| | |
|---|
| | | package com.yeshi.fanli.aspect;
|
|---|
| | |
|
|---|
| | | import java.io.IOException;
|
|---|
| | | import java.io.PrintWriter;
|
|---|
| | | import java.util.ArrayList;
|
|---|
| | | import java.util.Arrays;
|
|---|
| | |
|---|
| | | import org.springframework.stereotype.Component;
|
|---|
| | | import org.springframework.web.context.request.RequestContextHolder;
|
|---|
| | | import org.springframework.web.context.request.ServletRequestAttributes;
|
|---|
| | | import org.springframework.web.multipart.MultipartFile;
|
|---|
| | | import org.springframework.web.multipart.MultipartHttpServletRequest;
|
|---|
| | | import org.yeshi.utils.JsonUtil;
|
|---|
| | |
|
|---|
| | | import com.yeshi.fanli.entity.accept.AcceptData;
|
|---|
| | | import com.yeshi.fanli.log.LogHelper;
|
|---|
| | | import com.yeshi.fanli.util.Constant;
|
|---|
| | | import com.yeshi.fanli.util.StringUtil;
|
|---|
| | | import com.yeshi.fanli.util.ThreadUtil;
|
|---|
| | |
|
|---|
| | | import net.sf.json.JSONObject;
|
|---|
| | |
|
|---|
| | |
|---|
| | | @Aspect
|
|---|
| | | @Order(2)
|
|---|
| | | public class SignValidateAspect {
|
|---|
| | | public static final String EDP = "execution(* com.yeshi.fanli.controller.client.*.*(..))";
|
|---|
| | | public static final String EDP = "execution(* com.yeshi.fanli.controller.client.*.*.*(..))";
|
|---|
| | |
|
|---|
| | | public static String KEY = "";
|
|---|
| | |
|
|---|
| | |
|---|
| | | }
|
|---|
| | |
|
|---|
| | | @Around(EDP)
|
|---|
| | | public Object testAround(ProceedingJoinPoint joinPoint) throws IOException {
|
|---|
| | | public Object testAround(ProceedingJoinPoint joinPoint) throws Throwable {
|
|---|
| | | Object[] args = joinPoint.getArgs();
|
|---|
| | | PrintWriter out = null;
|
|---|
| | | ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
|
|---|
| | |
|---|
| | | // 签名是否正确
|
|---|
| | | if (isRight) {
|
|---|
| | | // 判断签名超时
|
|---|
| | | // if (Math.abs((Long.parseLong(acceptData.getTime()) -
|
|---|
| | | // System.currentTimeMillis())) > 1000 * 60 * 10) {
|
|---|
| | | // JSONObject data = new JSONObject();
|
|---|
| | | // data.put("code", -2);
|
|---|
| | | // data.put("msg", "时间错误");
|
|---|
| | | // out.print(data);
|
|---|
| | | // out.close();
|
|---|
| | | // return null;
|
|---|
| | | // }
|
|---|
| | | // uid
|
|---|
| | | if (Math.abs((Long.parseLong(acceptData.getTime()) - System.currentTimeMillis())) > 1000 * 60 * 10) {
|
|---|
| | | JSONObject data = new JSONObject();
|
|---|
| | | data.put("code", -2);
|
|---|
| | | data.put("msg", "时间错误");
|
|---|
| | | out.print(data);
|
|---|
| | | out.close();
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | final String url = request.getRequestURI();
|
|---|
| | | @SuppressWarnings("unchecked")
|
|---|
| | | final Map<String, Object> params = request.getParameterMap();
|
|---|
| | | ThreadUtil.run(new Runnable() {
|
|---|
| | | @Override
|
|---|
| | | public void run() {
|
|---|
| | | // 记录请求日志
|
|---|
| | | LogHelper.requestInfo(url, params);
|
|---|
| | | }
|
|---|
| | | });
|
|---|
| | |
|
|---|
| | | Object obj = null;
|
|---|
| | | try {
|
|---|
| | | long startTime = System.currentTimeMillis();
|
|---|
| | | obj = joinPoint.proceed(args);
|
|---|
| | | } catch (Throwable e) {
|
|---|
| | | e.printStackTrace();
|
|---|
| | | try {
|
|---|
| | | LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
|
|---|
| | | } catch (Exception e1) {
|
|---|
| | | e1.printStackTrace();
|
|---|
| | | final long responseTime = System.currentTimeMillis() - startTime;
|
|---|
| | | // 记录大于2s的请求
|
|---|
| | | if (responseTime >= 2000) {
|
|---|
| | | ThreadUtil.run(new Runnable() {
|
|---|
| | |
|
|---|
| | | @Override
|
|---|
| | | public void run() {
|
|---|
| | | LogHelper.requestTime(url, params, responseTime);
|
|---|
| | | }
|
|---|
| | | });
|
|---|
| | |
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | } catch (Throwable e) {
|
|---|
| | | LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
|
|---|
| | | if (!Constant.IS_TEST)
|
|---|
| | | out.print(JsonUtil.loadFalseResult(90009, "服务器内部错误"));
|
|---|
| | | else
|
|---|
| | | throw e;
|
|---|
| | | }
|
|---|
| | | return obj;
|
|---|
| | | } else {
|
|---|
| | |
|---|
| | | data.put("msg", "签名错误");
|
|---|
| | | out.print(data);
|
|---|
| | | out.close();
|
|---|
| | | LogHelper.error("签名错误:" + getHttpServletParams(request));
|
|---|
| | | LogHelper.error("签名错误:" + request.getRequestURI() + "-" + getHttpServletParams(request));
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|---|
| | | while (its.hasNext()) {
|
|---|
| | | String key = its.next();
|
|---|
| | |
|
|---|
| | | if (key.equalsIgnoreCase("callback")) {
|
|---|
| | | fromWEB = true;
|
|---|
| | | }
|
|---|
| | | // if (key.equalsIgnoreCase("callback")) {
|
|---|
| | | // fromWEB = true;
|
|---|
| | | // }
|
|---|
| | |
|
|---|
| | | if (key.equalsIgnoreCase("sign") || key.equalsIgnoreCase("callback") || key.equalsIgnoreCase("_")) {
|
|---|
| | | continue;
|
|---|
| | |
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public static boolean signIsRight(JSONObject json) {
|
|---|
| | | List<String> list = new ArrayList<>();
|
|---|
| | | for (Iterator<String> its = json.keySet().iterator(); its.hasNext();) {
|
|---|
| | | String key = its.next();
|
|---|
| | | if (!key.equalsIgnoreCase("sign"))
|
|---|
| | | list.add(key + "=" + json.optString(key));
|
|---|
| | | }
|
|---|
| | | Collections.sort(list);
|
|---|
| | | String str = "";
|
|---|
| | | for (String st : list) {
|
|---|
| | | str += st + "&";
|
|---|
| | | }
|
|---|
| | | String sign = StringUtil.Md5(str + KEY);
|
|---|
| | | if (sign.equalsIgnoreCase(json.optString("sign"))) {
|
|---|
| | | return true;
|
|---|
| | | } else {
|
|---|
| | | return false;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | }
|
|---|
