让数据归属单位字段前端传递

src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java

@@ -100,19 +100,24 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
 
         // 校验appId
         AppStore appStore = this.appStoreService.getAppSecretInfo(appId);
-        String secretKey = appStore.getAppSecret();
-        if (!StringUtils.hasText(secretKey)) {
+        String appSecret = appStore.getAppSecret();
+        if (!StringUtils.hasText(appSecret)) {
             this.write(response, "appId无效");
             return false;
         }
 
-        //验证单位 todo
-//        String deptCode = appStore.getDeptCode();
-
-        // 请求体
+        // post请求body
         String body = StreamUtils.copyToString(request.getInputStream(), StandardCharsets.UTF_8);
-        body = objectMapper.writeValueAsString(objectMapper.readValue(body, Map.class));
-        body = EncryptUtil.getInstance().AESEncode(body, secretKey);
+        Map<String, Object> objectMap = objectMapper.readValue(body, Map.class);
+
+        //验证单位
+        if (objectMap.get("deptCode") != null && !objectMap.get("sjgsdwdm").toString().startsWith(appStore.getDeptCode().replaceAll("0+$", ""))) {
+            write(response, "AppId和传入的单位不匹配,appId:" + appId + ",deptCode:" + objectMap.get("deptCode"));
+            return false;
+        }
+
+        body = objectMapper.writeValueAsString(objectMap);
+        body = EncryptUtil.getInstance().AESEncode(body, appSecret);
         // 校验签名appId+nonce+timestampStr+aes(body,secret)
         String data = String.format("%s%s%s%s", appId, nonce, timestampStr, body);
         String generatedSignature = DigestUtil.md5Hex(data);
@@ -144,6 +149,7 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
 
     /**
      * 增加用户信息
+     *
      * @param request
      */
     private void addUserInfo(HttpServletRequest request) {
@@ -153,5 +159,9 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
         CurrentUserInfo currentUserInfo = new CurrentUserInfo.CurrentUserInfoBuilder().userId(userId).userName(userId).ip(ip).build();
         UserContextHolder.set(currentUserInfo);
     }
+
+    private void checkDeptCode(String deptCode, AppStore appStore) {
+
+    }
 }
 

src/test/java/com/zksy/szpt/MainTest.java

@@ -28,7 +28,8 @@ public class MainTest {
 
     String nonce = "2";
     String timestampStr = "21";
-    String appId = "1872476300466950146";
+    String appId = "1872576325743943682";
+    String appSecret = "2";
 
 
     @Resource
@@ -45,8 +46,9 @@ public class MainTest {
     public void xxRwwcqkTest() {
         timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
         nonce = String.valueOf(System.currentTimeMillis() / 1000);
-        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
-        Assertions.assertNotNull(secretKey, "appId不存在");//断言appId存在，为空直接抛出异常不进行下一步测试，提高测试效率
+//        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
+        appSecret = DigestUtil.md5Hex(appSecret);
+        Assertions.assertNotNull(appId, "appId不存在");//断言appId存在，为空直接抛出异常不进行下一步测试，提高测试效率
         //请求参数
         XxRwwcqkDTO xxRwwcqkDTO = new XxRwwcqkDTO();
         xxRwwcqkDTO.setRwid("123456");
@@ -61,7 +63,7 @@ public class MainTest {
             Assertions.fail("json序列化失败");
         }
         //请求体加密
-        json = EncryptUtil.getInstance().AESEncode(json, secretKey);
+        json = EncryptUtil.getInstance().AESEncode(json, appSecret);
         //签名appId+nonce+timestampStr+aes(body)
         String data = String.format("%s%s%s%s", appId, nonce, timestampStr, json);
         String generatedSignature = DigestUtil.md5Hex(data);