From b022834cf81ea67a6f28d31cc057d494ac6dc8ed Mon Sep 17 00:00:00 2001
From: jiangping <jp@doumee.com>
Date: 星期二, 30 七月 2024 14:03:02 +0800
Subject: [PATCH] 提交
---
server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java | 40 ++++++++++++++++++++++++++++++++++++----
1 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
index 822d8c6..f7a4f73 100644
--- a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
+++ b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
@@ -1,10 +1,17 @@
package com.doumee.api.web;
+import cn.hutool.http.HttpRequest;
+import com.amazonaws.util.Md5Utils;
+import com.doumee.biz.system.SystemDataPermissionBiz;
+import com.doumee.biz.system.SystemDictDataBiz;
import com.doumee.biz.zbom.ZbomCRMService;
import com.doumee.biz.zbom.ZbomZhongTaiService;
import com.doumee.config.annotation.LoginRequired;
import com.doumee.config.annotation.UserLoginRequired;
+import com.doumee.core.annotation.pr.PreventRepeat;
import com.doumee.core.annotation.trace.Trace;
+import com.doumee.core.constants.ResponseStatus;
+import com.doumee.core.exception.BusinessException;
import com.doumee.core.model.ApiResponse;
import com.doumee.core.model.PageData;
import com.doumee.core.model.PageWrap;
@@ -22,11 +29,16 @@
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.codec.digest.Md5Crypt;
+import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.tomcat.util.security.MD5Encoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.imageio.ImageIO;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.InputStream;
@@ -60,6 +72,9 @@
@Autowired
public UsersService usersService;
+
+ @Autowired
+ public SystemDictDataBiz systemDictDataBiz;
@UserLoginRequired
@@ -100,8 +115,6 @@
return ApiResponse.success(newsService.findPage(pageWrap));
}
-
-
@UserLoginRequired
@ApiOperation(value = "鑾峰彇瀹㈡埛绠$悊鎺堟潈-鍒楄〃璺宠浆鍦板潃", notes = "鑾峰彇瀹㈡埛绠$悊鎺堟潈璺宠浆鍦板潃")
@GetMapping("/getCrmAuthUrl")
@@ -113,9 +126,29 @@
return ApiResponse.success(zbomCRMService.getCrmGoUrl(this.getLoginUserInfo().getIamUsername(),type));
}
+ @PreventRepeat(lockTime = 2000)
@ApiOperation(value = "鐢熸垚灏忕▼搴忕爜", notes = "PAD绔�")
@PostMapping("/getQrCode")
- public void getQrCode(@RequestBody GenerateQRCodeRequest generateQRCodeRequest, HttpServletResponse response) {
+ @ApiImplicitParams({
+ @ApiImplicitParam(paramType = "header", dataType = "String", name = "sign", value = "绛惧悕锛堜娇鐢╰imestamp+appkey杩涜md5鍔犲瘑锛�", required = true),
+ @ApiImplicitParam(paramType = "header", dataType = "Long", name = "timestamp", value = "鏃堕棿鎴筹紙褰撳墠鏃堕棿姣锛�2灏忔椂鍐呮湁鏁堬級", required = true),
+ })
+ public void getQrCode(@RequestParam(value = "sign")String sign,
+ @RequestParam(value = "timestamp")Long timestamp,
+ @RequestBody GenerateQRCodeRequest generateQRCodeRequest,HttpServletResponse response) {
+ if(StringUtils.isBlank(sign) || timestamp == null){
+ throw new BusinessException(ResponseStatus.BAD_REQUEST);
+ }
+ String interfaceKey = systemDictDataBiz.queryByCode(Constants.ZBOM,Constants.ZBOM_PAD_INTERFACE_KEY).getCode();
+ //鍒ゆ柇鏃堕棿鎴虫槸鍚﹁秴杩囦袱灏忔椂
+ if(System.currentTimeMillis()-timestamp > 2 * 60 * 3600 * 1000){
+ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
+ }
+ String token = DigestUtils.md5Hex(timestamp+interfaceKey);
+ if(!token.equals(sign)){
+ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
+
+ }
try{
response.setHeader("Cache-Control", "no-store, no-cache");
response.setContentType("image/jpeg");
@@ -125,5 +158,4 @@
e.printStackTrace();
}
}
-
}
--
Gitblit v1.9.3