Merge branch 'master' of http://192.168.168.218/wcyuee/szpt

e0869171 · 夏敏伟 · 02d5b687 · ded60957 · e0869171 · e0869171
Commit e0869171 authored Jan 09, 2025 by 夏敏伟
3 changed files
--- a/src/main/java/com/zksy/szpt/config/WebConfig.java
+++ b/src/main/java/com/zksy/szpt/config/WebConfig.java
@@ -54,16 +54,16 @@ public class WebConfig implements WebMvcConfigurer {
     *
     * @return
     */
-//    @Bean
+    @Bean
-//    public FilterRegistrationBean getFilter1Registration(@Qualifier("signatureVerificationFilter") SignatureVerificationFilter signatureVerificationFilter) {
+    public FilterRegistrationBean getFilter1Registration(@Qualifier("signatureVerificationFilter") SignatureVerificationFilter signatureVerificationFilter) {
-//        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
+        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
-//        filterRegistrationBean.setFilter(signatureVerificationFilter);
+        filterRegistrationBean.setFilter(signatureVerificationFilter);
-//        //设置过滤器名称和路径，在过滤器类写了的话，这里不用重复写
+        //设置过滤器名称和路径，在过滤器类写了的话，这里不用重复写
-//        filterRegistrationBean.setName("filter");
+        filterRegistrationBean.setName("filter");
-//        filterRegistrationBean.addUrlPatterns("/rest/*");
+        filterRegistrationBean.addUrlPatterns("/rest/*");
-//        //设置过滤器执行顺序，数字越小，越早进行过滤，也可设置为负数
+        //设置过滤器执行顺序，数字越小，越早进行过滤，也可设置为负数
-//        filterRegistrationBean.setOrder(1);
+        filterRegistrationBean.setOrder(1);
-//        return filterRegistrationBean;
+        return filterRegistrationBean;
-//    }
+    }
 }
--- a/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
+++ b/src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
@@ -32,7 +32,7 @@ import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
-//@Component
+@Component
 public class SignatureVerificationFilter extends OncePerRequestFilter {
    public Logger logger = LoggerFactory.getLogger(SignatureVerificationFilter.class);
@@ -94,30 +94,36 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
 //         防止请求重放，nonce只能用一次，放在redis中，有效期 20分钟
        String nonceKey = "api_signature:nonce:" + nonce;
        if (Boolean.FALSE.equals(this.redisTemplate.opsForValue().setIfAbsent(nonceKey, "1", 20, TimeUnit.MINUTES))) {
-            this.write(response, "nonce无效");
+            this.write(response, "nonce无效：" + nonce);
            return false;
        }
        // 校验appId
        AppStore appStore = this.appStoreService.getAppSecretInfo(appId);
-        String secretKey = appStore.getAppSecret();
+        String appSecret = appStore.getAppSecret();
-        if (!StringUtils.hasText(secretKey)) {
+        if (!StringUtils.hasText(appSecret)) {
-            this.write(response, "appId无效");
+            this.write(response, "appId无效：" + appId);
            return false;
        }
-        //验证单位 todo
+        // post请求body
-//        String deptCode = appStore.getDeptCode();
-        // 请求体
        String body = StreamUtils.copyToString(request.getInputStream(), StandardCharsets.UTF_8);
-        body = objectMapper.writeValueAsString(objectMapper.readValue(body, Map.class));
+        Map<String, Object> objectMap = objectMapper.readValue(body, Map.class);
-        body = EncryptUtil.getInstance().AESEncode(body, secretKey);
+        //验证单位
+        if (objectMap.get("deptCode") != null && !objectMap.get("sjgsdwdm").toString().startsWith(appStore.getDeptCode().replaceAll("0+$", ""))) {
+            write(response, "AppId和传入的单位不匹配,appId:" + appId + ",deptCode:" + objectMap.get("deptCode"));
+            return false;
+        }
+        body = objectMapper.writeValueAsString(objectMap);
+        body = EncryptUtil.getInstance().AESEncode(body, appSecret);
        // 校验签名appId+nonce+timestampStr+aes(body,secret)
        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, body);
        String generatedSignature = DigestUtil.md5Hex(data);
        if (!generatedSignature.equals(sign)) {
-            write(response, "签名有误,generatedSignature:" + generatedSignature + ",sign: " + sign + ",appId:" + appId + ",nonce:" + nonce + ",timestamp:" + timestampStr);
