suzhuhong/zxjp-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/cc_20230520_partner' into cc_20230520_partner

Browse Source
This commit is contained in:
苏竹红
2023-06-15 11:37:05 +08:00
parent 4356655dfd 299a23b0be
commit 3f6b6a7ac4
8 changed files with 57 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java
View File

@@ -46,7 +46,7 @@ public class SignValidateFilter implements Filter {
private static List<String> patternList =
Lists.newArrayList("/web/check/ok","/check/ok",
"/partner/pc/doc.html","/partner/pc/v2/api-docs","/**/test/**","/partner/pc/feiShuLogin","/partner/pc/oss/getUploadFileConfig",
"/partner/mini/program/doc.html","/partner/mini/program/v2/api-docs","/**/test/**","/partner/pc/feiShuLogin","/partner/pc/oss/getUploadFileConfig",
"/**/swagger*/**", "/**/webjars/**");
@@ -79,27 +79,25 @@ public class SignValidateFilter implements Filter {
String method = request.getMethod();
String userStr = "";
boolean isInWhiteList = excludePath(uri);
Map<String, String[]> parameterMap = request.getParameterMap();
String jsonStr = JSONObject.toJSONString(parameterMap);
JSONObject obj = JSONObject.parseObject(jsonStr);
log.info("params:{}", obj.toJSONString());
String params = obj.toJSONString();
String sign = request.getHeader("SIGN");
String nonce = request.getHeader("NONCE");
String timestamp = request.getHeader("TIMESTAMP");
String aesPhone = request.getHeader("PHONE");
String openid = request.getHeader("OPENID");
String phone = AesUtil.decrypt(aesPhone, signKey);
String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
String signStr = timestamp + nonce + params + signKey + md5Value;
String newSign = Sha1Utils.getSha1(signStr.getBytes());
log.info("newSign: {}", newSign);
log.info("url:{}", uri);
if ( !isInWhiteList && !method.equals("OPTIONS")) {
Map<String, String[]> parameterMap = request.getParameterMap();
String jsonStr = JSONObject.toJSONString(parameterMap);
JSONObject obj = JSONObject.parseObject(jsonStr);
log.info("params:{}", obj.toJSONString());
String params = obj.toJSONString();
String sign = request.getHeader("SIGN");
String nonce = request.getHeader("NONCE");
String timestamp = request.getHeader("TIMESTAMP");
String aesPhone = request.getHeader("PHONE");
String openid = request.getHeader("OPENID");
String phone = AesUtil.decrypt(aesPhone, signKey);
String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
String signStr = timestamp + nonce + params + signKey + md5Value;
String newSign = Sha1Utils.getSha1(signStr.getBytes());
log.info("newSign: {}", newSign);
// 前后端验签不等
if (!newSign.equals(sign)) {
response.setStatus(HttpStatus.OK.value());