From 270ec143f97c2924aff483d997c0540e36d93013 Mon Sep 17 00:00:00 2001 From: sxu <602087911@qq.com> Date: Wed, 28 May 2025 18:03:13 +0800 Subject: [PATCH] header protect --- .../bonus/common/houqin/constant/GlobalConstants.java | 2 ++ .../com/bonus/common/houqin/utils/SM4EncryptUtils.java | 8 ++++++-- .../core/customer/controller/CustInfoController.java | 9 ++++++++- .../core/customer/controller/CustOrgController.java | 10 ++++++++-- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java b/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java index e8e52c31..b1936dba 100644 --- a/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java +++ b/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java @@ -74,4 +74,6 @@ public class GlobalConstants { */ public static final String STRING_TRUE = "true"; + public static final String CANTEEN_YIZHAN = "CANTEEN_YIZHAN"; + } diff --git a/bonus-common-biz/src/main/java/com/bonus/common/houqin/utils/SM4EncryptUtils.java b/bonus-common-biz/src/main/java/com/bonus/common/houqin/utils/SM4EncryptUtils.java index 93f81497..da6ea3b3 100644 --- a/bonus-common-biz/src/main/java/com/bonus/common/houqin/utils/SM4EncryptUtils.java +++ b/bonus-common-biz/src/main/java/com/bonus/common/houqin/utils/SM4EncryptUtils.java @@ -8,6 +8,7 @@ import cn.hutool.crypto.Padding; import cn.hutool.crypto.SecureUtil; import cn.hutool.crypto.SmUtil; import cn.hutool.crypto.symmetric.SM4; +import com.bonus.common.houqin.constant.GlobalConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -70,10 +71,13 @@ public class SM4EncryptUtils { } public static void main(String[] args) { - String src = decryptBySm4("aW8HTi81efYSlwBzY6JvspCDk+hvMqMlxitHz9Ec/+X+ExtfalmH4Ue0tfC+YvCu", + System.out.println(sm4Encrypt(GlobalConstants.CANTEEN_YIZHAN)); + System.out.println(sm4Decrypt("I7p6PJ37nNv9ZogUY0YPBQ==##encrypted")); + + String src = decryptBySm4("ucOf6NO83HW94e6LBThhN02qGaWMomk5FYpu/9mRB6rG5fIj4juCZHFYg9Z0rFFQ", Base64Decoder.decode("StqtdHhleMKClUGbmBqdrg==")); System.out.println(src); - String src1 = decryptBySm4("QIqt833yQpVlbti0VrmZM81EFO7+KgdzthiAsCjjVR8RNaghD1S1GTmuNW8sFtXQjRBe8lQ66DviIjr0DCXksI9Z4Sj6dVcrLesLWq1M7FvcoHpXa07oJxyR8MKDDDCuhywURLJDh8PWURVX4X/j5xNK+njBbeuKLv0nZX84lI/Rbt15XSvq9Fy+0SvOeSKvs13VgUR8r55qURKqKNWrOZwK/BDiqgnVsXXoHi4QnA6EgQF5pgQ6Sacqvdjm4qyKAqnFhhXzMQs2OBB8Y4EG41lG60yoU1Dam4vBVl8PnHSr6t9mM/Qm2KNevZZ5PGvcv6tXGU9IYXrOX5TvULdYOgOpXY6MELlmdzthr6iSj4iNrlPNQmtHLtQT0zOM14u9Tz0KBEXEJNn2Oi/2rTMFNSfIunjhETwS0x6yJHzSAKsI9Hg0WLHRbPMgXEg8QyjJ+oxGuxpChPG0SjPsj8iTCV31eoD3zqt/0/CRcUig0HJUzXQI6OZoBhzmwZHcw+oREOFKIbylucynAn1aeTg/PtqECQjkEjdSgqzCyz9h4198q+2p758H2xB6ZYK5kLl9ln9hRO2dYxBlRJUWcZw4g6d98w08k+RA5pJ3m2IuSosAR2xNFp07T6oTmywqCRl09mh61SDwic8aoYxRBu46D0KhAZeO02+/1qoldoKVb5578qzpHpxKjcZ7ASRCvhj+YtvwNOsIkynXoyiL726J1jMlO0ZOzosmsv2J/6BgEFS6feeaErZUyJkJt+4QvZ8JtsuELTY6hpwM+63yy1HpesgNf7wdS/1DbOZ0EvLvzKhkYBt9FvUY0Kyu593SFCfSMFrWd1wj4s1Rjr8FZGout8LNsjZTZ55Mh1gsYWixo5/tVgkb7ovJZczinsj7GiNFBwV0ufNBOnRxcsmdDjHTECYxd0SLm8qvHhTAgVCcWfVA3qQKTPPrhuv0BqkDQXWIErcwtjGZTi/OodcgL5S2+jVcPVLeAsx5zsSBbq/69+Mm47/f2v9mkw/AnB7S0mX5FUx7VsOGx4sDEJJ+QwuekfNLyQ1dqaZVV+x2c3/qA6Sky/jPIuaamrOi/EP4STUNj/inLXAHmb6kNpKAtn1x2W1vNi9DrcX2tUV+fxNnGKEdgmF3FRDqzMFQDEWRufgmNNN+CzPnXHAzlVcL0uG/SOgrlA1AI/bpfP3AmSd4tS5hHXtClli6rba2SQArlqOwDT5LpYy0/bGoAjE6n+gWUC5/lAVCJ1YFYuuKZeu3uWr4zMPkfm75e4c78JuiaqwPxbefmUtNVJosi9ByYtCylbLOmTPwOQvrUfk9HS1UriN0xB2cOnBPpySJG06l457Q", + String