czg_team/wx-cashier-service
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

版本控制 token校验

Browse Source
This commit is contained in:
wangw
2024-04-08 09:13:31 +08:00
parent a07b70d86c
commit 74f2f9e789
4 changed files with 78 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
src/main/java/com/chaozhanggui/system/cashierservice/auth/LoginFilter.java
View File

@@ -37,7 +37,7 @@ public class LoginFilter implements Filter {
"css/**",
"js/**",
"cashierService/phoneValidateCode",//验证码
"cashierService/location/**",//
"cashierService/location/**",//高德 获取行政区域
"cashierService/home/homePageUp",//首页上半
"cashierService/home",//首页
"cashierService/login/**"//登录部分接口不校验
@@ -67,43 +67,45 @@ public class LoginFilter implements Filter {
chain.doFilter(req, resp);
return;
}
// String environment = request.getHeader("environment");
// //token校验目前只对app生效
// if (StringUtils.isNotBlank(environment) || !environment.equals("app")) {
// chain.doFilter(req, resp);
// return;
// }
// // 判断用户TOKEN是否存在
// String token = request.getHeader("token");
// if (StringUtils.isBlank(token)) {
// Result result = new Result(CodeEnum.TOKEN_EXEIST);
// String jsonString = JSONObject.toJSONString(result);
// JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
// response.getWriter().print(jsonObject);
// response.getWriter().flush();//流里边的缓存刷出
// return;
// }
// //获取当前登录人的用户id
// String loginName = TokenUtil.parseParamFromToken(token, "userId").toString();
// //获取redis中的token
// String message = redisUtil.getMessage(RedisCst.ONLINE_APP_USER.concat(loginName));
// if (StringUtils.isBlank(message)) {
// Result result = new Result(CodeEnum.TOKEN_EXPIRED);
// String jsonString = JSONObject.toJSONString(result);
// JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
// response.getWriter().print(jsonObject);
// response.getWriter().flush();//流里边的缓存刷出
// return;
// }
// String redisToken = JSON.parseObject(message).getString("token");
// if (!token.equals(redisToken)) {
// Result result = new Result(CodeEnum.TOKEN_EXPIRED);
// String jsonString = JSONObject.toJSONString(result);
// JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
// response.getWriter().print(jsonObject);
// response.getWriter().flush();//流里边的缓存刷出
// return;
// }
//environment 环境标识 wx app 后续environment不可为空
String environment = request.getHeader("environment");
//token校验目前只对app生效
if (StringUtils.isBlank(environment) || !environment.equals("app")) {
chain.doFilter(req, resp);
return;
}
// 判断用户TOKEN是否存在
String token = request.getHeader("token");
if (StringUtils.isBlank(token)) {
Result result = new Result(CodeEnum.TOKEN_EXEIST);
String jsonString = JSONObject.toJSONString(result);
JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
response.getWriter().print(jsonObject);
response.getWriter().flush();//流里边的缓存刷出
return;
}
//获取当前登录人的用户id
String loginName = TokenUtil.parseParamFromToken(token, "userId").toString();
//获取redis中的token
String message = redisUtil.getMessage(RedisCst.ONLINE_APP_USER.concat(loginName));
if (StringUtils.isBlank(message)) {
Result result = new Result(CodeEnum.TOKEN_EXPIRED);
String jsonString = JSONObject.toJSONString(result);
JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
response.getWriter().print(jsonObject);
response.getWriter().flush();//流里边的缓存刷出
return;
}
String redisToken = JSON.parseObject(message).getString("token");
if (!token.equals(redisToken)) {
Result result = new Result(CodeEnum.TOKEN_EXPIRED);
String jsonString = JSONObject.toJSONString(result);
JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
response.getWriter().print(jsonObject);
response.getWriter().flush();//流里边的缓存刷出
return;
}
chain.doFilter(req, resp);
}

61
src/main/java/com/chaozhanggui/system/cashierservice/config/AppApiMethodAspect.java
View File

@@ -1,61 +0,0 @@
//package com.chaozhanggui.system.cashierservice.config;
//
//import com.chaozhanggui.system.cashierservice.redis.RedisCst;
//import com.chaozhanggui.system.cashierservice.redis.RedisUtil;
//import com.chaozhanggui.system.cashierservice.sign.CodeEnum;
//import lombok.extern.slf4j.Slf4j;
//import org.apache.commons.lang3.StringUtils;
//import org.aspectj.lang.ProceedingJoinPoint;
//import org.aspectj.lang.annotation.Around;
//import org.aspectj.lang.annotation.Aspect;
//import org.aspectj.lang.annotation.Pointcut;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.stereotype.Component;
//import com.chaozhanggui.system.cashierservice.sign.Result;
//import org.springframework.web.context.request.RequestContextHolder;
//import org.springframework.web.context.request.ServletRequestAttributes;
//
//import javax.servlet.http.HttpServletRequest;
//import java.util.Objects;
//
///**
// * 方法调用统一切面处理
// */
//@Aspect
//@Component
//@Slf4j
//public class AppApiMethodAspect {
//
// @Autowired
// RedisUtil redisUtil;
//
// @Pointcut("execution(public * (" +
// "com.chaozhanggui.system.cashierservice.controller.* " +
// ").*(..))")
// public void pkg() {
// }
//
// @Around("pkg()")
// public Object around(ProceedingJoinPoint pjp) throws Throwable {
// HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
// HttpServletRequest req = request;
// //version版本号
// //type: ios; android;
// //environment:app;wx
//// String environment = req.getHeader("environment");
//// if (StringUtils.isNotBlank(environment) && environment.equals("app")) {
//// String type = req.getHeader("type");
//// String version = req.getHeader("version");
//// //LDBL_APP_VERSION:ios:version 存在即需要强制更新
//// String message = redisUtil.getMessage(RedisCst.LDBL_APP_VERSION + type + ":" + version);
//// if (StringUtils.isNotBlank(message)) {
//// return Result.success(CodeEnum.UPGRADE_REQUIRED, message);
//// }
//// }
//
// // 执行被拦截的方法
// Object result = pjp.proceed();
// return result;
//
// }
//}

