From b9522d131e168a92c88f23e2c0a3a2df079926b4 Mon Sep 17 00:00:00 2001
From: zhibing.pu <393733352@qq.com>
Date: 星期一, 19 八月 2024 17:43:43 +0800
Subject: [PATCH] 新增加小程序接口
---
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/SignFilter.java | 288 ++++++++++++++++++++++++++++-----------------------------
1 files changed, 141 insertions(+), 147 deletions(-)
diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/SignFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/SignFilter.java
index 7ea17ff..8dac047 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/SignFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/SignFilter.java
@@ -40,155 +40,149 @@
/**
* 网关鉴权
- *
+ *
* @author ruoyi
*/
@Component
public class SignFilter implements GlobalFilter, Ordered {
- private static final Logger log = LoggerFactory.getLogger(SignFilter.class);
-
- // 排除过滤的 uri 地址,nacos自行添加
- @Autowired
- private IgnoreWhiteProperties ignoreWhite;
-
- @Autowired
- private RedisService redisService;
-
- @Value("${security.sign}")
- private boolean parameter_signature;
-
-
- @Override
- public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
- ServerHttpRequest request = exchange.getRequest();
- ServerHttpRequest.Builder mutate = request.mutate();
-
- HttpMethod method = request.getMethod();
- if(method != HttpMethod.POST){
- return chain.filter(exchange.mutate().request(mutate.build()).build());
- }
- String sign = request.getHeaders().getFirst(TokenConstants.SIGN);
- String nonce_str = request.getHeaders().getFirst(TokenConstants.NONCE_STR);
- if (parameter_signature && StringUtils.isEmpty(sign)) {
- return unauthorizedResponse(exchange, "签名不能为空!");
- }
- if (parameter_signature && StringUtils.isEmpty(nonce_str)) {
- return unauthorizedResponse(exchange, "签名不能为空!");
- }
- if(parameter_signature){
- return authSign(exchange, chain, sign, nonce_str);
- }
- return chain.filter(exchange.mutate().request(mutate.build()).build());
- }
-
-
-
- private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
- log.error("[签名异常处理]请求路径:{}", exchange.getRequest().getPath());
- return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.BAD_REQUEST);
- }
-
-
- /**
- * 校验签名
- * @return
- */
- private Mono<Void> authSign(ServerWebExchange exchange, GatewayFilterChain chain, String sign, String nonce_str){
- return DataBufferUtils.join(exchange.getRequest().getBody())
- .flatMap(dataBuffer -> {
- byte[] bytes = new byte[dataBuffer.readableByteCount()];
- dataBuffer.read(bytes);
- String bodyString = new String(bytes, StandardCharsets.UTF_8);
- log.info("请求参数:{}", bodyString);
- if(!authSign(JSON.parseObject(bodyString), sign, nonce_str)){
- return unauthorizedResponse(exchange, "签名验证失败!");
- }
- DataBufferUtils.release(dataBuffer);
- Flux<DataBuffer> cachedFlux = Flux.defer(() -> {
- DataBuffer buffer = exchange.getResponse().bufferFactory()
- .wrap(bytes);
- return Mono.just(buffer);
- });
- ServerHttpRequest mutatedRequest = new ServerHttpRequestDecorator(exchange.getRequest()) {
- @Override
- public Flux<DataBuffer> getBody() {
- return cachedFlux;
- }
- };
- return chain.filter(exchange.mutate().request(mutatedRequest)
- .build());
- });
- }
-
-
-
- /**
- * 签名校验
- * @return
- */
- private boolean authSign(JSONObject jsonStr, String sign, String nonce_str) {
- System.err.println("请求签名:" + sign);
- String signUrlEncode = localSignUrl(jsonStr, nonce_str);
- signUrlEncode = signUrlEncode.replaceAll("& #40;", "\\(")
- .replaceAll("& #41;", "\\)");
- if(sign.equals(signUrlEncode)){
- return true;
- }
- System.err.println("签名值:" + signUrlEncode);
- return false;
- }
-
-
- /**
- * 组装签名路径
- * @param params
- * @return
- */
- public static String localSignUrl(JSONObject params, String key) {
- List<String> keySet = new ArrayList<>(params.keySet());
- // 对所有传入参数按照字段名的 ASCII 码从小到大排序(字典序)
- Collections.sort(keySet, new Comparator<String>() {
- @Override
- public int compare(String o1, String o2) {
- return o1.compareTo(o2);
- }
- });
- // 构造签名键值对的格式
- StringBuilder sb = new StringBuilder();
- for (String k : keySet) {
- String v = params.getString(k);
- if(StringUtils.isNotEmpty(v)){
- sb.append(k + "=" + v + "&");
- }
- }
- String signUrl = sb.substring(0, sb.length() - 1);
- System.err.println("签名串:" + signUrl);
- return signUrlEncode(signUrl, key);
- }
-
-
- /**
- * 签名字符串加密
- * @param signUrl
- * @param encryptKey
- * @return
- */
- public static String signUrlEncode(String signUrl, String encryptKey) {
