openapi验证注解更新、company增加access_key

applications/transfers/transfers-auth/pom.xml

@@ -34,6 +34,10 @@
             <groupId>io.github.openfeign</groupId>
             <artifactId>feign-core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.usoftchina.saas</groupId>
+            <artifactId>account-api</artifactId>
+        </dependency>
     </dependencies>
 
 </project>

applications/transfers/transfers-auth/src/main/java/com/usoftchina/saas/transfers/auth/configuration/OpenApiConfig.java

@@ -10,9 +10,19 @@ public class OpenApiConfig {
     private String signatureParam;
     @Value("${openapi.timestampParam:_timestamp}")
     private String timestampParam;
+    @Value("${openaip.companyuu:access_id}")
+    private String companyuu;
     @Value("${openapi.timeout:60000}")
     private int timeout;
 
+    public String getCompanyuu() {
+        return companyuu;
+    }
+
+    public void setCompanyuu(String companyuu) {
+        this.companyuu = companyuu;
+    }
+
     public String getSignatureParam() {
         return signatureParam;
     }

applications/transfers/transfers-auth/src/main/java/com/usoftchina/saas/transfers/auth/interceptor/OpenApiAuthInterceptor.java

@@ -1,5 +1,8 @@
 package com.usoftchina.saas.transfers.auth.interceptor;
 
+import com.usoftchina.saas.account.api.CompanyApi;
+import com.usoftchina.saas.account.dto.CompanyDTO;
+import com.usoftchina.saas.base.Result;
 import com.usoftchina.saas.transfers.auth.annotation.IgnoreOpenApiAuth;
 import com.usoftchina.saas.transfers.auth.configuration.OpenApiConfig;
 import com.usoftchina.saas.utils.StringUtils;
@@ -25,6 +28,9 @@ public class OpenApiAuthInterceptor extends HandlerInterceptorAdapter{
     @Autowired
     private OpenApiConfig openApiConfig;
 
+    @Autowired
+    private CompanyApi companyApi;
+
     // 已使用签名
     private Map<String, Long> signatureCache = new ConcurrentHashMap<>();
 
@@ -44,26 +50,37 @@ public class OpenApiAuthInterceptor extends HandlerInterceptorAdapter{
             }
 
             String sign = request.getParameter(openApiConfig.getSignatureParam());
-            if (!StringUtils.isEmpty(sign)) {
+            String companyuu = request.getParameter(openApiConfig.getCompanyuu());
+            if (!StringUtils.isEmpty(sign) && StringUtils.isEmpty(companyuu)) {
                 String urlMessage = request.getRequestURL() + "?"
                         + request.getQueryString().substring(0, request.getQueryString().indexOf(openApiConfig.getSignatureParam()) - 1);
 
                 logger.info("urlMessage:{}", urlMessage);
                 String servletPath = request.getServletPath();
                 logger.info("servletPath:{}", servletPath);
+
                 boolean check = false;
+                //获取密钥
+                Result<CompanyDTO> companyResult = companyApi.getCompanyByUu(Long.valueOf(companyuu));
+                if (companyResult.isSuccess()) {
+                    String localSign = null;
 
-                if (servletPath.indexOf("openapi") > -1) {
-                    check = sign.equals(HmacUtils.encode(urlMessage));
-                }
-                if (check) {
-                    String timestamp = request.getParameter(openApiConfig.getTimestampParam());
-                    long now = System.currentTimeMillis();
-                    if (!StringUtils.isEmpty(timestamp) && Math.abs(now - Long.parseLong(timestamp)) <= openApiConfig.getTimeout()
-                            && !signatureCache.containsKey(sign)) {
-                        // 加入历史记录
-                        signatureCache.put(sign, now);
-                        return true;
+                    localSign = companyResult.getData().getAccessKey() == null ? HmacUtils.encode(urlMessage) :
+                                HmacUtils.encode(urlMessage, companyResult.getData().getAccessKey());
+
+                    if (servletPath.indexOf("openapi") > -1) {
+                        check = sign.equals(localSign);
+                    }
+
+                    if (check) {
+                        String timestamp = request.getParameter(openApiConfig.getTimestampParam());
+                        long now = System.currentTimeMillis();
+                        if (!StringUtils.isEmpty(timestamp) && Math.abs(now - Long.parseLong(timestamp)) <= openApiConfig.getTimeout()
+                                && !signatureCache.containsKey(sign)) {
+                            // 加入历史记录
+                            signatureCache.put(sign, now);
+                            return true;
+                        }
                     }
                 }
             }

base-servers/account/account-dto/src/main/java/com/usoftchina/saas/account/dto/CompanyDTO.java

@@ -27,7 +27,18 @@ public class CompanyDTO implements Serializable{
     private String dcName;
     private String tel;
     private String fax;
-    private String signet;      //电子章
+    private String signet;
+    private String accessKey;
+
+    public String getAccessKey() {
+        return accessKey;
+    }
+
+    public void setAccessKey(String accessKey) {
+        this.accessKey = accessKey;
+    }
+
+    //电子章
     private List<Map<String, FileInfoDTO>> fileInfoList;
 
     public List<Map<String, FileInfoDTO>> getFileInfoList() {

base-servers/account/account-server/src/main/java/com/usoftchina/saas/account/po/Company.java

@@ -73,6 +73,15 @@ public class Company implements Serializable {
     private Date updateTime;
     private long updaterId;
     private Long uu;
+    private String accessKey;
+
+    public String getAccessKey() {
+        return accessKey;
+    }
+
+    public void setAccessKey(String accessKey) {
+        this.accessKey = accessKey;
+    }
 
     public String getName() {
         return name;

base-servers/account/account-server/src/main/resources/mapper/CompanyMapper.xml

@@ -18,6 +18,7 @@
         <result column="uu" jdbcType="VARCHAR" property="uu"/>
         <result column="logo_url" jdbcType="VARCHAR" property="logoUrl"/>
         <result column="dc_name" jdbcType="VARCHAR" property="dcName"/>
+        <result column="access_key" jdbcType="VARCHAR" property="accessKey"/>
     </resultMap>
     <resultMap id="BaseResultMap" type="com.usoftchina.saas.account.vo.CompanyBaseVO">
         <id column="id" jdbcType="BIGINT" property="id"/>
@@ -26,7 +27,7 @@
         <result column="dc_name" jdbcType="VARCHAR" property="dcName"/>
     </resultMap>
     <sql id="baseColumns">
-        id,name,business_code,address,uu,creator_id,create_time,updater_id,update_time,fax,tel,signet,uu,logo_url,dc_name
+        id,name,business_code,address,uu,creator_id,create_time,updater_id,update_time,fax,tel,signet,uu,logo_url,dc_name,access_key
     </sql>
     <insert id="insert" parameterType="com.usoftchina.saas.account.po.Company"
             useGeneratedKeys="true" keyProperty="id">