;
@@ -53,27 +59,60 @@ public class OpenApiCheckSignAspect {
* @date 2021.03.24 13:39
*/
@Before("execution(* com.epmet.controller.*Controller*.*(..)) && @annotation(com.epmet.annotation.OpenApiCheckSign)")
- public void checkSign(JoinPoint point) {
+ public void check(JoinPoint point) {
Object[] args = point.getArgs();
MethodSignature methodSignature = (MethodSignature) point.getSignature();
Method method = methodSignature.getMethod();
Parameter[] parameters = method.getParameters();
+
+ HttpServletRequest request = getRequest();
+ String appId = request.getHeader("AppId");
+
for (int i = 0; i < parameters.length; i++) {
if (parameters[i].isAnnotationPresent(RequestBody.class)) {
- Map argMap = null;
+ Map argMap;
try {
argMap = ConvertUtils.entityToMap(args[i]);
} catch (Exception e) {
throw new RenException("验签参数转化发生异常");
}
- if (!OpenApiSignUtils.checkSign(argMap, getSecret(getAppId()))) {
+
+ argMap.put("");
+
+ if (!OpenApiSignUtils.checkSign(argMap, getSecret(appId))) {
// 验签失败
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode());
}
+ checkRepeatRequest(argMap);
}
}
}
+ /**
+ * 检查请求重放
+ * @param argMap
+ */
+ void checkRepeatRequest(Map argMap) {
+ String timestampStr = argMap.get("timestamp");
+ if (StringUtils.isBlank(timestampStr)) {
+ throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode());
+ }
+ long timestamp = Long.valueOf(timestampStr).longValue();
+ long now = System.currentTimeMillis();
+ long requestTimeDiff = 60000;
+ if (Math.abs(now - timestamp) > requestTimeDiff) {
+ // 只允许1分钟之内的请求,允许服务器之间时差为1分钟
+ throw new RenException(String.format("请求已过时,允许时差为%s ms", requestTimeDiff));
+ }
+ String nonce = argMap.get("nonce");
+ String nonceInCache = redisUtils.getString(RedisKeys.getOpenApiNonceKey(nonce));
+ if (StringUtils.isNotBlank(nonceInCache)) {
+ throw new RenException("请求重复");
+ }
+ //将nonce缓存到redis,有效期1分钟
+ redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), "1", requestTimeDiff);
+ }
+
/**
* @return
* @Description 取secret
@@ -114,12 +153,42 @@ public class OpenApiCheckSignAspect {
* @author wxz
* @date 2021.03.24 12:53
*/
- public String getAppId() {
- HttpServletRequest request = getRequest();
- String appId = request.getHeader("AppId");
- if (StringUtils.isBlank(appId)) {
- throw new RenException("请求头中未携带AppId");
- }
- return appId;
+ //public String getAppId(Parameter[] parameters, Object[] args) {
+ // HttpServletRequest request = getRequest();
+ // String appId = request.getHeader("AppId");
+ // if (StringUtils.isBlank(appId)) {
+ // for (int i = 0; i < parameters.length; i++) {
+ // if (parameters[i].isAnnotationPresent(RequestBody.class)) {
+ // Object arg = args[i];
+ // try {
+ // appId = getAppIdFromDTO(arg);
+ // } catch (IllegalAccessException e) {
+ // e.printStackTrace();
+ // }
+ // }
+ // }
+ // }
+ // if (StringUtils.isBlank(appId)) {
+ // throw new RenException("未携带AppId");
+ // }
+ // return appId;
+ //}
+
+ //private String getAppIdFromDTO(Object dto) throws IllegalAccessException {
+ // Field[] declaredFields = dto.getClass().getDeclaredFields();
+ // for (int i = 0; i < declaredFields.length; i++) {
+ // Field field = declaredFields[i];
+ // String fieldName = field.getName();
+ // if ("appId".equals(fieldName)) {
+ // field.setAccessible(true);
+ // String value = (String) field.get(dto);
+ // return value;
+ // }
+ // }
+ // return null;
+ //}
+
+ public static void main(String[] args) {
+ System.out.println(System.currentTimeMillis());
}
}
diff --git a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
index 1580ca1b6a..c189e2fb3b 100644
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
@@ -1,5 +1,6 @@
package com.epmet.controller;
+import com.epmet.annotation.OpenApiCheckSign;
import com.epmet.commons.security.sign.openapi.OpenApiSignUtils;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils;
@@ -10,6 +11,7 @@ import com.epmet.commons.tools.utils.ConvertUtils;
import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.validator.ValidatorUtils;
import com.epmet.dto.form.AccessTokenFormDTO;
+import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.service.OpenApiAccessTokenService;
import org.apache.commons.lang3.StringUtils;
@@ -45,10 +47,11 @@ public class OpenApiAccessTokenController {
* @author wxz
* @date 2021.03.23 09:52
*/
+ @OpenApiCheckSign
@PostMapping("get-access-token")
public Result getAccessToken(@RequestBody AccessTokenFormDTO input) {
// 1.校验参数
- ValidatorUtils.validateEntity(input);
+ ValidatorUtils.validateEntity(input, OpenApiBaseFormDTO.GetAccessTokenGroup.class);
String appId = input.getAppId();
// 2.取secret
@@ -65,21 +68,6 @@ public class OpenApiAccessTokenController {
redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret);
}
- // 3.验签
- try {
- if (!OpenApiSignUtils.checkSign(ConvertUtils.entityToMap(input), secret)) {
- throw new RenException(EpmetErrorCode.OPEN_API_SIGN_ERROR.getCode(), EpmetErrorCode.OPEN_API_SIGN_ERROR.getMsg());
- }
- } catch (RenException e) {
- // 如果是自己抛出的异常则继续抛出
- throw e;
- } catch (Exception e) {
- // 是其他意外发生的异常
- String errorStackTrace = ExceptionUtils.getErrorStackTrace(e);
- logger.error("验签发生未知异常:{}", errorStackTrace);
- throw new RenException("验签发生未知异常,请查看ext服务详细日志");
- }
-
//4.生成token
String accessToken = openApiAccessTokenService.getAccessToken(appId, secret);
return new Result().ok(accessToken);
diff --git a/pom.xml b/pom.xml
index b0d6621300..9420c9ff24 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
epmet-module
epmet-user
epmet-openapi
-
+
UTF-8