feat: 等保问题小程序鉴权

src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java

@@ -1,7 +1,9 @@
 package com.inspur.smsb.gateway.filter;
 
+import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import com.alibaba.nacos.common.utils.MD5Utils;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Strings;
 import com.inspur.smsb.gateway.dto.KeycloakUserDto;
@@ -12,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
@@ -20,6 +23,7 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 import javax.annotation.Resource;
+import java.security.NoSuchAlgorithmException;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.List;
@@ -47,6 +51,12 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
     @Value("${keycloak.adminUserId}")
     private String adminUserId;
 
+    @Value("${wxapplet.secret}")
+    private String secret;
+
+    @Value("${wxapplet.appId}")
+    private String appId;
+
     @Resource
     private ObjectMapper objectMapper;
 
@@ -82,6 +92,12 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
                     // 把新的 exchange 放回到过滤链
                     return chain.filter(exchange.mutate().request(request).build());
                 }
+            } else {
+                // 三级等保，若小程序请求不带token，则走该校验方法
+                if (!isEncryptedRequest(exchange.getRequest())) {
+                    exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
+                    return exchange.getResponse().setComplete();
+                }
             }
             return chain.filter(exchange);
         } else {
@@ -136,6 +152,22 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
         }
     }
 
+    private boolean isEncryptedRequest(ServerHttpRequest request) {
+        String sign = request.getHeaders().getFirst("sign");
+        String time = request.getHeaders().getFirst("time");
+        return md5(time).equals(sign);
+    }
+
+    private String md5(String time) {
+        String sign = "";
+        try {
+            sign = MD5Utils.md5Hex(String.format("appId=%s&time=%s&secre=%s", appId, time, secret).getBytes());
+        } catch (NoSuchAlgorithmException e) {
+            log.error("MD5哈希异常：{}", e.getMessage(), e);
+        }
+        return sign;
+    }
+
 
     public String getToken(String tokenUrl, String clientId, String clientSecret) {
         try {