feat: 如果接口需要加解密或签名，则必须校验timestamp

application-module/api-ac-core/src/main/java/org/smartframework/cloud/examples/api/ac/core/util/ApiMetaUtil.java

@@ -21,6 +21,7 @@
 import io.github.smart.cloud.api.core.annotation.auth.RequirePermissions;
 import io.github.smart.cloud.api.core.annotation.auth.RequireRoles;
 import io.github.smart.cloud.api.core.annotation.auth.RequireUser;
+import io.github.smart.cloud.api.core.annotation.constants.ApiAnnotationConstants;
 import io.github.smart.cloud.api.core.annotation.enums.SignType;
 import io.github.smart.cloud.constants.SymbolConstant;
 import io.github.smart.cloud.starter.core.constants.PackageConfig;
@@ -96,7 +97,7 @@ public ApiMetaFetchRespVO collectApiMetas() {
                 ApiAccessMetaRespVO apiAccessMeta = new ApiAccessMetaRespVO();
                 apiAccessMeta.setDataSecurityMeta(dataSecurityMeta);
                 apiAccessMeta.setRepeatSubmitCheckMeta(repeatSubmitCheckMeta);
-                apiAccessMeta.setRequestValidMillis(getRequestValidMillis(method));
+                apiAccessMeta.setRequestValidMillis(getRequestValidMillis(method, dataSecurityMeta));
                 apiAccessMeta.setAuthMeta(buildAuthMeta(method, repeatSubmitCheckMeta.getCheck(), dataSecurityMeta));
                 apiAccessMap.put(urlCode, apiAccessMeta);
             }
@@ -131,9 +132,18 @@ private RepeatSubmitCheckMetaRespVO buildRepeatSubmitCheckMeta(Method method) {
      * @param method
      * @return
      */
-    private Long getRequestValidMillis(Method method) {
+    private Long getRequestValidMillis(Method method, DataSecurityMetaRespVO dataSecurityMeta) {
         RequireTimestamp requireTimestamp = method.getAnnotation(RequireTimestamp.class);
-        return requireTimestamp == null ? null : requireTimestamp.validMillis();
+        if (requireTimestamp != null) {
+            return requireTimestamp.validMillis();
+        }
+
+        // 如果接口需要加解密或签名，则必须校验timestamp
+        if (dataSecurityMeta.getRequestDecrypt() || dataSecurityMeta.getResponseEncrypt() || dataSecurityMeta.getSign() != SignType.NONE.getType()) {
+            return ApiAnnotationConstants.DEFAULT_TIMESTAMP_VALID_MILLIS;
+        }
+
+        return null;
     }
 
     /**

application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/cache/ApiAccessMetaCache.java

@@ -162,4 +162,14 @@ public boolean isDataSecurity() {
         return requestDecrypt || responseEncrypt || signType != SignType.NONE.getType();
     }
 
+    /**
+     * 是否需要校验时间戳
+     *
+     * @return
+     */
+    @JsonIgnore
+    public boolean isRequireCheckTimestamp() {
+        return (requestValidMillis != null && requestValidMillis > 0) || isDataSecurity();
+    }
+
 }

application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/filter/access/core/RequestTimestampCheckFilter.java

@@ -17,6 +17,7 @@
 
 import io.github.smart.cloud.common.web.constants.SmartHttpHeaders;
 import org.apache.commons.lang3.StringUtils;
+import org.smartframework.cloud.examples.support.gateway.cache.ApiAccessMetaCache;
 import org.smartframework.cloud.examples.support.gateway.constants.GatewayReturnCodes;
 import org.smartframework.cloud.examples.support.gateway.constants.Order;
 import org.smartframework.cloud.examples.support.gateway.exception.RequestTimestampException;
@@ -44,8 +45,8 @@ public int getOrder() {
 
     @Override
     protected Mono<Void> innerFilter(ServerWebExchange exchange, WebFilterChain chain, FilterContext filterContext) {
-        Long requestValidMillis = filterContext.getApiAccessMetaCache().getRequestValidMillis();
-        if (requestValidMillis == null || requestValidMillis <= 0) {
+        ApiAccessMetaCache apiAccessMetaCache = filterContext.getApiAccessMetaCache();
+        if (!apiAccessMetaCache.isRequireCheckTimestamp()) {
             return chain.filter(exchange);
         }
 
@@ -56,7 +57,7 @@ protected Mono<Void> innerFilter(ServerWebExchange exchange, WebFilterChain chai
         if (!StringUtils.isNumeric(requestTimestampStr)) {
             throw new RequestTimestampException(GatewayReturnCodes.REQUEST_TIMESTAMP_FORMAT_INVALID);
         }
-        if (Math.abs(System.currentTimeMillis() - Long.valueOf(requestTimestampStr)) > requestValidMillis) {
+        if (Math.abs(System.currentTimeMillis() - Long.valueOf(requestTimestampStr)) > apiAccessMetaCache.getRequestValidMillis()) {
             throw new RequestTimestampException(GatewayReturnCodes.REQUEST_TIMESTAMP_ILLEGAL);
         }
         return chain.filter(exchange);