6 년 전 · cf9b47ac81
--- a/examcloud-exchange-starter/src/main/java/cn/com/qmth/examcloud/exchange/config/ThirdPartyAccessInterceptor.java
+++ b/examcloud-exchange-starter/src/main/java/cn/com/qmth/examcloud/exchange/config/ThirdPartyAccessInterceptor.java
@@ -9,7 +9,6 @@ import org.springframework.web.servlet.HandlerInterceptor;
 
				 import org.springframework.web.servlet.ModelAndView;
			
 
				 
			
 
				 import cn.com.qmth.examcloud.api.commons.EnterpriseService;
			
 
				-import cn.com.qmth.examcloud.commons.exception.StatusException;
			
 
				 import cn.com.qmth.examcloud.commons.logging.ExamCloudLog;
			
 
				 import cn.com.qmth.examcloud.commons.logging.ExamCloudLogFactory;
			
 
				 import cn.com.qmth.examcloud.commons.util.ByteUtil;
			
@@ -24,7 +23,7 @@ import cn.com.qmth.examcloud.web.support.ServletUtil;
 
				 import cn.com.qmth.examcloud.web.support.StatusResponse;
			
 
				 
			
 
				 /**
			
 
				- * 第三方请求接入
			
 
				+ * 第三方企业接入
			
 
				  *
			
 
				  * @author WANGWEI
			
 
				  * @date 2018年5月22日
			
@@ -58,61 +57,89 @@ public final class ThirdPartyAccessInterceptor implements HandlerInterceptor {
 
				 			return true;
			
 
				 		}
			
 
				 
			
 
				-		String accessToken = request.getHeader("access_token");
			
 
				-		String rootOrgId = request.getHeader("rootOrgId");
			
 
				-		String appId = request.getHeader("appId");
			
 
				-		String timestamp = request.getHeader("timestamp");
			
 
				+		String appId = request.getHeader("App-Id");
			
 
				+		if (null == appId) {
			
 
				+			appId = request.getHeader("appId");
			
 
				+		}
			
 
				+		if (StringUtils.isBlank(appId)) {
			
 
				+			// 403
			
 
				+			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				+			ServletUtil.returnJson(new StatusResponse("403", "'App-Id'('appId') is blank"),
			
 
				+					response);
			
 
				+			return false;
			
 
				+		}
			
 
				 
			
 
				-		if (StringUtils.isBlank(accessToken) || StringUtils.isBlank(rootOrgId)
			
 
				-				|| StringUtils.isBlank(appId) || StringUtils.isBlank(timestamp)) {
			
 
				+		String rootOrgId = request.getHeader("Root-Org-Id");
			
 
				+		if (null == rootOrgId) {
			
 
				+			rootOrgId = request.getHeader("rootOrgId");
			
 
				+		}
			
 
				+		if (StringUtils.isBlank(rootOrgId)) {
			
 
				+			// 403
			
 
				+			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				+			ServletUtil.returnJson(new StatusResponse("403", "'Root-Org-Id'('rootOrgId') is blank"),
			
 
				+					response);
			
 
				+			return false;
			
 
				+		}
			
 
				+		Long rootOrgIdLong = null;
			
 
				+		try {
			
 
				+			rootOrgIdLong = Long.parseLong(rootOrgId);
			
 
				+		} catch (Exception e) {
			
 
				+			// 403
			
 
				 			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				 			ServletUtil.returnJson(
			
 
				-					new StatusResponse("403",
			
 
				-							"第三方接入请求必须包含请求头['access_token','rootOrgId','appId','timestamp']"),
			
 
				+					new StatusResponse("403", "'Root-Org-Id'('rootOrgId') must be a long"),
			
 
				 					response);
			
 
				 			return false;
			
 
				 		}
			
 
				 
			
 
				-		accessToken = accessToken.trim();
			
 
				-		rootOrgId = rootOrgId.trim();
			
 
				-		appId = appId.trim();
			
 
				-		timestamp = timestamp.trim();
			
 
				-
			
 
				-		if (!(StringUtil.isLong(rootOrgId) && StringUtil.isLong(timestamp))) {
			
 
				+		String accessToken = request.getHeader("Access-Token");
			
 
				+		if (null == accessToken) {
			
 
				+			accessToken = request.getHeader("access_token");
			
 
				+		}
			
 
				+		if (StringUtils.isBlank(accessToken)) {
			
 
				+			// 403
			
 
				 			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				 			ServletUtil.returnJson(
			
 
				-					new StatusResponse("403", "第三方接入请求头['rootOrgId','timestamp']必须是整数"), response);
			
 
				+					new StatusResponse("403", "'Access-Token'('access_token') is blank"), response);
			
 
				 			return false;
			
 
				 		}
			
 
				 
