package com.everyday.word.aspect;
|
|
|
import com.everyday.word.utils.Constant;
|
import com.everyday.word.utils.SystemInfoUtil;
|
import com.everyday.word.vo.AcceptData;
|
import net.sf.json.JSONObject;
|
import org.aspectj.lang.ProceedingJoinPoint;
|
import org.aspectj.lang.annotation.Around;
|
import org.aspectj.lang.annotation.Aspect;
|
import org.springframework.core.annotation.Order;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.context.request.RequestContextHolder;
|
import org.springframework.web.context.request.ServletRequestAttributes;
|
import org.yeshi.utils.JsonUtil;
|
import org.yeshi.utils.StringUtil;
|
|
import javax.servlet.http.HttpServletRequest;
|
import java.io.PrintWriter;
|
import java.util.*;
|
|
/**
|
* @author hxh
|
* @description 客户端签名验证
|
* @date 16:33 2025/2/11
|
* @return
|
**/
|
@Component
|
@Aspect
|
@Order(2)
|
public class SignValidateAspect {
|
public static final String EDP = "execution(* com.everyday.word.controller.client.*.*.*(..))";
|
|
@Around(EDP)
|
public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
|
Object[] args = joinPoint.getArgs();
|
ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
|
.getRequestAttributes();
|
|
HttpServletRequest request = servletContainer.getRequest();
|
|
AcceptData acceptData = null;
|
for (Object obj : args) {
|
if (obj instanceof AcceptData) {
|
acceptData = (AcceptData) obj;
|
} else if (obj instanceof HttpServletRequest) {
|
request = (HttpServletRequest) obj;
|
}
|
}
|
if (acceptData == null) {
|
servletContainer.getResponse().getWriter().print(JsonUtil.loadFalseResult(-1, "签名错误"));
|
return null;
|
}
|
|
if (acceptData != null) {
|
acceptData.setSystem(SystemInfoUtil.getSystem(acceptData));
|
}
|
boolean isRight = signIsRight(request, acceptData.getSystem().getApiSignKey());
|
// 签名是否正确
|
if (isRight) {
|
// 判断签名超时
|
if (Math.abs((acceptData.getTimestamp() - System.currentTimeMillis())) > 1000 * 60 * 10) {
|
JSONObject data = new JSONObject();
|
data.put("code", -2);
|
data.put("msg", "时间错误");
|
PrintWriter out = servletContainer.getResponse().getWriter();
|
out.print(data);
|
out.close();
|
return null;
|
}
|
|
Object obj = null;
|
try {
|
obj = joinPoint.proceed(args);
|
// 记录大于2s的请求
|
} catch (Throwable e) {
|
if (!Constant.IS_TEST) {
|
PrintWriter out = servletContainer.getResponse().getWriter();
|
out.print(JsonUtil.loadFalseResult(90009, "服务器内部错误"));
|
} else {
|
throw e;
|
}
|
}
|
return obj;
|
} else {
|
PrintWriter out = servletContainer.getResponse().getWriter();
|
out.print(JsonUtil.loadFalseResult(-1, "签名错误"));
|
out.close();
|
return null;
|
}
|
}
|
|
|
/**
|
* 判断签名的正确性
|
*
|
* @param request
|
* @return
|
*/
|
private boolean signIsRight(HttpServletRequest request, String signKey) {
|
Map<String, String[]> map = request.getParameterMap();
|
Iterator<String> its = map.keySet().iterator();
|
List<String> list = new ArrayList<>();
|
boolean fromWEB = false;
|
while (its.hasNext()) {
|
String key = its.next();
|
if (key.equalsIgnoreCase("sign") || key.equalsIgnoreCase("callback") || key.equalsIgnoreCase("_")) {
|
continue;
|
}
|
String[] values = map.get(key);
|
list.add(key + "=" + values[0]);
|
}
|
Collections.sort(list);
|
String str = "";
|
for (String st : list) {
|
str += st + "&";
|
}
|
String sign;
|
if (!fromWEB) {
|
sign = StringUtil.Md5(str + signKey);
|
} else {
|
sign = StringUtil.Md5(str + signKey);
|
}
|
if (sign.equalsIgnoreCase(request.getParameter("sign") + "")) {
|
return true;
|
} else {
|
return false;
|
}
|
}
|
|
}
|