src1 = decryptBySm4("43AzgBDxXiusgEUakhEQTE3XQ2CNbHsSVU8mcn23t200QvzbNCIndRujOPNFZwHSyG3UhvnN6S6YMWVhEFRYAhvnjFODl9szbTcQOFX8WakXB+QTRLFCrVMTc0B01FXLlChFGqRxouG5/mbeleDf+BSkeSFjhpgPrJoXjOlgP9jo2tS+IlYT+dVjsqBsAihQGUAsSyU1gXIFwbl+Wp/bVbnt8w34WXXX/oFJq5Nkpe2xr9APu7wG90jnVSm7bcHTLY1PrZFyg52Dha6dB6c6H+Jc31HA4hCMoRSfDsMlopI4JyHWnQCRIRJvPD5VDLQ+PhBgw7wobk43lA6/FZU8U1zvm6SpxcwI3014sxQTBWfZ1JWCogZvh06Ou0KNlsAEuAnzpCf9sby2ji2z5jifqTHew2GTTcp+gOz0vIMushdhf2mk8Ifw5NzCaTNdsmYdAHDpx5xmTgZS8fG8thBoXMaPuz9DvnAET6wST2/KNEVsDredtOvRV+Mlid44ibE2+z/ajx62RgMRipOBhpkAjNTT9iUUrUqpaA8dSeK2JyYBTYea/fQ4uXjYTjZER18JTimV2PtQO/X73s5NVOZAWXME9wfzHWVCKyxAg6IZnZky1rJ+d/HIKIV4LmT5J36NUnu2JlLP6AuUAaZa1BrbuwBhQO+P4du/NdhT5zZlU1sRCmcNteKr3/cF7e2ruSp/p5i7Z+RE7YTQYPvQTQ9wLGv2tNgxtLOWYsWYaOVzz3RPKj3J6FhbkBaxfZKYDe/vrPnUEZ0wuQJpQxplKkdnVDnwYylc+J8wd4zpSjL9N6/npwSl/V3uA8K6RgqJPn6Pugl5P/W3orz7IW8vBICc/hSFwMtuvvQ3pm8fQherb5uKq4j85UAxgx2lUhctHBKv5XaLrfM5DZFAeHK/vWVVpR/XtyiZKcztYqraOjCKnSvUTJKfJQOyCg7h2Hbr3vWdkl1O5lI980lSQgV6mz2uClSkwYWihbk57F31nOfg0JwS5TA0GzHT/fFpMed1hUbeA1ReCzy1MLqT/M8iIktEnQ98f/SUBm8vK2F3UHT39F/LoCdC7zxodr/OkrzWLMSgXml/YmTosPWmHZgNOmcE7tGmypNZ2mQEai0yr765eq/7BNdCDNIvit7q6oPdpIfqm6gNxN43zsoQFV49Rf3ocsTiybwF9SqfbaZ66SgJPs/Ns5mc80zyVmrhqOzViLNS1NvhIMwqD8zlh+dWa5PdNf98uzkqBvWyEFm++wtfdL4eSY9vhzo8j2RkIalt1l6wLYufrUQQEcY+2irEl1rc2AalCBiJ3K07CLvz9ZewwVrIGPQHKnR/VzP7T03cYgTDh9WRmy80qn7nLv1EavYmHOawVbk5QNvTM1bYyanmCztFPGTnJfguoyCzDNZst4YhWl5V9pvPW4XpDAh3spqFelMdCdvQNI1XvXiklYjB6R6H0h/m5hfujntG6vUng4VpI0ItVTKnbK14/Pj2Io7mWMBTH23ij3AICl7r06oYG9HBqrl2OST+6fnUEZuLkisnNw+g0gqGxGCDYKWIKyG0H3K4PGQ8vJhsRjXFc4nLqhR4/SGlZAO6dkHOjJakmdaMWB1Y20r2OmJcI5dhlkAsWkPRhTWuQXGIU4QGylm9Kaw7TMQS1NP4TZo+a48xbj8S+/H6P2N5hR/nGyOUlVkvP05KP7cfoT48jS+ZI0VM28rJmBSE0Nlu3bsuw47frf4ZmSC553TUVPQAM10WY8qM4sjtZy0XHNE7tBFMBLzEqyqS8D2lm+LxCtyJKZofM65Fhrbl4Lx0qAcq21cBsBmfw9xjFmDcxkF0PSSxPg4sFVCiUQb+GzT54CXYACtZoWSBuHC3gwEousc6E7fnNZwEFbttwe+eN+/wmTR8uQrSPQ5t9wF+OMoYt1QDnGHt4LR5+q1BWzWjITMsnlA1TOBYmuT1OX8quh3TggnGCv1WUjqIqcaZ7PzRHGS9GJUeTmUzwNg7zrPQ++B4V1uVxv16fnSnnkvfb/HfoDYZyNrOaAuNrNOh0/cBUrqn6EvtSZRC5LlHriXTtEuUmlL0+rRgigxfZeyi8oicYqDCxg6WJRYYa+sankFQxe+DqCNJ2B39n0k5HF6VVJdnvZzLsF2K4rBvxpKQl4/H/gO4B9NIh6Hb83pznp5pSYHoQ4YnKtvX", Base64Decoder.decode(src)); System.out.println(src1); } diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustInfoController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustInfoController.java index aad34bea..c9c6076b 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustInfoController.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustInfoController.java @@ -1,14 +1,17 @@ package com.bonus.canteen.core.customer.controller; import com.bonus.canteen.core.common.base.BaseController; +import com.bonus.canteen.core.common.utils.HeaderFetchUtil; import com.bonus.canteen.core.customer.dto.