vor 1 Jahr · bddb3215c7
--- a/src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java
+++ b/src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java
@@ -1,7 +1,9 @@
 
				 package com.inspur.smsb.gateway.filter;
			
 
				 
			
 
				+import com.alibaba.fastjson.JSON;
			
 
				 import com.alibaba.fastjson.JSONArray;
			
 
				 import com.alibaba.fastjson.JSONObject;
			
 
				+import com.alibaba.nacos.common.utils.MD5Utils;
			
 
				 import com.fasterxml.jackson.databind.ObjectMapper;
			
 
				 import com.google.common.base.Strings;
			
 
				 import com.inspur.smsb.gateway.dto.KeycloakUserDto;
			
@@ -12,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 
				 import org.springframework.beans.factory.annotation.Value;
			
 
				 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
			
 
				 import org.springframework.cloud.gateway.filter.GlobalFilter;
			
 
				+import org.springframework.http.HttpStatus;
			
 
				 import org.springframework.http.server.reactive.ServerHttpRequest;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 import org.springframework.util.CollectionUtils;
			
@@ -20,6 +23,7 @@ import org.springframework.web.server.ServerWebExchange;
 
				 import reactor.core.publisher.Mono;
			
 
				 
			
 
				 import javax.annotation.Resource;
			
 
				+import java.security.NoSuchAlgorithmException;
			
 
				 import java.text.ParseException;
			
 
				 import java.util.ArrayList;
			
 
				 import java.util.List;
			
@@ -47,6 +51,12 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
 
				     @Value("${keycloak.adminUserId}")
			
 
				     private String adminUserId;
			
 
				 
			
 
				+    @Value("${wxapplet.secret}")
			
 
				+    private String secret;
			
 
				+
			
 
				+    @Value("${wxapplet.appId}")
			
 
				+    private String appId;
			
 
				+
			
 
				     @Resource
			
 
				     private ObjectMapper objectMapper;
			
 
				 
			
@@ -82,6 +92,12 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
 
				                     // 把新的 exchange 放回到过滤链
			
 
				                     return chain.filter(exchange.mutate().request(request).build());
			
 
				                 }
			
 
				+            } else {
			
 
				+                // 三级等保，若小程序请求不带token，则走该校验方法
			
 
				+                if (!isEncryptedRequest(exchange.getRequest())) {
			
 
				+                    exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
			
 
				+                    return exchange.getResponse().setComplete();
			
 
				+                }
			
 
				             }
			
 
				             return chain.filter(exchange);
			
 
				         } else {
			
@@ -136,6 +152,22 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
 
				         }
			
 
				     }
			
 
				 
			
 
				+    private boolean isEncryptedRequest(ServerHttpRequest request) {
			
 
				+        String sign = request.getHeaders().getFirst("sign");
			
 
				+        String time = request.getHeaders().getFirst("time");
			
 
				+        return md5(time).equals(sign);
			
 
				+    }
			
 
				+
			
 
				+    private String md5(String time) {
			
 
				+        String sign = "";
			
 
				+        try {
			
 
				+            sign = MD5Utils.md5Hex(String.format("appId=%s&time=%s&secre=%s", appId, time, secret).getBytes());
			
 
				+        } catch (NoSuchAlgorithmException e) {
			
 
				+            log.error("MD5哈希异常：{}", e.getMessage(), e);
			
 
				+        }
			
 
				+        return sign;
			
 
				+    }
			
 
				+
			
 
				 
			
 
				     public String getToken(String tokenUrl, String clientId, String clientSecret) {
			
 
				         try {