			
 
				-		request.setAttribute("$rootOrgId", Long.parseLong(rootOrgId));
			
 
				+		String timestamp = request.getHeader("timestamp");
			
 
				+		if (StringUtils.isBlank(timestamp)) {
			
 
				+			// 403
			
 
				+			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				+			ServletUtil.returnJson(new StatusResponse("403", "'timestamp' is blank"), response);
			
 
				+			return false;
			
 
				+		}
			
 
				+		Long timestampLong = null;
			
 
				+		try {
			
 
				+			timestampLong = Long.parseLong(timestamp);
			
 
				+		} catch (Exception e) {
			
 
				+			// 403
			
 
				+			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				+			ServletUtil.returnJson(new StatusResponse("403", "'timestamp' must be a long"),
			
 
				+					response);
			
 
				+			return false;
			
 
				+		}
			
 
				 
			
 
				-		String key = "$_A_" + rootOrgId + "_" + appId;
			
 
				+		request.setAttribute("$rootOrgId", rootOrgIdLong);
			
 
				 
			
 
				-		ThirdPartyAccessBean thirdPartyAccessBean = redisClient.get(key, ThirdPartyAccessBean.class,
			
 
				-				60000);
			
 
				+		String key = "$_A_:" + rootOrgId + "_" + appId;
			
 
				+
			
 
				+		ThirdPartyAccessBean thirdPartyAccessBean = redisClient.get(key,
			
 
				+				ThirdPartyAccessBean.class);
			
 
				 
			
 
				 		if (null == thirdPartyAccessBean) {
			
 
				-			try {
			
 
				-				thirdPartyAccessBean = getThirdPartyAccessInfo(rootOrgId, appId);
			
 
				-			} catch (StatusException e) {
			
 
				-				response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				-				ServletUtil.returnJson(new StatusResponse("403", e.getDesc()), response);
			
 
				-				return false;
			
 
				-			} catch (Exception e) {
			
 
				-				response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
			
 
				-				ServletUtil.returnJson(new StatusResponse("500", "获取第三方接入信息异常"), response);
			
 
				-				return false;
			
 
				-			}
			
 
				+			thirdPartyAccessBean = getThirdPartyAccessInfo(rootOrgIdLong, appId);
			
 
				 			redisClient.set(key, thirdPartyAccessBean, 60000);
			
 
				 		}
			
 
				 
			
 
				 		if (null != thirdPartyAccessBean.getTimeRange()) {
			
 
				-			long timestampLong = Long.parseLong(timestamp);
			
 
				 			long currentTimeMillis = System.currentTimeMillis();
			
 
				 			if (Math.abs(currentTimeMillis - timestampLong) > thirdPartyAccessBean.getTimeRange()) {
			
 
				+				// 403
			
 
				 				response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				-				ServletUtil.returnJson(new StatusResponse("403", "timestamp超出时间差范围"), response);
			
 
				+				ServletUtil.returnJson(new StatusResponse("403", "timestamp is out"), response);
			
 
				 				return false;
			
 
				 			}
			
 
				 		}
			
@@ -123,19 +150,21 @@ public final class ThirdPartyAccessInterceptor implements HandlerInterceptor {
 
				 		String hexAscii = ByteUtil.toHexAscii(bytes);
			
 
				 
			
 
				 		if (!hexAscii.equalsIgnoreCase(accessToken)) {
			
 
				+			// 403
			
 
				 			response.setStatus(HttpStatus.FORBIDDEN.value());
			
 
				-			ServletUtil.returnJson(new StatusResponse("403", "access_token校验失败"), response);
			
 
				+			ServletUtil.returnJson(
			
 
				+					new StatusResponse("403", "'Access-Token'('access_token') is wrong"), response);
			
 
				 			return false;
			
 
				 		}
			
 
				 
			
 
				 		return true;
			
 
				 	}
			
 
				 
			
 
				-	private ThirdPartyAccessBean getThirdPartyAccessInfo(String rootOrgId, String appId) {
			
 
				+	private ThirdPartyAccessBean getThirdPartyAccessInfo(Long rootOrgId, String appId) {
			
 
				 		ThirdPartyAccessBean thirdPartyAccessBean;
			
 
				 		GetThirdPartyAccessInfoReq req = new GetThirdPartyAccessInfoReq();
			
 
				 		req.setAppId(appId);
			
 
				-		req.setRootOrgId(Long.parseLong(rootOrgId));
			
 
				+		req.setRootOrgId(rootOrgId);
			
 
				 		GetThirdPartyAccessInfoResp resp = commonCloudService.getThirdPartyAccessInfo(req);
			
 
				 		thirdPartyAccessBean = resp.getThirdPartyAccessBean();
			
 
				 		return thirdPartyAccessBean;