内部接口鉴权

pom.xml

@@ -78,6 +78,12 @@
         </dependency>
 
         <dependency>
+            <groupId>com.fdkankan</groupId>
+            <artifactId>4dkankan-utils-sign</artifactId>
+            <version>3.0.0-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
             <version>5.2.16.RELEASE</version>

src/main/java/com/fdkankan/openApi/aop/LogProxy.java

@@ -0,0 +1,51 @@
+package com.fdkankan.openApi.aop;
+
+import com.alibaba.fastjson.JSON;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.AfterReturning;
+import org.aspectj.lang.annotation.AfterThrowing;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.util.Arrays;
+import java.util.List;
+
+@Slf4j
+@Aspect
+@Component
+public class LogProxy {
+
+	@AfterReturning(value = "execution(* com.fdkankan.openApi.controller.*.*.*(..))", returning = "result")
+	public void afterMethod(JoinPoint point, Object result){
+		String methodName = point.getSignature().getName();
+		List<Object> args = (List<Object>) Arrays.asList(point.getArgs()).stream().filter(v -> {
+			if(v instanceof MultipartFile){
+				return false;
+			}
+			if(v instanceof String && ((String) v).startsWith("data:image/png;base64")){
+				return false;
+			}
+			return true;
+		});
+		System.out.println("连接点方法为：" + methodName + ",参数为：" + JSON.toJSONString(args) + ",目标方法执行结果为：" + JSON.toJSONString(result));
+	}
+
+	@AfterThrowing(value = "execution(* com.fdkankan.openApi.controller.*.*.*(..))")
+	public void afterThrowing(JoinPoint point){
+		String methodName = point.getSignature().getName();
+		List<Object> args = (List<Object>) Arrays.asList(point.getArgs()).stream().filter(v -> {
+			if(v instanceof MultipartFile){
+				return false;
+			}
+			if(v instanceof String && ((String) v).startsWith("data:image/png;base64")){
+				return false;
+			}
+			return true;
+		});
+		System.out.println("连接点方法为：" + methodName + ",参数为：" + JSON.toJSONString(args));
+	}
+
+
+}

src/main/java/com/fdkankan/openApi/aop/SignVerification.java

@@ -0,0 +1,10 @@
+package com.fdkankan.openApi.aop;
+
+import java.lang.annotation.*;
+
+@Target({ElementType.PARAMETER, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface SignVerification {
+    String description() default "";
+}

src/main/java/com/fdkankan/openApi/aop/SignVerificationAspect.java

@@ -0,0 +1,87 @@
+package com.fdkankan.openApi.aop;
+
+import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSONObject;
+import com.fdkankan.common.constant.ErrorCode;
+import com.fdkankan.common.constant.ServerCode;
+import com.fdkankan.common.exception.BusinessException;
+import com.fdkankan.web.response.Result;
+import com.fdkankan.openApi.httpclient.client.MyClient;
+import com.fdkankan.sign.RsaUtils;
+import com.fdkankan.sign.SignUtils;
+import lombok.extern.log4j.Log4j2;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+
+@Log4j2
+@Aspect
+@Component
+@Order(101)
+public class SignVerificationAspect {
+
+	private static final String GET_PRIVATEKEY_API = "/ucenter/_inner/pdsfsdfsrvateddsfeky/";
+
+	@Value("${ucenter.publicKey}")
+	private String publicKey;
+	@Value("${ucenter.appId}")
+	private String ucenterAppId;
+
+	@Value("${fdService.basePath}")
+	private String fdServiceBasePath;
+
+	@Resource
+	private MyClient myClient;
+
+	/**
+	 * 前置通知 用于判断用户协作场景是否有协作权限
+	 *
+	 * @param joinPoint
+	 *            切点
+	 * @throws IOException
+	 */
+	@Before("@annotation(com.fdkankan.openApi.aop.SignVerification)")
+	public void doBefore(JoinPoint joinPoint) throws Exception {
+		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+		String sign = request.getHeader("sign");
+		String appId = request.getHeader("appId");
+		if(StrUtil.isEmpty(sign) || StrUtil.isEmpty(appId)){
+			throw new BusinessException(ErrorCode.AUTH_FAIL);
+		}
+
+		//通过appid查询私钥
+		Instant now = Instant.now();
+		long epochSecond = now.getEpochSecond();
+		JSONObject playload = new JSONObject();
+		playload.put("appId", ucenterAppId);
+		playload.put("timestamp", epochSecond);
+		String ucenterSign = RsaUtils.encipher(playload.toJSONString(), publicKey);
+		Map<String, String> headerMap = new HashMap<>();
+		headerMap.put("sign", ucenterSign);
+		headerMap.put("appId", ucenterAppId);
+		String url = fdServiceBasePath + GET_PRIVATEKEY_API + appId;
+		Result result = myClient.get(url, headerMap);
+		if(result.getCode() != ServerCode.SUCCESS.code()){
+			throw new RuntimeException("系统异常");
+		}
+		String privateKey = (String) result.getData();
+
+		//签名解密
+		if(!SignUtils.checkSign(sign, appId, privateKey)){
+			throw new BusinessException(ErrorCode.AUTH_FAIL);
+		}
+	}
+
+}

src/main/java/com/fdkankan/openApi/controller/system/AccountController.java

@@ -2,6 +2,7 @@ package com.fdkankan.openApi.controller.system;
 
 
 import cn.dev33.satoken.annotation.SaIgnore;
+import com.fdkankan.openApi.aop.SignVerification;
 import com.fdkankan.openApi.dto.AccountDTO;
 import com.fdkankan.openApi.service.system.IAccountService;
 import com.fdkankan.openApi.vo.system.CreateAppUserParamVo;
@@ -29,12 +30,14 @@ public class AccountController {
     @Autowired
     private IAccountService accountService;
 
+    @SignVerification
     @SaIgnore
     @PostMapping("add")
     public ResultData createApp(@RequestBody @Validated AccountDTO param){
         return accountService.createApp(param);
     }
 
+    @SignVerification
     @SaIgnore
     @PostMapping("updateStatus")
     public ResultData updateStatus(@RequestBody @Validated AccountDTO param){
@@ -42,12 +45,14 @@ public class AccountController {
         return ResultData.ok();
     }
 
+    @SignVerification
     @SaIgnore
     @PostMapping("page")
     public ResultData page(@RequestBody @Validated AccountDTO param){
         return ResultData.ok(accountService.page(param));
     }
 
+    @SignVerification
     @SaIgnore
     @PostMapping("delete")
     public ResultData delete(@RequestBody @Validated AccountDTO param){

src/main/java/com/fdkankan/openApi/httpclient/client/MyClient.java

@@ -0,0 +1,18 @@
+package com.fdkankan.openApi.httpclient.client;
+
+
+import com.dtflys.forest.annotation.Get;
+import com.dtflys.forest.annotation.Header;
+import com.dtflys.forest.annotation.Var;
+import com.fdkankan.web.response.Result;
+
+import java.util.Map;
+
+public interface MyClient {
+
+    @Get(url = "${url}")
+    Result get(@Var("url") String url, @Header Map<String, String> headerMap);
+
+
+
+}