diff --git a/servers/boe-server-all/pom.xml b/servers/boe-server-all/pom.xml
index de0b436d..ba338021 100644
--- a/servers/boe-server-all/pom.xml
+++ b/servers/boe-server-all/pom.xml
@@ -205,7 +205,11 @@
system
${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar
-
+
+ com.alibaba
+ fastjson
+ 2.0.17.graal
+
com.github.ulisesbocchio
@@ -232,7 +236,7 @@
spring-retry
1.3.1
-
+
diff --git a/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
new file mode 100644
index 00000000..872a71af
--- /dev/null
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
@@ -0,0 +1,25 @@
+package com.xboe.config;
+
+public class ConditionException extends RuntimeException{
+ private Integer code;
+ private String message;
+
+
+ public ConditionException(Integer code, String message) {
+ this.code = code;
+ this.message = message;
+ }
+
+ public ConditionException(String message) {
+ this(600, message);
+ }
+
+ public Integer getCode() {
+ return this.code;
+ }
+
+ @Override
+ public String getMessage() {
+ return message;
+ }
+}
diff --git a/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
new file mode 100644
index 00000000..bfccfc29
--- /dev/null
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
@@ -0,0 +1,63 @@
+package com.xboe.config;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.TypeReference;
+import com.xboe.common.utils.Sha256Mac;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.Map;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils {
+
+ public static final String secretKey = "JDF_BOE";
+
+ /**
+ * 从数据声明生成令牌
+ *
+ * @param claims 数据声明
+ * @return 令牌
+ */
+ public static String createToken(Map claims) {
+ JSONObject header = new JSONObject();
+ header.put("alg", "HS256");
+ header.put("type", "token");
+ String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
+ String header64 = Base64.encodeBase64String(header.toString().getBytes());
+ String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
+ return header64 + "." + payload64 + "." + sign;
+ }
+
+ /**
+ * 从令牌中获取数据声明
+ *
+ * @param token 令牌
+ * @return 数据声明
+ */
+ public static Map parseToken(String token) throws ConditionException {
+ String[] tokens = token.split("\\.");
+ if (tokens.length != 3) {
+ throw new ConditionException("token不合法 : " + token);
+ }
+ String payload = new String(Base64.decodeBase64(tokens[1]));
+ String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
+ if (sign.equals(tokens[2])) {
+ JSONObject jsonObject = JSON.parseObject(payload);
+ long exp = jsonObject.getLong("exp");
+ long now = System.currentTimeMillis() / 1000;
+ if (now > exp) {
+ throw new ConditionException("token过期 : " + token);
+ }
+ Map map = JSON.parseObject(payload, new TypeReference>() {
+ });
+ return map;
+ } else {
+ throw new ConditionException("token错误 : " + token);
+ }
+ }
+
+}
diff --git a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
index 07810238..4b602651 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
@@ -22,6 +22,8 @@ public interface CacheName {
*/
String NAME_USER = "user";
+ String NAME_INFO = "userInfo";
+
/**
* 用户名缓存KEY前缀
*/
diff --git a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
index 32b6e693..79353b3d 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -1,16 +1,19 @@
package com.xboe.module.course.api;
-import java.util.Base64;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
import javax.annotation.Resource;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import cn.hutool.json.JSONUtil;
+import com.xboe.constants.CacheName;
+import com.xboe.data.outside.IOutSideDataService;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@@ -33,13 +36,18 @@ import com.xboe.module.course.service.ICourseFileService;
public class CourseWareApi extends ApiBaseController {
private String cookieName = "PLAYSIGN_TIME";
-
+ @Autowired
+ IOutSideDataService outsideDataService;
@Resource
private ICourseFileService courseFileService;
@Resource
private XFileUploader fileUploader;
+
+ @Resource
+ RedisTemplate redisTemplate;
+
private static Set allowUrlSet = new HashSet();
static {
@@ -88,8 +96,6 @@ public class CourseWareApi extends ApiBaseController {
*
* @param request
* @param response
- * @param cfid
- * @param cf
* @throws Exception
*/
@GetMapping("/resource")
@@ -97,13 +103,10 @@ public class CourseWareApi extends ApiBaseController {
if (StringUtils.isBlank(sign)) {
return badRequest("非法请求");
- // return;
}
-
String httpReferer = request.getHeader("referer");
if (StringUtils.isBlank(httpReferer)) {
return badRequest("非法请求");
- // return "非法请求";
}
boolean has=false;
@@ -115,21 +118,28 @@ public class CourseWareApi extends ApiBaseController {
if(!has) {
return badRequest("页面不存在");
- //return "非法请求";
}
-
- //读取cookies中的时间
+ String token = request.getHeader("Xboe-Access-Token");
+ if (StringUtils.isEmpty(token)) {
+ token = request.getHeader("token");
+ }
+// 读取cookies中的时间
String cookieTime = getSignTimeCookie(request);
if (StringUtils.isBlank(cookieTime)) {
return badRequest("不支持的请求");
- // return;
}
-
+ String userInfo = CacheName.NAME_INFO + ":"+ token;
+ Object o = redisTemplate.opsForValue().get(userInfo);
+ String userNoStr = o.toString();
+ if (StringUtils.isBlank(userNoStr)) {
+ return badRequest("token验证错误");
+ }
+ HashMap bean = JSONUtil.toBean(userNoStr, HashMap.class);
+ Object userNo = bean.get("userNo");
byte[] signBytes = Base64.getDecoder().decode(sign);
// byte[] signBytes = RSAUtil.decryptBase64(sign);
byte[] signDecryt = RSAUtil.decryptByPrivateKey(ConfigSecretKey.TEMP_PRIVATESTR, signBytes);
String signStr = new String(signDecryt);
- // System.out.println("解密后的字符串:"+signStr);
// 第一个/前端是时间
int index = signStr.indexOf("/");
if (index <= 0) {
@@ -139,8 +149,11 @@ public class CourseWareApi extends ApiBaseController {
}
String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中,long
+ String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号,long
String cfid = signStr.substring(index+1);// 文件路径
-
+ if (!workNum.equals(userNo)){
+ return badRequest("工号不匹配");
+ }
// if (!time.equals(cookieTime)) {
// log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+" 请求头时间:"+cookieTime);
// log.info("解密后的字符串的时间拼接:"+signStr);