兼容老的验签

2025-08-08 15:00:11 +08:00
parent 88c34c5cf0
commit 734da0c92b
4 changed files with 59 additions and 37 deletions
--- a/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
+++ b/coolstore-partner-common/src/main/java/com/cool/store/utils/OpenSignatureUtil.java
@@ -50,9 +50,10 @@ public class OpenSignatureUtil {
        log.info("待签名字符串：{}", sb);
        // 4. 生成签名
        return hmacSha256(sb.toString(), appSecret);
+
    }

-    public static String generateSignOld(Map<String, String> params, String appSecret) {
+    public static String generateOldSign(Map<String, String> params, String appSecret) {
        // 1. 分离固定参数和业务参数
        String appKey = params.get("appKey");
        String timestamp = params.get("timestamp");
--- a/coolstore-partner-model/src/main/java/com/cool/store/request/hqt/HqtBuildAPIRequest.java
+++ b/coolstore-partner-model/src/main/java/com/cool/store/request/hqt/HqtBuildAPIRequest.java
@@ -62,10 +62,10 @@ public class HqtBuildAPIRequest {
    private String field5__c;

    /**
-     * field62__c 联系人(老板)手机号
+     * field6__c 联系人(老板)手机号
     */
-    @JsonProperty("field62__c")
-    private String field62__c;
+    @JsonProperty("field6__c")
+    private String field6__c;


    /**
--- a/coolstore-partner-service/src/main/java/com/cool/store/service/impl/HqtAPIServiceImpl.java
+++ b/coolstore-partner-service/src/main/java/com/cool/store/service/impl/HqtAPIServiceImpl.java
@@ -207,7 +207,7 @@ public class HqtAPIServiceImpl implements HqtAPIService {
        hqtBuildAPIRequest.setField94__c(request.getSupervisorName());
        hqtBuildAPIRequest.setField4__c(request.getSupervisorMobile());
        hqtBuildAPIRequest.setField5__c(request.getPartnershipSignatoryFirst());
-        hqtBuildAPIRequest.setField62__c(request.getPartnershipSignatoryFirstMobile());
+        hqtBuildAPIRequest.setField6__c(request.getPartnershipSignatoryFirstMobile());
        hqtBuildAPIRequest.setStreet(request.getShopAddress());
        hqtBuildAPIRequest.setField8__c(field8__c);
        hqtBuildAPIRequest.setField123__c(field123__c);
--- a/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
+++ b/coolstore-partner-web/src/main/java/com/cool/store/config/OpenApiValidateFilter.java
@@ -1,4 +1,5 @@
 package com.cool.store.config;
+
 import com.alibaba.fastjson.JSON;
 import com.cool.store.constants.CommonConstants;
 import com.cool.store.enums.ErrorCodeEnum;
@@ -7,9 +8,11 @@ import com.cool.store.response.ResponseResult;
 import com.cool.store.utils.OpenSignatureUtil;
 import com.cool.store.utils.StringUtil;
 import com.cool.store.utils.UUIDUtils;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
+import org.jetbrains.annotations.NotNull;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -21,9 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.BufferedReader;
 import java.io.IOException;
-import java.util.Map;
-import java.util.SortedMap;
-import java.util.TreeMap;
+import java.util.*;
 import java.util.stream.Collectors;

 /**
@@ -42,7 +43,11 @@ public class OpenApiValidateFilter implements Filter {
    private String coolAppKey;
    @Value("${cool.api.secret}")
    private String coolAppSecret;
-
+    // 接口映射 除了红圈通系统，云流水，新管家等使用旧的验签模式
+    private static final List<String> oldUrlMapping = new ArrayList<>(Arrays.asList(
+            "/zxjp/open/v1/statusRefresh","/zxjp/open/v1/changePaymentStatus",
+            "/zxjp/open/v1/getYlsToken", "/zxjp/open/v1/getStoreList",
+            "/zxjp/open/v1/changeReceiptStatus", "/zxjp/open/v1/getStoreUser"));

