From d14ef08ef35c83518c63a502c4cf4cf917f2026a Mon Sep 17 00:00:00 2001
From: wxp01309236 <wxp01309236@alibaba-inc.com>
Date: Thu, 15 Jun 2023 11:18:23 +0800
Subject: [PATCH] isInWhiteList

---
 .../cool/store/config/SignValidateFilter.java | 36 +++++++++----------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java b/coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java
index a9975ff24..56dfb370b 100644
--- a/coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java
+++ b/coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java
@@ -79,27 +79,25 @@ public class SignValidateFilter implements Filter {
         String method = request.getMethod();
         String userStr = "";
         boolean isInWhiteList = excludePath(uri);
-
-        Map<String, String[]> parameterMap = request.getParameterMap();
-        String jsonStr  =  JSONObject.toJSONString(parameterMap);
-        JSONObject obj =  JSONObject.parseObject(jsonStr);
-        log.info("params:{}", obj.toJSONString());
-        String params = obj.toJSONString();
-        String sign = request.getHeader("SIGN");
-        String nonce = request.getHeader("NONCE");
-        String timestamp = request.getHeader("TIMESTAMP");
-        String aesPhone = request.getHeader("PHONE");
-        String openid = request.getHeader("OPENID");
-        String phone = AesUtil.decrypt(aesPhone, signKey);
-        String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
-        log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
-                sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
-        String signStr = timestamp + nonce + params + signKey + md5Value;
-        String newSign = Sha1Utils.getSha1(signStr.getBytes());
-        log.info("newSign: {}", newSign);
-
         log.info("url:{}", uri);
         if ( !isInWhiteList && !method.equals("OPTIONS")) {
+            Map<String, String[]> parameterMap = request.getParameterMap();
+            String jsonStr  =  JSONObject.toJSONString(parameterMap);
+            JSONObject obj =  JSONObject.parseObject(jsonStr);
+            log.info("params:{}", obj.toJSONString());
+            String params = obj.toJSONString();
+            String sign = request.getHeader("SIGN");
+            String nonce = request.getHeader("NONCE");
+            String timestamp = request.getHeader("TIMESTAMP");
+            String aesPhone = request.getHeader("PHONE");
+            String openid = request.getHeader("OPENID");
+            String phone = AesUtil.decrypt(aesPhone, signKey);
+            String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
+            log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
+                    sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
+            String signStr = timestamp + nonce + params + signKey + md5Value;
+            String newSign = Sha1Utils.getSha1(signStr.getBytes());
+            log.info("newSign: {}", newSign);
             // 前后端验签不等
             if (!newSign.equals(sign)) {
                 response.setStatus(HttpStatus.OK.value());