1.0.0

e67bc01a · 袁伟铭 · 4809b2b9 · e67bc01a · e67bc01a · e67bc01a
Commit e67bc01a authored May 30, 2022 by 袁伟铭
23 changed files
--- a/admin-server/src/main/java/com/zq/admin/config/security/SpringSecurityConfig.java
+++ b/admin-server/src/main/java/com/zq/admin/config/security/SpringSecurityConfig.java
@@ -19,7 +19,6 @@ import com.zq.admin.modules.security.service.OnlineUserService;
 import com.zq.admin.modules.security.service.UserCacheManager;
 import com.zq.common.annotation.AnonymousAccess;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import com.zq.common.utils.RequestMethodEnum;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationContext;

--- a/admin-server/src/main/java/com/zq/admin/config/security/TokenConfigurer.java
+++ b/admin-server/src/main/java/com/zq/admin/config/security/TokenConfigurer.java
@@ -18,7 +18,6 @@ package com.zq.admin.config.security;
 import com.zq.admin.modules.security.service.OnlineUserService;
 import com.zq.admin.modules.security.service.UserCacheManager;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

--- a/admin-server/src/main/java/com/zq/admin/config/security/TokenFilter.java
+++ b/admin-server/src/main/java/com/zq/admin/config/security/TokenFilter.java
@@ -19,7 +19,6 @@ import cn.hutool.core.util.StrUtil;
 import com.zq.admin.modules.security.service.OnlineUserService;
 import com.zq.admin.modules.security.service.UserCacheManager;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import com.zq.common.context.ContextUtils;
 import com.zq.common.vo.OnlineUserDto;
 import io.jsonwebtoken.ExpiredJwtException;

