quyixiao/eb-service-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

提交修改

Browse Source
This commit is contained in:
quyixiao 2025-04-12 23:01:26 +08:00
parent d5c7eb2e45
commit b6cb958d7c
6 changed files with 51 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
api-mapper/src/main/java/com/heyu/api/data/annotation/EbAuthentication.java Normal file
View File

@ -0,0 +1,21 @@
package com.heyu.api.data.annotation;
import java.lang.annotation.*;
/**
* 如果配置了 这个注解的类他的所有方法都不进行拦截
* 如果只有方法配置了则该方法不进行拦截
*/
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
public @interface EbAuthentication {
String value() default "";
String tencent() default "";
}

1
api-mapper/src/main/java/com/heyu/api/data/constants/ApiConstants.java
View File

@ -293,6 +293,7 @@ public class ApiConstants {
public static final String face = "face";
public static final String TENCENT_AUTH = "20C7941B2CCAD689A90C796A4A9DF04A";
}

2
api-mapper/src/main/java/com/heyu/api/data/dto/BaseReq.java
View File

@ -11,4 +11,6 @@ public class BaseReq {
}

148
api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java
View File

@ -1,17 +1,11 @@
package com.heyu.api.aop;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.heyu.api.common.LogAspect;
import com.heyu.api.data.constants.ApiConstants;
import com.heyu.api.data.dto.AccountDTO;
import com.heyu.api.data.dto.BaseReq;
import com.heyu.api.data.dto.RequestLogDTO;
import com.heyu.api.data.dto.TokenDTO;
import com.heyu.api.data.service.bussiness.RedisSettingService;
import com.heyu.api.data.utils.*;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Around;
@ -29,8 +23,10 @@ import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.math.BigDecimal;
import java.util.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* 日志aop
@ -102,51 +98,30 @@ public class LogAop {
// 默认对有的接口进行拦截
Boolean intercept = faceAuthMap.get(className);
Boolean classMethodConfigNotIntercept = faceAuthMap.get(classNameAndMethodName);
String authConfig = request.getHeader("X-TCloudMarket-Custom-AuthConfig");
log.info("authConfig:{}",authConfig);
if (intercept == null) {
boolean exitAnnotation = AnnotationUtils.hasAnnotation(clazz, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME);
boolean exitClassAnnotation = AnnotationUtils.hasAnnotation(clazz, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME);
boolean exitMethodAnnotation = AnnotationUtils.hasAnnotation(method, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME);
// 如果存在NotIntercept则不进行拦截否则进行拦截
intercept = exitAnnotation ? false : true;
intercept = exitClassAnnotation ? false : true;
classMethodConfigNotIntercept = exitMethodAnnotation ? false : true;
faceAuthMap.put(className, intercept);
}
// 如果类上没有配置NotIntercept注解 则看方法中有没有配置这个注解
if (intercept) {
Boolean classMethodConfigNotIntercept = faceAuthMap.get(classNameAndMethodName);
if (classMethodConfigNotIntercept == null) {
boolean exitAnnotation = AnnotationUtils.hasAnnotation(method, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME);
intercept = exitAnnotation ? false : true;
faceAuthMap.put(classNameAndMethodName, intercept);
}
faceAuthMap.put(classNameAndMethodName, intercept);
}
// 如果需要进行拦截
if (intercept) {
Object[] argsList = point.getArgs();
for (Object x : argsList) {
if (x instanceof BaseReq) {
token = ((BaseReq) x).getToken();
if (StringUtils.isBlank(token)) {
return R.error("token不能为null");
}
if (!intercept && !classMethodConfigNotIntercept ) {
// 通过token
String tokenKey = ApiConstants.TOKEN_INFO + token;
String tokenInfoStr = redisUtils.get(tokenKey);
if (StringUtils.isBlank(tokenInfoStr)) {
redisSettingService.addTokenInfoToRedis(token);
String tokenInfoStr2 = redisUtils.get(tokenKey);
if (StringUtils.isBlank(tokenInfoStr2)) {
log.info("您的token无效请重新申请。,token:{}", token);
return R.error("您的token无效请重新申请。");
}
return tokenVerify(tokenInfoStr, args, ip, className, methodName, uri, token, traceId, point);
}
return tokenVerify(tokenInfoStr, args, ip, className, methodName, uri, token, traceId, point);
