location-server.git

			@@ -1,14 +1,23 @@
			package com.yeshi.location.app.aop;

			import com.yeshi.location.app.entity.config.SystemConfigKey;
			import com.yeshi.location.app.service.inter.config.SystemConfigService;
			import com.yeshi.location.app.utils.ApiCodeConstant;
			import com.yeshi.location.app.utils.SystemInfoUtil;
			import com.yeshi.location.app.vo.AcceptData;
			import net.sf.json.JSONObject;
			import org.aspectj.lang.ProceedingJoinPoint;
			import org.aspectj.lang.annotation.Around;
			import org.aspectj.lang.annotation.Aspect;
			import org.springframework.core.annotation.Order;
			import org.springframework.stereotype.Component;
			import org.springframework.web.context.request.RequestContextHolder;
			import org.springframework.web.context.request.ServletRequestAttributes;
			import org.yeshi.utils.JsonUtil;
			import org.yeshi.utils.StringUtil;

			import javax.annotation.Resource;
			import javax.servlet.http.HttpServletRequest;
			import java.io.PrintWriter;
			import java.util.*;

			//客户端接口签名验证
			@@ -17,28 +26,73 @@
			@Order(2)
			public class SignValidate {

			private String getHttpServletParams(HttpServletRequest request) {
			if (request == null) {
			return "";
			}
			Map map = request.getParameterMap();
			if (map != null) {
			Iterator<String> its = map.keySet().iterator();
			JSONObject json = new JSONObject();
			while (its.hasNext()) {
			String next = its.next();
			if (map.get(next) != null) {
			Object[] objects = (Object[]) map.get(next);
			if (objects != null && objects.length > 0) {
			json.put(next, objects[0].toString());
			}
			}
			public static final String EDP = "execution(* com.yeshi.location.app.controller.client...(..))";

			@Resource
			private SystemConfigService systemConfigService;

			@Around(EDP)
			public Object around(ProceedingJoinPoint joinPoint) throws Throwable {

			Object[] args = joinPoint.getArgs();
			ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
			.getRequestAttributes();
			PrintWriter out = null;//servletContainer.getResponse().getWriter();
			AcceptData acceptData = null;
			for (Object obj : args) {
			if (obj instanceof AcceptData) {
			acceptData = (AcceptData) obj;
			break;
			}
			return json.toString();
			}
			return "";

			if (acceptData != null) {
			acceptData.setSystem(SystemInfoUtil.getSystem(acceptData.getPlatform(), acceptData.getPackages()));
			}

			boolean signIsRight = true;//signIsRight(servletContainer.getRequest(), acceptData);
			if (!signIsRight) {
			return (JsonUtil.loadFalseResult(ApiCodeConstant.CODE_FAIL_SIGN_ERROR, "签名错误"));
			}

			if (Math.abs((acceptData.getTimestamp() - System.currentTimeMillis())) > 1000 * 60 * 10) {
			out.print(JsonUtil.loadFalseResult(ApiCodeConstant.CODE_FAIL_OUT_TIME, "时间错误"));
			return null;
			}

			return joinPoint.proceed();
			}

			/**
			* 判断签名的正确性 Android version>50
			*
			* @param request
			* @return
			*/
			private boolean signIsRight(HttpServletRequest request, AcceptData acceptData) {
			Map<String, String[]> map = request.getParameterMap();
			Iterator<String> its = map.keySet().iterator();
			List<String> list = new ArrayList<>();


			while (its.hasNext()) {
			String key = its.next();
			if (key.equalsIgnoreCase("sign") \|\| key.equalsIgnoreCase("callback") \|\| key.equalsIgnoreCase("_")) {
			continue;
			}
			String[] values = map.get(key);
			list.add(key + "=" + values[0]);
			}
			Collections.sort(list);
			String str = "";
			for (String st : list) {
			str += st + "&";
			}
			String key = systemConfigService.getValueCache(acceptData.getSystem(), SystemConfigKey.signKey);
			String sign = StringUtil.Md5(str + key);
			if (sign.equalsIgnoreCase(request.getParameter("sign") + "")) {
			return true;
			} else {
			return false;
			}
			}
			}