--- a/admin-server/src/main/java/com/zq/admin/config/security/TokenProvider.java
+++ b/admin-server/src/main/java/com/zq/admin/config/security/TokenProvider.java
-// package com.zq.admin.config.security;/*
+package com.zq.admin.config.security;/*
-//  *  Copyright 2019-2020 Zheng Jie
+ *  Copyright 2019-2020 Zheng Jie
-//  *
+ *
-//  *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  Licensed under the Apache License, Version 2.0 (the "License");
-//  *  you may not use this file except in compliance with the License.
+ *  you may not use this file except in compliance with the License.
-//  *  You may obtain a copy of the License at
+ *  You may obtain a copy of the License at
-//  *
+ *
-//  *  http://www.apache.org/licenses/LICENSE-2.0
+ *  http://www.apache.org/licenses/LICENSE-2.0
-//  *
+ *
-//  *  Unless required by applicable law or agreed to in writing, software
+ *  Unless required by applicable law or agreed to in writing, software
-//  *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  distributed under the License is distributed on an "AS IS" BASIS,
-//  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//  *  See the License for the specific language governing permissions and
+ *  See the License for the specific language governing permissions and
-//  *  limitations under the License.
+ *  limitations under the License.
-//  */
+ */
-//
-// import cn.hutool.core.date.DateField;
+import cn.hutool.core.date.DateField;
-// import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.date.DateUtil;
-// import cn.hutool.core.util.IdUtil;
+import cn.hutool.core.util.IdUtil;
-// import com.zq.common.config.redis.RedisUtils;
+import com.zq.common.config.redis.RedisUtils;
-// import com.zq.common.config.security.SecurityProperties;
+import com.zq.common.config.security.SecurityProperties;
-// import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Claims;
-// import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.Jwts;
-// import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.SignatureAlgorithm;
-// import lombok.RequiredArgsConstructor;
+import lombok.RequiredArgsConstructor;
-// import lombok.extern.slf4j.Slf4j;
+import lombok.extern.slf4j.Slf4j;
-// import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.StringUtils;
-// import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.InitializingBean;
-// import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-// import org.springframework.security.core.Authentication;
+import org.springframework.security.core.Authentication;
-// import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.User;
-// import org.springframework.stereotype.Component;
+import org.springframework.stereotype.Component;
-//
-// import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.SecretKeySpec;
-// import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequest;
-// import javax.xml.bind.DatatypeConverter;
+import javax.xml.bind.DatatypeConverter;
-// import java.security.Key;
+import java.security.Key;
-// import java.util.ArrayList;
+import java.util.ArrayList;
-// import java.util.Date;
+import java.util.Date;
-// import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeUnit;
-//
-// /**
+/**
-//  * @author /
+ * @author /
-//  */
+ */
-// @Slf4j
+@Slf4j
-// @Component
+@Component
-// @RequiredArgsConstructor
+@RequiredArgsConstructor
-// public class TokenProvider implements InitializingBean {
+public class TokenProvider implements InitializingBean {
-//
-//     private final RedisUtils redisUtils;
+    private final RedisUtils redisUtils;
-//     private final SecurityProperties properties;
+    private final SecurityProperties properties;
-//
-//     public static final String AUTHORITIES_KEY = "auth";
+    public static final String AUTHORITIES_KEY = "auth";
-//     private static Key key;
+    private static Key key;
-//     private static SignatureAlgorithm signatureAlgorithm;
+    private static SignatureAlgorithm signatureAlgorithm;
-//
-//     @Override
+    @Override
-//     public void afterPropertiesSet() {
+    public void afterPropertiesSet() {
-//         signatureAlgorithm = SignatureAlgorithm.HS512;
+        signatureAlgorithm = SignatureAlgorithm.HS512;
-//         byte[] keyBytes = DatatypeConverter.parseBase64Binary(properties.getBase64Secret());
+        byte[] keyBytes = DatatypeConverter.parseBase64Binary(properties.getBase64Secret());
-//         key = new SecretKeySpec(keyBytes, signatureAlgorithm.getJcaName());
+        key = new SecretKeySpec(keyBytes, signatureAlgorithm.getJcaName());
-//     }
+    }
-//
-//     public static String createToken(Authentication authentication) {
+    public static String createToken(Authentication authentication) {
-//         return Jwts.builder()
+        return Jwts.builder()
-//                 .claim(AUTHORITIES_KEY, authentication.getName())
+                .claim(AUTHORITIES_KEY, authentication.getName())
-//                 .setSubject(authentication.getName())
+                .setSubject(authentication.getName())
-//                 .signWith(signatureAlgorithm, key)
+                .signWith(signatureAlgorithm, key)
-//                 // 加入ID确保生成的 Token 都不一致
+                // 加入ID确保生成的 Token 都不一致
-//                 .setId(IdUtil.simpleUUID())
+                .setId(IdUtil.simpleUUID())
-//                 .compact();
+                .compact();
-//     }
+    }
-//
-//     public Claims getClaims(String token) {
+    public Claims getClaims(String token) {
-//         return Jwts.parser()
+        return Jwts.parser()
-//                 .setSigningKey(DatatypeConverter.parseBase64Binary(properties.getBase64Secret()))
+                .setSigningKey(DatatypeConverter.parseBase64Binary(properties.getBase64Secret()))
-//                 .parseClaimsJws(token)
+                .parseClaimsJws(token)
-//                 .getBody();
+                .getBody();
-//     }
+    }
-//
-//     public Authentication getAuthentication(String token) {
+    public Authentication getAuthentication(String token) {
-//         Claims claims = getClaims(token);
+        Claims claims = getClaims(token);
-//         User principal = new User(claims.getSubject(), "******", new ArrayList<>());
+        User principal = new User(claims.getSubject(), "******", new ArrayList<>());
-//         return new UsernamePasswordAuthenticationToken(principal, token, new ArrayList<>());
+        return new UsernamePasswordAuthenticationToken(principal, token, new ArrayList<>());
-//     }
+    }
-//
-//     /**
+    /**
-//      * @param token 需要检查的token
+     * @param token 需要检查的token
-//      */
+     */
-//     public void checkRenewal(String token) {
+    public void checkRenewal(String token) {
-//         // 判断是否续期token,计算token的过期时间
+        // 判断是否续期token,计算token的过期时间
-//         long time = redisUtils.getExpire(properties.getOnlineKey() + token) * 1000;
+        long time = redisUtils.getExpire(properties.getOnlineKey() + token) * 1000;
-//         Date expireDate = DateUtil.offset(new Date(), DateField.MILLISECOND, (int) time);
+        Date expireDate = DateUtil.offset(new Date(), DateField.MILLISECOND, (int) time);
-//         // 判断当前时间与过期时间的时间差
+        // 判断当前时间与过期时间的时间差
-//         long differ = expireDate.getTime() - System.currentTimeMillis();
+        long differ = expireDate.getTime() - System.currentTimeMillis();
-//         // 如果在续期检查的范围内，则续期
+        // 如果在续期检查的范围内，则续期
-//         if (differ <= properties.getDetect()) {
+        if (differ <= properties.getDetect()) {
-//             long renew = time + properties.getRenew();
+            long renew = time + properties.getRenew();
-//             redisUtils.expire(properties.getOnlineKey() + token, renew, TimeUnit.MILLISECONDS);
+            redisUtils.expire(properties.getOnlineKey() + token, renew, TimeUnit.MILLISECONDS);
-//         }
+        }
-//     }
+    }
-//
-//     public String getToken(HttpServletRequest request) {
+    public String getToken(HttpServletRequest request) {
-//         String bearerToken = request.getHeader(properties.getHeader());
+        String bearerToken = request.getHeader(properties.getHeader());
-//         if (StringUtils.isBlank(bearerToken)) {
+        if (StringUtils.isBlank(bearerToken)) {
-//             return null;
+            return null;
-//         }
+        }
-//         if (bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-//             // 去掉令牌前缀
+            // 去掉令牌前缀
-//             return bearerToken.replace(properties.getTokenStartWith(), "");
+            return bearerToken.replace(properties.getTokenStartWith(), "");
-//         } else {
+        } else {
-//             log.debug("非法Token：{}", bearerToken);
+            log.debug("非法Token：{}", bearerToken);
-//         }
+        }
-//         return null;
+        return null;
-//     }
+    }
-//
-// }
+}
--- a/admin-server/src/main/java/com/zq/admin/modules/security/rest/AuthorizationController.java
+++ b/admin-server/src/main/java/com/zq/admin/modules/security/rest/AuthorizationController.java
@@ -20,6 +20,7 @@ import com.wf.captcha.base.Captcha;
 import com.zq.admin.config.RsaProperties;
 import com.zq.admin.config.bean.LoginCodeEnum;
 import com.zq.admin.config.bean.LoginProperties;
+import com.zq.admin.config.security.TokenProvider;
 import com.zq.admin.exception.BadRequestException;
 import com.zq.admin.modules.security.service.OnlineUserService;
 import com.zq.admin.modules.security.service.dto.AuthUserDto;
@@ -31,7 +32,6 @@ import com.zq.common.annotation.rest.AnonymousGetMapping;
 import com.zq.common.annotation.rest.AnonymousPostMapping;
 import com.zq.common.config.redis.RedisUtils;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;

