package com.ruoyi.api.third.util; import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.utils.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; import java.util.Map; /** * 第三方API认证工具 */ @Component public class ApiAuthUtil { private static final Logger logger = LoggerFactory.getLogger(ApiAuthUtil.class); @Value("${api.third.appid:}") private String validAppId; @Value("${api.third.secret:}") private String validSecret; /** * 验证请求的appid和secret * * @param request HTTP请求 * @return 是否验证通过 */ public boolean validateAppAuth(HttpServletRequest request) { String appId = getAppId(request); String secret = getSecret(request); if (StringUtils.isEmpty(appId) || StringUtils.isEmpty(secret)) { logger.warn("缺少appId或secret参数"); return false; } // 从配置中获取有效的appid和secret if (StringUtils.isEmpty(validAppId) || StringUtils.isEmpty(validSecret)) { logger.error("系统未配置有效的appid和secret"); return false; } boolean valid = appId.equals(validAppId) && secret.equals(validSecret); if (!valid) { logger.warn("appId或secret验证失败: appId={}, secret=***", appId); } return valid; } /** * 获取appId (从请求头或请求参数) */ public String getAppId(HttpServletRequest request) { String appId = request.getHeader("X-AppId"); if (StringUtils.isEmpty(appId)) { appId = request.getParameter("appId"); } return appId; } /** * 获取secret (从请求头或请求参数) */ public String getSecret(HttpServletRequest request) { String secret = request.getHeader("X-Secret"); if (StringUtils.isEmpty(secret)) { secret = request.getParameter("secret"); } return secret; } /** * 获取未授权的响应 */ public AjaxResult getUnauthorizedResult() { return AjaxResult.error(401, "appId或secret验证失败,请检查凭证"); } }