暂时关闭订单结算和明细的token校验

2024-03-27 13:51:39 +08:00 · 2024-03-27 13:51:39 +08:00 · c0a761d137
parent fd6d575d5a
commit c0a761d137
5 changed files with 39 additions and 16 deletions
--- a/src/main/java/com/chint/application/out/OrderDetailController.java
+++ b/src/main/java/com/chint/application/out/OrderDetailController.java
@ -82,6 +82,24 @@ public class OrderDetailController {
    @ApiOperation("订单明细查询接口")
    @PostMapping("/query")
    public Result<PageResult<Object>> query(@RequestBody AuthenticationSignDto authenticationDto) {
+        if (signCheck(authenticationDto)) {
+            return orderDetailPageQuery.orderDetailInfoPageQuery(authenticationDto);
+        } else {
+            return Result.error("签名错误");
+        }
+    }
+
+    @ApiOperation("订单结算查询接口")
+    @PostMapping("/record/query")
+    public Result<PageResult<Object>> queryRecord(@RequestBody AuthenticationSignDto authenticationDto) {
+        if (signCheck(authenticationDto)) {
+            return orderDetailPageQuery.orderDetailInfoPageQuery(authenticationDto);
+        } else {
+            return Result.error("签名错误");
+        }
+    }
+
+    private boolean signCheck(AuthenticationSignDto authenticationDto) {
        Integer productType = authenticationDto.getProductType();
        String systemType = authenticationDto.getSystemType();
        String startTime = authenticationDto.getStartTime();
@ -89,12 +107,8 @@ public class OrderDetailController {
        Integer pageSize = authenticationDto.getPageSize();
        Integer pageNum = authenticationDto.getPageNum();
        String orgsign = authenticationDto.getSign();
-        String sign = Digest.md5(+productType + systemType + startTime + endTime + pageSize + pageNum);
-        if (StringUtils.isNotBlank(orgsign) && orgsign.equals(sign)) {
-            return orderDetailPageQuery.orderDetailInfoPageQuery(authenticationDto);
-        } else {
-            return Result.error("签名错误");
-        }
+        String sign = Digest.md5(productType + systemType + startTime + endTime + pageSize + pageNum);
+        return orgsign.equals(sign);
    }

    @ApiOperation("查询我的订单")
--- a/src/main/java/com/chint/application/queryies/OrderDetailQuery.java
+++ b/src/main/java/com/chint/application/queryies/OrderDetailQuery.java
@ -139,6 +139,10 @@ public class OrderDetailQuery {
        return Result.Success(SUCCESS, PageResult.totalPageNum(res.size(), paginatedResults));
    }

+    public Result<PageResult<Object>> orderRecordInfoPageQuery(AuthenticationSignDto authenticationDto) {
+        return null;
+    }
+
    private Object processHotelOrderDetail(OrderDetail orderDetail, String systemType) {
        HotelOrderDetail hotelOrderDetail = orderDetail.getHotelOrderDetail();

--- a/src/main/java/com/chint/domain/service/auth/AuthenticateServiceImpl.java
+++ b/src/main/java/com/chint/domain/service/auth/AuthenticateServiceImpl.java
@ -101,7 +101,6 @@ public class AuthenticateServiceImpl implements AuthenticateService {

    @Override
    public Token authenticateClient(AuthenticationDto authenticationDto)  {
-
        //区分测试环境还是正式环境
        String clientType;
        if (envMark.equals("prod")) {
@ -110,16 +109,19 @@ public class AuthenticateServiceImpl implements AuthenticateService {
            clientType = "0";
        }
        Client client = clientRepository.findByClientIdAndEnv(authenticationDto.getClientid(), clientType);
-
        if (client != null) {
-            Map<String, Object> claims = new HashMap<>();
-            claims.put(AuthMessageConstant.CLIENT_ID, client.getClientId());
-            claims.put(AuthMessageConstant.CLIENT_SECRET, client.getClientSecret());
-            String jwt = JWTUtil.createJWT(AuthMessageConstant.SECRET, AuthMessageConstant.EXPIRATION_CLIENT_TIME_MS,
-                    AuthMessageConstant.HEADER_CLIENT_CASE, claims);
-            return Token.of(jwt);
+            if (client.getClientSecret().equals(authenticationDto.getSecretkey())) {
+                Map<String, Object> claims = new HashMap<>();
+                claims.put(AuthMessageConstant.CLIENT_ID, client.getClientId());
+                claims.put(AuthMessageConstant.CLIENT_SECRET, client.getClientSecret());
+                String jwt = JWTUtil.createJWT(AuthMessageConstant.SECRET, AuthMessageConstant.EXPIRATION_CLIENT_TIME_MS,
+                        AuthMessageConstant.HEADER_CLIENT_CASE, claims);
+                return Token.of(jwt);
+            } else {
+                throw new AuthException(CLIENT_SECRET_INVALID);
+            }
        } else {
-            throw new AuthException(AuthMessageConstant.JWT_INVALID);
+            throw new AuthException(CLIENT_ID_INVALID);
        }
    }
 }
--- a/src/main/java/com/chint/infrastructure/config/webconfig/JwtTokenAdminInterceptor.java
+++ b/src/main/java/com/chint/infrastructure/config/webconfig/JwtTokenAdminInterceptor.java
@ -67,7 +67,8 @@ public class JwtTokenAdminInterceptor implements HandlerInterceptor {
        if (res) {
            return true;
        } else {
-            throw new AuthException(JWT_INVALID);
+//            throw new AuthException(JWT_INVALID);
+            return true;
        }
    }
 }
--- a/src/main/java/com/chint/infrastructure/constant/AuthMessageConstant.java
+++ b/src/main/java/com/chint/infrastructure/constant/AuthMessageConstant.java
@ -3,6 +3,8 @@ package com.chint.infrastructure.constant;
 public class AuthMessageConstant {
    // JWT 验证消息
    public static final String JWT_INVALID = "无效的 JWT 令牌";
+    public static final String CLIENT_ID_INVALID = "无效的 client_id";
+    public static final String CLIENT_SECRET_INVALID = "无效的 client_secret";
    public static final String JWT_EXPIRED = "登录信息已过期";
    public static final String JWT_REQUIRED = "需要 JWT 令牌";
    public static final String JWT_ACCESS_DENIED = "JWT 令牌不足以访问此资源";