--- a/api-server/src/main/java/com/zq/api/config/FeignConfig.java
+++ b/api-server/src/main/java/com/zq/api/config/FeignConfig.java
 package com.zq.api.config;
+import com.zq.common.constant.FeignHeader;
 import feign.RequestInterceptor;
 import feign.RequestTemplate;
 import org.springframework.context.annotation.Bean;
@@ -55,7 +56,7 @@ public class FeignConfig {
            @Override
            public void apply(RequestTemplate template) {
                HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
-                template.header("X-App-Token", request.getParameter("token"));
+                template.header(FeignHeader.API_TOKEN, request.getParameter("token"));
                Enumeration<String> headerNames = request.getHeaderNames();
                if (headerNames != null) {
                    while (headerNames.hasMoreElements()) {

--- a/api-server/src/main/java/com/zq/api/controller/ApiController.java
+++ b/api-server/src/main/java/com/zq/api/controller/ApiController.java
@@ -17,6 +17,7 @@ import feign.FeignException;
 import io.swagger.annotations.Api;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -43,7 +44,7 @@ public class ApiController {
     * 2016年10月3日 下午1:38:27
     */
    @RequestMapping("/action")
-    public ApiResp action(HttpServletRequest request, ApiForm form) {
+    public ApiResp action(HttpServletRequest request, ApiForm form, @RequestHeader(required = false) String token) {
        long start = System.currentTimeMillis();
        // 不处理Request Method:OPTIONS的请求
@@ -51,6 +52,7 @@ public class ApiController {
            return ApiUtils.getSuccessResp(form);
        }
+        form.setType(2);
        //解析业务参数
        if (!form.parseBizContent()) {
            return ApiUtils.getParamError(form);
@@ -84,7 +86,12 @@ public class ApiController {
        // 调用接口方法
        ApiResp resp;
        try {
+            // 身份验证
+            resp = apiService.auth(form, token);
+            if (resp.isSuccess()) {
+                // 调用接口方法
                resp = apiService.action(form);
+            }
        } catch (Exception e) {
            log.error("调用方法异常：{}", e.getMessage());
            stackTrace = ThrowableUtil.getStackTrace(e);
@@ -95,6 +102,8 @@ public class ApiController {
                resp = ApiUtils.toApiResp(form, ResultVo.fail(404, "NotFound"));
            } else if (stackTrace.contains("Load balancer does not have available server for client")) {
                resp = ApiUtils.getServiceNotAvailableError(form);
+            } else if (stackTrace.contains("Connection refused: connect executing")) {
+                resp = ApiUtils.getServiceNotAvailableError(form);
            } else {
                resp = ApiUtils.getMethodHandlerError(form);
            }
@@ -102,7 +111,7 @@ public class ApiController {
        // 没有数据输出空
        resp = resp == null ? new ApiResp(form) : resp;
-        String logType = resp.isSuccess() ? "INFO" : "ERROR";
+        String logType = resp.isSuccess() ? "INFO" : "400".equals(resp.getCode()) ? "WARN" : "ERROR";
        // 如果是500错误, 服务会返回错误的堆栈信息
        if (resp.getCode().equals(ApiCodeEnum.SERVER_ERROR.code())) {

