From b6cb958d7c3263a36f771c889489f63559d8b5ff Mon Sep 17 00:00:00 2001 From: quyixiao <2621048238@qq.com> Date: Sat, 12 Apr 2025 23:01:26 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/data/annotation/EbAuthentication.java | 21 +++ .../heyu/api/data/constants/ApiConstants.java | 1 + .../java/com/heyu/api/data/dto/BaseReq.java | 2 + .../main/java/com/heyu/api/aop/LogAop.java | 148 +++--------------- .../bankcard/BankCard2MetaController.java | 10 +- .../idcard/IdCardSecondCheckController.java | 4 + 6 files changed, 51 insertions(+), 135 deletions(-) create mode 100644 api-mapper/src/main/java/com/heyu/api/data/annotation/EbAuthentication.java diff --git a/api-mapper/src/main/java/com/heyu/api/data/annotation/EbAuthentication.java b/api-mapper/src/main/java/com/heyu/api/data/annotation/EbAuthentication.java new file mode 100644 index 0000000..6f9274f --- /dev/null +++ b/api-mapper/src/main/java/com/heyu/api/data/annotation/EbAuthentication.java @@ -0,0 +1,21 @@ + +package com.heyu.api.data.annotation; + +import java.lang.annotation.*; + +/** + * 如果配置了 这个注解的类,他的所有方法都不进行拦截 + * 如果只有方法配置了,则该方法不进行拦截 + */ +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD, ElementType.TYPE}) +public @interface EbAuthentication { + + + + String value() default ""; + + + String tencent() default ""; +} diff --git a/api-mapper/src/main/java/com/heyu/api/data/constants/ApiConstants.java b/api-mapper/src/main/java/com/heyu/api/data/constants/ApiConstants.java index 80649ad..60475a8 100644 --- a/api-mapper/src/main/java/com/heyu/api/data/constants/ApiConstants.java +++ b/api-mapper/src/main/java/com/heyu/api/data/constants/ApiConstants.java @@ -293,6 +293,7 @@ public class ApiConstants { public static final String face = "face"; + public static final String TENCENT_AUTH = "20C7941B2CCAD689A90C796A4A9DF04A"; } diff --git a/api-mapper/src/main/java/com/heyu/api/data/dto/BaseReq.java b/api-mapper/src/main/java/com/heyu/api/data/dto/BaseReq.java index aa4e95f..825b9a4 100644 --- a/api-mapper/src/main/java/com/heyu/api/data/dto/BaseReq.java +++ b/api-mapper/src/main/java/com/heyu/api/data/dto/BaseReq.java @@ -11,4 +11,6 @@ public class BaseReq { + + } diff --git a/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java b/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java index fedc236..bb1f603 100644 --- a/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java +++ b/api-web/api-interface/src/main/java/com/heyu/api/aop/LogAop.java @@ -1,17 +1,11 @@ package com.heyu.api.aop; import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONObject; import com.heyu.api.common.LogAspect; import com.heyu.api.data.constants.ApiConstants; -import com.heyu.api.data.dto.AccountDTO; -import com.heyu.api.data.dto.BaseReq; -import com.heyu.api.data.dto.RequestLogDTO; -import com.heyu.api.data.dto.TokenDTO; import com.heyu.api.data.service.bussiness.RedisSettingService; import com.heyu.api.data.utils.*; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.collections.CollectionUtils; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.Signature; import org.aspectj.lang.annotation.Around; @@ -29,8 +23,10 @@ import org.springframework.web.multipart.MultipartFile; import javax.servlet.http.HttpServletRequest; import java.lang.reflect.Method; -import java.math.BigDecimal; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; /** * 日志aop @@ -102,51 +98,30 @@ public class LogAop { // 默认对有的接口进行拦截 Boolean intercept = faceAuthMap.get(className); + Boolean classMethodConfigNotIntercept = faceAuthMap.get(classNameAndMethodName); + + String authConfig = request.getHeader("X-TCloudMarket-Custom-AuthConfig"); + log.info("authConfig:{}",authConfig); + if (intercept == null) { - boolean exitAnnotation = AnnotationUtils.hasAnnotation(clazz, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME); + boolean exitClassAnnotation = AnnotationUtils.hasAnnotation(clazz, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME); + boolean exitMethodAnnotation = AnnotationUtils.hasAnnotation(method, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME); // 如果存在NotIntercept则不进行拦截,否则进行拦截 - intercept = exitAnnotation ? false : true; + intercept = exitClassAnnotation ? false : true; + classMethodConfigNotIntercept = exitMethodAnnotation ? false : true; + faceAuthMap.put(className, intercept); - } - // 如果类上没有配置NotIntercept注解 ,则看方法中有没有配置这个注解 - if (intercept) { - Boolean classMethodConfigNotIntercept = faceAuthMap.get(classNameAndMethodName); - if (classMethodConfigNotIntercept == null) { - boolean exitAnnotation = AnnotationUtils.hasAnnotation(method, ApiConstants.NOT_INTERCEPT_ANNOTATION_NAME); - intercept = exitAnnotation ? false : true; - faceAuthMap.put(classNameAndMethodName, intercept); - } + faceAuthMap.put(classNameAndMethodName, intercept); } // 如果需要进行拦截 - if (intercept) { - Object[] argsList = point.getArgs(); - for (Object x : argsList) { - if (x instanceof BaseReq) { - token = ((BaseReq) x).getToken(); - if (StringUtils.isBlank(token)) { - return R.error("token不能为null"); - } + if (!intercept && !classMethodConfigNotIntercept ) { - // 通过token - String tokenKey = ApiConstants.TOKEN_INFO + token; - String tokenInfoStr = redisUtils.get(tokenKey); - if (StringUtils.isBlank(tokenInfoStr)) { - redisSettingService.addTokenInfoToRedis(token); - String tokenInfoStr2 = redisUtils.get(tokenKey); - if (StringUtils.isBlank(tokenInfoStr2)) { - log.info("您的token无效,请重新申请。,token:{}", token); - return R.error("您的token无效,请重新申请。"); - } - return tokenVerify(tokenInfoStr, args, ip, className, methodName, uri, token, traceId, point); - } - return tokenVerify(tokenInfoStr, args, ip, className, methodName, uri, token, traceId, point); - } - } - return R.error("你的接口请求参数请继承BaseRequest类。"); - } else { - result = point.proceed(); + + return R.error("auth error"); } + + result = point.proceed(); } catch (Exception e) { log.error("LogAop set error " + sb.toString(), e); } finally { @@ -160,8 +135,6 @@ public class LogAop { public void printLog(Object result, String args, String ip, String className, String methodName, String preUri) { - - StringBuilder sb = new StringBuilder(); sb.append("LoggerAop args:").append(args).append(BLANK_SPACE) .append("ip:").append(ip).append(BLANK_SPACE) @@ -172,87 +145,6 @@ public class LogAop { } - - public Object tokenVerify(String tokenInfoStr, String args, String ip, String className, String methodName, - String uri, String token, String traceId, ProceedingJoinPoint point) { - TokenDTO tokenDTO = JSONObject.parseObject(tokenInfoStr, TokenDTO.class); - // 如果faces 为空,则表示可以访问所有的接口 - List faces = tokenDTO.getFaces(); - if (CollectionUtils.isNotEmpty(faces)) { - if (!faces.contains(uri)) { - return