添加DES算法验证

user_auth/src/main/java/com/huaxu/controller/UserController.java

@@ -1,13 +1,10 @@
 package com.huaxu.controller;
 
-import com.alibaba.fastjson.JSONObject;
-import com.baomidou.mybatisplus.core.metadata.IPage;
-import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import com.huaxu.dto.UserDto;
+import com.huaxu.dto.UserAuthDto;
+import com.huaxu.exception.ServiceException;
 import com.huaxu.model.LoginUser;
 import com.huaxu.entity.User;
 import com.huaxu.model.AjaxMessage;
-import com.huaxu.model.Pagination;
 import com.huaxu.model.ResultStatus;
 import com.huaxu.service.UserService;
 
@@ -19,13 +16,11 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
 import javax.servlet.http.HttpServletRequest;
 import java.security.Principal;
-import java.util.List;
 import java.util.Optional;
 
 /**
@@ -178,14 +173,27 @@ public class UserController {
         String code=userService.getRangeCode(appId);
         return new AjaxMessage<String>(ResultStatus.OK, code);
     }
-    @RequestMapping(value = "getUniqId", method = RequestMethod.GET)
+
+
+    /*@RequestMapping(value = "getUniqId", method = RequestMethod.GET)
     @ApiOperation(value = "获取用户标识")
     public AjaxMessage<String> getUniqId(@ApiParam(value = "appId", required = true)@RequestParam String appId,
-                                         @ApiParam(value = "appSecret", required = true)@RequestParam String appSecret,
+                                             @ApiParam(value = "APPSECRET", required = true)@RequestParam String appSecret,
                                          @ApiParam(value = "code", required = true)@RequestParam String code                                    ) {
         String uniqId=userService.getUniqId(appId,appSecret,code);
         return new AjaxMessage<String>(ResultStatus.OK, uniqId);
-    }
+    }*/
 
+    @RequestMapping(value = "getUniqId", method = RequestMethod.GET)
+    @ApiOperation(value = "获取用户标识")
+    public AjaxMessage<UserAuthDto> getUniqId(@ApiParam(value = "appId", required = true)@RequestParam String appId,
+                                                 @ApiParam(value = "key", required = true)@RequestParam String key) {
+        try {
+            UserAuthDto userAuthDto  = userService.getUniqId(appId, key);
+            return new AjaxMessage<UserAuthDto>(ResultStatus.OK, userAuthDto);
+        } catch (ServiceException e) {
+            return new AjaxMessage<UserAuthDto>(e.getStatus(),e.getMessage(), null);
+        }
+    }
 
 }

user_auth/src/main/java/com/huaxu/dto/UserAuthDto.java

@@ -0,0 +1,15 @@
+package com.huaxu.dto;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+@Data
+public class UserAuthDto {
+
+    @ApiModelProperty(value="用户uniqId")
+    private String uniqId;
+
+    @ApiModelProperty(value="手机号")
+    private String mobile;
+
+}

user_auth/src/main/java/com/huaxu/service/UserService.java

@@ -2,9 +2,8 @@ package com.huaxu.service;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 
-import com.huaxu.dto.UserDto;
+import com.huaxu.dto.UserAuthDto;
 import com.huaxu.entity.User;
-import org.springframework.security.oauth2.common.OAuth2AccessToken;
 
 import java.util.List;
 
@@ -98,4 +97,13 @@ public interface UserService {
 
 
     String getUniqId(String appId, String appSecret, String code);
+
+    /**
+     * 获取用户标识，通过AES解密得到的key获取
+     * @param appId          appid
+     * @param encryptValue   AES加密值
+     * @return
+     */
+    UserAuthDto getUniqId(String appId, String encryptValue);
+
 }

user_auth/src/main/java/com/huaxu/service/impl/UserServiceImpl.java

@@ -2,48 +2,41 @@ package com.huaxu.service.impl;
 
