package com.ruoyi.api.third.util;
|
|
import com.ruoyi.common.core.domain.AjaxResult;
|
import com.ruoyi.common.utils.StringUtils;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.stereotype.Component;
|
|
import javax.servlet.http.HttpServletRequest;
|
import java.util.HashMap;
|
import java.util.Map;
|
|
/**
|
* 第三方API认证工具
|
*/
|
@Component
|
public class ApiAuthUtil {
|
|
private static final Logger logger = LoggerFactory.getLogger(ApiAuthUtil.class);
|
|
@Value("${api.third.appid:}")
|
private String validAppId;
|
|
@Value("${api.third.secret:}")
|
private String validSecret;
|
|
/**
|
* 验证请求的appid和secret
|
*
|
* @param request HTTP请求
|
* @return 是否验证通过
|
*/
|
public boolean validateAppAuth(HttpServletRequest request) {
|
String appId = getAppId(request);
|
String secret = getSecret(request);
|
|
if (StringUtils.isEmpty(appId) || StringUtils.isEmpty(secret)) {
|
logger.warn("缺少appId或secret参数");
|
return false;
|
}
|
|
// 从配置中获取有效的appid和secret
|
if (StringUtils.isEmpty(validAppId) || StringUtils.isEmpty(validSecret)) {
|
logger.error("系统未配置有效的appid和secret");
|
return false;
|
}
|
|
boolean valid = appId.equals(validAppId) && secret.equals(validSecret);
|
|
if (!valid) {
|
logger.warn("appId或secret验证失败: appId={}, secret=***", appId);
|
}
|
|
return valid;
|
}
|
|
/**
|
* 获取appId (从请求头或请求参数)
|
*/
|
public String getAppId(HttpServletRequest request) {
|
String appId = request.getHeader("X-AppId");
|
if (StringUtils.isEmpty(appId)) {
|
appId = request.getParameter("appId");
|
}
|
return appId;
|
}
|
|
/**
|
* 获取secret (从请求头或请求参数)
|
*/
|
public String getSecret(HttpServletRequest request) {
|
String secret = request.getHeader("X-Secret");
|
if (StringUtils.isEmpty(secret)) {
|
secret = request.getParameter("secret");
|
}
|
return secret;
|
}
|
|
/**
|
* 获取未授权的响应
|
*/
|
public AjaxResult getUnauthorizedResult() {
|
return AjaxResult.error(401, "appId或secret验证失败,请检查凭证");
|
}
|
}
|
