Home Explore Help
Sign In
usky-park-modules
/
zkxt-api
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

修改

liyabo 3 years ago
parent
81f1ab4bf4
commit
8345cc238a
4 changed files with 102 additions and 13 deletions
Split View Show Diff Stats
  1. 38 0
      eladmin-common/src/main/java/me/zhengjie/base/QueryPageParams.java
  2. 30 3
      eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java
  3. 24 3
      eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java
  4. 10 7
      eladmin-system/src/main/java/me/zhengjie/modules/thirdparty/v1/UserApiController.java

+ 38 - 0
eladmin-common/src/main/java/me/zhengjie/base/QueryPageParams.java
View File 

@@ -0,0 +1,38 @@
 
+package me.zhengjie.base;
 
+
 
+import org.springframework.data.domain.Pageable;
 
+import org.springframework.data.domain.Sort;
 
+
 
+import java.util.Optional;
 
+
 
+public class QueryPageParams<T> {
 
+    private String timestamp;
 
+    private String nonce;
 
+
 
+    public String getTimestamp() {
 
+        return timestamp;
 
+    }
 
+
 
+    public void setTimestamp(String timestamp) {
 
+        this.timestamp = timestamp;
 
+    }
 
+
 
+    public String getNonce() {
 
+        return nonce;
 
+    }
 
+
 
+    public void setNonce(String nonce) {
 
+        this.nonce = nonce;
 
+    }
 
+
 
+    private T query;
 
+
 
+    public T getQuery() {
 
+        return query;
 
+    }
 
+
 
+    public void setQuery(T query) {
 
+        this.query = query;
 
+    }
 
+
 
+}

+ 30 - 3
eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java
View File 

@@ -21,6 +21,7 @@ import javax.crypto.SecretKeyFactory;
 
 import javax.crypto.spec.DESKeySpec;
 
 import javax.crypto.spec.IvParameterSpec;
 
 import java.nio.charset.StandardCharsets;
 
+import java.security.MessageDigest;
 
 
 /**
 
  * 加密
 
@@ -37,7 +38,7 @@ public class EncryptUtils {
 
     private static final IvParameterSpec IV = new IvParameterSpec(STR_PARAM.getBytes(StandardCharsets.UTF_8));
 
 
     private static DESKeySpec getDesKeySpec(String source) throws Exception {
 
-        if (source == null || source.length() == 0){
 
+        if (source == null || source.length() == 0) {
 
             return null;
 
         }
 
         cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
 
@@ -87,7 +88,7 @@ public class EncryptUtils {
 
 
     private static byte[] hex2byte(byte[] b) {
 
         int size = 2;
 
-        if ((b.length % size) != 0){
 
+        if ((b.length % size) != 0) {
 
             throw new IllegalArgumentException("长度不是偶数");
 
         }
 
         byte[] b2 = new byte[b.length / 2];
 
@@ -97,4 +98,30 @@ public class EncryptUtils {
 
         }
 
         return b2;
 
     }
 
-}
 
+
 
+    /**
 
+     * @return
 
+     * @Comment SHA1 加密
 
+     */
 
+    public static String sha1(String str) {
 
+        MessageDigest sha = null;
 
+        try {
 
+            sha = MessageDigest.getInstance("SHA");
 
+            byte[] byteArray = str.getBytes("UTF-8");
 
+            byte[] md5Bytes = sha.digest(byteArray);
 
+            StringBuffer hexValue = new StringBuffer();
 
+            for (int i = 0; i < md5Bytes.length; i++) {
 
+                int val = ((int) md5Bytes[i]) & 0xff;
 
+                if (val < 16) {
 
+                    hexValue.append("0");
 
+                }
 
+                hexValue.append(Integer.toHexString(val));
 
+            }
 
+            return hexValue.toString();
 
+        } catch (Exception e) {
 
+            System.out.println(e.toString());
 
+            e.printStackTrace();
 
+            return "";
 
+        }
 
+    }
 
+}

+ 24 - 3
eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java
View File 

@@ -19,6 +19,7 @@ import cn.hutool.json.JSONArray;
 
 import cn.hutool.json.JSONObject;
 
 import cn.hutool.json.JSONUtil;
 
 import lombok.extern.slf4j.Slf4j;
 
+import me.zhengjie.base.QueryPageParams;
 
 import me.zhengjie.exception.BadRequestException;
 
 import me.zhengjie.utils.enums.DataScopeEnum;
 
 import org.springframework.http.HttpStatus;
 
@@ -26,8 +27,11 @@ import org.springframework.security.core.Authentication;
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import org.springframework.security.core.userdetails.UserDetails;
 
 import org.springframework.security.core.userdetails.UserDetailsService;
 
+import org.springframework.web.context.request.RequestContextHolder;
 
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 
 import javax.servlet.http.HttpServletRequest;
 
+import java.util.Arrays;
 
 import java.util.List;
 
 
 /**
 
@@ -99,11 +103,28 @@ public class SecurityUtils {
 
         return DataScopeEnum.ALL.getValue();
 
     }
 
 
-    public static void CheckApiAuth(HttpServletRequest request) {
 
+    /**
 
+     * 验证API访问权限
 
+     */
 
+    public static void CheckApiAuth(QueryPageParams params) {
 
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
 
         if (request != null) {
 
-            String token = request.getHeader("s_zk_token");
 
