suzhuhong/zxjp-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

兼容老的验签

Browse Source
This commit is contained in:
shuo.wang
2025-08-08 15:00:11 +08:00
parent 88c34c5cf0
commit 734da0c92b
4 changed files with 59 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
View File

@@ -50,9 +50,10 @@ public class OpenSignatureUtil {
log.info("待签名字符串:{}", sb); log.info("待签名字符串:{}", sb);
// 4. 生成签名 // 4. 生成签名
return hmacSha256(sb.toString(), appSecret); return hmacSha256(sb.toString(), appSecret);
} }
public static String generateSignOld(Map<String, String> params, String appSecret) { public static String generateOldSign(Map<String, String> params, String appSecret) {
// 1. 分离固定参数和业务参数 // 1. 分离固定参数和业务参数
String appKey = params.get("appKey"); String appKey = params.get("appKey");
String timestamp = params.get("timestamp"); String timestamp = params.get("timestamp");

6
coolstore-partner-model/src/main/java/com/cool/store/request/hqt/HqtBuildAPIRequest.java
View File

@@ -62,10 +62,10 @@ public class HqtBuildAPIRequest {
private String field5__c; private String field5__c;
/** /**
* field62__c 联系人(老板)手机号 * field6__c 联系人(老板)手机号
*/ */
@JsonProperty("field62__c") @JsonProperty("field6__c")
private String field62__c; private String field6__c;
/** /**

2
coolstore-partner-service/src/main/java/com/cool/store/service/impl/HqtAPIServiceImpl.java
View File

@@ -207,7 +207,7 @@ public class HqtAPIServiceImpl implements HqtAPIService {
hqtBuildAPIRequest.setField94__c(request.getSupervisorName()); hqtBuildAPIRequest.setField94__c(request.getSupervisorName());
hqtBuildAPIRequest.setField4__c(request.getSupervisorMobile()); hqtBuildAPIRequest.setField4__c(request.getSupervisorMobile());
hqtBuildAPIRequest.setField5__c(request.getPartnershipSignatoryFirst()); hqtBuildAPIRequest.setField5__c(request.getPartnershipSignatoryFirst());
hqtBuildAPIRequest.setField62__c(request.getPartnershipSignatoryFirstMobile()); hqtBuildAPIRequest.setField6__c(request.getPartnershipSignatoryFirstMobile());
hqtBuildAPIRequest.setStreet(request.getShopAddress()); hqtBuildAPIRequest.setStreet(request.getShopAddress());
hqtBuildAPIRequest.setField8__c(field8__c); hqtBuildAPIRequest.setField8__c(field8__c);
hqtBuildAPIRequest.setField123__c(field123__c); hqtBuildAPIRequest.setField123__c(field123__c);

