openApi基本完成

4 years ago · 41c0a15f8f
6 changed files with 26 additions and 16 deletions
--- a/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
+++ b/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
@ -94,6 +94,7 @@ public class OpenApiSignUtils {
        HashMap<String, String> content = new HashMap<>();
        content.put("orgId", "aaa");
        content.put("test", null);
        content.put("app_id", "7d98b8af2d05752b4225709c4cfd4bd0");
        content.put("timestamp", String.valueOf(now));
        content.put("nonce", uuid);
        content.put("auth_type", "take_token");
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
@ -393,8 +393,8 @@ public class RedisKeys {
 	 * @author wxz
 	 * @date 2021.03.23 10:25
 	*/
-	public static String getOpenApiAccessTokenKey(String accessToken) {
+	public static String getOpenApiAccessTokenKey(String appId) {
-		return rootPrefix.concat("openapi:accesstoken:").concat(accessToken);
+		return rootPrefix.concat("openapi:accesstoken:").concat(appId);
 	}
 	/**
--- a/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExtAppFetchTokenAuthProcessor.java
@ -23,22 +23,29 @@ import org.springframework.web.server.ServerWebExchange;
 * 外部应用认证处理器：来平台token的方式
 */
@Component
-public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
+public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {
    @Autowired
    private JwtUtils jwtTokenUtils;
    @Autowired
    private RedisUtils redisUtils;
    @Override
    public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
        String secret = getSecret(appId);
-        if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
+        // 1.过期验证
        String accessTokenInCache = redisUtils.getString(RedisKeys.getOpenApiAccessTokenKey(appId));
        if (StringUtils.isBlank(accessTokenInCache) ||
                jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
            throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
                    EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
        }
        // 2.验签
-        // 验签暂时放到具体接口中
+        // 验签暂时放到具体接口中，不放在gateway
        //openApiSignUtils.checkSign();
        // 2. 获取claims
@ -47,8 +54,8 @@ public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
        if (!appId.equals(appIdInAccessToken)) {
            // 参数列表的appId和token中封装的不一致
-            throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
+            throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getCode(),
-                    EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
+                    EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getMsg());
        }
        // 3.将app_id放入header中
--- a/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
@ -50,7 +50,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
    private ExtAppMD5AuthProcessor md5AuthProcessor;
    @Autowired
-    private ExtAppFetchTokenAuthProcessor fetchTokenAuthProcessor;
+    private ExtAppTakeTokenAuthProcessor takeTokenAuthProcessor;
    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
@ -112,7 +112,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
                if (StringUtils.isBlank(appId)) {
                    throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_MISSING.getCode(),"缺少参数".concat(RequestParamKeys.APP_ID));
                }
-                fetchTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
+                takeTokenAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
            } else {
                throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
            }
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
@ -26,15 +26,10 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.servlet.http.HttpServletRequest;
 import java.beans.IntrospectionException;
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Parameter;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 /**
 * OpenApi检查请求切面
@ -90,6 +85,12 @@ public class OpenApiRequestCheckAspect {
        checkRepeatRequest(argMap);
    }
    /**
     * @Description 填充url请求参数到map中，用来签名
     * @return
     * @author wxz
     * @date 2021.03.26 10:13
    */
    private void fillRequestParamsInfoArgMap(Map<String, String> argMap, HttpServletRequest request) {
        fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.APP_ID);
        fillRequestParamsInfoArgMap(argMap, request, RequestParamKeys.AUTH_TYPE);
@ -116,7 +117,7 @@ public class OpenApiRequestCheckAspect {
        }
        long timestamp = Long.valueOf(timestampStr).longValue();
        long now = System.currentTimeMillis();
-        long requestTimeDiff = 60000;
+        long requestTimeDiff = 120000;
        if (Math.abs(now - timestamp) > requestTimeDiff) {
            // 只允许1分钟之内的请求，允许服务器之间时差为1分钟
            throw new RenException(String.format("请求已过时，允许时差为%s ms", requestTimeDiff));
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/service/impl/OpenApiAccessTokenServiceImpl.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/service/impl/OpenApiAccessTokenServiceImpl.java
@ -4,6 +4,7 @@ import com.epmet.commons.security.jwt.JwtUtils;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.config.OpenApiConfig;
 import com.epmet.openapi.constant.RequestParamKeys;
 import com.epmet.service.OpenApiAccessTokenService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@ -25,7 +26,7 @@ public class OpenApiAccessTokenServiceImpl implements OpenApiAccessTokenService
    @Override
    public String getAccessToken(String appId, String secret) {
        HashMap<String, Object> claim = new HashMap<>();
-        claim.put("appId", appId);
+        claim.put(RequestParamKeys.APP_ID, appId);
        String token = jwtTokenUtils.createToken(claim, openApiConfig.getAccessTokenExpire(), secret);