R.error("您的token不允许访问此此接口,如果需要访问此接口," - + "可调用/token/tokenUnBindFace,解绑定所有绑定的接口后,token就可以访问所有的接口了,也就是说token没有绑定接口时,可以访问所有接口。" - + "如果token绑定了接口,那些token只能用于此token绑定过的接口" + ",如果不想解绑接口,则也可以调用" + - "/token/operate方法来创建新的token,来调用此" + uri + "接口。"); - } - } - // token 一分钟接口方法的次数 - String tokenMinutesVisitCountKey = ApiConstants.TOKEN_MINUTES_VISIT_COUNT + token; - Integer tokenMinutesVisitCount = NumberUtil.objToIntDefault(redisUtils.get(tokenMinutesVisitCountKey), 0); - Integer tokenMinutesVisitLimit = tokenDTO.getMinutesVisitLimit(); - /** - * 如果有token访问次数限制,并且 一分钟接口访问次数达到限制,则进行限流 - */ - if (tokenMinutesVisitLimit > 0 && tokenMinutesVisitCount > tokenMinutesVisitLimit) { - return R.error("您的token:" + token + "一分钟访问次数达到" + tokenMinutesVisitLimit + "次数限制,请稍后重试。"); - } - - int lastSecondMillis = DateUtils.getLastSecondMillis(); - // 增加token 和 account访问次数 - redisUtils.incr(tokenMinutesVisitCountKey, lastSecondMillis); - - String accountRedisKey = ApiConstants.ACCOUNT_INFO + tokenDTO.getUserName(); - String accountInfoStr = redisUtils.get(accountRedisKey); - if (StringUtils.isBlank(accountInfoStr)) { - redisSettingService.addAccountInfoToRedis(token); - String accountInfoStr2 = redisUtils.get(accountRedisKey); - return accountVerify(accountInfoStr2, args, ip, className, methodName, uri, token, traceId, tokenDTO, lastSecondMillis, point); - } - - return accountVerify(accountInfoStr, args, ip, className, methodName, uri, token, traceId, tokenDTO, lastSecondMillis, point); - } - - - - - - public Object accountVerify(String accountInfoStr, String args, String ip, String className, String methodName, - String uri, String token, String traceId, TokenDTO tokenDTO, int lastSecondMillis, - ProceedingJoinPoint point) { - Object result = null; - try { - AccountDTO accountDTO = JSONObject.parseObject(accountInfoStr, AccountDTO.class); - String accountMinutesVisitCountKey = ApiConstants.ACCOUNT_MINUTES_VISIT_COUNT + token; - Integer accountMinutesVisitCount = NumberUtil.objToIntDefault(redisUtils.get(accountMinutesVisitCountKey), 0); - Integer accountMinutesVisitLimit = accountDTO.getMinutesVisitLimit(); - if (accountMinutesVisitLimit > 0 && accountMinutesVisitCount > accountMinutesVisitLimit) { - return R.error("您的账户:" + accountDTO.getUserName() + "一分钟访问次数达到" + accountMinutesVisitLimit + "次数限制,请稍后重试。"); - } - BigDecimal amount = accountDTO.getAmount(); - // 如果当前账户金额还有钱,则不限制,否则不允许 - if (amount.compareTo(BigDecimal.ZERO) > 0) { - rabbitTemplate.convertAndSend(accountAmountQueue, - JSON.toJSONString(new RequestLogDTO( - token, // token - tokenDTO.getUserName(), - uri, // 当前请求的接口 - traceId, //日志编号 - System.currentTimeMillis() // 消息发送时间 - ) - )); - } else { - return R.error("您的账号:" + accountDTO.getUserName() + "已经欠费,请充值金额"); - } - redisUtils.incr(accountMinutesVisitCountKey, lastSecondMillis); - result = point.proceed(); - } catch (Throwable e) { - log.error("异常", e); - } finally { - printLog(result, args, ip, className, methodName, uri); - } - return result; - } - private String recordRequestLog(Object[] argArrs, String uri) { String mediaType = ""; String args = null; diff --git a/api-web/api-interface/src/main/java/com/heyu/api/controller/bankcard/BankCard2MetaController.java b/api-web/api-interface/src/main/java/com/heyu/api/controller/bankcard/BankCard2MetaController.java index cf77f66..5089541 100644 --- a/api-web/api-interface/src/main/java/com/heyu/api/controller/bankcard/BankCard2MetaController.java +++ b/api-web/api-interface/src/main/java/com/heyu/api/controller/bankcard/BankCard2MetaController.java @@ -6,8 +6,7 @@ import com.aliyun.cloudauth20190307.models.BankMetaVerifyResponseBody; import com.heyu.api.alibaba.handle.common.text.ABankMetaVerifyHandle; import com.heyu.api.alibaba.request.common.text.ABankMetaVerifyRequest; import com.heyu.api.controller.BaseController; -import com.heyu.api.data.annotation.CacheResult; -import com.heyu.api.data.annotation.NotIntercept; +import com.heyu.api.data.annotation.EbAuthentication; import com.heyu.api.data.constants.ApiConstants; import com.heyu.api.data.utils.ApiR; import com.heyu.api.data.utils.R; @@ -39,7 +38,6 @@ import org.springframework.web.bind.annotation.RestController; @Slf4j @RestController @RequestMapping("/bank/card/2") -@NotIntercept public class BankCard2MetaController extends BaseController { @Autowired @@ -50,15 +48,14 @@ public class BankCard2MetaController extends BaseController { // http://localhost:8888/bank/card/2/verify?bankCardNumber=6214855713516769&realName=瞿贻晓 // https://api.1024api.com/api-interface/bank/card/2/verify?bankCardNumber=6214855713516769&realName=瞿贻晓 + @EbAuthentication(tencent = ApiConstants.TENCENT_AUTH) @RequestMapping("/verify") - @CacheResult(exclude = {"验证中心服务繁忙","验证次数超限,请次日重试"}) public R verify(BankCard2MetaRequest bankCard2MetaRequest) { BankCard2MetaResp bankCard2MetaResp = new BankCard2MetaResp(); ABankMetaVerifyRequest abankMetaVerifyRequest = new ABankMetaVerifyRequest(); abankMetaVerifyRequest.setBankCard(bankCard2MetaRequest.getBankCardNumber()); abankMetaVerifyRequest.setUserName(bankCard2MetaRequest.getRealName()); abankMetaVerifyRequest.setProductType(ApiConstants.BANK_CARD_2_META); - ApiR aR = aBankMetaVerifyHandle.handle(abankMetaVerifyRequest); if (aR.isSuccess() && isSuccessStatusCode(aR.getData().getStatusCode())) { BankMetaVerifyResponse bankMetaVerifyResponse = aR.getData(); @@ -70,7 +67,6 @@ public class BankCard2MetaController extends BaseController { }else{ bankCard2MetaResp.setCheckResult(ApiConstants.FAILED); } - bankCard2MetaResp.setDesc(ApiConstants.aliErrCodeMap.get(bankMetaVerifyResponseBodyResultObject.getSubCode())); return R.ok().setData(bankCard2MetaResp); } @@ -78,8 +74,8 @@ public class BankCard2MetaController extends BaseController { bankCard2MetaResp.setCheckResult(ApiConstants.FAILED); bankCard2MetaResp.setDesc(aR.getErrorMsg()); + return R.ok().setData(bankCard2MetaResp); } - } diff --git a/api-web/api-interface/src/main/java/com/heyu/api/controller/idcard/IdCardSecondCheckController.java b/api-web/api-interface/src/main/java/com/heyu/api/controller/idcard/IdCardSecondCheckController.java index 7ccdf35..337b670 100644 --- a/api-web/api-interface/src/main/java/com/heyu/api/controller/idcard/IdCardSecondCheckController.java +++ b/api-web/api-interface/src/main/java/com/heyu/api/controller/idcard/IdCardSecondCheckController.java @@ -28,7 +28,11 @@ public class IdCardSecondCheckController { @Autowired private TIdCardVerificationHandle idCardVerificationHandle; + // http://localhost:8888/id/card/certification?idCardNumber=430529199209255030&realName=瞿贻晓 + + + @RequestMapping("/certification") @CacheResult public R certification(ApiIdentityCardSecondRequest apiIdentityCardRequest) {