*; import com.bonus.canteen.core.customer.vo.PageCustInfoPhotoVO; import com.bonus.common.core.utils.StringUtils; import com.bonus.common.core.web.domain.AjaxResult; import com.bonus.common.core.web.page.TableDataInfo; +import com.bonus.common.houqin.constant.GlobalConstants; import com.bonus.common.houqin.constant.SourceTypeEnum; import com.bonus.canteen.core.customer.model.CustInfo; import com.bonus.canteen.core.customer.vo.CustInfoVo; +import com.bonus.common.houqin.utils.SM4EncryptUtils; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import com.bonus.canteen.core.customer.service.CustInfoService; @@ -111,7 +114,11 @@ public class CustInfoController extends BaseController { @ApiOperation("分页查询人员及生物识别特征") @GetMapping({"/pageCustInfoPhoto"}) - public TableDataInfo pageCustInfoPhoto(@Valid CustInfoParam dto) { + public TableDataInfo pageCustInfoPhoto(Map requestHeader, @Valid CustInfoParam dto) { +// if (!GlobalConstants.CANTEEN_YIZHAN.equals(SM4EncryptUtils.sm4Decrypt(HeaderFetchUtil.getSign(requestHeader)))) { +// log.error("接口访问出错"); +// return null; +// } try { startPage(); List list = this.custInfoService.pageCustInfoPhoto(dto); diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustOrgController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustOrgController.java index 4a2fe512..8d7bb390 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustOrgController.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/controller/CustOrgController.java @@ -4,10 +4,13 @@ import cn.hutool.core.lang.tree.Tree; import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.bonus.canteen.core.common.base.BaseController; +import com.bonus.canteen.core.common.utils.HeaderFetchUtil; import com.bonus.canteen.core.customer.dto.CustOrgPageDTO; import com.bonus.canteen.core.customer.service.CustOrgService; import com.bonus.canteen.core.customer.vo.CustOrgVO; +import com.bonus.common.houqin.constant.GlobalConstants; import com.bonus.common.houqin.utils.AesEncryptUtil; +import com.bonus.common.houqin.utils.SM4EncryptUtils; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.slf4j.Logger; @@ -34,7 +37,11 @@ public class CustOrgController extends BaseController { @ApiOperation("分页查询组织") @PostMapping({"/queryPageCustOrg"}) - public Page queryPageCustOrg(@RequestBody CustOrgPageDTO content) { + public Page queryPageCustOrg(Map requestHeader, @RequestBody CustOrgPageDTO content) { +// if (!GlobalConstants.CANTEEN_YIZHAN.equals(SM4EncryptUtils.sm4Decrypt(HeaderFetchUtil.getSign(requestHeader)))) { +// log.error("接口访问出错"); +// return null; +// } Page custOrgVOPage = this.custOrgService.pageCustOrgByParams(new Page(content.getCurrent(), content.getSize()), content); Iterator var4 = custOrgVOPage.getRecords().iterator(); @@ -42,7 +49,6 @@ public class CustOrgController extends BaseController { CustOrgVO custOrgVO = (CustOrgVO)var4.next(); custOrgVO.setOrgTel(this.aesEncryptUtil.aesEncrypt(custOrgVO.getOrgTel())); } - return custOrgVOPage; }