修改

eladmin-common/src/main/java/me/zhengjie/base/QueryPageParams.java

@@ -0,0 +1,38 @@
+package me.zhengjie.base;
+
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.domain.Sort;
+
+import java.util.Optional;
+
+public class QueryPageParams<T> {
+    private String timestamp;
+    private String nonce;
+
+    public String getTimestamp() {
+        return timestamp;
+    }
+
+    public void setTimestamp(String timestamp) {
+        this.timestamp = timestamp;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
+
+    private T query;
+
+    public T getQuery() {
+        return query;
+    }
+
+    public void setQuery(T query) {
+        this.query = query;
+    }
+
+}

eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java

@@ -21,6 +21,7 @@ import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.DESKeySpec;
 import javax.crypto.spec.IvParameterSpec;
 import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
 
 /**
  * 加密
@@ -37,7 +38,7 @@ public class EncryptUtils {
     private static final IvParameterSpec IV = new IvParameterSpec(STR_PARAM.getBytes(StandardCharsets.UTF_8));
 
     private static DESKeySpec getDesKeySpec(String source) throws Exception {
-        if (source == null || source.length() == 0){
+        if (source == null || source.length() == 0) {
             return null;
         }
         cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
@@ -87,7 +88,7 @@ public class EncryptUtils {
 
     private static byte[] hex2byte(byte[] b) {
         int size = 2;
-        if ((b.length % size) != 0){
+        if ((b.length % size) != 0) {
             throw new IllegalArgumentException("长度不是偶数");
         }
         byte[] b2 = new byte[b.length / 2];
@@ -97,4 +98,30 @@ public class EncryptUtils {
         }
         return b2;
     }
-}
+
+    /**
+     * @return
+     * @Comment SHA1 加密
+     */
+    public static String sha1(String str) {
+        MessageDigest sha = null;
+        try {
+            sha = MessageDigest.getInstance("SHA");
+            byte[] byteArray = str.getBytes("UTF-8");
+            byte[] md5Bytes = sha.digest(byteArray);
+            StringBuffer hexValue = new StringBuffer();
+            for (int i = 0; i < md5Bytes.length; i++) {
+                int val = ((int) md5Bytes[i]) & 0xff;
+                if (val < 16) {
+                    hexValue.append("0");
+                }
+                hexValue.append(Integer.toHexString(val));
+            }
+            return hexValue.toString();
+        } catch (Exception e) {
+            System.out.println(e.toString());
+            e.printStackTrace();
+            return "";
+        }
+    }
+}

eladmin-common/src/main/java/me/zhengjie/utils/SecurityUtils.java

@@ -19,6 +19,7 @@ import cn.hutool.json.JSONArray;
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
 import lombok.extern.slf4j.Slf4j;
+import me.zhengjie.base.QueryPageParams;
 import me.zhengjie.exception.BadRequestException;
 import me.zhengjie.utils.enums.DataScopeEnum;
 import org.springframework.http.HttpStatus;
@@ -26,8 +27,11 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -99,11 +103,28 @@ public class SecurityUtils {
         return DataScopeEnum.ALL.getValue();
     }
 
-    public static void CheckApiAuth(HttpServletRequest request) {
+    /**
+     * 验证API访问权限
+     */
+    public static void CheckApiAuth(QueryPageParams params) {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
         if (request != null) {
-            String token = request.getHeader("s_zk_token");
+            String accesstoken = request.getHeader("X_YT_ACCESS_TOKEN");
+            String token = "DMERPYT!@#$QWER2021+{:>";
 
