open-JSD-9584/src/main/java/com/fr/plugin/xxx/xxx/sso/TokenFilter.java

package com.fr.plugin.xxx.xxx.sso;

import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.plugin.xxx.xxx.sso.util.CommonUtils;
import com.fr.plugin.xxx.xxx.sso.util.LogUtils;
import com.fr.plugin.xxx.xxx.sso.util.Sha256Util;
import com.fr.stable.StringUtils;
import com.fr.web.utils.WebUtils;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.Instant;

/**
 * @Author xxx
 * @Date 2022/3/3
 * @Description
 **/
public class TokenFilter extends AbstractGlobalRequestFilterProvider {
    @Override
    public String filterName() {
        return "xxx";
    }

    @Override
    public String[] urlPatterns() {
        return new String[]{"/decision/url/mobile"};
    }

    @Override
    public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
        String token = WebUtils.getHTTPRequestParameter(req, "token");
        if (StringUtils.isNotBlank(token) && xxxConfig.getInstance().isTokenConfig()) {
            String username = getUsername(token, xxxConfig.getInstance().getKey());
            if (StringUtils.isBlank(username)) {
                CommonUtils.setError(res, "用户解析失败");
                return;
            }
            try {
                CommonUtils.login(username, req, res);
            } catch (Exception e) {
                CommonUtils.setError(res, e.getMessage());
                return;
            }
        }
        CommonUtils.next(req, res, filterChain);
    }

    private String getUsername(String token, String key) {
        Integer timeout = xxxConfig.getInstance().getTimeout();
        String[] arr = token.split("_");
        if (arr.length != 3) {
            return StringUtils.EMPTY;
        }
        String sign = Sha256Util.getSHA256(String.format("%s_%s_%s", arr[1], arr[2], key));
        LogUtils.debug4plugin("calculate signature is {},current time is {}", sign, Instant.now().toEpochMilli());
        if (StringUtils.equals(sign, arr[0]) && Instant.now().toEpochMilli() - Long.valueOf(arr[2]) < timeout * 60) {
            return arr[1];
        }
        LogUtils.warn("current request time out or signature does not match!");
        return StringUtils.EMPTY;
    }
}
open 3 years ago			`package com.fr.plugin.xxx.xxx.sso;`

			`import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;`
			`import com.fr.plugin.xxx.xxx.sso.util.CommonUtils;`
			`import com.fr.plugin.xxx.xxx.sso.util.LogUtils;`
			`import com.fr.plugin.xxx.xxx.sso.util.Sha256Util;`
			`import com.fr.stable.StringUtils;`
			`import com.fr.web.utils.WebUtils;`

			`import javax.servlet.FilterChain;`
			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletResponse;`
			`import java.time.Instant;`

			`/**`
			`* @Author xxx`
			`* @Date 2022/3/3`
			`* @Description`
			`**/`
			`public class TokenFilter extends AbstractGlobalRequestFilterProvider {`
			`@Override`
			`public String filterName() {`
			`return "xxx";`
			`}`

			`@Override`
			`public String[] urlPatterns() {`
			`return new String[]{"/decision/url/mobile"};`
			`}`

			`@Override`
			`public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {`
			`String token = WebUtils.getHTTPRequestParameter(req, "token");`
			`if (StringUtils.isNotBlank(token) && xxxConfig.getInstance().isTokenConfig()) {`
			`String username = getUsername(token, xxxConfig.getInstance().getKey());`
			`if (StringUtils.isBlank(username)) {`
			`CommonUtils.setError(res, "用户解析失败");`
			`return;`
			`}`
			`try {`
			`CommonUtils.login(username, req, res);`
			`} catch (Exception e) {`
			`CommonUtils.setError(res, e.getMessage());`
			`return;`
			`}`
			`}`
			`CommonUtils.next(req, res, filterChain);`
			`}`

			`private String getUsername(String token, String key) {`
			`Integer timeout = xxxConfig.getInstance().getTimeout();`
			`String[] arr = token.split("_");`
			`if (arr.length != 3) {`
			`return StringUtils.EMPTY;`
			`}`
			`String sign = Sha256Util.getSHA256(String.format("%s_%s_%s", arr[1], arr[2], key));`
			`LogUtils.debug4plugin("calculate signature is {},current time is {}", sign, Instant.now().toEpochMilli());`
			`if (StringUtils.equals(sign, arr[0]) && Instant.now().toEpochMilli() - Long.valueOf(arr[2]) < timeout * 60) {`
			`return arr[1];`
			`}`
			`LogUtils.warn("current request time out or signature does not match!");`
			`return StringUtils.EMPTY;`
			`}`
			`}`