From c0cb31a27522f2b480d7f98784eef37c2fb75f2d Mon Sep 17 00:00:00 2001
From: jiangping <jp@doumee.com>
Date: 星期二, 30 七月 2024 09:10:22 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
index a45ebd0..f7a4f73 100644
--- a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
+++ b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
@@ -8,6 +8,7 @@
 import com.doumee.biz.zbom.ZbomZhongTaiService;
 import com.doumee.config.annotation.LoginRequired;
 import com.doumee.config.annotation.UserLoginRequired;
+import com.doumee.core.annotation.pr.PreventRepeat;
 import com.doumee.core.annotation.trace.Trace;
 import com.doumee.core.constants.ResponseStatus;
 import com.doumee.core.exception.BusinessException;
@@ -114,8 +115,6 @@
         return ApiResponse.success(newsService.findPage(pageWrap));
     }
 
-
-
     @UserLoginRequired
     @ApiOperation(value = "鑾峰彇瀹㈡埛绠＄悊鎺堟潈-鍒楄〃璺宠浆鍦板潃", notes = "鑾峰彇瀹㈡埛绠＄悊鎺堟潈璺宠浆鍦板潃")
     @GetMapping("/getCrmAuthUrl")
@@ -127,11 +126,12 @@
         return  ApiResponse.success(zbomCRMService.getCrmGoUrl(this.getLoginUserInfo().getIamUsername(),type));
     }
 
+    @PreventRepeat(lockTime = 2000)
     @ApiOperation(value = "鐢熸垚灏忕▼搴忕爜", notes = "PAD绔�")
     @PostMapping("/getQrCode")
     @ApiImplicitParams({
             @ApiImplicitParam(paramType = "header", dataType = "String", name = "sign", value = "绛惧悕锛堜娇鐢╰imestamp+appkey杩涜md5鍔犲瘑锛�", required = true),
-            @ApiImplicitParam(paramType = "header", dataType = "String", name = "timestamp", value = "鏃堕棿鎴筹紙褰撳墠鏃堕棿姣锛�2灏忔椂鍐呮湁鏁堬級", required = true),
+            @ApiImplicitParam(paramType = "header", dataType = "Long", name = "timestamp", value = "鏃堕棿鎴筹紙褰撳墠鏃堕棿姣锛�2灏忔椂鍐呮湁鏁堬級", required = true),
     })
     public void getQrCode(@RequestParam(value = "sign")String sign,
                           @RequestParam(value = "timestamp")Long timestamp,
@@ -140,9 +140,14 @@
             throw  new BusinessException(ResponseStatus.BAD_REQUEST);
         }
         String interfaceKey = systemDictDataBiz.queryByCode(Constants.ZBOM,Constants.ZBOM_PAD_INTERFACE_KEY).getCode();
+        //鍒ゆ柇鏃堕棿鎴虫槸鍚﹁秴杩囦袱灏忔椂
+        if(System.currentTimeMillis()-timestamp > 2 * 60 * 3600 * 1000){
+            throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
+        }
         String token = DigestUtils.md5Hex(timestamp+interfaceKey);
         if(!token.equals(sign)){
             throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
+
         }
         try{
             response.setHeader("Cache-Control", "no-store, no-cache");
@@ -153,5 +158,4 @@
             e.printStackTrace();
         }
     }
-
 }

--
Gitblit v1.9.3