1.0.0

e5b2af94 · 袁伟铭 · 277608a6 · e5b2af94 · e5b2af94 · e5b2af94
Commit e5b2af94 authored Jun 15, 2021 by 袁伟铭
8 changed files
--- a/api-server/src/main/java/com/zq/api/controller/ApiController.java
+++ b/api-server/src/main/java/com/zq/api/controller/ApiController.java
@@ -43,15 +43,17 @@ public class ApiController {
        long start = System.currentTimeMillis();
        ApiForm form = ServletUtil.toBean(request, ApiForm.class, true);
-        if (!form.parseBizContent()) {
-            return ApiUtils.getParamError(form);
-        }
        // 不处理Request Method:OPTIONS的请求
        if (request.getMethod().equals("OPTIONS")) {
            return ApiUtils.getSuccessResp(form);
        }
+        //解析业务参数
+        if (!form.parseBizContent()) {
+            return ApiUtils.getParamError(form);
+        }
        String method = form.getMethod();
        if (StrUtil.isBlank(method)) {
            method = request.getParameter("method");
@@ -124,6 +126,6 @@ public class ApiController {
        ApiForm from = ServletUtil.toBean(request, ApiForm.class, true);
        ApiUtils.DEBUG = !ApiUtils.DEBUG;
-        return new ApiResp(from).addData("debug", ApiUtils.DEBUG);
+        return new ApiResp(from).setData(ApiUtils.DEBUG);
    }
 }
--- a/api-server/src/main/java/com/zq/api/form/ApiForm.java
+++ b/api-server/src/main/java/com/zq/api/form/ApiForm.java
@@ -7,12 +7,13 @@ import com.alibaba.fastjson.JSONObject;
 import com.zq.api.config.ConfigCache;
 import com.zq.api.utils.ApiUtils;
 import com.zq.api.utils.NumberUtils;
+import com.zq.common.encrypt.EncryptUtils;
+import com.zq.common.encrypt.RsaUtils;
 import com.zq.common.vo.ApiTokenVo;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import java.io.UnsupportedEncodingException;
 import java.util.Map;
 import java.util.TreeMap;
@@ -43,6 +44,10 @@ public class ApiForm {
    public boolean parseBizContent() {
        try {
+            boolean flag = ConfigCache.getValueToBoolean("API.PARAM.ENCRYPT"); // API参数是否加密
+            if (StrUtil.isNotBlank(bizContent) && flag) {
+                bizContent = ApiUtils.decode(bizContent);
+            }
            bizContentJson = JSON.parseObject(bizContent);
            if (bizContentJson == null) {
                bizContentJson = new JSONObject();
@@ -192,20 +197,8 @@ public class ApiForm {
        treeMap.put("nonce", this.nonce);
        treeMap.put("method", this.method);
        treeMap.put("version", this.version);
-        String bizContent = null;
+        String bizContent = StrUtil.isBlank(this.bizContent) ? "" : this.bizContent;
-        try {
-            bizContent = this.bizContent;
-            bizContent = StrUtil.isBlank(bizContent) ? "" : bizContent;
-            boolean flag = ConfigCache.getValueToBoolean("API.PARAM.ENCRYPT"); // API参数是否加密
-            if (StrUtil.isNotBlank(bizContent) && flag) {
-                bizContent = ApiUtils.decode(bizContent);
-            }
-        } catch (UnsupportedEncodingException e) {
-            log.error("bizContent参数解析失败", e);
-        }
        treeMap.put("bizContent", bizContent);
        return treeMap;
    }

--- a/api-server/src/main/java/com/zq/api/form/ApiResp.java
+++ b/api-server/src/main/java/com/zq/api/form/ApiResp.java
 package com.zq.api.form;
 import com.zq.api.constant.ApiCodeEnum;
-import lombok.Data;