--- a/api-server/src/main/java/com/zq/api/controller/AppController.java
+++ b/api-server/src/main/java/com/zq/api/controller/AppController.java
+package com.zq.api.controller;
+import cn.hutool.core.exceptions.ExceptionUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.extra.servlet.ServletUtil;
+import com.alibaba.fastjson.JSON;
+import com.zq.api.constant.ApiCodeEnum;
+import com.zq.api.form.ApiForm;
+import com.zq.api.form.ApiResp;
+import com.zq.api.service.AppService;
+import com.zq.api.utils.ApiUtils;
+import com.zq.common.config.security.ApiTokenUtils;
+import com.zq.common.utils.ThrowableUtil;
+import com.zq.common.vo.ApiTokenVo;
+import com.zq.common.vo.ResultVo;
+import feign.FeignException;
+import io.swagger.annotations.Api;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Arrays;
+/**
+ * @author wilmiam
+ * @since 2021-08-16 15:37
+ */
+@Api(tags = "APP接口")
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/api/app")
+public class AppController {
+    private final AppService appService;
+    /**
+     * 允许用户未登录状态下执行的方法名
+     */
+    private final String[] allowMethod = {"apiLogin", "signinWxLogin", "getSigninWxPhone", "wxLogin", "getWxPhone"};
+    /**
+     * 获取信息入口
+     * <p>
+     * 2016年10月3日 下午1:38:27
+     */
+    @RequestMapping("/action")
+    public ApiResp action(HttpServletRequest request, ApiForm form) {
+        long start = System.currentTimeMillis();
+        // 不处理Request Method:OPTIONS的请求
+        if ("OPTIONS".equals(request.getMethod())) {
+            return ApiUtils.getSuccessResp(form);
+        }
+        form.setType(1);
+        //解析业务参数
+        if (!form.parseBizContent()) {
+            return ApiUtils.getParamError(form);
+        }
+        String method = form.getMethod();
+        if (StrUtil.isBlank(method)) {
+            method = request.getParameter("method");
+            form.setMethod(method);
+        }
+        if (StrUtil.isBlank(form.getToken())) {
+            boolean contains = Arrays.asList(allowMethod).contains(method);
+            if (!contains) {
+                return ApiUtils.getLoginValidError(form);
+            }
+        }
+        ApiTokenVo tokenVo = ApiTokenUtils.getAppTokenVo(form.getToken());
+        if (tokenVo == null) {
+            boolean contains = Arrays.asList(allowMethod).contains(method);
+            if (!contains) {
+                return ApiUtils.getLoginValidError(form);
+            }
+        } else {
+            form.setUserId(String.valueOf(tokenVo.getUserId()));
+            form.setApiTokenVo(tokenVo);
+        }
+        String stackTrace = "";
+        // 调用接口方法
+        ApiResp resp;
+        try {
+            resp = appService.action(form);
+        } catch (Exception e) {
+            log.error("调用方法异常：{}", e.getMessage());
+            stackTrace = ThrowableUtil.getStackTrace(e);
+            // 判断指定异常是否来自或者包含指定异常
+            if (ExceptionUtil.isFromOrSuppressedThrowable(e, FeignException.Unauthorized.class)) {
+                resp = ApiUtils.toApiResp(form, ResultVo.fail(401, "Unauthorized"));
+            } else if (ExceptionUtil.isFromOrSuppressedThrowable(e, FeignException.NotFound.class)) {
+                resp = ApiUtils.toApiResp(form, ResultVo.fail(404, "NotFound"));
+            } else if (stackTrace.contains("Load balancer does not have available server for client")) {
+                resp = ApiUtils.getServiceNotAvailableError(form);
+            } else if (stackTrace.contains("Connection refused: connect executing")) {
+                resp = ApiUtils.getServiceNotAvailableError(form);
+            } else {
+                resp = ApiUtils.getMethodHandlerError(form);
+            }
+        }
+        // 没有数据输出空
+        resp = resp == null ? new ApiResp(form) : resp;
+        String logType = resp.isSuccess() ? "INFO" : "400".equals(resp.getCode()) ? "WARN" : "ERROR";
+        // 如果是500错误, 服务会返回错误的堆栈信息
+        if (resp.getCode().equals(ApiCodeEnum.SERVER_ERROR.code())) {
+            stackTrace = resp.getMsg();
+            resp.setMsg(ApiCodeEnum.SERVER_ERROR.msg());
+        }
+        // 调试日志
+        if (ApiUtils.DEBUG) {
+            System.out.println("API DEBUG ACTION \n[from=" + form + "]"
+                    + "\n[resp=" + JSON.toJSONString(resp) + "]"
+                    + "\n[time=" + (System.currentTimeMillis() - start) + "ms]");
+        }
+        String clientIp = ServletUtil.getClientIP(request);
+        appService.addLog(form, clientIp, logType, resp.getMsg(), stackTrace, System.currentTimeMillis() - start);
+        return resp;
+    }
+    /**
+     * 开关调试日志
+     * <p>
+     * 2016年10月3日 下午5:47:46
+     */
+    @RequestMapping("/debug")
+    public ApiResp debug(HttpServletRequest request) {
+        ApiForm from = ServletUtil.toBean(request, ApiForm.class, true);
+        ApiUtils.DEBUG = !ApiUtils.DEBUG;
+        return new ApiResp(from).setData(ApiUtils.DEBUG);
+    }
+}
--- a/api-server/src/main/java/com/zq/api/form/ApiForm.java
+++ b/api-server/src/main/java/com/zq/api/form/ApiForm.java
@@ -37,6 +37,8 @@ public class ApiForm {
    private String nonce; // 随机字串(建议使用UUID)
    private String version; // 接口版本
    private String apiNo; // 接口码
+    private Integer type; // 1-app；2-api，内部定
+    private String clientType; // 客户端类型 xcx-小程序，H5，api
    private String bizContent; // 请求业务参数
    private JSONObject bizContentJson; // 请求业务的json对象
    private MultipartFile file; // 上传文件用
@@ -44,12 +46,19 @@ public class ApiForm {
    public boolean parseBizContent() {
        try {
+            if (type == 1) {
                // API参数是否加密
                boolean flag = ConfigCache.getValueToBoolean("API.PARAM.ENCRYPT");
                if (StrUtil.isNotBlank(bizContent) && flag) {
-                bizContent = ApiUtils.decode(bizContent);
+                    bizContent = ApiUtils.decode(bizContent, "");
                }
-            if (StrUtil.isBlank(bizContent)) {
+            } else {
+                if (StrUtil.isNotBlank(bizContent)) {
+                    bizContent = ApiUtils.decode(bizContent, "BASE64");
+                }
+            }
+            if (bizContent == null) {
                bizContent = "";
            }
            bizContentJson = JSON.parseObject(bizContent);
@@ -148,8 +157,9 @@ public class ApiForm {
    public TreeMap<String, String> getSignTreeMap() {
        TreeMap<String, String> treeMap = new TreeMap<>();
+        treeMap.put("appId", this.appId);
+        treeMap.put("apiNo", this.apiNo);
        treeMap.put("timestamp", this.timestamp);
-        treeMap.put("nonce", this.nonce);
        treeMap.put("method", this.method);
        treeMap.put("version", this.version);
        String bizContent = StrUtil.isBlank(this.bizContent) ? "" : this.bizContent;
@@ -157,4 +167,17 @@ public class ApiForm {
        return treeMap;
    }
+    public String getSignStr(String key) {
+        TreeMap<String, String> treeMap = getSignTreeMap();
+        // 原始请求串
+        StringBuilder src = new StringBuilder();
+        for (Map.Entry<String, String> entry : treeMap.entrySet()) {
+            src.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
+        }
+        src.append("key=").append(key);
+        return src.toString();
+    }
 }
--- a/api-server/src/main/java/com/zq/api/service/ApiService.java
+++ b/api-server/src/main/java/com/zq/api/service/ApiService.java
 package com.zq.api.service;
 import cn.hutool.core.date.DateUtil;
-import com.zq.api.config.ConfigCache;
+import cn.hutool.core.util.StrUtil;
-import com.zq.api.constant.ApiCodeEnum;
 import com.zq.api.dao.ApiLogDao;
 import com.zq.api.entity.ApiLog;
 import com.zq.api.form.ApiForm;
 import com.zq.api.form.ApiResp;
 import com.zq.api.utils.ApiUtils;
 import com.zq.api.utils.ReflectionUtils;
+import com.zq.common.config.redis.BaseCacheKeys;
+import com.zq.common.config.redis.RedisUtils;
+import com.zq.common.vo.ApiTokenVo;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.scheduling.annotation.Async;
@@ -16,6 +18,7 @@ import org.springframework.stereotype.Service;
 import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 @Slf4j
@@ -24,6 +27,10 @@ import java.util.List;
 public class ApiService {
    private final ApiLogDao apiLogDao;
+    private final RedisUtils redisUtils;
+    // 允许用户未登录状态下执行的方法名
+    private final String[] allowMethod = {"getApiToken"};
    private static final List<String> METHOD_LIST;
@@ -48,20 +55,42 @@ public class ApiService {
        return methodList;
    }
+    /**
+     * 身份验证
+     *
+     * @param form
+     * @return
+     */
+    public ApiResp auth(ApiForm form, String token) {
+        boolean contains = Arrays.asList(allowMethod).contains(form.getMethod());
+        if (contains) {
+            return ApiUtils.getSuccessResp(form);
+        } else if (StrUtil.isBlank(token)) {
+            return ApiUtils.getLoginValidError(form);
+        }
+        // 验证认证信息
+        ApiTokenVo tokenVo = redisUtils.getObj(BaseCacheKeys.PREFIX + "ApiToken." + token, ApiTokenVo.class);
+        if (tokenVo == null) {
+            return ApiUtils.getLoginValidError(form);
+        }
+        // 验证签名
+        String sign = ApiUtils.getSign(form.getSignStr(tokenVo.getSessionKey() == null ? "" : tokenVo.getSessionKey()));
+        if (!sign.equals(form.getSign())) {
+            return ApiUtils.getCheckSignValidError(form);
+        }
+        form.setUserId(tokenVo.getUserId());
+        form.setApiTokenVo(tokenVo);
+        return ApiUtils.getSuccessResp(form);
+    }
    public ApiResp action(ApiForm form) throws Exception {
        if (!METHOD_LIST.contains(form.getMethod())) {
            return ApiUtils.getMethodError(form);
        }
-        // 签名验证标识
-        boolean validFlag = ConfigCache.getValueToBoolean("API.SIGN.VALID");
        IApiLogic apiLogic = getApiLogic(form);
-        if (validFlag) {
-            // 验证签名
-            ApiResp validResp = apiLogic.signValid(form);
-            if (!validResp.getCode().equals(ApiCodeEnum.SUCCESS.code())) {
-                return validResp;
-            }
-        }
        // 调用接口方法，利用反射更简洁
        return (ApiResp) ReflectionUtils.invokeMethod(apiLogic, form.getMethod(), new Class<?>[]{ApiForm.class}, new Object[]{form});

