视频进行工号验证

2025-12-07 01:46:47 +08:00 · 2024-11-11 15:15:28 +08:00 · 2024-11-11 15:12:27 +08:00 · 2024-11-08 17:34:07 +08:00 · 2024-11-08 17:12:01 +08:00 · 2024-11-06 09:03:06 +08:00
5 changed files with 147 additions and 24 deletions
--- a/servers/boe-server-all/pom.xml
+++ b/servers/boe-server-all/pom.xml
@@ -205,7 +205,11 @@
 			<scope>system</scope>
 			<systemPath>${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar</systemPath>
 		</dependency>
-
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>2.0.17.graal</version>
+        </dependency>
 		<!--加密配置文件-->
 		<dependency>
 			<groupId>com.github.ulisesbocchio</groupId>
@@ -232,7 +236,7 @@
 			<artifactId>spring-retry</artifactId>
 			<version>1.3.1</version>
 		</dependency>
-	</dependencies>
+    </dependencies>
 	<build>
 		<resources>
 			<resource>
--- a/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
@@ -0,0 +1,25 @@
+package com.xboe.config;
+
+public class ConditionException extends RuntimeException{
+    private Integer code;
+    private String message;
+
+
+    public ConditionException(Integer code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+
+    public ConditionException(String message) {
+        this(600, message);
+    }
+
+    public Integer getCode() {
+        return this.code;
+    }
+
+    @Override
+    public String getMessage() {
+        return message;
+    }
+}
--- a/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
@@ -0,0 +1,63 @@
+package com.xboe.config;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.TypeReference;
+import com.xboe.common.utils.Sha256Mac;
+import org.apache.commons.codec.binary.Base64;
+
+import java.util.Map;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils {
+
+    public static final String secretKey = "JDF_BOE";
+
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    public static String createToken(Map<String, Object> claims) {
+        JSONObject header = new JSONObject();
+        header.put("alg", "HS256");
+        header.put("type", "token");
+        String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
+        String header64 = Base64.encodeBase64String(header.toString().getBytes());
+        String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
+        return header64 + "." + payload64 + "." + sign;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    public static Map<String, Object> parseToken(String token) throws ConditionException {
+        String[] tokens = token.split("\\.");
+        if (tokens.length != 3) {
+            throw new ConditionException("token不合法 : " + token);
+        }
+        String payload = new String(Base64.decodeBase64(tokens[1]));
+        String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
+        if (sign.equals(tokens[2])) {
+            JSONObject jsonObject = JSON.parseObject(payload);
+            long exp = jsonObject.getLong("exp");
+            long now = System.currentTimeMillis() / 1000;
+            if (now > exp) {
+                throw new ConditionException("token过期 : " + token);
+            }
+            Map<String, Object> map = JSON.parseObject(payload, new TypeReference<Map<String, Object>>() {
+            });
+            return map;
+        } else {
+            throw new ConditionException("token错误 : " + token);
+        }
+    }
+
+}
--- a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
@@ -22,6 +22,8 @@ public interface CacheName {
     */
    String NAME_USER = "user";

+    String NAME_INFO = "userInfo";
+
    /**
     * 用户名缓存KEY前缀
     */
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -1,16 +1,20 @@
 package com.xboe.module.course.api;

-import java.util.Base64;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;

 import javax.annotation.Resource;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import cn.hutool.json.JSONUtil;
+import com.xboe.constants.CacheName;
+import com.xboe.data.outside.IOutSideDataService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -33,13 +37,18 @@ import com.xboe.module.course.service.ICourseFileService;
 public class CourseWareApi extends ApiBaseController {

 	private String cookieName = "PLAYSIGN_TIME";
-
+	@Autowired
+	IOutSideDataService outsideDataService;
 	@Resource
 	private ICourseFileService courseFileService;

 	@Resource
 	private XFileUploader fileUploader;

+
+	@Resource
+	RedisTemplate<String, Object> redisTemplate;
+
 	private static Set<String> allowUrlSet = new HashSet<String>();

 	static {
@@ -50,7 +59,7 @@ public class CourseWareApi extends ApiBaseController {

 	/**
 	 * 资源地址的加密，返回加密后的地址
-	 * 
+	 *
 	 * @param request
 	 * @param response
 	 * @param cfid     资源地址的id
@@ -85,25 +94,22 @@ public class CourseWareApi extends ApiBaseController {