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
@@ -58,7 +63,7 @@ public class OpenApiValidateFilter implements Filter {
        }
        MDC.put(CommonConstants.REQUEST_ID, UUIDUtils.get32UUID());
        //statusRefresh 放开不需要验签
-        if(uri.startsWith("/zxjp/open/v1/")||uri.startsWith("/zxjp/open/v1/getStoreUser")){
+        if (uri.startsWith("/zxjp/open/v1/statusRefresh") || uri.startsWith("/zxjp/open/v1/getStoreUser")) {
            filterChain.doFilter(servletRequest, response);
            return;
        }
@@ -120,30 +125,16 @@ public class OpenApiValidateFilter implements Filter {
            }

            String jsonBody = requestBody.toString();
+            String serverSign;
+            if (oldUrlMapping.contains(uri)) {
+                serverSign = getOldSign(jsonBody, appKey, timestampStr);
+            } else {
+                serverSign = getNewSign(jsonBody, appKey, timestampStr);
+            }

-            // 2. 使用 Jackson 解析 JSON 并转为 TreeMap（自动按键排序）
-            ObjectMapper objectMapper = new ObjectMapper();
-            SortedMap<String, Object> params = objectMapper.readValue(
-                    jsonBody,
-                    new TypeReference<TreeMap<String, Object>>() {}
-            );
-            params.put("appKey",appKey);
-            params.put("timestamp", timestampStr);
-
-            String serverSign = OpenSignatureUtil.generateSign(params, coolAppSecret);
-            //兼容老验签模式
-            SortedMap<String, String> paramsOld = objectMapper.readValue(
-                    jsonBody,
-                    new TypeReference<TreeMap<String, String>>() {}
-            );
-            paramsOld.put("appKey",appKey);
-            paramsOld.put("timestamp", timestampStr);
-
-            String serverSignOld = OpenSignatureUtil.generateSignOld(paramsOld, coolAppSecret);
            log.info("serverSign{}", serverSign);
-            log.info("serverSignOld：{}",serverSignOld);

-            if (!serverSign.equalsIgnoreCase(clientSign)&&!serverSignOld.equalsIgnoreCase(clientSign)) {
+            if (!serverSign.equalsIgnoreCase(clientSign)) {
                res.setStatus(HttpStatus.OK.value());
                res.setCharacterEncoding("UTF-8");
                res.getWriter().write(JSON.toJSONString(
@@ -156,6 +147,36 @@ public class OpenApiValidateFilter implements Filter {
        }
    }

+    private @NotNull String getNewSign(String jsonBody, String appKey, String timestampStr) throws JsonProcessingException {
+        // 2. 使用 Jackson 解析 JSON 并转为 TreeMap（自动按键排序）
+        ObjectMapper objectMapper = new ObjectMapper();
+        SortedMap<String, Object> params = objectMapper.readValue(
+                jsonBody,
+                new TypeReference<TreeMap<String, Object>>() {
+                }
+        );
+        params.put("appKey", appKey);
+        params.put("timestamp", timestampStr);
+
+
+        return OpenSignatureUtil.generateSign(params, coolAppSecret);
+    }
+
+    private @NotNull String getOldSign(String jsonBody, String appKey, String timestampStr) throws JsonProcessingException {
+        // 2. 使用 Jackson 解析 JSON 并转为 TreeMap（自动按键排序）
+        ObjectMapper objectMapper = new ObjectMapper();
+        SortedMap<String, String> params = objectMapper.readValue(
+                jsonBody,
+                new TypeReference<TreeMap<String, String>>() {
+                }
+        );
+        params.put("appKey", appKey);
+        params.put("timestamp", timestampStr);
+
+
+        return OpenSignatureUtil.generateOldSign(params, coolAppSecret);
+    }
+
    @Override
    public void destroy() {
    }