}
}
return R.error("你的接口请求参数请继承BaseRequest类。");
} else {
result = point.proceed();
return R.error("auth error");
}
result = point.proceed();
} catch (Exception e) {
log.error("LogAop set error " + sb.toString(), e);
} finally {
@ -160,8 +135,6 @@ public class LogAop {
public void printLog(Object result, String args, String ip, String className, String methodName,
String preUri) {
StringBuilder sb = new StringBuilder();
sb.append("LoggerAop args:").append(args).append(BLANK_SPACE)
.append("ip:").append(ip).append(BLANK_SPACE)
@ -172,87 +145,6 @@ public class LogAop {
}
public Object tokenVerify(String tokenInfoStr, String args, String ip, String className, String methodName,
String uri, String token, String traceId, ProceedingJoinPoint point) {
TokenDTO tokenDTO = JSONObject.parseObject(tokenInfoStr, TokenDTO.class);
// 如果faces 为空则表示可以访问所有的接口
List<String> faces = tokenDTO.getFaces();
if (CollectionUtils.isNotEmpty(faces)) {
if (!faces.contains(uri)) {
return R.error("您的token不允许访问此此接口如果需要访问此接口"
+ "可调用/token/tokenUnBindFace解绑定所有绑定的接口后token就可以访问所有的接口了也就是说token没有绑定接口时可以访问所有接口。"
+ "如果token绑定了接口那些token只能用于此token绑定过的接口" + ",如果不想解绑接口,则也可以调用" +
"/token/operate方法来创建新的token来调用此" + uri + "接口。");
}
}
// token 一分钟接口方法的次数
String tokenMinutesVisitCountKey = ApiConstants.TOKEN_MINUTES_VISIT_COUNT + token;
Integer tokenMinutesVisitCount = NumberUtil.objToIntDefault(redisUtils.get(tokenMinutesVisitCountKey), 0);
Integer tokenMinutesVisitLimit = tokenDTO.getMinutesVisitLimit();
/**
* 如果有token访问次数限制并且 一分钟接口访问次数达到限制则进行限流
*/
if (tokenMinutesVisitLimit > 0 && tokenMinutesVisitCount > tokenMinutesVisitLimit) {
return R.error("您的token:" + token + "一分钟访问次数达到" + tokenMinutesVisitLimit + "次数限制,请稍后重试。");
}
int lastSecondMillis = DateUtils.getLastSecondMillis();
// 增加token account访问次数
redisUtils.incr(tokenMinutesVisitCountKey, lastSecondMillis);
String accountRedisKey = ApiConstants.ACCOUNT_INFO + tokenDTO.getUserName();
String accountInfoStr = redisUtils.get(accountRedisKey);
if (StringUtils.isBlank(accountInfoStr)) {
redisSettingService.addAccountInfoToRedis(token);
String accountInfoStr2 = redisUtils.get(accountRedisKey);
return accountVerify(accountInfoStr2, args, ip, className, methodName, uri, token, traceId, tokenDTO, lastSecondMillis, point);
}
return accountVerify(accountInfoStr, args, ip, className, methodName, uri, token, traceId, tokenDTO, lastSecondMillis, point);
}
public Object accountVerify(String accountInfoStr, String args, String ip, String className, String methodName,
String uri, String token, String traceId, TokenDTO tokenDTO, int lastSecondMillis,
ProceedingJoinPoint point) {
Object result = null;
try {
AccountDTO accountDTO = JSONObject.parseObject(accountInfoStr, AccountDTO.class);
String accountMinutesVisitCountKey = ApiConstants.ACCOUNT_MINUTES_VISIT_COUNT + token;
Integer accountMinutesVisitCount = NumberUtil.objToIntDefault(redisUtils.get(accountMinutesVisitCountKey), 0);
Integer accountMinutesVisitLimit = accountDTO.getMinutesVisitLimit();
if (accountMinutesVisitLimit > 0 && accountMinutesVisitCount > accountMinutesVisitLimit) {
return R.error("您的账户:" + accountDTO.getUserName() + "一分钟访问次数达到" + accountMinutesVisitLimit + "次数限制,请稍后重试。");
}
BigDecimal amount = accountDTO.getAmount();
// 如果当前账户金额还有钱则不限制否则不允许
if (amount.compareTo(BigDecimal.ZERO) > 0) {
rabbitTemplate.convertAndSend(accountAmountQueue,
JSON.toJSONString(new RequestLogDTO(
token, // token
tokenDTO.getUserName(),
uri, // 当前请求的接口
traceId, //日志编号
System.currentTimeMillis() // 消息发送时间
)
));
} else {
return R.error("您的账号:" + accountDTO.getUserName() + "已经欠费,请充值金额");
}
redisUtils.incr(accountMinutesVisitCountKey, lastSecondMillis);
result = point.proceed();
} catch (Throwable e) {
log.error("异常", e);
} finally {
printLog(result, args, ip, className, methodName, uri);
}
return result;
}
private String recordRequestLog(Object[] argArrs, String uri) {
String mediaType = "";
String args = null;