--- a/api-server/src/main/java/com/zq/api/service/AppService.java
+++ b/api-server/src/main/java/com/zq/api/service/AppService.java
+package com.zq.api.service;
+import cn.hutool.core.date.DateUtil;
+import com.zq.api.config.ConfigCache;
+import com.zq.api.constant.ApiCodeEnum;
+import com.zq.api.dao.ApiLogDao;
+import com.zq.api.entity.ApiLog;
+import com.zq.api.form.ApiForm;
+import com.zq.api.form.ApiResp;
+import com.zq.api.utils.ApiUtils;
+import com.zq.api.utils.ReflectionUtils;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Service;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+/**
+ * @author wilmiam
+ * @since 2022/5/30 12:33
+ */
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class AppService {
+    private final ApiLogDao apiLogDao;
+    private static final List<String> METHOD_LIST;
+    static {
+        METHOD_LIST = methodList();
+    }
+    public IApiLogic getApiLogic(ApiForm form) {
+        IApiLogic apiLogic = ApiUtils.getApiLogic(form);
+        return apiLogic;
+    }
+    public static List<String> methodList() {
+        List<String> methodList = new ArrayList<>();
+        Method[] methods = IApiLogic.class.getMethods();
+        for (Method method : methods) {
+            Class<?>[] params = method.getParameterTypes();
+            if (params.length == 1 && (params[0] == ApiForm.class)) {
+                methodList.add(method.getName());
+            }
+        }
+        return methodList;
+    }
+    public ApiResp action(ApiForm form) throws Exception {
+        if (!METHOD_LIST.contains(form.getMethod())) {
+            return ApiUtils.getMethodError(form);
+        }
+        // 签名验证标识
+        boolean validFlag = ConfigCache.getValueToBoolean("API.SIGN.VALID");
+        IApiLogic apiLogic = getApiLogic(form);
+        if (validFlag) {
+            // 验证签名
+            ApiResp validResp = apiLogic.signValid(form);
+            if (!validResp.getCode().equals(ApiCodeEnum.SUCCESS.code())) {
+                return validResp;
+            }
+        }
+        // 调用接口方法，利用反射更简洁
+        return (ApiResp) ReflectionUtils.invokeMethod(apiLogic, form.getMethod(), new Class<?>[]{ApiForm.class}, new Object[]{form});
+    }
+    @Async
+    public void addLog(ApiForm form, String ip, String logType, String respMsg, String errorInfo, Long timeCost) {
+        apiLogDao.insert(ApiLog.builder()
+                .appId(form.getAppId())
+                .userId(form.getUserId())
+                .method(form.getMethod())
+                .version(form.getVersion())
+                .bizContent(form.getBizContent())
+                .ip(ip)
+                .logType(logType)
+                .respMsg(respMsg)
+                .stackTrace(errorInfo)
+                .timeCost(timeCost)
+                .createTime(DateUtil.date().toJdkDate())
+                .build());
+    }
+}
--- a/api-server/src/main/java/com/zq/api/service/impl/BaseApiLogic.java
+++ b/api-server/src/main/java/com/zq/api/service/impl/BaseApiLogic.java
@@ -27,7 +27,7 @@ public abstract class BaseApiLogic implements IApiLogic {
            return ApiUtils.getCheckSignValidError(form);
        }
-        String serverSign = ApiUtils.getSign(form.getSignTreeMap());
+        String serverSign = ApiUtils.getSign(form.getSignStr(""));
        if (!serverSign.equals(form.getSign())) {
            return ApiUtils.getCheckSignValidError(form);
        }