73
coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
View File

@@ -1,4 +1,5 @@
package com.cool.store.config; package com.cool.store.config;
import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSON;
import com.cool.store.constants.CommonConstants; import com.cool.store.constants.CommonConstants;
import com.cool.store.enums.ErrorCodeEnum; import com.cool.store.enums.ErrorCodeEnum;
@@ -7,9 +8,11 @@ import com.cool.store.response.ResponseResult;
import com.cool.store.utils.OpenSignatureUtil; import com.cool.store.utils.OpenSignatureUtil;
import com.cool.store.utils.StringUtil; import com.cool.store.utils.StringUtil;
import com.cool.store.utils.UUIDUtils; import com.cool.store.utils.UUIDUtils;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.jetbrains.annotations.NotNull;
import org.slf4j.MDC; import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
@@ -21,9 +24,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
import java.util.Map; import java.util.*;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
@@ -42,7 +43,11 @@ public class OpenApiValidateFilter implements Filter {
private String coolAppKey; private String coolAppKey;
@Value("${cool.api.secret}") @Value("${cool.api.secret}")
private String coolAppSecret; private String coolAppSecret;
// 接口映射 除了红圈通系统,云流水,新管家等使用旧的验签模式
private static final List<String> oldUrlMapping = new ArrayList<>(Arrays.asList(
"/zxjp/open/v1/statusRefresh","/zxjp/open/v1/changePaymentStatus",
"/zxjp/open/v1/getYlsToken", "/zxjp/open/v1/getStoreList",
"/zxjp/open/v1/changeReceiptStatus", "/zxjp/open/v1/getStoreUser"));
@Override @Override
public void init(FilterConfig filterConfig) throws ServletException { public void init(FilterConfig filterConfig) throws ServletException {
@@ -58,7 +63,7 @@ public class OpenApiValidateFilter implements Filter {
} }
MDC.put(CommonConstants.REQUEST_ID, UUIDUtils.get32UUID()); MDC.put(CommonConstants.REQUEST_ID, UUIDUtils.get32UUID());
//statusRefresh 放开不需要验签 //statusRefresh 放开不需要验签
if(uri.startsWith("/zxjp/open/v1/")||uri.startsWith("/zxjp/open/v1/getStoreUser")){ if (uri.startsWith("/zxjp/open/v1/statusRefresh") || uri.startsWith("/zxjp/open/v1/getStoreUser")) {
filterChain.doFilter(servletRequest, response); filterChain.doFilter(servletRequest, response);
return; return;
} }
@@ -120,30 +125,16 @@ public class OpenApiValidateFilter implements Filter {
} }
String jsonBody = requestBody.toString(); String jsonBody = requestBody.toString();
String serverSign;
if (oldUrlMapping.contains(uri)) {
serverSign = getOldSign(jsonBody, appKey, timestampStr);
} else {
serverSign = getNewSign(jsonBody, appKey, timestampStr);
}
// 2. 使用 Jackson 解析 JSON 并转为 TreeMap自动按键排序
ObjectMapper objectMapper = new ObjectMapper();
SortedMap<String, Object> params = objectMapper.readValue(
jsonBody,
new TypeReference<TreeMap<String, Object>>() {}
);
params.put("appKey",appKey);
params.put("timestamp", timestampStr);
String serverSign = OpenSignatureUtil.generateSign(params, coolAppSecret);
//兼容老验签模式
SortedMap<String, String> paramsOld = objectMapper.readValue(
jsonBody,
new TypeReference<TreeMap<String, String>>() {}
);
paramsOld.put("appKey",appKey);
paramsOld.put("timestamp", timestampStr);
String serverSignOld = OpenSignatureUtil.generateSignOld(paramsOld, coolAppSecret);
log.info("serverSign{}", serverSign); log.info("serverSign{}", serverSign);
log.info("serverSignOld{}",serverSignOld);
if (!serverSign.equalsIgnoreCase(clientSign)&&!serverSignOld.equalsIgnoreCase(clientSign)) { if (!serverSign.equalsIgnoreCase(clientSign)) {
res.setStatus(HttpStatus.OK.value()); res.setStatus(HttpStatus.OK.value());
res.setCharacterEncoding("UTF-8"); res.setCharacterEncoding("UTF-8");
res.getWriter().write(JSON.toJSONString( res.getWriter().write(JSON.toJSONString(
@@ -156,6 +147,36 @@ public class OpenApiValidateFilter implements Filter {
} }
} }
private @NotNull String getNewSign(String jsonBody, String appKey, String timestampStr) throws JsonProcessingException {
// 2. 使用 Jackson 解析 JSON 并转为 TreeMap自动按键排序
ObjectMapper objectMapper = new ObjectMapper();
SortedMap<String, Object> params = objectMapper.readValue(
jsonBody,
new TypeReference<TreeMap<String, Object>>() {
}
);
params.put("appKey", appKey);
params.put("timestamp", timestampStr);
return OpenSignatureUtil.generateSign(params, coolAppSecret);
}
private @NotNull String getOldSign(String jsonBody, String appKey, String timestampStr) throws JsonProcessingException {
// 2. 使用 Jackson 解析 JSON 并转为 TreeMap自动按键排序
ObjectMapper objectMapper = new ObjectMapper();
SortedMap<String, String> params = objectMapper.readValue(
jsonBody,
new TypeReference<TreeMap<String, String>>() {
}
);
params.put("appKey", appKey);
params.put("timestamp", timestampStr);
return OpenSignatureUtil.generateOldSign(params, coolAppSecret);
}
@Override @Override
public void destroy() { public void destroy() {
} }