Created
October 21, 2020 14:32
-
-
Save GuoGuang/c32e284b86f5ef980607721d13d6bdc1 to your computer and use it in GitHub Desktop.
Interface security prevents correction
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Value("${hos.security.partnerKey}") | |
private String partnerKey; | |
@Value("${hos.security.partnerId}") | |
private String partnerId; | |
@Value("${hos.security.appId}") | |
private String appId; | |
/** | |
* 参数签名 | |
* signature:接口签名 | |
* partnerId:合作方 ID | |
* openId:用户唯一id | |
* appId: 应用 ID,对应公众号、小程序或者自定义服务标识 | |
*/ | |
@GetMapping | |
public Result<String> getFullGuideParam() { | |
log.info("start splicing url"); | |
long timestamp = System.currentTimeMillis(); | |
String openId = SecurityUtils.getCurrentUserLogin(); | |
TreeMap<String,String> params = new TreeMap<>(); | |
params.put("appid",appId); | |
params.put("openId",openId); | |
params.put("partnerId",partnerId); | |
params.put("timestamp",String.valueOf(timestamp)); | |
// key转小写,按照Key排序 | |
Map<String, String> targetTableColumnListMap = params.entrySet().stream().collect(Collectors.toMap( | |
entry -> entry.getKey().toLowerCase(), | |
Map.Entry::getValue, | |
(e1, e2) -> e2, | |
LinkedHashMap::new)); | |
// map转为url参数 ?a=1&b=2 | |
String partUrlEncrypt = getUrlParamsByMap(targetTableColumnListMap); | |
String signature; | |
try { | |
signature = EncryptUtil.hmacSha256(partnerKey,partUrlEncrypt); | |
} catch (Exception e) { | |
log.error("签名加密异常:{}",e.getMessage()); | |
return Result.badRequest(INTERNAL_SERVER_ERROR); | |
} | |
params.put("signature",signature); | |
params.put("loginType","h5"); | |
String urlParamsByMap = getUrlParamsByMap(params); | |
log.info("签名参数url:{},params:{}",MIYING_URL,urlParamsByMap); | |
return Result.ok(MIYING_URL+urlParamsByMap); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment