mirror of
https://github.com/continew-org/continew-admin.git
synced 2025-09-09 20:57:21 +08:00
refactor(open): 优化 API 参数签名处理
This commit is contained in:
@@ -19,7 +19,7 @@ package top.continew.admin.open.handler;
|
||||
import cn.dev33.satoken.annotation.SaCheckPermission;
|
||||
import cn.dev33.satoken.annotation.handler.SaAnnotationHandlerInterface;
|
||||
import org.springframework.stereotype.Component;
|
||||
import top.continew.admin.open.util.ApiSignCheckUtils;
|
||||
import top.continew.admin.open.util.OpenApiUtils;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
@@ -41,9 +41,8 @@ public class SaCheckPermissionHandler implements SaAnnotationHandlerInterface<Sa
|
||||
|
||||
@Override
|
||||
public void checkMethod(SaCheckPermission at, Method method) {
|
||||
if (!ApiSignCheckUtils.isSignParamExists()) {
|
||||
if (!OpenApiUtils.isSignParamExists()) {
|
||||
_checkMethod(at.type(), at.value(), at.mode(), at.orRole());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -70,4 +70,16 @@ public class AppDO extends BaseDO {
|
||||
* 状态
|
||||
*/
|
||||
private DisEnableStatusEnum status;
|
||||
|
||||
/**
|
||||
* 是否已过期
|
||||
*
|
||||
* @return true:已过期;false:未过期
|
||||
*/
|
||||
public boolean isExpired() {
|
||||
if (expireTime == null) {
|
||||
return false;
|
||||
}
|
||||
return LocalDateTime.now().isAfter(expireTime);
|
||||
}
|
||||
}
|
||||
@@ -45,6 +45,6 @@ public class AppSecretResp implements Serializable {
|
||||
/**
|
||||
* Secret Key(私有密钥)
|
||||
*/
|
||||
@Schema(description = "Secret Key(私有密钥)", example = "")
|
||||
@Schema(description = "Secret Key(私有密钥)", example = "MDI2YzQ3YTU1NGEyNDM1ZWIwNTU5NmNjNmZjM2M2Nzg=")
|
||||
private String secretKey;
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
|
||||
package top.continew.admin.open.service;
|
||||
|
||||
import top.continew.admin.open.model.entity.AppDO;
|
||||
import top.continew.admin.open.model.query.AppQuery;
|
||||
import top.continew.admin.open.model.req.AppReq;
|
||||
import top.continew.admin.open.model.resp.AppDetailResp;
|
||||
@@ -48,26 +49,10 @@ public interface AppService extends BaseService<AppResp, AppDetailResp, AppQuery
|
||||
void resetSecret(Long id);
|
||||
|
||||
/**
|
||||
* 根据 Access Key 获取 Secret Key
|
||||
* 根据 Access Key 查询
|
||||
*
|
||||
* @param accessKey Access Key
|
||||
* @return Secret Key
|
||||
* @return 应用信息
|
||||
*/
|
||||
String getSecretKeyByAccessKey(String accessKey);
|
||||
|
||||
/**
|
||||
* 判断应用是否存在
|
||||
*
|
||||
* @param accessKey Access Key
|
||||
* @return 是否存在(true:存在;false:不存在)
|
||||
*/
|
||||
boolean isAppExists(String accessKey);
|
||||
|
||||
/**
|
||||
* 判断应用密钥是否过期
|
||||
*
|
||||
* @param accessKey Access Key
|
||||
* @return 是否过期(true:已过期;false:未过期)
|
||||
*/
|
||||
boolean isAppSecretExpired(String accessKey);
|
||||
AppDO getByAccessKey(String accessKey);
|
||||
}
|
||||
@@ -17,7 +17,6 @@
|
||||
package top.continew.admin.open.service.impl;
|
||||
|
||||
import cn.hutool.core.codec.Base64;
|
||||
import cn.hutool.core.date.DateUtil;
|
||||
import cn.hutool.core.util.IdUtil;
|
||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@@ -31,11 +30,8 @@ import top.continew.admin.open.model.resp.AppResp;
|
||||
import top.continew.admin.open.model.resp.AppSecretResp;
|
||||
import top.continew.admin.open.service.AppService;
|
||||
import top.continew.starter.core.constant.StringConstants;
|
||||
import top.continew.starter.core.validation.ValidationUtils;
|
||||
import top.continew.starter.extension.crud.service.impl.BaseServiceImpl;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
* 应用业务实现
|
||||
*
|
||||
@@ -74,23 +70,8 @@ public class AppServiceImpl extends BaseServiceImpl<AppMapper, AppDO, AppResp, A
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getSecretKeyByAccessKey(String accessKey) {
|
||||
return Optional.ofNullable(baseMapper.selectByAccessKey(accessKey)).map(AppDO::getSecretKey).orElse(null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAppExists(String accessKey) {
|
||||
return baseMapper.selectByAccessKey(accessKey) != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAppSecretExpired(String accessKey) {
|
||||
AppDO app = baseMapper.selectByAccessKey(accessKey);
|
||||
ValidationUtils.throwIfNull(app, "应用不存在");
|
||||
if (app.getExpireTime() == null) {
|
||||
return false;
|
||||
}
|
||||
return app.getExpireTime().isBefore(DateUtil.date().toLocalDateTime());
|
||||
public AppDO getByAccessKey(String accessKey) {
|
||||
return baseMapper.selectByAccessKey(accessKey);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -19,11 +19,12 @@ package top.continew.admin.open.sign;
|
||||
import cn.dev33.satoken.sign.SaSignTemplate;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Component;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.open.model.entity.AppDO;
|
||||
import top.continew.admin.open.service.AppService;
|
||||
import top.continew.starter.core.validation.ValidationUtils;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.TreeMap;
|
||||
|
||||
/**
|
||||
* API 参数签名算法
|
||||
@@ -52,32 +53,24 @@ public class OpenApiSignTemplate extends SaSignTemplate {
|
||||
ValidationUtils.throwIfBlank(nonceValue, "nonce不能为空");
|
||||
ValidationUtils.throwIfBlank(signValue, "sign不能为空");
|
||||
ValidationUtils.throwIfBlank(accessKeyValue, "accessKey不能为空");
|
||||
ValidationUtils.throwIf(!appService.isAppExists(accessKeyValue), "accessKey非法");
|
||||
ValidationUtils.throwIf(appService.isAppSecretExpired(accessKeyValue), "密钥已过期, 请重置密钥");
|
||||
AppDO app = appService.getByAccessKey(accessKeyValue);
|
||||
ValidationUtils.throwIfNull(app, "accessKey非法");
|
||||
ValidationUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, app.getStatus(), "应用已被禁用, 请联系管理员");
|
||||
ValidationUtils.throwIf(app.isExpired(), "应用已过期, 请联系管理员");
|
||||
|
||||
// 依次校验三个参数
|
||||
super.checkTimestamp(Long.parseLong(timestampValue));
|
||||
super.checkNonce(nonceValue);
|
||||
paramMap.put(key, app.getSecretKey());
|
||||
super.checkSign(paramMap, signValue);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String createSign(Map<String, ?> paramsMap) {
|
||||
// 根据 AK 获取 SK
|
||||
String accessKeyValue = (String)((Map)paramsMap).get(ACCESS_KEY);
|
||||
String secretKey = appService.getSecretKeyByAccessKey(accessKeyValue);
|
||||
ValidationUtils.throwIfBlank(secretKey, "密钥缺失, 请检查应用配置");
|
||||
|
||||
// 如果调用者不小心传入了 sign 参数,则此处需要将 sign 参数排除在外
|
||||
if (paramsMap.containsKey(sign)) {
|
||||
// 为了保证不影响原有的 paramsMap,此处需要再复制一份
|
||||
paramsMap = new TreeMap<>(paramsMap);
|
||||
paramsMap.remove(sign);
|
||||
}
|
||||
|
||||
public String createSign(Map<String, ?> paramMap) {
|
||||
ValidationUtils.throwIfEmpty(paramMap.get(key), "秘钥缺失, 请检查应用配置");
|
||||
// 移除 sign 参数
|
||||
paramMap.remove(sign);
|
||||
// 计算签名
|
||||
String paramsStr = super.joinParamsDictSort(paramsMap);
|
||||
String fullStr = paramsStr + "&" + key + "=" + secretKey;
|
||||
return super.abstractStr(fullStr);
|
||||
return super.abstractStr(super.joinParamsDictSort(paramMap));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,14 +23,15 @@ import cn.dev33.satoken.sign.SaSignTemplate;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* API签名验证工具类
|
||||
* Open Api 工具类
|
||||
*
|
||||
* @author chengzi
|
||||
* @author Charles7c
|
||||
* @since 2024/10/25 15:31
|
||||
*/
|
||||
public class ApiSignCheckUtils {
|
||||
public class OpenApiUtils {
|
||||
|
||||
private ApiSignCheckUtils() {
|
||||
private OpenApiUtils() {
|
||||
}
|
||||
|
||||
/**
|
||||
Reference in New Issue
Block a user