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.metadata.IPage;
-
 import com.huaxu.dao.LoginLogMapper;
 import com.huaxu.dao.UserMapper;
+import com.huaxu.dto.UserAuthDto;
 import com.huaxu.dto.UserDto;
 import com.huaxu.entity.LoginLog;
 import com.huaxu.entity.MenuEntity;
 import com.huaxu.entity.Org;
 import com.huaxu.entity.User;
-import com.huaxu.model.*;
-import com.huaxu.security.config.RedisTokenStore;
-import com.huaxu.security.exception.SecurityException;
+import com.huaxu.exception.ServiceException;
+import com.huaxu.model.LoginUser;
+import com.huaxu.model.Permission;
+import com.huaxu.model.ProgramItem;
+import com.huaxu.model.ResultStatus;
 import com.huaxu.security.mobile.MobileLoginAuthenticationToken;
-import com.huaxu.security.smsCode.SmsCodeException;
 import com.huaxu.service.UserService;
-import com.huaxu.util.ByteArrayUtils;
-import com.huaxu.util.RedisUtil;
-import com.huaxu.util.UserUtil;
-import com.huaxu.util.Util;
+import com.huaxu.util.*;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.ibatis.annotations.Param;
 import org.springframework.beans.factory.annotation.Autowired;
-
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.redis.connection.RedisConnection;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
-import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.ConsumerTokenServices;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.stereotype.Service;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
-import org.springframework.util.ReflectionUtils;
 import org.springframework.web.client.RestTemplate;
 import sun.misc.BASE64Encoder;
 
@@ -231,6 +224,37 @@ public class UserServiceImpl implements UserService {
         return redisUtil.get(key);
     }
 
+    @Override
+    public UserAuthDto getUniqId(String appId, String encryptValue) {
+        UserAuthDto resultDto = new UserAuthDto();
+        String appSecret = userMapper.getAppSecret(appId);
+        if (StringUtils.isEmpty(appSecret)){
+            throw new ServiceException(ResultStatus.USER_AUTH_APPID_NOT_FOUND);
+        }
+        String key = null;
+        try {
+            // 验证加密的内容是否正确
+            // key = AESUtils.decryptString(encryptValue, appSecret);
+            key = DESUtil.decrypt(encryptValue,appSecret);
+            // 获取明文
+            String text = key.substring(0, key.lastIndexOf("_"));
+            // 获取时间
+            String date = key.substring(key.lastIndexOf("_") + 1, key.length());
+            // 验证在1-2分钟之内是否是有效的加密
+            if (!DESUtil.verifyTime(Long.parseLong(date))){
+                throw new ServiceException(ResultStatus.USER_AUTH_ENCRYPT_VALUE_VERIFY_ERROR);
+            }
+        } catch (Exception e) {
+            throw new ServiceException(ResultStatus.USER_AUTH_ENCRYPT_VALUE_VERIFY_ERROR);
+        }
+        String value = redisUtil.get(key.substring(0, key.lastIndexOf("_")));
+        if (StringUtils.isEmpty(value)){
+            throw new ServiceException(ResultStatus.USER_AUTH_UNIQID_OR_CODE_ISNULL);
+        }
+        resultDto.setUniqId(value);
+        return resultDto;
+    }
+
 
     @Override
     public User chooseUser(User user) {
@@ -477,6 +501,16 @@ public class UserServiceImpl implements UserService {
         insertLoginLog(UserUtil.getCurrentUser(),"登出");
         return flag;
     }
+    /**
+     * 新增注册数据
+     * @author yjy
+     * @param user 实例对象
+     * @return 影响行数
+     */
+    @Override
+    public int insertRegister(User user) {
+        return this.userMapper.insertRegister(user);
+    }
     private void insertLoginLog(LoginUser loginUser,String type){
         LoginLog loginLog=new LoginLog();
         loginLog.setName(loginUser.getName());
@@ -489,14 +523,4 @@ public class UserServiceImpl implements UserService {
         loginLog.setLoginIp(Util.getIpAddr(request));
         loginLogMapper.insert(loginLog);
     }
-    /**
-     * 新增注册数据
-     * @author yjy
-     * @param user 实例对象
-     * @return 影响行数
-     */
-    @Override
-    public int insertRegister(User user) {
-        return this.userMapper.insertRegister(user);
-    }
 }