单位

1fbaa1fb · 以墨为白 · e5b1c795 · 1fbaa1fb · 1fbaa1fb · 1fbaa1fb
Commit 1fbaa1fb authored Jan 10, 2025 by 以墨为白 🎧
4 changed files
--- a/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
+++ b/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
@@ -80,10 +80,12 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
        String nonce = request.getHeader(SignatureUtil.NONCE);
        // 时间戳
        String timestampStr = request.getHeader(SignatureUtil.TIMESTAMP);
+        // 单位
+        String deptCode = request.getHeader(SignatureUtil.DEPT_CODE);

-        if (!StringUtils.hasText(appId) || !StringUtils.hasText(sign) || !StringUtils.hasText(nonce) || !StringUtils.hasText(timestampStr)) {
-            logger.warn("缺少参数appId:{},sign:{},nonce{},timestampStr:{}", appId, sign, nonce, timestampStr);
-            this.write(response, "请求头缺少参数,appId:" + appId + ",sign:" + sign + ",nonce:" + nonce + ",timestamp:" + timestampStr);
+        if (!StringUtils.hasText(appId) || !StringUtils.hasText(sign) || !StringUtils.hasText(nonce) || !StringUtils.hasText(timestampStr) || !StringUtils.hasText(deptCode)) {
+            logger.warn("缺少参数appId:{},sign:{},nonce{},timestampStr:{},deptCode:{}", appId, sign, nonce, timestampStr, deptCode);
+            this.write(response, "请求头缺少参数,appId:" + appId + ",sign:" + sign + ",nonce:" + nonce + ",timestamp:" + timestampStr + ",deptCode:" + deptCode);
            return false;
        }

@@ -125,21 +127,21 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
        Map<String, Object> objectMap = objectMapper.readValue(body, Map.class);

        //验证单位
-        if (objectMap.get("sjgsdwdm") != null && !objectMap.get("sjgsdwdm").toString().startsWith(appStore.getDeptCode().replaceAll("0+$", ""))) {
+        if (!deptCode.startsWith(appStore.getDeptCode().replaceAll("0+$", ""))) {
            write(response, "AppId和传入的单位不匹配,appId:" + appId + ",deptCode:" + objectMap.get("deptCode"));
            return false;
        }

        body = objectMapper.writeValueAsString(objectMap);
-        logger.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}", appId, nonce, timestampStr, body);
+        logger.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}, deptCode: {}", appId, nonce, timestampStr, body, deptCode);
        body = EncryptUtil.getInstance().AESEncode(body, appSecret);
 //        logger.info("appSecret{}加密后body: {}", appSecret,body);
-        // 校验签名appId+nonce+timestampStr+aes(body,secret)
-        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, body);
+        // 校验签名appId+nonce+timestampStr+aes(body,secret)+detCode
+        String data = String.format("%s%s%s%s%s", appId, nonce, timestampStr, body, deptCode);
        String generatedSignature = DigestUtil.md5Hex(data);
        if (!generatedSignature.equals(sign)) {
-            logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{}", generatedSignature, sign, appId, nonce, timestampStr);
-            write(response, "签名有误,sign: " + sign + ",appId: " + appId + ",nonce: " + nonce + ",timestamp: " + timestampStr);
+            logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{},deptCode:{}", generatedSignature, sign, appId, nonce, timestampStr, deptCode);
+            write(response, "签名有误,sign: " + sign + ",appId: " + appId + ",nonce: " + nonce + ",timestamp: " + timestampStr + ",deptCode:" + deptCode);
            return false;
        }

@@ -173,7 +175,7 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
        // 增加用户信息
        String userId = request.getHeader(SignatureUtil.APPID);
        String ip = request.getRemoteAddr();
-        CurrentUserInfo currentUserInfo = new CurrentUserInfo.CurrentUserInfoBuilder().userId(userId).userName(userId).ip(ip).build();
+        CurrentUserInfo currentUserInfo = new CurrentUserInfo.CurrentUserInfoBuilder().userId(userId).userName(userId).ip(ip).deptCode(request.getHeader(SignatureUtil.DEPT_CODE)).build();
        UserContextHolder.set(currentUserInfo);
    }
 }

