Skip to content

Commit

Permalink
refactor(open): 优化 API 参数签名处理
Browse files Browse the repository at this point in the history
  • Loading branch information
@Charles7c
Charles7c committed Nov 20, 2024
1 parent 935fc2d commit 22b3564
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 66 deletions.
5 changes: 2 additions & 3 deletions ...w-plugin-open/src/main/java/top/continew/admin/open/handler/SaCheckPermissionHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.handler.SaAnnotationHandlerInterface;
import org.springframework.stereotype.Component;
import top.continew.admin.open.util.ApiSignCheckUtils;
import top.continew.admin.open.util.OpenApiUtils;

import java.lang.reflect.Method;

Expand All @@ -41,9 +41,8 @@ public Class<SaCheckPermission> getHandlerAnnotationClass() {

@Override
public void checkMethod(SaCheckPermission at, Method method) {
if (!ApiSignCheckUtils.isSignParamExists()) {
if (!OpenApiUtils.isSignParamExists()) {
_checkMethod(at.type(), at.value(), at.mode(), at.orRole());
}
}

}
12 changes: 12 additions & 0 deletions ...plugin/continew-plugin-open/src/main/java/top/continew/admin/open/model/entity/AppDO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,16 @@ public class AppDO extends BaseDO {
* 状态
*/
private DisEnableStatusEnum status;

/**
* 是否已过期
*
* @return true:已过期;false:未过期
*/
public boolean isExpired() {
if (expireTime == null) {
return false;
}
return LocalDateTime.now().isAfter(expireTime);
}
}
2 changes: 1 addition & 1 deletion .../continew-plugin-open/src/main/java/top/continew/admin/open/model/resp/AppSecretResp.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,6 @@ public class AppSecretResp implements Serializable {
/**
* Secret Key(私有密钥)
*/
@Schema(description = "Secret Key(私有密钥)", example = "")
@Schema(description = "Secret Key(私有密钥)", example = "MDI2YzQ3YTU1NGEyNDM1ZWIwNTU5NmNjNmZjM2M2Nzg=")
private String secretKey;
}
23 changes: 4 additions & 19 deletions ...plugin/continew-plugin-open/src/main/java/top/continew/admin/open/service/AppService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package top.continew.admin.open.service;

import top.continew.admin.open.model.entity.AppDO;
import top.continew.admin.open.model.query.AppQuery;
import top.continew.admin.open.model.req.AppReq;
import top.continew.admin.open.model.resp.AppDetailResp;
Expand Down Expand Up @@ -48,26 +49,10 @@ public interface AppService extends BaseService<AppResp, AppDetailResp, AppQuery
void resetSecret(Long id);

/**
* 根据 Access Key 获取 Secret Key
* 根据 Access Key 查询
*
* @param accessKey Access Key
* @return Secret Key
* @return 应用信息
*/
String getSecretKeyByAccessKey(String accessKey);

/**
* 判断应用是否存在
*
* @param accessKey Access Key
* @return 是否存在(true:存在;false:不存在)
*/
boolean isAppExists(String accessKey);

/**
* 判断应用密钥是否过期
*
* @param accessKey Access Key
* @return 是否过期(true:已过期;false:未过期)
*/
boolean isAppSecretExpired(String accessKey);
AppDO getByAccessKey(String accessKey);
}
23 changes: 2 additions & 21 deletions ...ntinew-plugin-open/src/main/java/top/continew/admin/open/service/impl/AppServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
package top.continew.admin.open.service.impl;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.IdUtil;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import lombok.RequiredArgsConstructor;
Expand All @@ -31,11 +30,8 @@
import top.continew.admin.open.model.resp.AppSecretResp;
import top.continew.admin.open.service.AppService;
import top.continew.starter.core.constant.StringConstants;
import top.continew.starter.core.validation.ValidationUtils;
import top.continew.starter.extension.crud.service.impl.BaseServiceImpl;

import java.util.Optional;

/**
* 应用业务实现
*
Expand Down Expand Up @@ -74,23 +70,8 @@ public void resetSecret(Long id) {
}