+            logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{}", generatedSignature, sign, appId, nonce, timestampStr);
+            write(response, "签名有误,sign: " + sign + ",appId:" + appId + ",nonce:" + nonce + ",timestamp:" + timestampStr);
            return false;
        }
@@ -144,6 +150,7 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
    /**
     * 增加用户信息
+     *
     * @param request
     */
    private void addUserInfo(HttpServletRequest request) {
@@ -153,5 +160,9 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
        CurrentUserInfo currentUserInfo = new CurrentUserInfo.CurrentUserInfoBuilder().userId(userId).userName(userId).ip(ip).build();
        UserContextHolder.set(currentUserInfo);
    }
+    private void checkDeptCode(String deptCode, AppStore appStore) {
+    }
 }
--- a/src/test/java/com/zksy/szpt/MainTest.java
+++ b/src/test/java/com/zksy/szpt/MainTest.java
@@ -28,7 +28,8 @@ public class MainTest {
    String nonce = "2";
    String timestampStr = "21";
-    String appId = "1872476300466950146";
+    String appId = "1872576325743943682";
+    String appSecret = "21";
    @Resource
@@ -45,8 +46,9 @@ public class MainTest {
    public void xxRwwcqkTest() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
-        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
+//        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
-        Assertions.assertNotNull(secretKey, "appId不存在");//断言appId存在，为空直接抛出异常不进行下一步测试，提高测试效率
+        appSecret = DigestUtil.md5Hex(appSecret);
+        Assertions.assertNotNull(appId, "appId不存在");//断言appId存在，为空直接抛出异常不进行下一步测试，提高测试效率
        //请求参数
        XxRwwcqkDTO xxRwwcqkDTO = new XxRwwcqkDTO();
        xxRwwcqkDTO.setRwid("123456");
@@ -61,7 +63,7 @@ public class MainTest {
            Assertions.fail("json序列化失败");
        }
        //请求体加密
-        json = EncryptUtil.getInstance().AESEncode(json, secretKey);
+        json = EncryptUtil.getInstance().AESEncode(json, appSecret);
        //签名appId+nonce+timestampStr+aes(body)
        String data = String.format("%s%s%s%s", appId, nonce, timestampStr, json);
        String generatedSignature = DigestUtil.md5Hex(data);
@@ -86,8 +88,8 @@ public class MainTest {
     * 任务完成情况
     */
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("账户信息")
-    public void xxRwwcqkTest1() {
+    public void zhxxtest() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
@@ -131,7 +133,7 @@ public class MainTest {
     * 任务完成情况
     */
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("账户积分变更")
    public void test1() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
@@ -220,7 +222,7 @@ public class MainTest {
     * 任务完成情况
     */
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("义警任务")
    public void test4() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
@@ -268,7 +270,7 @@ public class MainTest {
     * 任务完成情况
     */
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("义警队伍代码")
    public void test5() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
@@ -312,7 +314,7 @@ public class MainTest {
    }
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("社会信息员队伍")
    public void test6() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
@@ -352,7 +354,7 @@ public class MainTest {
    }
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("社会信息员")
    public void test7() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
@@ -394,16 +396,13 @@ public class MainTest {
    @Test
-    @DisplayName("任务完成情况")
+    @DisplayName("删除服务")
    public void testdelete() {
        timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
        nonce = String.valueOf(System.currentTimeMillis() / 1000);
        String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
        Assertions.assertNotNull(secretKey, "appId不存在");//断言appId存在，为空直接抛出异常不进行下一步测试，提高测试效率
        //请求参数
-        String number = "1";
-        String[] str = new String[1];
-        str[0] = number;
        String json = null;
        List<String> ids = new ArrayList<>();
        ids.add("1");