--- a/src/main/java/com/zksy/szpt/handler/SzptMetaObjectHandler.java
+++ b/src/main/java/com/zksy/szpt/handler/SzptMetaObjectHandler.java
@@ -28,6 +28,7 @@ public class SzptMetaObjectHandler implements MetaObjectHandler {
        CurrentUserInfo currentUserInfo = UserContextHolder.get();
        if (currentUserInfo == null) {
            log.error("当前用户信息为空，无法自动填充 create_time, update_time 字段");
+            return;
        }

        List<StrictFill> fields = Arrays.asList(
@@ -35,7 +36,7 @@ public class SzptMetaObjectHandler implements MetaObjectHandler {
                StrictFill.of("cjsj", Date.class, new Date()),
                StrictFill.of("gxsj", Date.class, new Date()),
                StrictFill.of("updateTime", Date.class, new Date()),
-//                StrictFill.of("sjgsdwdm", String.class, "1"),
+                StrictFill.of("sjgsdwdm", String.class, currentUserInfo.getDeptCode()),
 //                StrictFill.of("sjgsdwmc", String.class, "1"),
                StrictFill.of("createGajgjgdm", String.class, "1"),
                StrictFill.of("createGajgmc", String.class, "1"),
@@ -59,6 +60,7 @@ public class SzptMetaObjectHandler implements MetaObjectHandler {
        CurrentUserInfo currentUserInfo = UserContextHolder.get();
        if (currentUserInfo == null) {
            log.error("当前用户信息为空，无法自动填充 update_time 字段");
+            return;
        }
        List<StrictFill> fields = Arrays.asList(
                StrictFill.of("updateTime", Date.class, new Date()),

--- a/src/main/java/com/zksy/szpt/util/SignatureUtil.java
+++ b/src/main/java/com/zksy/szpt/util/SignatureUtil.java
@@ -5,4 +5,5 @@ public class SignatureUtil {
    public static String TIMESTAMP = "x-szpt-timestamp";
    public static String NONCE = "x-szpt-nonce";
    public static String APPID = "x-szpt-appid";
+    public static String DEPT_CODE = "x-szpt-dept_code";
 }
--- a/src/test/java/com/zksy/szpt/TestHttpUtil.java
+++ b/src/test/java/com/zksy/szpt/TestHttpUtil.java
@@ -32,12 +32,10 @@ public class TestHttpUtil {
        } catch (JsonProcessingException e) {
            Assertions.fail("json序列化失败");
        }
-//        log.info("请求参数appId: {}, nonce: {}, timestampStr: {}, 原始body: {}", appId, nonce, timestampStr, json);
        //请求体加密
        json = EncryptUtil.getInstance().AESEncode(json, appSecret);
-//        log.info("{}加密后json: {}", appSecret,json);
-        //签名appId+nonce+timestampStr+aes(body)
-        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, json);
+        //签名appId+nonce+timestampStr+aes(body)+deptCode
+        String data = String.format("%s%s%s%s%S", appId, nonce, timestampStr, json, deptCode);
        String generatedSignature = DigestUtil.md5Hex(data);
        //请求
        WebClient webClient = WebClient.builder()
@@ -49,6 +47,7 @@ public class TestHttpUtil {
                .header(SignatureUtil.NONCE, nonce)
                .header(SignatureUtil.TIMESTAMP, timestampStr)
                .header(SignatureUtil.SIGNATURE, generatedSignature)
+                .header(SignatureUtil.DEPT_CODE, deptCode)
                .body(Mono.just(source), destinationClass)
                .retrieve()
                .bodyToMono(String.class)