视频进行工号验证

2025-12-09 19:06:49 +08:00 · 2024-11-11 15:15:28 +08:00 · 2024-11-11 15:12:27 +08:00 · 2024-11-08 17:34:07 +08:00 · 2024-11-08 17:12:01 +08:00 · 2024-11-06 09:03:06 +08:00
5 changed files with 147 additions and 24 deletions
--- a/servers/boe-server-all/pom.xml
+++ b/servers/boe-server-all/pom.xml
@@ -205,7 +205,11 @@
 			<scope>system</scope>
 			<systemPath>${project.basedir}/src/main/resources/aspose/aspose-cells-java-18.11.jar</systemPath>
 		</dependency>
-
+        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>2.0.17.graal</version>
        </dependency>
 		<!--加密配置文件-->
 		<dependency>
 			<groupId>com.github.ulisesbocchio</groupId>
@@ -232,7 +236,7 @@
 			<artifactId>spring-retry</artifactId>
 			<version>1.3.1</version>
 		</dependency>
-	</dependencies>
+    </dependencies>
 	<build>
 		<resources>
 			<resource>
--- a/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/ConditionException.java
@@ -0,0 +1,25 @@
 package com.xboe.config;
 public class ConditionException extends RuntimeException{
    private Integer code;
    private String message;
    public ConditionException(Integer code, String message) {
        this.code = code;
        this.message = message;
    }
    public ConditionException(String message) {
        this(600, message);
    }
    public Integer getCode() {
        return this.code;
    }
    @Override
    public String getMessage() {
        return message;
    }
 }
--- a/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/config/JwtUtils.java
@@ -0,0 +1,63 @@
 package com.xboe.config;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.TypeReference;
 import com.xboe.common.utils.Sha256Mac;
 import org.apache.commons.codec.binary.Base64;
 import java.util.Map;
 /**
 * Jwt工具类
 *
 * @author ruoyi
 */
 public class JwtUtils {
    public static final String secretKey = "JDF_BOE";
    /**
     * 从数据声明生成令牌
     *
     * @param claims 数据声明
     * @return 令牌
     */
    public static String createToken(Map<String, Object> claims) {
        JSONObject header = new JSONObject();
        header.put("alg", "HS256");
        header.put("type", "token");
        String payload64 = Base64.encodeBase64String(JSON.toJSONString(claims).getBytes());
        String header64 = Base64.encodeBase64String(header.toString().getBytes());
        String sign = Sha256Mac.sha256_mac(header64 + payload64, secretKey);
        return header64 + "." + payload64 + "." + sign;
    }
    /**
     * 从令牌中获取数据声明
     *
     * @param token 令牌
     * @return 数据声明
     */
    public static Map<String, Object> parseToken(String token) throws ConditionException {
        String[] tokens = token.split("\\.");
        if (tokens.length != 3) {
            throw new ConditionException("token不合法 : " + token);
        }
        String payload = new String(Base64.decodeBase64(tokens[1]));
        String sign = Sha256Mac.sha256_mac(tokens[0] + tokens[1], secretKey);
        if (sign.equals(tokens[2])) {
            JSONObject jsonObject = JSON.parseObject(payload);
            long exp = jsonObject.getLong("exp");
            long now = System.currentTimeMillis() / 1000;
            if (now > exp) {
                throw new ConditionException("token过期 : " + token);
            }
            Map<String, Object> map = JSON.parseObject(payload, new TypeReference<Map<String, Object>>() {
            });
            return map;
        } else {
            throw new ConditionException("token错误 : " + token);
        }
    }
 }
--- a/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/constants/CacheName.java
@@ -22,6 +22,8 @@ public interface CacheName {
     */
    String NAME_USER = "user";
    String NAME_INFO = "userInfo";
    /**
     * 用户名缓存KEY前缀
     */
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java
@@ -1,16 +1,20 @@
 package com.xboe.module.course.api;
-import java.util.Base64;
+import java.util.*;
 import java.util.HashSet;
 import java.util.Set;
 import javax.annotation.Resource;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import cn.hutool.json.JSONUtil;
 import com.xboe.constants.CacheName;