--- a/api-server/src/main/java/com/zq/api/utils/ApiUtils.java
+++ b/api-server/src/main/java/com/zq/api/utils/ApiUtils.java
@@ -13,12 +13,8 @@ import com.zq.common.vo.ResultVo;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.TreeMap;
 /**
 * @author wilmiam
@@ -172,11 +168,17 @@ public class ApiUtils {
     *
     * @param params
     * @return
-     * @throws UnsupportedEncodingException
     */
-    public static String decode(String params) throws UnsupportedEncodingException {
+    public static String decode(String params, String encryptType) {
-        params = URLDecoder.decode(params, "utf-8");
+        if (StringUtils.isBlank(params)) {
+            return "";
+        }
+        params = EncryptUtils.urlDecode(params, "UTF-8");
+        if ("RSA".equals(encryptType)) {
            params = EncryptUtils.rsaDecodeByPrivateKey(params, RsaUtils.privateKey);
+        } else {
+            params = EncryptUtils.base64Decode(params);
+        }
        return params;
    }
@@ -187,14 +189,17 @@ public class ApiUtils {
     *
     * @param params
     * @return
-     * @throws UnsupportedEncodingException
     */
-    public static String encode(String params) throws UnsupportedEncodingException {
+    public static String encode(String params, String encryptType) {
-        params = EncryptUtils.rsaDecodeByPrivateKey(params, RsaUtils.publicKey);
        if (StringUtils.isBlank(params)) {
            return "";
        }
-        params = URLEncoder.encode(params, "utf-8");
+        if ("RSA".equals(encryptType)) {
+            params = EncryptUtils.rsaDecodeByPrivateKey(params, RsaUtils.publicKey);
+        } else {
+            params = EncryptUtils.base64Decode(params);
+        }
+        params = EncryptUtils.urlEncode(params, "UTF-8");
        return params;
    }
@@ -203,16 +208,11 @@ public class ApiUtils {
     * <p>
     * 2017年3月15日 下午3:14:27
     *
-     * @param paramMaps
+     * @param content
     * @return
     */
-    public static String getSign(TreeMap<String, String> paramMaps) {
+    public static String getSign(String content) {
-        // 原始请求串
+        return MD5.create().digestHex(content).toUpperCase();
-        StringBuilder src = new StringBuilder();
-        for (Map.Entry<String, String> entry : paramMaps.entrySet()) {
-            src.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
-        }
-        return MD5.create().digestHex(src.toString());
    }
 }
--- a/xxx-common-utils/src/main/java/com/zq/common/constant/CloudConstant.java
+++ b/xxx-common-utils/src/main/java/com/zq/common/constant/CloudConstant.java
@@ -13,7 +13,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
-package com.zq.common.constant;
+package com.zq.logging.constant;
 /**
 * 常用静态常量
@@ -21,7 +21,7 @@ package com.zq.common.constant;
 * @author Zheng Jie
 * @date 2018-12-26
 */
-public class CloudConstant {
+public class Constant {
    /**
     * 用于IP定位转换