+import lombok.Getter;
-import java.util.HashMap;
+@Getter
-import java.util.Map;
-@Data
 public class ApiResp {
    private String apiNo = "";
    private String code = ApiCodeEnum.SUCCESS.code();
    private String msg = ApiCodeEnum.SUCCESS.msg();
    private Long timestamp = System.currentTimeMillis();
-    private Map<String, Map<String, Object>> data = new HashMap<>();
+    private Object data;
-    public ApiResp(ApiForm from) {
-        setFrom(from);
-    }
-    public ApiResp(ApiForm from, Map<String, Object> map) {
+    public ApiResp(ApiForm form) {
-        setFrom(from);
+        this.apiNo = form.getApiNo() == null ? "" : form.getApiNo();
-        data.put("data", map);
    }
-    public ApiResp(ApiForm from, ApiCodeEnum apiCodeEnum) {
+    public ApiResp(ApiCodeEnum apiCodeEnum) {
-        setFrom(from);
        this.code = apiCodeEnum.code();
        this.msg = apiCodeEnum.msg();
    }
-    public ApiResp(ApiCodeEnum apiCodeEnum) {
+    public ApiResp(ApiForm form, ApiCodeEnum apiCodeEnum) {
        this.code = apiCodeEnum.code();
        this.msg = apiCodeEnum.msg();
    }
-    public ApiResp setFrom(ApiForm from) {
-        if (from != null) {
-            this.apiNo = from.getApiNo() == null ? "" : from.getApiNo();
-        }
-        return this;
-    }
-    public String getApiNo() {
-        return apiNo;
-    }
    public ApiResp setApiNo(String apiNo) {
        this.apiNo = apiNo;
        return this;
    }
-    public String getCode() {
-        return code;
-    }
    public ApiResp setCode(String code) {
        this.code = code;
        return this;
    }
-    public String getMsg() {
-        return msg;
-    }
    public ApiResp setMsg(String msg) {
        this.msg = msg;
        return this;
    }
-    public Boolean isSuccess() {
+    public ApiResp setTimestamp(Long timestamp) {
-        return this.getCode().equals(ApiCodeEnum.SUCCESS.code());
+        this.timestamp = timestamp;
-    }
-    public Map<String, Object> getData() {
-        return this.data.get("data");
-    }
-    public ApiResp setData(Map<String, Object> dataMap) {
-        this.data.put("data", dataMap);
        return this;
    }
-    public ApiResp addData(String key, Object value) {
+    public ApiResp setData(Object data) {
-        Map<String, Object> dataMap = getData();
+        this.data = data;
-        if (dataMap == null) {
-            dataMap = new HashMap<>();
-        }
-        dataMap.put(key, value);
-        this.data.put("data", dataMap);
        return this;
    }
-    @Override
+    public Boolean isSuccess() {
-    public String toString() {
+        return this.getCode().equals(ApiCodeEnum.SUCCESS.code());
-        return "[apiNo=" + this.apiNo + "]"
-                + "[code=" + this.code + "]"
-                + "[msg=" + this.msg + "]"
-                + "[data=" + this.data + "]";
    }
 }
--- a/api-server/src/main/java/com/zq/api/interceptor/ApiInterceptor.java
+++ b/api-server/src/main/java/com/zq/api/interceptor/ApiInterceptor.java
@@ -74,6 +74,8 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
                    + "\n[time=" + (System.currentTimeMillis() - start) + "ms]");
        }
        return true;
    }

--- a/api-server/src/main/java/com/zq/api/service/impl/BaseApiLogic.java
