消息推送token验证

1171fd8b · xiaowang · 26e06f54 · 1171fd8b · 1171fd8b · 1171fd8b
--- a/csf-common/csf-common-util/src/main/java/com/mmc/csf/common/util/wx/WXMsgPushUtils.java
+++ b/csf-common/csf-common-util/src/main/java/com/mmc/csf/common/util/wx/WXMsgPushUtils.java
+package com.mmc.csf.common.util.wx;
+
+import java.security.MessageDigest;
+import java.util.Arrays;
+
+public class WXMsgPushUtils {
+
+    /**
+     * 用SHA1算法生成安全签名
+     */
+    public static String getSHA1(String... values) throws Exception {
+
+        try {
+            String[] array = new String[values.length];
+            for (int i = 0; i < values.length; i++) {
+                array[i] = values[i];
+            }
+
+            StringBuffer sb = new StringBuffer();
+            // 字符串排序
+            Arrays.sort(array);
+            for (int i = 0; i < values.length; i++) {
+                sb.append(array[i]);
+            }
+            String str = sb.toString();
+            // SHA1签名生成
+            MessageDigest md = MessageDigest.getInstance("SHA-1");
+            md.update(str.getBytes());
+            byte[] digest = md.digest();
+
+            StringBuffer hexstr = new StringBuffer();
+            String shaHex = "";
+            for (int i = 0; i < digest.length; i++) {
+                shaHex = Integer.toHexString(digest[i] & 0xFF);
+                if (shaHex.length() < 2) {
+                    hexstr.append(0);
+                }
+                hexstr.append(shaHex);
+            }
+            return hexstr.toString();
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new Exception("SHA1加密失败");
+        }
+
+    }
+}
\ No newline at end of file
--- a/release-service/src/main/java/com/mmc/csf/release/controller/WxApiController.java
+++ b/release-service/src/main/java/com/mmc/csf/release/controller/WxApiController.java
+package com.mmc.csf.release.controller;
+
+import com.mmc.csf.release.service.WxApiService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import java.util.Map;
+
+/**
+ * @Author LW
+ * @date 2023/7/12 17:32
+ * 概要：
+ */
+@Api(tags = {"wx-api"})
+@RestController
+@RequestMapping("/wechat")
+public class WxApiController {
+    @Resource
+    WxApiService wxApiService;
+
+    /**
+     * 正确响应微信发送的Token验证,注意 这里是 get请求
+     */
+    @GetMapping("/checkSignature")
+    @ApiOperation(value = "校验签名")
+    public String verifyUrl(@RequestParam Map<String, String> params) throws Exception {
+        return wxApiService.checkSignature(params);
+    }
+}
--- a/release-service/src/main/java/com/mmc/csf/release/service/WxApiService.java
+++ b/release-service/src/main/java/com/mmc/csf/release/service/WxApiService.java
@@ -2,17 +2,22 @@ package com.mmc.csf.release.service;

 import com.mmc.csf.common.util.web.ResultBody;

+import java.util.Map;
+
 /**
 * @Author LW
 * @date 2023/7/12 13:44
 * 概要：
 */
 public interface WxApiService {
-    ResultBody msgSecCheck(String openid,String content);
+    ResultBody msgSecCheck(String openid, String content);
+
    /**
     * 获取稳定AccessToken
+     *
     * @return
     */
    String getStableAccessToken() throws Exception;

+    String checkSignature(Map<String, String> params) throws Exception;
 }
--- a/release-service/src/main/java/com/mmc/csf/release/service/impl/WxApiServiceImpl.java
+++ b/release-service/src/main/java/com/mmc/csf/release/service/impl/WxApiServiceImpl.java
@@ -5,6 +5,7 @@ import com.mmc.csf.common.util.web.HttpHelper;
 import com.mmc.csf.common.util.web.HttpsRequestUtil;
 import com.mmc.csf.common.util.web.ResultBody;
 import com.mmc.csf.common.util.web.ResultEnum;
+import com.mmc.csf.common.util.wx.WXMsgPushUtils;
 import com.mmc.csf.release.constant.UserSystemConstant;
 import com.mmc.csf.release.constant.WxConstant;
 import com.mmc.csf.release.service.WxApiService;
@@ -80,4 +81,28 @@ public class WxApiServiceImpl implements WxApiService {
        }
        return accessToken;
    }
+
+
+    @Override
+    public String checkSignature(Map<String, String> params) throws Exception {
+        // 微信发送的请求中 会有四个参数
+        // 微信加密签名，signature结合了开发者填写的 token 参数和请求中的 timestamp 参数、nonce参数。
+        String signature = params.get("signature");
+        // 随机字符串
+        String echostr = params.get("echostr");
+        // 时间戳
+        String timestamp = params.get("timestamp");
+        // 随机数
+        String nonce = params.get("nonce");
+        // 消息推送配置中的 Token(令牌)
+        String token = "IUAVKBTMMC";
+        // 验证
+        String msgSignature = WXMsgPushUtils.getSHA1(token, timestamp, nonce);
+        // 验证失败
+        if (!signature.equals(msgSignature)) {
+            return "false";
+        }
+        // 验证成功 将 echostr 原格式返回 ，即可完成验证
+        return echostr;
+    }
 }
--- a/release-service/src/main/resources/not-check.yml
+++ b/release-service/src/main/resources/not-check.yml
@@ -33,3 +33,4 @@ data-filter:
    - /release/tender/info
    - /release/actuator/health/readiness
    - /release/tender/infoById
+    - release/wechat/checkSignature