suzhuhong/zxjp-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

isInWhiteList

Browse Source
This commit is contained in:
wxp01309236
2023-06-15 11:18:23 +08:00
parent e93452e50f
commit d14ef08ef3
1 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
coolstore-partner-webc/src/main/java/com/cool/store/config/SignValidateFilter.java
View File

@@ -79,27 +79,25 @@ public class SignValidateFilter implements Filter {
String method = request.getMethod(); String method = request.getMethod();
String userStr = ""; String userStr = "";
boolean isInWhiteList = excludePath(uri); boolean isInWhiteList = excludePath(uri);
Map<String, String[]> parameterMap = request.getParameterMap();
String jsonStr = JSONObject.toJSONString(parameterMap);
JSONObject obj = JSONObject.parseObject(jsonStr);
log.info("params:{}", obj.toJSONString());
String params = obj.toJSONString();
String sign = request.getHeader("SIGN");
String nonce = request.getHeader("NONCE");
String timestamp = request.getHeader("TIMESTAMP");
String aesPhone = request.getHeader("PHONE");
String openid = request.getHeader("OPENID");
String phone = AesUtil.decrypt(aesPhone, signKey);
String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
String signStr = timestamp + nonce + params + signKey + md5Value;
String newSign = Sha1Utils.getSha1(signStr.getBytes());
log.info("newSign: {}", newSign);
log.info("url:{}", uri); log.info("url:{}", uri);
if ( !isInWhiteList && !method.equals("OPTIONS")) { if ( !isInWhiteList && !method.equals("OPTIONS")) {
Map<String, String[]> parameterMap = request.getParameterMap();
String jsonStr = JSONObject.toJSONString(parameterMap);
JSONObject obj = JSONObject.parseObject(jsonStr);
log.info("params:{}", obj.toJSONString());
String params = obj.toJSONString();
String sign = request.getHeader("SIGN");
String nonce = request.getHeader("NONCE");
String timestamp = request.getHeader("TIMESTAMP");
String aesPhone = request.getHeader("PHONE");
String openid = request.getHeader("OPENID");
String phone = AesUtil.decrypt(aesPhone, signKey);
String md5Value = phone + Md5Utils.md5(Md5Utils.md5(openid));
log.info("sign:{}, nonce:{}, timestamp:{},aesPhone:{}, openid:{}, 解密后的手机号:{}, md5Value:{}",
sign, nonce, timestamp, aesPhone, openid, phone, md5Value);
String signStr = timestamp + nonce + params + signKey + md5Value;
String newSign = Sha1Utils.getSha1(signStr.getBytes());
log.info("newSign: {}", newSign);
// 前后端验签不等 // 前后端验签不等
if (!newSign.equals(sign)) { if (!newSign.equals(sign)) {
response.setStatus(HttpStatus.OK.value()); response.setStatus(HttpStatus.OK.value());