--- a/logging-server/src/main/java/com/zq/logging/utils/RequestUtils.java
+++ b/logging-server/src/main/java/com/zq/logging/utils/RequestUtils.java
@@ -3,8 +3,8 @@ package com.zq.logging.utils;
 import cn.hutool.http.HttpUtil;
 import cn.hutool.json.JSONUtil;
 import com.zq.common.config.base.SpringContextHolder;
-import com.zq.common.constant.CloudConstant;
 import com.zq.logging.config.AdminProperties;
+import com.zq.logging.constant.Constant;
 import net.dreamlu.mica.ip2region.core.Ip2regionSearcher;
 import net.dreamlu.mica.ip2region.core.IpInfo;
 import nl.basjes.parse.useragent.UserAgent;
@@ -46,7 +46,7 @@ public class RequestUtils {
     * 根据ip获取详细地址
     */
    public static String getHttpCityInfo(String ip) {
-        String api = String.format(CloudConstant.Url.IP_URL, ip);
+        String api = String.format(Constant.Url.IP_URL, ip);
        cn.hutool.json.JSONObject object = JSONUtil.parseObj(HttpUtil.get(api));
        return object.get("addr", String.class);
    }

--- a/user-server/src/main/java/com/zq/user/config/SpringSecurityConfig.java
+++ b/user-server/src/main/java/com/zq/user/config/SpringSecurityConfig.java
@@ -18,7 +18,6 @@ package com.zq.user.config;
 import com.zq.common.annotation.AnonymousAccess;
 import com.zq.common.config.redis.RedisUtils;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import com.zq.common.utils.RequestMethodEnum;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationContext;

--- a/user-server/src/main/java/com/zq/user/config/TokenConfigurer.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenConfigurer.java
@@ -17,7 +17,6 @@ package com.zq.user.config;
 import com.zq.common.config.redis.RedisUtils;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

--- a/user-server/src/main/java/com/zq/user/config/TokenFilter.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenFilter.java
@@ -19,7 +19,6 @@ import cn.hutool.core.util.StrUtil;
 import com.zq.common.config.redis.BaseCacheKeys;
 import com.zq.common.config.redis.RedisUtils;
 import com.zq.common.config.security.SecurityProperties;
-import com.zq.common.config.security.TokenProvider;
 import com.zq.common.context.ContextUtils;
 import com.zq.common.vo.OnlineUserDto;
 import io.jsonwebtoken.ExpiredJwtException;

--- a/user-server/src/main/java/com/zq/user/config/TokenProvider.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenProvider.java
--- a/xxx-common-utils/src/main/java/com/zq/common/config/base/UnifiedExceptionHandler.java
+++ b/xxx-common-utils/src/main/java/com/zq/common/config/base/UnifiedExceptionHandler.java
 package com.zq.common.config.base;
+import com.zq.common.constant.FeignHeader;
+import com.zq.common.constant.SystemName;
 import com.zq.common.exception.BusinessException;
 import com.zq.common.utils.ThrowableUtil;
 import com.zq.common.vo.ResultVo;
@@ -94,8 +96,9 @@ public class UnifiedExceptionHandler {
    @ExceptionHandler(DataAccessException.class)
    public ResultVo handleDataAccessException(DataAccessException ex, HttpServletRequest request) {
        log.error(">> 访问数据失败 " + request.getRequestURI(), ex);
+        String header = request.getHeader(FeignHeader.SERVER_NAME);
        String error = "服务器繁忙";
-        if (request.getRequestURI().contains("/app/")) {
+        if (StringUtils.isNotBlank(header) && SystemName.API.equals(header)) {
            error = ThrowableUtil.getStackTrace(ex);
        }
        return ResultVo.fail(HttpStatus.INTERNAL_SERVER_ERROR.value(), error);
@@ -104,8 +107,9 @@ public class UnifiedExceptionHandler {
    @ExceptionHandler(value = Exception.class)
    public ResultVo defaultErrorHandler(Exception ex, HttpServletRequest request) {
        log.error(">> 服务器内部错误 " + request.getRequestURI(), ex);
+        String header = request.getHeader(FeignHeader.SERVER_NAME);
        String error = "服务器繁忙";
-        if (request.getRequestURI().contains("/app/")) {
+        if (StringUtils.isNotBlank(header) && SystemName.API.equals(header)) {
            error = ThrowableUtil.getStackTrace(ex);
        }
        return ResultVo.fail(HttpStatus.INTERNAL_SERVER_ERROR.value(), error);

