diff --git a/AutoSprout-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java b/AutoSprout-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java index cec5006..1866771 100644 --- a/AutoSprout-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java +++ b/AutoSprout-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java @@ -1,18 +1,5 @@ package com.ruoyi.web.controller.common; -import java.util.ArrayList; -import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.multipart.MultipartFile; import com.ruoyi.common.config.RuoYiConfig; import com.ruoyi.common.constant.Constants; import com.ruoyi.common.core.domain.AjaxResult; @@ -20,6 +7,25 @@ import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.file.FileUploadUtils; import com.ruoyi.common.utils.file.FileUtils; import com.ruoyi.framework.config.ServerConfig; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.multipart.MultipartFile; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.Base64; +import java.util.List; /** * 通用请求处理 @@ -37,6 +43,9 @@ public class CommonController private static final String FILE_DELIMETER = ","; + @Value(value = "${watering.token}") + private String token; + /** * 通用下载请求 * @@ -160,4 +169,65 @@ public class CommonController log.error("下载文件失败", e); } } + + /** + * 功能描述 消息摘要计算 + * + * @param msg 平台推送消息 + * @param signature 根据token生成的签名 + * @param nonce 平台生成的随机字符串 + * @return + * @throws Exception + */ + @RequestMapping("/signature") + public String signature(String msg, String nonce, String signature){ + log.info("接收到参数:msg="+msg+",token="+token+",nonce="+nonce+",signature="+signature); + if(StringUtils.isNotEmpty(msg)){ + // 第一步 计算 MD5 并编码为 Base64 字符串 + String calculatedSignature = calculateBase64MD5(token + nonce + msg); + + // 第二步 进行 URL 解码 + calculatedSignature = urlDecode(calculatedSignature); + + // 第三步 比较计算得到的签名与请求参数中的签名是否相等 + if (calculatedSignature.equals(signature)) { + System.out.println("Token verification successful!"); + } else { + System.out.println("Token verification failed!"); + } + + // 第4步 将URL Decode编码后的值与请求参数signature的值进行对比 + if (StringUtils.isNotEmpty(signature) && signature.equals(calculatedSignature)) { + log.info("签名验证正确,返回msg=【{}】",msg); + return msg; + } + log.info("加密后的base64:【{}】,返回invalid token",calculatedSignature); + return "invalid token"; + }else{ + return msg; + } + } + + // 计算 MD5 并编码为 Base64 字符串 + private static String calculateBase64MD5(String input) { + try { + MessageDigest md = MessageDigest.getInstance("MD5"); + byte[] md5Bytes = md.digest(input.getBytes(StandardCharsets.UTF_8)); + // 编码为 Base64 字符串 + return Base64.getEncoder().encodeToString(md5Bytes); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + // URL 解码 + private static String urlDecode(String input) { + try { + return URLDecoder.decode(input, StandardCharsets.UTF_8.toString()); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } } diff --git a/AutoSprout-admin/src/main/resources/application.yml b/AutoSprout-admin/src/main/resources/application.yml index 1415f2a..b09de38 100644 --- a/AutoSprout-admin/src/main/resources/application.yml +++ b/AutoSprout-admin/src/main/resources/application.yml @@ -29,6 +29,8 @@ watering: timeout: 10 # token过期时间 daysToExpire: 100 + # 推送消息token + token: tVpNdGKrAFHfKZNgpIWQfZukrcYHNfFM # 开发环境配置 server: # 服务器的HTTP端口,默认为8080 diff --git a/AutoSprout-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/AutoSprout-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index 2125853..569aaa7 100644 --- a/AutoSprout-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/AutoSprout-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -111,7 +111,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter // 过滤请求 .authorizeRequests() // 对于登录login 注册register 验证码captchaImage 允许匿名访问 - .antMatchers("/login", "/register", "/captchaImage").permitAll() + .antMatchers("/login", "/register", "/captchaImage","/common/signature").permitAll() // 静态资源,可匿名访问 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()