在线视频播放时进行token和工号验证

2025-12-07 01:46:47 +08:00 · 2024-11-06 09:03:06 +08:00
parent b0f01c6300
commit 87adf2aca5
5 changed files with 123 additions and 11 deletions
--- a/servers/boe-server-all/pom.xml
+++ b/servers/boe-server-all/pom.xml
@@ -205,7 +205,11 @@
 			<scope>system</scope>
 			<systemPath>${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar</systemPath>
 		</dependency>
-
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>2.0.17.graal</version>
+        </dependency>
 		<!--加密配置文件-->
 		<dependency>
 			<groupId>com.github.ulisesbocchio</groupId>
@@ -232,7 +236,7 @@
 			<artifactId>spring-retry</artifactId>
 			<version>1.3.1</version>
 		</dependency>
-	</dependencies>
+    </dependencies>
 	<build>
 		<resources>
 			<resource>
--- a/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
@@ -0,0 +1,25 @@
+package com.xboe.config;
+
+public class ConditionException extends RuntimeException{
+    private Integer code;
+    private String message;
+
+
+    public ConditionException(Integer code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+
+    public ConditionException(String message) {
+        this(600, message);
+    }
+
+    public Integer getCode() {
+        return this.code;
+    }
+
+    @Override
+    public String getMessage() {
+        return message;
+    }
+}
--- a/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
@@ -0,0 +1,63 @@
+package com.xboe.config;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.TypeReference;
+import com.xboe.common.utils.Sha256Mac;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.Map;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils {
+
+    public static final String secretKey = "JDF_BOE";
+
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    public static String createToken(Map<String, Object> claims) {
+        JSONObject header = new JSONObject();
+        header.put("alg", "HS256");
+        header.put("type", "token");
+        String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
+        String header64 = Base64.encodeBase64String(header.toString().getBytes());
+        String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
+        return header64 + "." + payload64 + "." + sign;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    public static Map<String, Object> parseToken(String token) throws ConditionException {
+        String[] tokens = token.split("\\.");
+        if (tokens.length != 3) {
+            throw new ConditionException("token不合法 : " + token);
+        }
+        String payload = new String(Base64.decodeBase64(tokens[1]));
+        String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
+        if (sign.equals(tokens[2])) {
+            JSONObject jsonObject = JSON.parseObject(payload);
+            long exp = jsonObject.getLong("exp");
+            long now = System.currentTimeMillis() / 1000;
+            if (now > exp) {
+                throw new ConditionException("token过期 : " + token);
+            }
+            Map<String, Object> map = JSON.parseObject(payload, new TypeReference<Map<String, Object>>() {
+            });
+            return map;
+        } else {
+            throw new ConditionException("token错误 : " + token);
+        }
+    }
+
+}
--- a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
@@ -22,6 +22,8 @@ public interface CacheName {
     */
    String NAME_USER = "user";

+    String NAME_INFO = "userInfo";
+
    /**
     * 用户名缓存KEY前缀
     */
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -1,16 +1,22 @@
 package com.xboe.module.course.api;

-import java.util.Base64;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;

 import javax.annotation.Resource;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import cn.hutool.core.map.MapUtil;
+import cn.hutool.system.UserInfo;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.xboe.config.JwtUtils;
+import com.xboe.constants.CacheName;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -40,6 +46,8 @@ public class CourseWareApi extends ApiBaseController {
 	@Resource
 	private XFileUploader fileUploader;

+	@Autowired
+	StringRedisTemplate redisTemplate;
 	private static Set<String> allowUrlSet = new HashSet<String>();

 	static {
@@ -88,8 +96,6 @@ public class CourseWareApi extends ApiBaseController {
 	 * 
 	 * @param request
 	 * @param response
-	 * @param cfid
-	 * @param cf
 	 * @throws Exception
 	 */
 	@GetMapping("/resource")
@@ -99,7 +105,6 @@ public class CourseWareApi extends ApiBaseController {
 			return badRequest("非法请求");
 			// return;
 		}
-
 		String httpReferer = request.getHeader("referer");
 		if (StringUtils.isBlank(httpReferer)) {
 			return badRequest("非法请求");
@@ -117,13 +122,23 @@ public class CourseWareApi extends ApiBaseController {
 			return badRequest("页面不存在");
 			//return "非法请求";
 		}
-
-		//读取cookies中的时间
+		String token = request.getHeader("Xboe-Access-Token");
+		if (StringUtils.isEmpty(token)) {
+			token = request.getHeader("token");
+		}
+//		读取cookies中的时间
 		String cookieTime = getSignTimeCookie(request);
 		if (StringUtils.isBlank(cookieTime)) {
 			return badRequest("不支持的请求");
 			// return;
 		}
+		String userInfo = CacheName.NAME_INFO + ":"+ token;
+		String userNoStr = redisTemplate.opsForValue().get(userInfo);
+		if (StringUtils.isBlank(userNoStr)){
+			return badRequest("token验证错误");
+		}
+		Map<String, Object> map = JwtUtils.parseToken(token);
+		String userNo = MapUtil.getStr(map, "userNo");

 		byte[] signBytes = Base64.getDecoder().decode(sign);
 		// byte[] signBytes = RSAUtil.decryptBase64(sign);
@@ -139,8 +154,11 @@ public class CourseWareApi extends ApiBaseController {
 		}

 		String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中，long
+		String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号，long
 		String cfid = signStr.substring(index+1);// 文件路径
-
+		if (!workNum.equals(userNo)){
+			return badRequest("工号不匹配");
+		}
 //		if (!time.equals(cookieTime)) {
 //			log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+"    请求头时间："+cookieTime);
 //			log.info("解密后的字符串的时间拼接:"+signStr);