Merge remote-tracking branch 'yx/zcwy1030-llf' into dev1107

servers/boe-server-all/pom.xml

@@ -205,7 +205,11 @@
 			<scope>system</scope>
 			<systemPath>${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar</systemPath>
 		</dependency>
-
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>2.0.17.graal</version>
+        </dependency>
 		<!--加密配置文件-->
 		<dependency>
 			<groupId>com.github.ulisesbocchio</groupId>
@@ -232,7 +236,7 @@
 			<artifactId>spring-retry</artifactId>
 			<version>1.3.1</version>
 		</dependency>
-	</dependencies>
+    </dependencies>
 	<build>
 		<resources>
 			<resource>

servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java

@@ -0,0 +1,25 @@
+package com.xboe.config;
+
+public class ConditionException extends RuntimeException{
+    private Integer code;
+    private String message;
+
+
+    public ConditionException(Integer code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+
+    public ConditionException(String message) {
+        this(600, message);
+    }
+
+    public Integer getCode() {
+        return this.code;
+    }
+
+    @Override
+    public String getMessage() {
+        return message;
+    }
+}

servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java

@@ -0,0 +1,63 @@
+package com.xboe.config;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.TypeReference;
+import com.xboe.common.utils.Sha256Mac;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.Map;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils {
+
+    public static final String secretKey = "JDF_BOE";
+
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    public static String createToken(Map<String, Object> claims) {
+        JSONObject header = new JSONObject();
+        header.put("alg", "HS256");
+        header.put("type", "token");
+        String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
+        String header64 = Base64.encodeBase64String(header.toString().getBytes());
+        String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
+        return header64 + "." + payload64 + "." + sign;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    public static Map<String, Object> parseToken(String token) throws ConditionException {
+        String[] tokens = token.split("\\.");
+        if (tokens.length != 3) {
+            throw new ConditionException("token不合法 : " + token);
+        }
+        String payload = new String(Base64.decodeBase64(tokens[1]));
+        String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
+        if (sign.equals(tokens[2])) {
+            JSONObject jsonObject = JSON.parseObject(payload);
+            long exp = jsonObject.getLong("exp");
+            long now = System.currentTimeMillis() / 1000;
+            if (now > exp) {
+                throw new ConditionException("token过期 : " + token);
+            }
+            Map<String, Object> map = JSON.parseObject(payload, new TypeReference<Map<String, Object>>() {
+            });
+            return map;
+        } else {
+            throw new ConditionException("token错误 : " + token);
+        }
+    }
+
+}

servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java

@@ -22,6 +22,8 @@ public interface CacheName {
      */
     String NAME_USER = "user";
 
+    String NAME_INFO = "userInfo";
+
     /**
      * 用户名缓存KEY前缀
      */

servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java

@@ -1,16 +1,19 @@
 package com.xboe.module.course.api;
 
-import java.util.Base64;
+import java.util.*;
-import java.util.HashSet;
-import java.util.Set;
 
 import javax.annotation.Resource;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import cn.hutool.json.JSONUtil;
+import com.xboe.constants.CacheName;
+import com.xboe.data.outside.IOutSideDataService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -33,13 +36,18 @@ import com.xboe.module.course.service.ICourseFileService;
 public class CourseWareApi extends ApiBaseController {
 
 	private String cookieName = "PLAYSIGN_TIME";
-
+	@Autowired
+	IOutSideDataService outsideDataService;
 	@Resource
 	private ICourseFileService courseFileService;
 
 	@Resource
 	private XFileUploader fileUploader;
 
+
+	@Resource
+	RedisTemplate<String, Object> redisTemplate;
+
 	private static Set<String> allowUrlSet = new HashSet<String>();
 
 	static {
@@ -88,8 +96,6 @@ public class CourseWareApi extends ApiBaseController {
 	 * 
 	 * @param request
 	 * @param response
-	 * @param cfid
-	 * @param cf
 	 * @throws Exception
 	 */
 	@GetMapping("/resource")
@@ -97,13 +103,10 @@ public class CourseWareApi extends ApiBaseController {
 
 		if (StringUtils.isBlank(sign)) {
 			return badRequest("非法请求");
-			// return;
 		}
-
 		String httpReferer = request.getHeader("referer");
 		if (StringUtils.isBlank(httpReferer)) {
 			return badRequest("非法请求");
-			// return "非法请求";
 		}
 
 		boolean has=false;
@@ -115,21 +118,28 @@ public class CourseWareApi extends ApiBaseController {
 
 		if(!has) {
 			return badRequest("页面不存在");
-			//return "非法请求";
 		}
-
+		String token = request.getHeader("Xboe-Access-Token");
-		//读取cookies中的时间
+		if (StringUtils.isEmpty(token)) {
+			token = request.getHeader("token");
+		}
+//		读取cookies中的时间
 		String cookieTime = getSignTimeCookie(request);
 		if (StringUtils.isBlank(cookieTime)) {
 			return badRequest("不支持的请求");
-			// return;
 		}
-
+		String userInfo = CacheName.NAME_INFO + ":"+ token;
+		Object o = redisTemplate.opsForValue().get(userInfo);
+		String userNoStr = o.toString();
+		if (StringUtils.isBlank(userNoStr)) {
+			return badRequest("token验证错误");
+		}
+		HashMap bean = JSONUtil.toBean(userNoStr, HashMap.class);
+		Object userNo = bean.get("userNo");
 		byte[] signBytes = Base64.getDecoder().decode(sign);
 		// byte[] signBytes = RSAUtil.decryptBase64(sign);
 		byte[] signDecryt = RSAUtil.decryptByPrivateKey(ConfigSecretKey.TEMP_PRIVATESTR, signBytes);
 		String signStr = new String(signDecryt);
-		// System.out.println("解密后的字符串："+signStr);
 		// 第一个/前端是时间
 		int index = signStr.indexOf("/");
 		if (index <= 0) {
@@ -139,8 +149,11 @@ public class CourseWareApi extends ApiBaseController {
 		}
 
 		String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中，long
+		String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号，long
 		String cfid = signStr.substring(index+1);// 文件路径
-
+		if (!workNum.equals(userNo)){
+			return badRequest("工号不匹配");
+		}
 //		if (!time.equals(cookieTime)) {
 //			log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+"    请求头时间："+cookieTime);
 //			log.info("解密后的字符串的时间拼接:"+signStr);