代码提交

k94314517

2024-07-25 a75b18a4157ab486e0b51c438ac165ab3a08e3e0

 server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java

@@ -1,10 +1,17 @@
package com.doumee.api.web;

import cn.hutool.http.HttpRequest;
import com.amazonaws.util.Md5Utils;
import com.doumee.biz.system.SystemDataPermissionBiz;
import com.doumee.biz.system.SystemDictDataBiz;
import com.doumee.biz.zbom.ZbomCRMService;
import com.doumee.biz.zbom.ZbomZhongTaiService;
import com.doumee.config.annotation.LoginRequired;
import com.doumee.config.annotation.UserLoginRequired;
import com.doumee.core.annotation.pr.PreventRepeat;
import com.doumee.core.annotation.trace.Trace;
import com.doumee.core.constants.ResponseStatus;
import com.doumee.core.exception.BusinessException;
import com.doumee.core.model.ApiResponse;
import com.doumee.core.model.PageData;
import com.doumee.core.model.PageWrap;
@@ -22,11 +29,16 @@
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.tomcat.util.security.MD5Encoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.InputStream;

@@ -60,6 +72,9 @@

    @Autowired
    public UsersService usersService;

    @Autowired
    public SystemDictDataBiz systemDictDataBiz;


    @UserLoginRequired
@@ -113,9 +128,28 @@
        return  ApiResponse.success(zbomCRMService.getCrmGoUrl(this.getLoginUserInfo().getIamUsername(),type));
    }

    @PreventRepeat(lockTime = 2000)
    @ApiOperation(value = "生成小程序码", notes = "PAD端")
    @PostMapping("/getQrCode")
    public void getQrCode(@RequestBody GenerateQRCodeRequest generateQRCodeRequest, HttpServletResponse response) {
    @ApiImplicitParams({
            @ApiImplicitParam(paramType = "header", dataType = "String", name = "sign", value = "签名（使用timestamp+appkey进行md5加密）", required = true),
            @ApiImplicitParam(paramType = "header", dataType = "Long", name = "timestamp", value = "时间戳（当前时间毫秒，2小时内有效）", required = true),
    })
    public void getQrCode(@RequestParam(value = "sign")String sign,
                          @RequestParam(value = "timestamp")Long timestamp,
                          @RequestBody GenerateQRCodeRequest generateQRCodeRequest,HttpServletResponse response) {
        if(StringUtils.isBlank(sign) || timestamp == null){
            throw  new BusinessException(ResponseStatus.BAD_REQUEST);
        }
        String interfaceKey = systemDictDataBiz.queryByCode(Constants.ZBOM,Constants.ZBOM_PAD_INTERFACE_KEY).getCode();
        //判断时间戳是否超过两小时
        if(System.currentTimeMillis()-timestamp > 2 * 60 * 3600 * 1000){
            throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token已失效!");
        }
        String token = DigestUtils.md5Hex(timestamp+interfaceKey);
        if(!token.equals(sign)){
            throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token已失效!");
        }
        try{
            response.setHeader("Cache-Control", "no-store, no-cache");
            response.setContentType("image/jpeg");