+++ b/api-server/src/main/java/com/zq/api/service/impl/BaseApiLogic.java
 package com.zq.api.service.impl;
-import com.zq.api.constant.ApiCodeEnum;
 import com.zq.api.form.ApiForm;
 import com.zq.api.form.ApiResp;
 import com.zq.api.service.IApiLogic;
@@ -24,15 +23,20 @@ public abstract class BaseApiLogic implements IApiLogic {
    public ApiResp valid(ApiForm form) {
        // 不需要验证的方法
        if (notValid(form)) {
-            return new ApiResp(form);
+            return ApiUtils.getSuccessResp(form);
        }
-        TreeMap<String, String> tree = form.getSignTreeMap();
+        String timestamp = form.getTimestamp();
-        String serverSign = ApiUtils.getSign(tree);
+        // 一分钟内的数据有效
+        if (Long.parseLong(timestamp) + (60 * 1000) > System.currentTimeMillis()) {
+            return ApiUtils.getCheckSignValidError(form);
+        }
+        String serverSign = ApiUtils.getSign(form.getSignTreeMap());
        if (!serverSign.equals(form.getSign())) {
-            return new ApiResp(form, ApiCodeEnum.CHECK_SIGN_VALID_ERROR);
+            return ApiUtils.getCheckSignValidError(form);
        }
-        return new ApiResp(form);
+        return ApiUtils.getSuccessResp(form);
    }
    /**
@@ -49,7 +53,7 @@ public abstract class BaseApiLogic implements IApiLogic {
    @Override
    public ApiResp logout(ApiForm form) {
-        return new ApiResp(form).addData("r", "ok");
+        return new ApiResp(form).setData("ok");
    }
    @Override

--- a/api-server/src/main/java/com/zq/api/utils/ApiUtils.java
+++ b/api-server/src/main/java/com/zq/api/utils/ApiUtils.java
 package com.zq.api.utils;
 import cn.hutool.crypto.digest.MD5;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
 import com.zq.api.constant.ApiCodeEnum;
 import com.zq.api.form.ApiForm;
 import com.zq.api.form.ApiResp;
 import com.zq.api.service.IApiLogic;
 import com.zq.api.service.impl.ApiV100Logic;
 import com.zq.api.service.impl.ApiV101Logic;
+import com.zq.common.encrypt.EncryptUtils;
+import com.zq.common.encrypt.RsaUtils;
 import com.zq.common.vo.ResultVo;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 import java.io.UnsupportedEncodingException;
@@ -128,10 +133,21 @@ public class ApiUtils {
        return new ApiResp(form, ApiCodeEnum.PARAM_ERROR);
    }
+    /**
+     * 传递参数异常
+     * <p>
+     * 2016年9月29日 上午11:44:38
+     *
+     * @return
+     */
+    public static ApiResp getCheckSignValidError(ApiForm form) {
+        return new ApiResp(form, ApiCodeEnum.CHECK_SIGN_VALID_ERROR);
+    }
    public static ApiResp toApiResp(ApiForm form, ResultVo resultVo) {
        ApiResp apiResp = new ApiResp(form);
        if (resultVo.isSuccess()) {
-            apiResp.addData("data", resultVo.getData() == null ? "" : resultVo.getData());
+            apiResp.setData(resultVo.getData() == null ? "" : resultVo.getData());
        } else {
            return apiResp.setCode(String.valueOf(resultVo.getErrCode())).setMsg(resultVo.getErrMsg());
        }
@@ -149,7 +165,7 @@ public class ApiUtils {
     */
    public static String decode(String params) throws UnsupportedEncodingException {
        params = URLDecoder.decode(params, "utf-8");
-        params = new String(Base64.decodeBase64(params.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
+        params = EncryptUtils.rsaDecodeByPrivateKey(params, RsaUtils.privateKey);
