diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/code/ResponseCode.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/code/ResponseCode.java index 8359a3fa..94494b03 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/code/ResponseCode.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/code/ResponseCode.java @@ -132,4 +132,6 @@ public interface ResponseCode { String SOURCE_CODE_ISEXIST = "4009"; String CLASS_NOT_FOUND = "4010"; + String REPORT_SHARE_LINK_INVALID = "report.share.link.invalid"; + } diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java index a21eff4f..bea91d96 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java @@ -6,6 +6,7 @@ import com.anji.plus.gaea.bean.ResponseBean; import com.anji.plus.gaea.cache.CacheHelper; import com.anji.plus.gaea.utils.JwtBean; import com.anjiplus.template.gaea.business.constant.BusinessConstant; +import com.anjiplus.template.gaea.business.util.JwtUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; @@ -68,6 +69,24 @@ public class TokenFilter implements Filter { return; } + //针对大屏分享,优先处理 + String shareToken = request.getHeader("Share-Token"); + if (StringUtils.isNotBlank(shareToken)) { + //两个接口需要处理 + // /reportDashboard/getData + // /reportDashboard/{reportCode} + String reportCode = JwtUtil.getReportCode(shareToken); + if (!uri.endsWith("/getData") && !uri.contains(reportCode)) { + ResponseBean responseBean = ResponseBean.builder().code("50014") + .message("分享链接已过期").build(); + response.getWriter().print(JSONObject.toJSONString(responseBean)); + return; + } + filterChain.doFilter(request, response); + return; + } + + //获取token String token = request.getHeader("Authorization"); if (StringUtils.isBlank(token)) { diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/controller/dto/ReportShareDto.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/controller/dto/ReportShareDto.java index 92095e67..0b139d01 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/controller/dto/ReportShareDto.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/controller/dto/ReportShareDto.java @@ -31,6 +31,10 @@ public class ReportShareDto extends GaeaBaseDTO implements Serializable { @ApiModelProperty(value = "分享有效期") private Date shareValidTime; + /** 分享token */ + @ApiModelProperty(value = "分享token") + private String shareToken; + /** 分享url */ @ApiModelProperty(value = "分享url") @NotEmpty(message = "6002") diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/dao/entity/ReportShare.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/dao/entity/ReportShare.java index 08ba3009..59bd466d 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/dao/entity/ReportShare.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/dao/entity/ReportShare.java @@ -24,6 +24,9 @@ public class ReportShare extends GaeaBaseEntity { /** 分享有效期 */ private Date shareValidTime; + /** 分享token */ + private String shareToken; + /** 分享url */ private String shareUrl; diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImpl.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImpl.java index 89bf923a..6927bcb3 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImpl.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImpl.java @@ -10,6 +10,7 @@ import com.anjiplus.template.gaea.business.modules.reportshare.dao.ReportShareMa import com.anjiplus.template.gaea.business.modules.reportshare.dao.entity.ReportShare; import com.anjiplus.template.gaea.business.modules.reportshare.service.ReportShareService; import com.anjiplus.template.gaea.business.util.DateUtil; +import com.anjiplus.template.gaea.business.util.JwtUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import org.springframework.beans.BeanUtils; @@ -80,6 +81,7 @@ public class ReportShareServiceImpl implements ReportShareService { entity.setShareUrl(entity.getShareUrl() + SHARE_FLAG + shareCode); } entity.setShareValidTime(DateUtil.getFutureDateTmdHms(entity.getShareValidType())); + entity.setShareToken(JwtUtil.createToken(entity.getReportCode(), shareCode, entity.getShareValidTime())); break; case UPDATE: break; diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/util/JwtUtil.