From 87adf2aca59a37b1916f023496ddd2c8addb5d57 Mon Sep 17 00:00:00 2001
From: zhaolongfei <2651195677@qq.com>
Date: Wed, 6 Nov 2024 09:03:06 +0800
Subject: [PATCH] =?UTF-8?q?=E5=9C=A8=E7=BA=BF=E8=A7=86=E9=A2=91=E6=92=AD?=
=?UTF-8?q?=E6=94=BE=E6=97=B6=E8=BF=9B=E8=A1=8Ctoken=E5=92=8C=E5=B7=A5?=
=?UTF-8?q?=E5=8F=B7=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
servers/boe-server-all/pom.xml | 8 ++-
.../com/xboe/config/ConditionException.java | 25 ++++++++
.../main/java/com/xboe/config/JwtUtils.java | 63 +++++++++++++++++++
.../java/com/xboe/constants/CacheName.java | 2 +
.../xboe/module/course/api/CourseWareApi.java | 36 ++++++++---
5 files changed, 123 insertions(+), 11 deletions(-)
create mode 100644 servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
create mode 100644 servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
diff --git a/servers/boe-server-all/pom.xml b/servers/boe-server-all/pom.xml
index de0b436d..ba338021 100644
--- a/servers/boe-server-all/pom.xml
+++ b/servers/boe-server-all/pom.xml
@@ -205,7 +205,11 @@
system
${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar
-
+
+ com.alibaba
+ fastjson
+ 2.0.17.graal
+
com.github.ulisesbocchio
@@ -232,7 +236,7 @@
spring-retry
1.3.1
-
+
diff --git a/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
new file mode 100644
index 00000000..872a71af
--- /dev/null
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
@@ -0,0 +1,25 @@
+package com.xboe.config;
+
+public class ConditionException extends RuntimeException{
+ private Integer code;
+ private String message;
+
+
+ public ConditionException(Integer code, String message) {
+ this.code = code;
+ this.message = message;
+ }
+
+ public ConditionException(String message) {
+ this(600, message);
+ }
+
+ public Integer getCode() {
+ return this.code;
+ }
+
+ @Override
+ public String getMessage() {
+ return message;
+ }
+}
diff --git a/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
new file mode 100644
index 00000000..bfccfc29
--- /dev/null
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
@@ -0,0 +1,63 @@
+package com.xboe.config;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.TypeReference;
+import com.xboe.common.utils.Sha256Mac;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.Map;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils {
+
+ public static final String secretKey = "JDF_BOE";
+
+ /**
+ * 从数据声明生成令牌
+ *
+ * @param claims 数据声明
+ * @return 令牌
+ */
+ public static String createToken(Map claims) {
+ JSONObject header = new JSONObject();
+ header.put("alg", "HS256");
+ header.put("type", "token");
+ String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
+ String header64 = Base64.encodeBase64String(header.toString().getBytes());
+ String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
+ return header64 + "." + payload64 + "." + sign;
+ }
+
+ /**
+ * 从令牌中获取数据声明
+ *
+ * @param token 令牌
+ * @return 数据声明
+ */
+ public static Map parseToken(String token) throws ConditionException {
+ String[] tokens = token.split("\\.");
+ if (tokens.length != 3) {
+ throw new ConditionException("token不合法 : " + token);
+ }
+ String payload = new String(Base64.decodeBase64(tokens[1]));
+ String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
+ if (sign.equals(tokens[2])) {
+ JSONObject jsonObject = JSON.parseObject(payload);
+ long exp = jsonObject.getLong("exp");
+ long now = System.currentTimeMillis() / 1000;
+ if (now > exp) {
+ throw new ConditionException("token过期 : " + token);
+ }
+ Map map = JSON.parseObject(payload, new TypeReference>() {
+ });
+ return map;
+ } else {
+ throw new ConditionException("token错误 : " + token);
+ }
+ }
+
+}
diff --git a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
index 07810238..4b602651 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
@@ -22,6 +22,8 @@ public interface CacheName {
*/
String NAME_USER = "user";
+ String NAME_INFO = "userInfo";
+
/**
* 用户名缓存KEY前缀
*/
diff --git a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
index 32b6e693..6b64b32f 100644
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -1,16 +1,22 @@
package com.xboe.module.course.api;
-import java.util.Base64;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
import javax.annotation.Resource;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.system.UserInfo;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.xboe.config.JwtUtils;
+import com.xboe.constants.CacheName;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@@ -40,6 +46,8 @@ public class CourseWareApi extends ApiBaseController {
@Resource
private XFileUploader fileUploader;
+ @Autowired
+ StringRedisTemplate redisTemplate;
private static Set allowUrlSet = new HashSet();
static {
@@ -88,8 +96,6 @@ public class CourseWareApi extends ApiBaseController {
*
* @param request
* @param response
- * @param cfid
- * @param cf
* @throws Exception
*/
@GetMapping("/resource")
@@ -99,7 +105,6 @@ public class CourseWareApi extends ApiBaseController {
return badRequest("非法请求");
// return;
}
-
String httpReferer = request.getHeader("referer");
if (StringUtils.isBlank(httpReferer)) {
return badRequest("非法请求");
@@ -117,13 +122,23 @@ public class CourseWareApi extends ApiBaseController {
return badRequest("页面不存在");
//return "非法请求";
}
-
- //读取cookies中的时间
+ String token = request.getHeader("Xboe-Access-Token");
+ if (StringUtils.isEmpty(token)) {
+ token = request.getHeader("token");
+ }
+// 读取cookies中的时间
String cookieTime = getSignTimeCookie(request);
if (StringUtils.isBlank(cookieTime)) {
return badRequest("不支持的请求");
// return;
}
+ String userInfo = CacheName.NAME_INFO + ":"+ token;
+ String userNoStr = redisTemplate.opsForValue().get(userInfo);
+ if (StringUtils.isBlank(userNoStr)){
+ return badRequest("token验证错误");
+ }
+ Map map = JwtUtils.parseToken(token);
+ String userNo = MapUtil.getStr(map, "userNo");
byte[] signBytes = Base64.getDecoder().decode(sign);
// byte[] signBytes = RSAUtil.decryptBase64(sign);
@@ -139,8 +154,11 @@ public class CourseWareApi extends ApiBaseController {
}
String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中,long
+ String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号,long
String cfid = signStr.substring(index+1);// 文件路径
-
+ if (!workNum.equals(userNo)){
+ return badRequest("工号不匹配");
+ }
// if (!time.equals(cookieTime)) {
// log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+" 请求头时间:"+cookieTime);
// log.info("解密后的字符串的时间拼接:"+signStr);