54
src/main/java/com/chaozhanggui/system/cashierservice/interceptor/SignInterceptor.java
View File

@@ -2,10 +2,14 @@ package com.chaozhanggui.system.cashierservice.interceptor;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.json.JSONUtil;
import com.chaozhanggui.system.cashierservice.redis.RedisCst;
import com.chaozhanggui.system.cashierservice.redis.RedisUtil;
import com.chaozhanggui.system.cashierservice.sign.CodeEnum;
import com.chaozhanggui.system.cashierservice.sign.Result;
import com.chaozhanggui.system.cashierservice.sign.SginAnot;
import com.chaozhanggui.system.cashierservice.sign.SignEnum;
import com.chaozhanggui.system.cashierservice.util.*;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -42,16 +46,31 @@ public class SignInterceptor implements HandlerInterceptor {
String requestURI = request.getRequestURI();
String token=request.getHeader("token");
String token = request.getHeader("token");
String type=request.getHeader("type");
// String type=request.getHeader("type");
if(ignoreUrl.contains(requestURI)){
if (ignoreUrl.contains(requestURI)) {
return true;
}
// version版本号
// type: ios; android;
// environment:app;wx
String environment = request.getHeader("environment");
if (StringUtils.isNotBlank(environment) && environment.equals("app")) {
String type = request.getHeader("type");
String version = request.getHeader("version");
//LDBL_APP_VERSION:ios:version 存在即需要强制更新
String message = redisUtil.getMessage(RedisCst.LDBL_APP_VERSION + type + ":" + version);
// 返回false表示拦截器的处理已完成请求不再继续向下执行
if (StringUtils.isNotBlank(message)) {
response.getWriter().write(JSONUtil.toJsonStr(Result.success(CodeEnum.UPGRADE_REQUIRED, message.replaceAll("\"", ""))));
response.getWriter().flush();
return false;
}
}
String ip = IpUtil.getIpAddr(request);
@@ -63,9 +82,9 @@ public class SignInterceptor implements HandlerInterceptor {
}
if("C".equals(type)){
String openId=request.getHeader("openId");
}
// if("C".equals(type)){
// String openId=request.getHeader("openId");
// }
return true;
@@ -79,27 +98,27 @@ public class SignInterceptor implements HandlerInterceptor {
} else if (enumm == SignEnum.SHA1) {
return SHA1Util.check(map);
} else if (enumm == SignEnum.RSA) {
Map<String,Object> data=(HashMap)map;
String sign=data.get("sign").toString();
return RSAUtils.verify(JSONUtil.toJsonStr(data.get("data")),RSAUtils.getPublicKey(publicKey),sign);
Map<String, Object> data = (HashMap) map;
String sign = data.get("sign").toString();
return RSAUtils.verify(JSONUtil.toJsonStr(data.get("data")), RSAUtils.getPublicKey(publicKey), sign);
}
return false;
}
public Map<String,Object> getMap(Object obj){
Map<String,Object> map=new HashMap<String,Object>();
if(obj==null){
public Map<String, Object> getMap(Object obj) {
Map<String, Object> map = new HashMap<String, Object>();
if (obj == null) {
return null;
}
if(obj instanceof Map){
map=(Map<String, Object>) obj;
}else{
if (obj instanceof Map) {
map = (Map<String, Object>) obj;
} else {
map = BeanUtil.transBean2Map(obj);
}
if(map.containsKey("sign")){
if (map.containsKey("sign")) {
map.remove("sign");
}
return map;
@@ -108,6 +127,7 @@ public class SignInterceptor implements HandlerInterceptor {
/**
* 把request转为map
*
* @param request
* @return
*/

2
src/main/java/com/chaozhanggui/system/cashierservice/sign/CodeEnum.java
View File

@@ -5,7 +5,7 @@ public enum CodeEnum {
//系统编码
SYS_EXCEPTION("999",false,"系统异常","fail"),
SUCCESS("0",false,"成功","success"),
UPGRADE_REQUIRED("426",true,"成功","success"),
UPGRADE_REQUIRED("426",false,"成功","success"),
ENCRYPT("0",true,"成功","success"),
FAIL("1",false,"失败","fail"),
TOKEN_EXEIST("-2",false,"token不能为空","fail"),