From 2175ac3fc50f1a0b6a95ae54ca399f3f6c6a16a7 Mon Sep 17 00:00:00 2001 From: luckyQing <1634753825@qq.com> Date: Thu, 11 Apr 2024 10:54:57 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A6=82=E6=9E=9C=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E9=9C=80=E8=A6=81=E5=8A=A0=E8=A7=A3=E5=AF=86=E6=88=96=E7=AD=BE?= =?UTF-8?q?=E5=90=8D=EF=BC=8C=E5=88=99=E5=BF=85=E9=A1=BB=E6=A0=A1=E9=AA=8C?= =?UTF-8?q?timestamp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../examples/api/ac/core/util/ApiMetaUtil.java | 16 +++++++++++++--- .../gateway/cache/ApiAccessMetaCache.java | 10 ++++++++++ .../access/core/RequestTimestampCheckFilter.java | 7 ++++--- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/application-module/api-ac-core/src/main/java/org/smartframework/cloud/examples/api/ac/core/util/ApiMetaUtil.java b/application-module/api-ac-core/src/main/java/org/smartframework/cloud/examples/api/ac/core/util/ApiMetaUtil.java index 90426cf0..28b34d6c 100644 --- a/application-module/api-ac-core/src/main/java/org/smartframework/cloud/examples/api/ac/core/util/ApiMetaUtil.java +++ b/application-module/api-ac-core/src/main/java/org/smartframework/cloud/examples/api/ac/core/util/ApiMetaUtil.java @@ -21,6 +21,7 @@ import io.github.smart.cloud.api.core.annotation.auth.RequirePermissions; import io.github.smart.cloud.api.core.annotation.auth.RequireRoles; import io.github.smart.cloud.api.core.annotation.auth.RequireUser; +import io.github.smart.cloud.api.core.annotation.constants.ApiAnnotationConstants; import io.github.smart.cloud.api.core.annotation.enums.SignType; import io.github.smart.cloud.constants.SymbolConstant; import io.github.smart.cloud.starter.core.constants.PackageConfig; @@ -96,7 +97,7 @@ public ApiMetaFetchRespVO collectApiMetas() { ApiAccessMetaRespVO apiAccessMeta = new ApiAccessMetaRespVO(); apiAccessMeta.setDataSecurityMeta(dataSecurityMeta); apiAccessMeta.setRepeatSubmitCheckMeta(repeatSubmitCheckMeta); - apiAccessMeta.setRequestValidMillis(getRequestValidMillis(method)); + apiAccessMeta.setRequestValidMillis(getRequestValidMillis(method, dataSecurityMeta)); apiAccessMeta.setAuthMeta(buildAuthMeta(method, repeatSubmitCheckMeta.getCheck(), dataSecurityMeta)); apiAccessMap.put(urlCode, apiAccessMeta); } @@ -131,9 +132,18 @@ private RepeatSubmitCheckMetaRespVO buildRepeatSubmitCheckMeta(Method method) { * @param method * @return */ - private Long getRequestValidMillis(Method method) { + private Long getRequestValidMillis(Method method, DataSecurityMetaRespVO dataSecurityMeta) { RequireTimestamp requireTimestamp = method.getAnnotation(RequireTimestamp.class); - return requireTimestamp == null ? null : requireTimestamp.validMillis(); + if (requireTimestamp != null) { + return requireTimestamp.validMillis(); + } + + // 如果接口需要加解密或签名,则必须校验timestamp + if (dataSecurityMeta.getRequestDecrypt() || dataSecurityMeta.getResponseEncrypt() || dataSecurityMeta.getSign() != SignType.NONE.getType()) { + return ApiAnnotationConstants.DEFAULT_TIMESTAMP_VALID_MILLIS; + } + + return null; } /** diff --git a/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/cache/ApiAccessMetaCache.java b/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/cache/ApiAccessMetaCache.java index 98d769d6..2f81d223 100644 --- a/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/cache/ApiAccessMetaCache.java +++ b/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/cache/ApiAccessMetaCache.java @@ -162,4 +162,14 @@ public boolean isDataSecurity() { return requestDecrypt || responseEncrypt || signType != SignType.NONE.getType(); } + /** + * 是否需要校验时间戳 + * + * @return + */ + @JsonIgnore + public boolean isRequireCheckTimestamp() { + return (requestValidMillis != null && requestValidMillis > 0) || isDataSecurity(); + } + } \ No newline at end of file diff --git a/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/filter/access/core/RequestTimestampCheckFilter.java b/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/filter/access/core/RequestTimestampCheckFilter.java index 32231a1c..e6c4e940 100644 --- a/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/filter/access/core/RequestTimestampCheckFilter.java +++ b/application-module/support-module/support-service-gateway/src/main/java/org/smartframework/cloud/examples/support/gateway/filter/access/core/RequestTimestampCheckFilter.java @@ -17,6 +17,7 @@ import io.github.smart.cloud.common.web.constants.SmartHttpHeaders; import org.apache.commons.lang3.StringUtils; +import org.smartframework.cloud.examples.support.gateway.cache.ApiAccessMetaCache; import org.smartframework.cloud.examples.support.gateway.constants.GatewayReturnCodes; import org.smartframework.cloud.examples.support.gateway.constants.Order; import org.smartframework.cloud.examples.support.gateway.exception.RequestTimestampException; @@ -44,8 +45,8 @@ public int getOrder() { @Override protected Mono innerFilter(ServerWebExchange exchange, WebFilterChain chain, FilterContext filterContext) { - Long requestValidMillis = filterContext.getApiAccessMetaCache().getRequestValidMillis(); - if (requestValidMillis == null || requestValidMillis <= 0) { + ApiAccessMetaCache apiAccessMetaCache = filterContext.getApiAccessMetaCache(); + if (!apiAccessMetaCache.isRequireCheckTimestamp()) { return chain.filter(exchange); } @@ -56,7 +57,7 @@ protected Mono innerFilter(ServerWebExchange exchange, WebFilterChain chai if (!StringUtils.isNumeric(requestTimestampStr)) { throw new RequestTimestampException(GatewayReturnCodes.REQUEST_TIMESTAMP_FORMAT_INVALID); } - if (Math.abs(System.currentTimeMillis() - Long.valueOf(requestTimestampStr)) > requestValidMillis) { + if (Math.abs(System.currentTimeMillis() - Long.valueOf(requestTimestampStr)) > apiAccessMetaCache.getRequestValidMillis()) { throw new RequestTimestampException(GatewayReturnCodes.REQUEST_TIMESTAMP_ILLEGAL); } return chain.filter(exchange);