 	/**
 	 * 获取资源，在header中保存
-	 * 
+	 *
 	 * @param request
 	 * @param response
-	 * @param cfid
-	 * @param cf
 	 * @throws Exception
 	 */
 	@GetMapping("/resource")
-	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign) throws Exception {
+	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign,
+										 @CookieValue(name = "token",required = false)String token
+	) throws Exception {

 		if (StringUtils.isBlank(sign)) {
 			return badRequest("非法请求");
-			// return;
 		}
-
 		String httpReferer = request.getHeader("referer");
 		if (StringUtils.isBlank(httpReferer)) {
 			return badRequest("非法请求");
-			// return "非法请求";
 		}

 		boolean has=false;
@@ -115,21 +121,37 @@ public class CourseWareApi extends ApiBaseController {

 		if(!has) {
 			return badRequest("页面不存在");
-			//return "非法请求";
 		}
-
-		//读取cookies中的时间
-		String cookieTime = getSignTimeCookie(request);
-		if (StringUtils.isBlank(cookieTime)) {
-			return badRequest("不支持的请求");
-			// return;
+//		String token = request.getHeader("Xboe-Access-Token");
+//		if (StringUtils.isEmpty(token)) {
+//			token = request.getHeader("token");
+//		}
+//		读取cookies中的时间
+//		String cookieTime = getSignTimeCookie(request);
+//		if (StringUtils.isBlank(cookieTime)) {
+//			return badRequest("不支持的请求");
+//		}
+		String userInfo = CacheName.NAME_INFO + ":"+ token;
+		log.info("请求头里的token值：:"+token);
+		log.info("从 Redis 获取的userInfo:"+userInfo);
+		Object o = redisTemplate.opsForValue().get(userInfo);
+		if (o == null) {
+			log.error("从 Redis 获取的值为 null ,", userInfo);
+			return badRequest("token验证错误");
 		}
-
+		// 将对象转换为字符串
+		String userNoStr = o.toString();
+		// 检查字符串是否为空或空白
+		if (StringUtils.isBlank(userNoStr)) {
+			log.error("从 Redis 获取的值为空或空白,", userInfo);
+			return badRequest("token验证错误");
+		}
+		HashMap bean = JSONUtil.toBean(userNoStr, HashMap.class);
+		Object userNo = bean.get("userNo");
 		byte[] signBytes = Base64.getDecoder().decode(sign);
 		// byte[] signBytes = RSAUtil.decryptBase64(sign);
 		byte[] signDecryt = RSAUtil.decryptByPrivateKey(ConfigSecretKey.TEMP_PRIVATESTR, signBytes);
 		String signStr = new String(signDecryt);
-		// System.out.println("解密后的字符串："+signStr);
 		// 第一个/前端是时间
 		int index = signStr.indexOf("/");
 		if (index <= 0) {
@@ -139,8 +161,15 @@ public class CourseWareApi extends ApiBaseController {
 		}

 		String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中，long
+		String[] split = signStr.split("/");
 		String cfid = signStr.substring(index+1);// 文件路径
+		log.info("解密后的字符串:"+signStr);

+		log.info("workNum工号对比:"+split[2]);
+		log.info("userNo工号对比:"+userNo);
+		if (!split[2].equals(userNo)){
+			return badRequest("token验证失效");
+		}
 //		if (!time.equals(cookieTime)) {
 //			log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+"    请求头时间："+cookieTime);
 //			log.info("解密后的字符串的时间拼接:"+signStr);
@@ -172,7 +201,7 @@ public class CourseWareApi extends ApiBaseController {

 	/**
 	 * 读取cookies值
-	 * 
+	 *
 	 * @param request
 	 * @return
 	 */
Author	SHA1	Message	Date
zhaolongfei	eaafb57b83	视频进行工号验证	2024-11-11 15:15:28 +08:00
zhaolongfei	ee74f47261	视频进行工号验证	2024-11-11 15:12:27 +08:00
zhaolongfei	d9d1e0fecc	视频进行工号验证	2024-11-08 17:34:07 +08:00
zhaolongfei	af0c26294d	视频进行工号验证	2024-11-08 17:12:01 +08:00
zhaolongfei	87adf2aca5	在线视频播放时进行token和工号验证	2024-11-06 09:03:06 +08:00