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/util/JwtUtil.java new file mode 100644 index 00000000..c2867eb6 --- /dev/null +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/util/JwtUtil.java @@ -0,0 +1,58 @@ +package com.anjiplus.template.gaea.business.util; + +import com.anji.plus.gaea.exception.BusinessExceptionBuilder; +import com.anjiplus.template.gaea.business.code.ResponseCode; +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.interfaces.Claim; +import com.auth0.jwt.interfaces.DecodedJWT; + +import java.util.Date; +import java.util.Map; + +/** + * Created by raodeming on 2021/8/18. + */ +public class JwtUtil { + + private static final String JWT_SECRET = "aj-report"; + + public static String createToken(String reportCode, String shareCode, Date expires) { + String token = JWT.create() + .withIssuedAt(new Date()) + .withExpiresAt(expires) + .withClaim("reportCode", reportCode) + .withClaim("shareCode", shareCode) + .sign(Algorithm.HMAC256(JWT_SECRET)); + return token; + } + + + public static Map getClaim(String token) { + try { + JWTVerifier jwtVerifier = JWT.require(Algorithm.HMAC256(JWT_SECRET)).build(); + DecodedJWT decodedJwt = jwtVerifier.verify(token); + return decodedJwt.getClaims(); + } catch (Exception e) { + throw BusinessExceptionBuilder.build(ResponseCode.REPORT_SHARE_LINK_INVALID, e.getMessage()); + } + } + + public static String getReportCode(String token) { + Claim claim = getClaim(token).get("reportCode"); + if (null == claim) { + throw BusinessExceptionBuilder.build(ResponseCode.REPORT_SHARE_LINK_INVALID); + } + return claim.asString(); + } + + public static String getShareCode(String token) { + Claim claim = getClaim(token).get("shareCode"); + if (null == claim) { + throw BusinessExceptionBuilder.build(ResponseCode.REPORT_SHARE_LINK_INVALID); + } + return claim.asString(); + } + +} diff --git a/report-core/src/main/resources/i18n/messages_en_US.properties b/report-core/src/main/resources/i18n/messages_en_US.properties index e0ac3965..4219c464 100644 --- a/report-core/src/main/resources/i18n/messages_en_US.properties +++ b/report-core/src/main/resources/i18n/messages_en_US.properties @@ -47,3 +47,5 @@ Component.load.check.error={0} Component not load 4008=The set code does not allow duplication 4009=The source code does not allow duplication 4010=Can't auto find match driver class + +report.share.link.invalid=report share link invalid diff --git a/report-core/src/main/resources/i18n/messages_zh_CN.properties b/report-core/src/main/resources/i18n/messages_zh_CN.properties index 36ac0a42..c25afa66 100644 --- a/report-core/src/main/resources/i18n/messages_zh_CN.properties +++ b/report-core/src/main/resources/i18n/messages_zh_CN.properties @@ -52,3 +52,4 @@ Component.load.check.error={0}\u7EC4\u4EF6\u672A\u52A0\u8F7D 7001=\u89E3\u6790\u5931\u8D25 +report.share.link.invalid=\u5206\u4EAB\u94FE\u63A5\u5DF2\u5931\u6548 diff --git a/report-core/src/test/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImplTest.java b/report-core/src/test/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImplTest.java new file mode 100644 index 00000000..41f9a4c6 --- /dev/null +++ b/report-core/src/test/java/com/anjiplus/template/gaea/business/modules/reportshare/service/impl/ReportShareServiceImplTest.java @@ -0,0 +1,48 @@ +package com.anjiplus.template.gaea.business.modules.reportshare.service.impl; + +import com.auth0.jwt.JWT; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.interfaces.DecodedJWT; +import org.junit.jupiter.api.Test; + +import java.util.Date; + +/** + * Created by raodeming on 2021/8/18. + */ +public class ReportShareServiceImplTest { + + @Test + public void jwtTest() throws InterruptedException { + + long l = System.currentTimeMillis(); + + + String sign = JWT.create() + .withIssuedAt(new Date()) + .withExpiresAt(new Date(l + 5000)) + .withClaim("reportCode", "report") + .withClaim("shareCode", "1234567") + .sign(Algorithm.HMAC256("111")); + + + System.out.println(sign); + + Thread.sleep(8000L); + + DecodedJWT verify = JWT.require(Algorithm.HMAC256("111")).build().verify(sign); + + Date expiresAt = verify.getExpiresAt(); + String reportCode = verify.getClaim("reportCode").asString(); + String shareCode = verify.getClaim("shareCode").asString(); + + + System.out.println(expiresAt); + System.out.println(reportCode); + System.out.println(shareCode); + + + + } + +}