业务授权校验

src/main/java/com/fdkankan/scene/Interceptor/CheckViewBizAuthAspect.java

@@ -1,6 +1,7 @@
 package com.fdkankan.scene.Interceptor;
 
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.core.util.URLUtil;
 import com.alibaba.fastjson.JSON;
 import com.fdkankan.common.constant.CommonStatus;
 import com.fdkankan.common.constant.ErrorCode;
@@ -33,6 +34,9 @@ import javax.crypto.Cipher;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
 
@@ -80,6 +84,9 @@ public class CheckViewBizAuthAspect {
 	public void doBefore(JoinPoint joinPoint) throws Exception {
 		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
 		Map<String, Object> params = WebUtil.getParameter(joinPoint, request);
+
+		String remoteIp = WebUtil.getIpAddress(request);
+
 		String num = (String) params.get("num");
 		String sign = (String) params.get("sign");
 
@@ -87,7 +94,7 @@ public class CheckViewBizAuthAspect {
 		sysLog.setRequestPath("场景展示");
 		sysLog.setUri(request.getRequestURI());
 		sysLog.setMethod(request.getMethod());
-		sysLog.setIp(WebUtil.getIpAddress(request));
+		sysLog.setIp(remoteIp);
 		sysLog.setBrowser(WebUtil.getBrowser(request));
 		sysLog.setOperationType("scene-view");
 		sysLog.setParams(JSON.toJSONString(params));
@@ -97,6 +104,7 @@ public class CheckViewBizAuthAspect {
 		String userName = null, ip = null, timestamp = null;
 		boolean flag = true;
 		if(StrUtil.isNotEmpty(sign)){
+			sign = sign.replaceAll("%2B", "+").replaceAll(" ", "+");
 			String[] split = null;
 			try {
 				String decode = AesUtil.decryptECB(sign, ENCRYPT_KEY, "AES/ECB/PKCS5Padding");
@@ -109,40 +117,39 @@ public class CheckViewBizAuthAspect {
 				errorMsg = "签名解密失败";
 			}
 
-			if(split.length == 1){
+			if(Objects.isNull(split) || split.length == 1){
 				flag = false;
 				errorCode = ErrorCode.AUTH_FAIL.code();
 				errorMsg = "签名参数错误";
-			}
-
-			for (int i = 0; i < split.length; i++){
-				if(i == 0){
-					userName = split[i];
-				}
-				if(i == 1){
-					ip = split[i];
-				}
-				if(i == 2){
-					timestamp = split[i];
+			}else{
+				for (int i = 0; i < split.length; i++){
+					if(i == 0){
+						userName = split[i];
+					}
+					if(i == 1){
+						ip = split[i];
+					}
+					if(i == 2){
+						timestamp = split[i];
+					}
 				}
-			}
 
-			String ipAddress = WebUtil.getIpAddress(request);
-			if(StrUtil.isNotEmpty(ip) && !ip.equals(ipAddress)){
-				flag = false;
-				errorCode = ErrorCode.AUTH_FAIL.code();
-				errorMsg = "ip不匹配";
-			}
+				if(StrUtil.isNotEmpty(ip) && !ip.equals(remoteIp)){
+					flag = false;
+					errorCode = ErrorCode.AUTH_FAIL.code();
+					errorMsg = "ip不匹配";
+				}
 
-			if(StrUtil.isNotEmpty(timestamp) && Calendar.getInstance().getTime().after(new Date(Long.valueOf(timestamp) * 1000))){
-				flag = false;
-				errorCode = ErrorCode.AUTH_FAIL.code();
-				errorMsg = "超出访问截止时间";
+				if(StrUtil.isNotEmpty(timestamp) && Calendar.getInstance().getTime().after(new Date(Long.valueOf(timestamp) * 1000))){
+					flag = false;
+					errorCode = ErrorCode.AUTH_FAIL.code();
+					errorMsg = "超出访问截止时间";
+				}
 			}
 		}else{
 			//查询场景是否业务授权
 			JySceneAuth jySceneAuth = jySceneAuthService.getByNum(num);
-			if(Objects.isNull(jySceneAuth) && jySceneAuth.getAuthType() == 0){
+			if(!Objects.isNull(jySceneAuth) && jySceneAuth.getAuthType() == 0){
 				//业务授权校验用户名密码
 				userName = (String) params.get("userName");
 				String password = (String) params.get("password");
@@ -158,7 +165,7 @@ public class CheckViewBizAuthAspect {
 						flag = false;
 						errorCode = ErrorCode.AUTH_FAIL.code();
 						errorMsg = "无权访问";
-					}else if (jySceneUserAuth.getLookEndTime().before(Calendar.getInstance().getTime())){
+					}else if (jySceneUserAuth.getLookAuth() == 2 && jySceneUserAuth.getLookEndTime().before(Calendar.getInstance().getTime())){
 						flag = false;
 						errorCode = ErrorCode.AUTH_FAIL.code();
 						errorMsg = "超出访问截止时间";
@@ -168,12 +175,10 @@ public class CheckViewBizAuthAspect {
 					if(flag){
 						User user = userService.findByUserName(userName);
 						//模拟前端密码加密规则生成前端密码
-						password = Base64Converter.decode(Base64Converter.subText(PasswordUtils.decycptPasswordWeb(password)));
-						//解码
-						password = Base64Converter.decode(Base64Converter.subText(password));
-						password = SecurityUtil.MD5(password);
+						password = SecurityUtil.MD5(Base64Converter.decode(password));
 						//数据库密码比对
 						if(Objects.isNull(user) || !password.equals(user.getPassword())){
+							flag = false;
 							errorCode = ErrorCode.PASSWORD_ERROR.code();
 							errorMsg = ErrorCode.PASSWORD_ERROR.message();
 						}
@@ -194,5 +199,4 @@ public class CheckViewBizAuthAspect {
 
 	}
 
-
 }