@Override
public String getSecretKeyByAccessKey(String accessKey) {
return Optional.ofNullable(baseMapper.selectByAccessKey(accessKey)).map(AppDO::getSecretKey).orElse(null);
}

@Override
public boolean isAppExists(String accessKey) {
return baseMapper.selectByAccessKey(accessKey) != null;
}

@Override
public boolean isAppSecretExpired(String accessKey) {
AppDO app = baseMapper.selectByAccessKey(accessKey);
ValidationUtils.throwIfNull(app, "应用不存在");
if (app.getExpireTime() == null) {
return false;
}
return app.getExpireTime().isBefore(DateUtil.date().toLocalDateTime());
public AppDO getByAccessKey(String accessKey) {
return baseMapper.selectByAccessKey(accessKey);
}

/**
Expand Down
31 changes: 12 additions & 19 deletions .../continew-plugin-open/src/main/java/top/continew/admin/open/sign/OpenApiSignTemplate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,12 @@
import cn.dev33.satoken.sign.SaSignTemplate;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import top.continew.admin.common.enums.DisEnableStatusEnum;
import top.continew.admin.open.model.entity.AppDO;
import top.continew.admin.open.service.AppService;
import top.continew.starter.core.validation.ValidationUtils;

import java.util.Map;
import java.util.TreeMap;

/**
* API 参数签名算法
Expand Down Expand Up @@ -52,32 +53,24 @@ public void checkParamMap(Map<String, String> paramMap) {
ValidationUtils.throwIfBlank(nonceValue, "nonce不能为空");
ValidationUtils.throwIfBlank(signValue, "sign不能为空");
ValidationUtils.throwIfBlank(accessKeyValue, "accessKey不能为空");
ValidationUtils.throwIf(!appService.isAppExists(accessKeyValue), "accessKey非法");
ValidationUtils.throwIf(appService.isAppSecretExpired(accessKeyValue), "密钥已过期, 请重置密钥");
AppDO app = appService.getByAccessKey(accessKeyValue);
ValidationUtils.throwIfNull(app, "accessKey非法");
ValidationUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, app.getStatus(), "应用已被禁用, 请联系管理员");
ValidationUtils.throwIf(app.isExpired(), "应用已过期, 请联系管理员");

// 依次校验三个参数
super.checkTimestamp(Long.parseLong(timestampValue));
super.checkNonce(nonceValue);
paramMap.put(key, app.getSecretKey());
super.checkSign(paramMap, signValue);
}

@Override
public String createSign(Map<String, ?> paramsMap) {
// 根据 AK 获取 SK
String accessKeyValue = (String)((Map)paramsMap).get(ACCESS_KEY);
String secretKey = appService.getSecretKeyByAccessKey(accessKeyValue);
ValidationUtils.throwIfBlank(secretKey, "密钥缺失, 请检查应用配置");

// 如果调用者不小心传入了 sign 参数,则此处需要将 sign 参数排除在外
if (paramsMap.containsKey(sign)) {
// 为了保证不影响原有的 paramsMap,此处需要再复制一份
paramsMap = new TreeMap<>(paramsMap);
paramsMap.remove(sign);
}

public String createSign(Map<String, ?> paramMap) {
ValidationUtils.throwIfEmpty(paramMap.get(key), "秘钥缺失, 请检查应用配置");
// 移除 sign 参数
paramMap.remove(sign);
// 计算签名
String paramsStr = super.joinParamsDictSort(paramsMap);
String fullStr = paramsStr + "&" + key + "=" + secretKey;
return super.abstractStr(fullStr);
return super.abstractStr(super.joinParamsDictSort(paramMap));
}
}
7 changes: 4 additions & 3 deletions ...ew/admin/open/util/ApiSignCheckUtils.java → ...ontinew/admin/open/util/OpenApiUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,15 @@
import java.util.List;

/**
* API签名验证工具类
* Open Api 工具类
*
* @author chengzi
* @author Charles7c
* @since 2024/10/25 15:31
*/
public class ApiSignCheckUtils {
public class OpenApiUtils {

private ApiSignCheckUtils() {
private OpenApiUtils() {
}

/**
Expand Down

0 comments on commit 22b3564

Please sign in to comment.