package com.qianwen.core.secure.interceptor;
|
|
import java.time.Duration;
|
import java.util.Date;
|
import java.util.List;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import com.qianwen.core.secure.props.SignSecure;
|
import com.qianwen.core.secure.provider.HttpMethod;
|
import com.qianwen.core.secure.provider.ResponseProvider;
|
import com.qianwen.core.tool.jackson.JsonUtil;
|
import com.qianwen.core.tool.utils.DateUtil;
|
import com.qianwen.core.tool.utils.DigestUtil;
|
import com.qianwen.core.tool.utils.Func;
|
import com.qianwen.core.tool.utils.WebUtil;
|
import org.springframework.lang.NonNull;
|
import org.springframework.util.AntPathMatcher;
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
|
/* loaded from: blade-core-secure-9.3.0.0-SNAPSHOT.jar:org/springblade/core/secure/interceptor/SignInterceptor.class */
|
public class SignInterceptor extends HandlerInterceptorAdapter {
|
private final List<SignSecure> signSecures;
|
private static final String TIMESTAMP = "timestamp";
|
private static final String NONCE = "nonce";
|
private static final String SIGNATURE = "signature";
|
private static final String SHA1 = "sha1";
|
private static final String MD5 = "md5";
|
private static final Logger log = LoggerFactory.getLogger(SignInterceptor.class);
|
private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
|
private static final Integer SECOND_MIN = 0;
|
private static final Integer SECOND_MAX = 10;
|
|
public SignInterceptor(final List<SignSecure> signSecures) {
|
this.signSecures = signSecures;
|
}
|
|
public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
|
boolean check = ((Boolean) this.signSecures.stream().filter(signSecure -> {
|
return checkAuth(request, signSecure);
|
}).findFirst().map(authSecure -> {
|
return Boolean.valueOf(checkSign(authSecure.getCrypto()));
|
}).orElse(Boolean.TRUE)).booleanValue();
|
if (!check) {
|
log.warn("授权认证失败,请求接口:{},请求IP:{},请求参数:{}", new Object[]{request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap())});
|
ResponseProvider.write(response);
|
return false;
|
}
|
return true;
|
}
|
|
private boolean checkAuth(HttpServletRequest request, SignSecure signSecure) {
|
return checkMethod(request, signSecure.getMethod()) && checkPath(request, signSecure.getPattern());
|
}
|
|
private boolean checkMethod(HttpServletRequest request, HttpMethod method) {
|
return method == HttpMethod.ALL || (method != null && method == HttpMethod.of(request.getMethod()));
|
}
|
|
private boolean checkPath(HttpServletRequest request, String pattern) {
|
String servletPath = request.getServletPath();
|
String pathInfo = request.getPathInfo();
|
if (pathInfo != null && pathInfo.length() > 0) {
|
servletPath = servletPath + pathInfo;
|
}
|
return ANT_PATH_MATCHER.match(pattern, servletPath);
|
}
|
|
private boolean checkSign(String crypto) {
|
String sign;
|
try {
|
HttpServletRequest request = WebUtil.getRequest();
|
if (request == null) {
|
return false;
|
}
|
String timestamp = request.getHeader(TIMESTAMP);
|
long seconds = Duration.between(new Date(Func.toLong(timestamp)).toInstant(), DateUtil.now().toInstant()).getSeconds();
|
if (seconds < SECOND_MIN.intValue() || seconds > SECOND_MAX.intValue()) {
|
log.warn("授权认证失败,错误信息:{}", "请求时间戳非法");
|
return false;
|
}
|
String nonce = request.getHeader(NONCE);
|
String signature = request.getHeader(SIGNATURE);
|
if (crypto.equals(MD5)) {
|
sign = DigestUtil.md5Hex(timestamp + nonce);
|
} else if (crypto.equals(SHA1)) {
|
sign = DigestUtil.sha1Hex(timestamp + nonce);
|
} else {
|
sign = DigestUtil.sha1Hex(timestamp + nonce);
|
}
|
return sign.equalsIgnoreCase(signature);
|
} catch (Exception e) {
|
log.warn("授权认证失败,错误信息:{}", e.getMessage());
|
return false;
|
}
|
}
|
}
|