+            String accesstoken = request.getHeader("X_YT_ACCESS_TOKEN");
 
+            String token = "DMERPYT!@#$QWER2021+{:>";
 
 
-            if (!token.equals("Ofv4szvNO_U4vbxjeCdvhtvr_Sz8dqNKQETnsGrcRcL_BJkp994xWDIt77HJlXGeT8KoytPdpZVb-h-TXu-W838vUbvEGy1CY0o80kB9eeA")) {
 
+            if (params == null || StringUtils.isBlank(params.getTimestamp()) || StringUtils.isBlank(params.getNonce()) || StringUtils.isBlank(accesstoken)) {
 
+                throw new BadRequestException(HttpStatus.UNAUTHORIZED, "认证失败");
 
+            }
 
+
 
+            String[] arr = {token, params.getTimestamp(), params.getNonce()};
 
+            Arrays.sort(arr);
 
+
 
+            String str = "";
 
+            for (int i = 0; i < arr.length; i++) {
 
+                str += arr[i];
 
+            }
 
+            String newtoken = EncryptUtils.sha1(str);
 
+            if (!accesstoken.equals(newtoken)) {
 
                 throw new BadRequestException(HttpStatus.UNAUTHORIZED, "认证失败");
 
             }
 
         }

+ 10 - 7
eladmin-system/src/main/java/me/zhengjie/modules/thirdparty/v1/UserApiController.java
View File 

@@ -11,6 +11,7 @@ import me.zhengjie.annotation.Log;
 
 import me.zhengjie.annotation.rest.AnonymousGetMapping;
 
 import me.zhengjie.annotation.rest.AnonymousPostMapping;
 
 import me.zhengjie.base.BaseResponse;
 
+import me.zhengjie.base.QueryPageParams;
 
 import me.zhengjie.modules.dm.user.service.DmUserService;
 
 import me.zhengjie.modules.dm.user.service.dto.DmUserDto;
 
 import me.zhengjie.modules.dm.user.service.dto.DmUserQueryCriteria;
 
@@ -22,11 +23,13 @@ import me.zhengjie.modules.system.service.dto.DeptQueryCriteria;
 
 import me.zhengjie.modules.system.service.dto.DeptQueryNoAuthCriteria;
 
 import me.zhengjie.utils.SecurityUtils;
 
 import org.hibernate.Criteria;
 
+import org.springframework.data.domain.PageRequest;
 
 import org.springframework.data.domain.Pageable;
 
 import org.springframework.http.HttpStatus;
 
 import org.springframework.http.ResponseEntity;
 
 import org.springframework.security.access.prepost.PreAuthorize;
 
 import org.springframework.web.bind.annotation.GetMapping;
 
+import org.springframework.web.bind.annotation.RequestBody;
 
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import org.springframework.web.bind.annotation.RestController;
 
 
@@ -50,7 +53,7 @@ public class UserApiController {
 
     @ApiOperation("获取ERP用户数据")
 
     @AnonymousGetMapping(value = "/busi/comm/usky/queryUser")
 
     public ResponseEntity<Object> getusers(HttpServletRequest request, String formData) throws IOException {
 
-        SecurityUtils.CheckApiAuth(request);
 
+//        SecurityUtils.CheckApiAuth(request);
 
 //        List<DmUserDto> list = dmUserService.queryAll(criteria);
 
         String res = HttpRequest.get("http://222.84.157.37:30170/api-third-party/busi/comm/usky/queryUser")
 
                 .header("X_AUTO_USER_INFO_HEAD", "{\"id\":\"anonymous\",\"tenantId\":\"caih\"}")
 
@@ -69,9 +72,9 @@ public class UserApiController {
 
     @Log("获取用户数据")
 
     @ApiOperation("获取用户数据")
 
     @AnonymousPostMapping(value = "/getzkusers")
 
-    public BaseResponse<Object> getzkusers(HttpServletRequest request, DmUserQueryCriteria criteria, Pageable pageable) throws IOException {
 
-        SecurityUtils.CheckApiAuth(request);
 
-        Map<String, Object> list = dmUserService.queryAll(criteria, pageable);
 
+    public BaseResponse<Object> getzkusers(@RequestBody QueryPageParams<DmUserQueryCriteria> params, Pageable pageable) throws IOException {
 
+        SecurityUtils.CheckApiAuth(params);
 
+        Map<String, Object> list = dmUserService.queryAll(params.getQuery(), pageable);
 
 
         return new BaseResponse<>(list);
 
     }
 
@@ -79,9 +82,9 @@ public class UserApiController {
 
     @Log("获取部门数据")
 
     @ApiOperation("获取部门数据")
 
     @AnonymousPostMapping(value = "/getzkdeps")
 
-    public BaseResponse<Object> getzkdeps(HttpServletRequest request, DeptQueryNoAuthCriteria criteria, Pageable pageable) throws Exception {
 
-        SecurityUtils.CheckApiAuth(request);
 
-        Map<String, Object> list = deptService.queryAll(criteria, pageable);
 
+    public BaseResponse<Object> getzkdeps(@RequestBody QueryPageParams<DeptQueryNoAuthCriteria> params, Pageable pageable) throws Exception {
 
+        SecurityUtils.CheckApiAuth(params);
 
+        Map<String, Object> list = deptService.queryAll(params.getQuery(), pageable);
 
 
         return new BaseResponse<>(list);
 
     }