10
api-web/api-interface/src/main/java/com/heyu/api/controller/bankcard/BankCard2MetaController.java
View File

@ -6,8 +6,7 @@ import com.aliyun.cloudauth20190307.models.BankMetaVerifyResponseBody;
import com.heyu.api.alibaba.handle.common.text.ABankMetaVerifyHandle;
import com.heyu.api.alibaba.request.common.text.ABankMetaVerifyRequest;
import com.heyu.api.controller.BaseController;
import com.heyu.api.data.annotation.CacheResult;
import com.heyu.api.data.annotation.NotIntercept;
import com.heyu.api.data.annotation.EbAuthentication;
import com.heyu.api.data.constants.ApiConstants;
import com.heyu.api.data.utils.ApiR;
import com.heyu.api.data.utils.R;
@ -39,7 +38,6 @@ import org.springframework.web.bind.annotation.RestController;
@Slf4j
@RestController
@RequestMapping("/bank/card/2")
@NotIntercept
public class BankCard2MetaController extends BaseController {
@Autowired
@ -50,15 +48,14 @@ public class BankCard2MetaController extends BaseController {
// http://localhost:8888/bank/card/2/verify?bankCardNumber=6214855713516769&realName=瞿贻晓
// https://api.1024api.com/api-interface/bank/card/2/verify?bankCardNumber=6214855713516769&realName=瞿贻晓
@EbAuthentication(tencent = ApiConstants.TENCENT_AUTH)
@RequestMapping("/verify")
@CacheResult(exclude = {"验证中心服务繁忙","验证次数超限,请次日重试"})
public R verify(BankCard2MetaRequest bankCard2MetaRequest) {
BankCard2MetaResp bankCard2MetaResp = new BankCard2MetaResp();
ABankMetaVerifyRequest abankMetaVerifyRequest = new ABankMetaVerifyRequest();
abankMetaVerifyRequest.setBankCard(bankCard2MetaRequest.getBankCardNumber());
abankMetaVerifyRequest.setUserName(bankCard2MetaRequest.getRealName());
abankMetaVerifyRequest.setProductType(ApiConstants.BANK_CARD_2_META);
ApiR<BankMetaVerifyResponse> aR = aBankMetaVerifyHandle.handle(abankMetaVerifyRequest);
if (aR.isSuccess() && isSuccessStatusCode(aR.getData().getStatusCode())) {
BankMetaVerifyResponse bankMetaVerifyResponse = aR.getData();
@ -70,7 +67,6 @@ public class BankCard2MetaController extends BaseController {
}else{
bankCard2MetaResp.setCheckResult(ApiConstants.FAILED);
}
bankCard2MetaResp.setDesc(ApiConstants.aliErrCodeMap.get(bankMetaVerifyResponseBodyResultObject.getSubCode()));
return R.ok().setData(bankCard2MetaResp);
}
@ -78,8 +74,8 @@ public class BankCard2MetaController extends BaseController {
bankCard2MetaResp.setCheckResult(ApiConstants.FAILED);
bankCard2MetaResp.setDesc(aR.getErrorMsg());
return R.ok().setData(bankCard2MetaResp);
}
}

4
api-web/api-interface/src/main/java/com/heyu/api/controller/idcard/IdCardSecondCheckController.java
View File

@ -28,7 +28,11 @@ public class IdCardSecondCheckController {
@Autowired
private TIdCardVerificationHandle idCardVerificationHandle;
// http://localhost:8888/id/card/certification?idCardNumber=430529199209255030&realName=瞿贻晓
@RequestMapping("/certification")
@CacheResult
public R certification(ApiIdentityCardSecondRequest apiIdentityCardRequest) {