- byte[] signByte = new byte[0];
- try {
- signByte = HMACSHA1.HmacSHA1Encrypt(signUrl, encryptKey);
- } catch (Exception e) {
- e.printStackTrace();
- throw new RuntimeException(e);
- }
- String localSign = Base64.encodeBase64String(signByte);
- return localSign;
- }
-
-
- @Override
- public int getOrder()
- {
- return -200;
- }
+ private static final Logger log = LoggerFactory.getLogger(SignFilter.class);
+
+ // 排除过滤的 uri 地址,nacos自行添加
+ @Autowired
+ private IgnoreWhiteProperties ignoreWhite;
+
+ @Autowired
+ private RedisService redisService;
+
+ @Value("${security.sign}")
+ private boolean parameter_signature;
+
+ /**
+ * 组装签名路径
+ *
+ * @param params
+ * @return
+ */
+ public static String localSignUrl(JSONObject params, String key) {
+ List<String> keySet = new ArrayList<>(params.keySet());
+ // 对所有传入参数按照字段名的 ASCII 码从小到大排序(字典序)
+ Collections.sort(keySet, new Comparator<String>() {
+ @Override
+ public int compare(String o1, String o2) {
+ return o1.compareTo(o2);
+ }
+ });
+ // 构造签名键值对的格式
+ StringBuilder sb = new StringBuilder();
+ for (String k : keySet) {
+ String v = params.getString(k);
+ if (StringUtils.isNotEmpty(v)) {
+ sb.append(k + "=" + v + "&");
+ }
+ }
+ String signUrl = sb.substring(0, sb.length() - 1);
+ System.err.println("签名串:" + signUrl);
+ return signUrlEncode(signUrl, key);
+ }
+
+ /**
+ * 签名字符串加密
+ *
+ * @param signUrl
+ * @param encryptKey
+ * @return
+ */
+ public static String signUrlEncode(String signUrl, String encryptKey) {
+ byte[] signByte = new byte[0];
+ try {
+ signByte = HMACSHA1.HmacSHA1Encrypt(signUrl, encryptKey);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RuntimeException(e);
+ }
+ String localSign = Base64.encodeBase64String(signByte);
+ return localSign;
+ }
+
+ @Override
+ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+ ServerHttpRequest request = exchange.getRequest();
+ ServerHttpRequest.Builder mutate = request.mutate();
+
+ HttpMethod method = request.getMethod();
+ if (method != HttpMethod.POST) {
+ return chain.filter(exchange.mutate().request(mutate.build()).build());
+ }
+ String sign = request.getHeaders().getFirst(TokenConstants.SIGN);
+ String nonce_str = request.getHeaders().getFirst(TokenConstants.NONCE_STR);
+ if (parameter_signature && StringUtils.isEmpty(sign)) {
+ return unauthorizedResponse(exchange, "签名不能为空!");
+ }
+ if (parameter_signature && StringUtils.isEmpty(nonce_str)) {
+ return unauthorizedResponse(exchange, "签名不能为空!");
+ }
+ if (parameter_signature) {
+ return authSign(exchange, chain, sign, nonce_str);
+ }
+ return chain.filter(exchange.mutate().request(mutate.build()).build());
+ }
+
+ private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
+ log.error("[签名异常处理]请求路径:{}", exchange.getRequest().getPath());
+ return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.BAD_REQUEST);
+ }
+
+ /**
+ * 校验签名
+ *
+ * @return
+ */
+ private Mono<Void> authSign(ServerWebExchange exchange, GatewayFilterChain chain, String sign, String nonce_str) {
+ return DataBufferUtils.join(exchange.getRequest().getBody())
+ .flatMap(dataBuffer -> {
+ byte[] bytes = new byte[dataBuffer.readableByteCount()];
+ dataBuffer.read(bytes);
+ String bodyString = new String(bytes, StandardCharsets.UTF_8);
+ log.info("请求参数:{}", bodyString);
+ if (!authSign(JSON.parseObject(bodyString), sign, nonce_str)) {
+ return unauthorizedResponse(exchange, "签名验证失败!");
+ }
+ DataBufferUtils.release(dataBuffer);
+ Flux<DataBuffer> cachedFlux = Flux.defer(() -> {
+ DataBuffer buffer = exchange.getResponse().bufferFactory()
+ .wrap(bytes);
+ return Mono.just(buffer);
+ });
+ ServerHttpRequest mutatedRequest = new ServerHttpRequestDecorator(exchange.getRequest()) {
+ @Override
+ public Flux<DataBuffer> getBody() {
+ return cachedFlux;
+ }
+ };
+ return chain.filter(exchange.mutate().request(mutatedRequest)
+ .build());
+ });
+ }
+
+ /**
+ * 签名校验
+ *
+ * @return
+ */
+ private boolean authSign(JSONObject jsonStr, String sign, String nonce_str) {
+ System.err.println("请求签名:" + sign);
+ String signUrlEncode = localSignUrl(jsonStr, nonce_str);
+ signUrlEncode = signUrlEncode.replaceAll("& #40;", "\\(")
+ .replaceAll("& #41;", "\\)");
+ if (sign.equals(signUrlEncode)) {
+ return true;
+ }
+ System.err.println("签名值:" + signUrlEncode);
+ return false;
+ }
+
+ @Override
+ public int getOrder() {
+ return -200;
+ }
}
\ No newline at end of file
--
Gitblit v1.7.1