 import com.xboe.data.outside.IOutSideDataService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -33,13 +37,18 @@ import com.xboe.module.course.service.ICourseFileService;
 public class CourseWareApi extends ApiBaseController {
 	private String cookieName = "PLAYSIGN_TIME";
-
+	@Autowired
 	IOutSideDataService outsideDataService;
 	@Resource
 	private ICourseFileService courseFileService;
 	@Resource
 	private XFileUploader fileUploader;
 	@Resource
 	RedisTemplate<String, Object> redisTemplate;
 	private static Set<String> allowUrlSet = new HashSet<String>();
 	static {
@@ -50,7 +59,7 @@ public class CourseWareApi extends ApiBaseController {
 	/**
 	 * 资源地址的加密，返回加密后的地址
-	 * 
+	 *
 	 * @param request
 	 * @param response
 	 * @param cfid     资源地址的id
@@ -85,25 +94,22 @@ public class CourseWareApi extends ApiBaseController {
 	/**
 	 * 获取资源，在header中保存
-	 * 
+	 *
 	 * @param request
 	 * @param response
 	 * @param cfid
 	 * @param cf
 	 * @throws Exception
 	 */
 	@GetMapping("/resource")
-	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign) throws Exception {
+	public JsonResponse<String> getVideo(HttpServletRequest request, HttpServletResponse response, String sign,
 										 @CookieValue(name = "token",required = false)String token
 	) throws Exception {
 		if (StringUtils.isBlank(sign)) {
 			return badRequest("非法请求");
 			// return;
 		}
 		String httpReferer = request.getHeader("referer");
 		if (StringUtils.isBlank(httpReferer)) {
 			return badRequest("非法请求");
 			// return "非法请求";
 		}
 		boolean has=false;
@@ -115,21 +121,37 @@ public class CourseWareApi extends ApiBaseController {
 		if(!has) {
 			return badRequest("页面不存在");
 			//return "非法请求";
 		}
-
+//		String token = request.getHeader("Xboe-Access-Token");
-		//读取cookies中的时间
+//		if (StringUtils.isEmpty(token)) {
-		String cookieTime = getSignTimeCookie(request);
+//			token = request.getHeader("token");
-		if (StringUtils.isBlank(cookieTime)) {
+//		}
-			return badRequest("不支持的请求");
+//		读取cookies中的时间
-			// return;
+//		String cookieTime = getSignTimeCookie(request);
 //		if (StringUtils.isBlank(cookieTime)) {
 //			return badRequest("不支持的请求");
 //		}
 		String userInfo = CacheName.NAME_INFO + ":"+ token;
 		log.info("请求头里的token值：:"+token);
 		log.info("从 Redis 获取的userInfo:"+userInfo);
 		Object o = redisTemplate.opsForValue().get(userInfo);
 		if (o == null) {
 			log.error("从 Redis 获取的值为 null ,", userInfo);
 			return badRequest("token验证错误");
 		}
-
+		// 将对象转换为字符串
 		String userNoStr = o.toString();
 		// 检查字符串是否为空或空白
 		if (StringUtils.isBlank(userNoStr)) {
 			log.error("从 Redis 获取的值为空或空白,", userInfo);
 			return badRequest("token验证错误");
 		}
 		HashMap bean = JSONUtil.toBean(userNoStr, HashMap.class);
 		Object userNo = bean.get("userNo");
 		byte[] signBytes = Base64.getDecoder().decode(sign);
 		// byte[] signBytes = RSAUtil.decryptBase64(sign);
 		byte[] signDecryt = RSAUtil.decryptByPrivateKey(ConfigSecretKey.TEMP_PRIVATESTR, signBytes);
 		String signStr = new String(signDecryt);
 		// System.out.println("解密后的字符串："+signStr);
 		// 第一个/前端是时间
 		int index = signStr.indexOf("/");
 		if (index <= 0) {
@@ -139,8 +161,15 @@ public class CourseWareApi extends ApiBaseController {
 		}
 		String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中，long
 		String[] split = signStr.split("/");
 		String cfid = signStr.substring(index+1);// 文件路径
 		log.info("解密后的字符串:"+signStr);
 		log.info("workNum工号对比:"+split[2]);
 		log.info("userNo工号对比:"+userNo);
 		if (!split[2].equals(userNo)){
 			return badRequest("token验证失效");
 		}
 //		if (!time.equals(cookieTime)) {
 //			log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+"    请求头时间："+cookieTime);
 //			log.info("解密后的字符串的时间拼接:"+signStr);
@@ -172,7 +201,7 @@ public class CourseWareApi extends ApiBaseController {
 	/**
 	 * 读取cookies值
-	 * 
+	 *
 	 * @param request
 	 * @return
 	 */
Author	SHA1	Message	Date
zhaolongfei	eaafb57b83	视频进行工号验证	2024-11-11 15:15:28 +08:00
zhaolongfei	ee74f47261	视频进行工号验证	2024-11-11 15:12:27 +08:00
zhaolongfei	d9d1e0fecc	视频进行工号验证	2024-11-08 17:34:07 +08:00
zhaolongfei	af0c26294d	视频进行工号验证	2024-11-08 17:12:01 +08:00
zhaolongfei	87adf2aca5	在线视频播放时进行token和工号验证	2024-11-06 09:03:06 +08:00