--- a/xxx-common-utils/src/main/java/com/zq/common/config/security/TokenProvider.java
+++ b/xxx-common-utils/src/main/java/com/zq/common/config/security/TokenProvider.java
-package com.zq.common.config.security;/*
- *  Copyright 2019-2020 Zheng Jie
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-import cn.hutool.core.date.DateField;
-import cn.hutool.core.date.DateUtil;
-import cn.hutool.core.util.IdUtil;
-import cn.hutool.core.util.ObjectUtil;
-import com.zq.common.config.redis.RedisUtils;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.stereotype.Component;
-import javax.crypto.spec.SecretKeySpec;
-import javax.servlet.http.HttpServletRequest;
-import javax.xml.bind.DatatypeConverter;
-import java.security.Key;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
-/**
- * @author /
- */
-@Slf4j
-@Component
-@RequiredArgsConstructor
-public class TokenProvider implements InitializingBean {
-    private final RedisUtils redisUtils;
-    private final SecurityProperties properties;
-    public static final String AUTHORITIES_KEY = "auth";
-    private static Key key;
-    private static SignatureAlgorithm signatureAlgorithm;
-    @Override
-    public void afterPropertiesSet() {
-        signatureAlgorithm = SignatureAlgorithm.HS512;
-        byte[] keyBytes = DatatypeConverter.parseBase64Binary(properties.getBase64Secret());
-        key = new SecretKeySpec(keyBytes, signatureAlgorithm.getJcaName());
-    }
-    public static String createToken(Authentication authentication) {
-        String authorities = authentication.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority)
-                .collect(Collectors.joining(","));
-        return Jwts.builder()
-                .setSubject(authentication.getName())
-                .claim(AUTHORITIES_KEY, authorities)
-                .signWith(signatureAlgorithm, key)
-                // 加入ID确保生成的 Token 都不一致
-                .setId(IdUtil.simpleUUID())
-                .compact();
-    }
-    public Claims getClaims(String token) {
-        return Jwts.parser()
-                .setSigningKey(DatatypeConverter.parseBase64Binary(properties.getBase64Secret()))
-                .parseClaimsJws(token)
-                .getBody();
-    }
-    public Authentication getAuthentication(String token) {
-        Claims claims = getClaims(token);
-        // fix bug: 当前用户如果没有任何权限时，在输入用户名后，刷新验证码会抛IllegalArgumentException
-        Object authoritiesStr = claims.get(AUTHORITIES_KEY);
-        Collection<? extends GrantedAuthority> authorities =
-                ObjectUtil.isNotEmpty(authoritiesStr) ?
-                        Arrays.stream(authoritiesStr.toString().split(","))
-                                .map(SimpleGrantedAuthority::new)
-                                .collect(Collectors.toList()) : Collections.emptyList();
-        User principal = new User(claims.getSubject(), "******", authorities);
-        return new UsernamePasswordAuthenticationToken(principal, token, authorities);
-    }
-    /**
-     * @param token 需要检查的token
-     */
-    public void checkRenewal(String token) {
-        // 判断是否续期token,计算token的过期时间
-        long time = redisUtils.getExpire(properties.getOnlineKey() + token) * 1000;
-        Date expireDate = DateUtil.offset(new Date(), DateField.MILLISECOND, (int) time);
-        // 判断当前时间与过期时间的时间差
-        long differ = expireDate.getTime() - System.currentTimeMillis();
-        // 如果在续期检查的范围内，则续期
-        if (differ <= properties.getDetect()) {
-            long renew = time + properties.getRenew();
-            redisUtils.expire(properties.getOnlineKey() + token, renew, TimeUnit.MILLISECONDS);
-        }
-    }
-    public String getToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
-}
--- a/xxx-common-utils/src/main/java/com/zq/common/constant/FeignHeader.java
+++ b/xxx-common-utils/src/main/java/com/zq/common/constant/FeignHeader.java
+package com.zq.common.constant;
+/**
+ * feign要添加的请求头
+ *
+ * @author wilmiam
+ * @since 2021/9/6 9:43
+ */
+public class FeignHeader {
+    /**
+     * feign添加服务名的请求头字段
+     */
+    public static final String SERVER_NAME = "X-Server-Name";
+    /**
+     * feign添加api-token的请求头字段
+     */
+    public static final String API_TOKEN = "X-Api-Token";
+}
--- a/xxx-common-utils/src/main/java/com/zq/common/constant/SystemName.java
+++ b/xxx-common-utils/src/main/java/com/zq/common/constant/SystemName.java
+package com.zq.common.constant;
+/**
+ * @author wilmiam
+ * @since 2021-09-06 09:16
+ */
+public class SystemName {
+    public static final String ADMIN = "admin";
+    public static final String API = "api";
+}