接口授权常见处理方案之token

服务提供方和调用方同时用某个算法计算出一个token,比较时间来确定token是否有效。

import org.springframework.util.Assert;

import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.util.Date;

/**
 * @Author: pengbenlei
 * @Date: 2020/8/27 11:24
 * @Description: 接口授权码工具类
 */
public class RequestApiAuthUtil {

    static final Base64.Encoder encoder = Base64.getEncoder();

    /**
     * 请求授权码加密算法
     *
     * @param applicationCode  应用唯一码
     * @param applicationKey 应用私钥
     * @param timestamp      时间戳
     */
    public static String ecode(String applicationCode, String applicationKey, Long timestamp) {
        String authCode = "";
        try {
            authCode = encoder.encodeToString(HmacSHA1Encrypt(applicationCode, applicationKey + timestamp.toString()));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return authCode;
    }

    /**
     * 请求授权码验证
     */
    public static Boolean authCodeVerification(String authCode, String applicationCode, String applicationKey, Long startTime) {
        Long nowTime = new Date().getTime() / 1000;
        long timeDifference = nowTime - startTime;
        // 时间点相差的秒数
        // 7200秒内视为有效
        System.out.println("nowTime:" + nowTime + "  startTime:" + startTime + "  timeDifference" + timeDifference);
        Assert.isTrue(!(timeDifference > 7200 || timeDifference < 0), "Error passing in timestamp");
        //验证授权码
        String correctCode = ecode(applicationCode, applicationKey, startTime);
        Assert.isTrue(correctCode.equals(authCode), "Authorization code error, please check the algorithm or timestamp!");
        return true;
    }


    private static final String MAC_NAME = "HmacSHA1";
    private static final String ENCODING = "UTF-8";

    public static byte[] HmacSHA1Encrypt(String encryptText, String encryptKey) throws Exception {
        byte[] data = encryptKey.getBytes(ENCODING);
        // 根据给定的字节数组构造一个密钥,第二参数指定一个密钥算法的名称
        SecretKey secretKey = new SecretKeySpec(data, MAC_NAME);
        // 生成一个指定 Mac 算法 的 Mac 对象
        Mac mac = Mac.getInstance(MAC_NAME);
        // 用给定密钥初始化 Mac 对象
        mac.init(secretKey);

        byte[] text = encryptText.getBytes(ENCODING);
        // 完成 Mac 操作
        return mac.doFinal(text);
    }
}

import com.leenleda.common.config.LenledaConfig;
import com.leenleda.common.utils.RedisUtil;
import com.leenleda.wechat.utils.RequestApiAuthUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @Author: pengbenlei
 * @Date: 2020/8/27 15:02
 * @Description:
 */
@Component
public class ApiAuthInterceptor implements HandlerInterceptor {


    final
    RedisUtil redisUtil;

    public ApiAuthInterceptor(RedisUtil redisUtil) {
        this.redisUtil = redisUtil;
    }


    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        // 验证token
        String token = request.getHeader("token");
        Assert.notNull(token, "token can not be empty！");
        // 验证时间戳
        Long timestamp = Long.valueOf(request.getHeader("timestamp"));
        Assert.notNull(timestamp, "timestamp can not be empty！");
        // 验证公钥
        String publicKey = request.getHeader("public_key");
        Assert.notNull(publicKey, "applicationCode  can not be empty！");
        // 验证token有效性
        RequestApiAuthUtil.authCodeVerification(token, publicKey, privateKey(), timestamp);
        return true;
    }

}