-            if (!token.equals("Ofv4szvNO_U4vbxjeCdvhtvr_Sz8dqNKQETnsGrcRcL_BJkp994xWDIt77HJlXGeT8KoytPdpZVb-h-TXu-W838vUbvEGy1CY0o80kB9eeA")) {
+            if (params == null || StringUtils.isBlank(params.getTimestamp()) || StringUtils.isBlank(params.getNonce()) || StringUtils.isBlank(accesstoken)) {
+                throw new BadRequestException(HttpStatus.UNAUTHORIZED, "认证失败");
+            }
+
+            String[] arr = {token, params.getTimestamp(), params.getNonce()};
+            Arrays.sort(arr);
+
+            String str = "";
+            for (int i = 0; i < arr.length; i++) {
+                str += arr[i];
+            }
+            String newtoken = EncryptUtils.sha1(str);
+            if (!accesstoken.equals(newtoken)) {
                 throw new BadRequestException(HttpStatus.UNAUTHORIZED, "认证失败");
             }
         }

eladmin-system/src/main/java/me/zhengjie/modules/thirdparty/v1/UserApiController.java

@@ -11,6 +11,7 @@ import me.zhengjie.annotation.Log;
 import me.zhengjie.annotation.rest.AnonymousGetMapping;
 import me.zhengjie.annotation.rest.AnonymousPostMapping;
 import me.zhengjie.base.BaseResponse;
+import me.zhengjie.base.QueryPageParams;
 import me.zhengjie.modules.dm.user.service.DmUserService;
 import me.zhengjie.modules.dm.user.service.dto.DmUserDto;
 import me.zhengjie.modules.dm.user.service.dto.DmUserQueryCriteria;
@@ -22,11 +23,13 @@ import me.zhengjie.modules.system.service.dto.DeptQueryCriteria;
 import me.zhengjie.modules.system.service.dto.DeptQueryNoAuthCriteria;
 import me.zhengjie.utils.SecurityUtils;
 import org.hibernate.Criteria;
+import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -50,7 +53,7 @@ public class UserApiController {
     @ApiOperation("获取ERP用户数据")
     @AnonymousGetMapping(value = "/busi/comm/usky/queryUser")
     public ResponseEntity<Object> getusers(HttpServletRequest request, String formData) throws IOException {
-        SecurityUtils.CheckApiAuth(request);
+//        SecurityUtils.CheckApiAuth(request);
 //        List<DmUserDto> list = dmUserService.queryAll(criteria);
         String res = HttpRequest.get("http://222.84.157.37:30170/api-third-party/busi/comm/usky/queryUser")
                 .header("X_AUTO_USER_INFO_HEAD", "{\"id\":\"anonymous\",\"tenantId\":\"caih\"}")
@@ -69,9 +72,9 @@ public class UserApiController {
     @Log("获取用户数据")
     @ApiOperation("获取用户数据")
     @AnonymousPostMapping(value = "/getzkusers")
-    public BaseResponse<Object> getzkusers(HttpServletRequest request, DmUserQueryCriteria criteria, Pageable pageable) throws IOException {
-        SecurityUtils.CheckApiAuth(request);
-        Map<String, Object> list = dmUserService.queryAll(criteria, pageable);
+    public BaseResponse<Object> getzkusers(@RequestBody QueryPageParams<DmUserQueryCriteria> params, Pageable pageable) throws IOException {
+        SecurityUtils.CheckApiAuth(params);
+        Map<String, Object> list = dmUserService.queryAll(params.getQuery(), pageable);
 
         return new BaseResponse<>(list);
     }
@@ -79,9 +82,9 @@ public class UserApiController {
     @Log("获取部门数据")
     @ApiOperation("获取部门数据")
     @AnonymousPostMapping(value = "/getzkdeps")
-    public BaseResponse<Object> getzkdeps(HttpServletRequest request, DeptQueryNoAuthCriteria criteria, Pageable pageable) throws Exception {
-        SecurityUtils.CheckApiAuth(request);
-        Map<String, Object> list = deptService.queryAll(criteria, pageable);
+    public BaseResponse<Object> getzkdeps(@RequestBody QueryPageParams<DeptQueryNoAuthCriteria> params, Pageable pageable) throws Exception {
+        SecurityUtils.CheckApiAuth(params);
+        Map<String, Object> list = deptService.queryAll(params.getQuery(), pageable);
 
         return new BaseResponse<>(list);
     }