        return params;
    }
@@ -163,7 +179,10 @@ public class ApiUtils {
     * @throws UnsupportedEncodingException
     */
    public static String encode(String params) throws UnsupportedEncodingException {
-        params = new String(Base64.encodeBase64(params.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
+        params = EncryptUtils.rsaDecodeByPrivateKey(params, RsaUtils.publicKey);
+        if (StringUtils.isBlank(params)) {
+            return "";
+        }
        params = URLEncoder.encode(params, "utf-8");
        return params;
    }
@@ -177,19 +196,12 @@ public class ApiUtils {
     * @return
     */
    public static String getSign(TreeMap<String, String> paramMaps) {
-        String nonce = "";
        // 原始请求串
        StringBuilder src = new StringBuilder();
        for (Map.Entry<String, String> entry : paramMaps.entrySet()) {
-            if (entry.getKey().equals("nonce")) {
-                nonce = entry.getValue();
-                continue;
-            }
            src.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
        }
-        // 待加密串
-        src.append("nonce=").append(nonce == null ? "" : nonce);
-        System.out.println("签名：" + src.toString());
        return MD5.create().digestHex(src.toString());
    }
 }
--- a/common-utils/src/main/java/com/zq/common/encrypt/EncryptUtils.java
+++ b/common-utils/src/main/java/com/zq/common/encrypt/EncryptUtils.java
@@ -44,6 +44,14 @@ public class EncryptUtils {
    private static final int HEX_RADIUS = 16;
+    public static void main(String[] args) throws Exception {
+        String data = "123456";
+        String bytes = rsaEncryptByPublicKey(data, RsaUtils.publicKey);
+        System.out.println(bytes);
+        String bytes1 = rsaDecodeByPrivateKey(bytes, RsaUtils.privateKey);
+        System.out.println(bytes1);
+    }
    /**
     * MD5 加密字符串
     *

--- a/common-utils/src/main/java/com/zq/common/encrypt/RsaUtils.java
+++ b/common-utils/src/main/java/com/zq/common/encrypt/RsaUtils.java
@@ -48,6 +48,9 @@ public class RsaUtils {
     */
    private static final int MAX_DECRYPT_BLOCK = 128;
+    public static String privateKey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMTaoTuj4LU9WAMeaVWcpwgyMcdvAA3JRDcG0+pWG086c+WPdSggNNZaVw3szCKOTnWvNc6SoqjpjpbQpC57uag67VzKWLmsZoF6SXjCARyRaEkfK2VRHTfkVpyd8FF16gebVhhyjbkkja9JVEekwqOGzfmnfSKfx5LwvcSxdiSrAgMBAAECgYBZgGHQQPk4zhRHDrurnhbfhhrV5yTqH7kxH5yYLeAqzJPHKsuEm+gKEXcFMMW7bGJF5YycSFVGYTJgZapQLBbDlrZdM8SjxsNyrCKI3v3LNQDsqs5x751HfFVvTme7wroN/uJszUaQJPagEUckMkHvpv7XWoL3Wbz7oy94T3ENoQJBAPAhj2yo9jRZv5JRlYy5BFwqYpxSWqGjzr2k2YiGqB9/y/pDpDx3q42FaBcOlOOeh/My+iVNLcezqgj+U0yx79ECQQDR3Oz9ckCm2q7AMCLFmp9cs4dws6DLim35awOvLIXtm/Z1tRNyuLqb6g2VM4O/QiTu64F3+ljKiOWHAcgxqUe7AkEArTuYy4vs6gFhCb6fg8Cp24+cSifDSF7zM67sW+jA+tBoJ+iKYDD46wS1/gQ/9yGT9Cfve998ylfbr9dB4s9vMQJAOH/uHd3gogtF+N/8vI6AUQjUcfcqVyIRsZCqEUM/W1Ud6VqyvbQWKVu+BGk2EwvPvbMRzCdOOFja0pocN6KHeQJAQPwlDo1IHJI5F60CvfIG8dIwtGexMnd4NNHQ4KH0peK9jUCPkkpW0No5ZEtKNgfdPk23erfyx5cGqocvnoUpoQ==";
+    public static String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE2qE7o+C1PVgDHmlVnKcIMjHHbwANyUQ3BtPqVhtPOnPlj3UoIDTWWlcN7Mwijk51rzXOkqKo6Y6W0KQue7moOu1cyli5rGaBekl4wgEckWhJHytlUR035FacnfBRdeoHm1YYco25JI2vSVRHpMKjhs35p30in8eS8L3EsXYkqwIDAQAB";
    /**
     * 生成密钥对(公钥和私钥)
     *