自定义filter
@Slf4j
@Component
public class AccessKeyFilter implements WebFilter {
public static final String API_CODE = "api-code";
public static final String TIME_STAMP = "time-stamp";
public static final String SIGNATURE = "signature";
public static final String ACCESS_KEY = "access-key";
public static final String ORG_CODE = "org-code";
private final Map<String,String> validateUrl = new HashMap<String,String>(){
{
put("test", "/api/v1/test");
};
};
private int expireSeconds = 300;
private Sign sign = SecureUtil.sign(SignAlgorithm.SHA256withECDSA);
@Autowired
private OrgSecretKeyMapper orgSecretKeyMapper;
private String resolveBodyFromRequest(ServerWebExchange webExchange){
Flux<DataBuffer> body = webExchange.getRequest().getBody();
AtomicReference<String> bodyRef = new AtomicReference<>();
body.subscribe(buffer -> {
CharBuffer charBuffer = StandardCharsets.UTF_8.decode(buffer.asByteBuffer());
DataBufferUtils.release(buffer);
bodyRef.set(charBuffer.toString());
});
return bodyRef.get();
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
String url = request.getURI().getPath();
HttpHeaders headers = request.getHeaders();
if (!StringUtils.matches(url, validateUrl.values().stream().collect(Collectors.toList()))) {
return chain.filter(exchange);
}
String apiCode = headers.getFirst(API_CODE);
String timeStr = headers.getFirst(TIME_STAMP);
String signature = headers.getFirst(SIGNATURE);
String accessKey = headers.getFirst(ACCESS_KEY);
String orgCode = headers.getFirst(ORG_CODE);
if (StringUtils.isEmpty(apiCode)
||!validateUrl.containsKey(apiCode)
||!StringUtils.isMatch(validateUrl.get(apiCode),url)){
String formatMsg = StringUtils.format("apiCode[{}],url[{}]不匹配", apiCode, url);
log.error(formatMsg);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), formatMsg);
}
if(StringUtils.isEmpty(timeStr)){
String formatMsg = StringUtils.format("请求头缺少{}:[{}]", TIME_STAMP, timeStr);
log.error(formatMsg);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), formatMsg);
}
try{
Date expireTime= DateUtil.offset(new Date(Long.parseLong(timeStr)), DateField.SECOND,expireSeconds);
Date currentDate = new Date();
if(DateUtil.compare(expireTime, currentDate)<0) {
String formatMsg = StringUtils.format("请求时间戳[{}]已超过有效期{}秒,服务器当前时间[{}]",
timeStr,expireSeconds,DateUtil.format(currentDate,DatePattern.PURE_DATETIME_PATTERN));
log.error(formatMsg);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(),formatMsg);
}
}catch (Exception e){
String formatMsg = StringUtils.format("请求时间戳[{}]校验失败", timeStr);
log.error(formatMsg,e);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(),formatMsg);
}
if (StringUtils.isEmpty(signature)||StringUtils.isEmpty(accessKey)||StringUtils.isEmpty(orgCode)){
String formatMsg = StringUtils.format("请求头参数校验失败,请检查是否缺少参数[{},{},{}]",SIGNATURE,ACCESS_KEY,ORG_CODE);
log.error("{},{}:{},{}:{},{}:{}",formatMsg,SIGNATURE,signature,ACCESS_KEY,accessKey,ORG_CODE,orgCode);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(),formatMsg);
}
String secretKey = orgSecretKeyMapper.querySecretKey(orgCode, accessKey);
if (StringUtils.isEmpty(secretKey)){
log.error("校验失败,密钥不存在,{}:{},{}:{}",ACCESS_KEY,accessKey,ORG_CODE,orgCode);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(),"校验失败");
}
try {
String rspStr = resolveBodyFromRequest(exchange);
JSONObject obj = JSONObject.parseObject(rspStr);
SortedMap<String, Object> sortedMap = new TreeMap<String, Object>();
sortedMap.putAll(obj);
String signHeader = StringUtils.format("{}={}",
TIME_STAMP, timeStr);
String signParam = sortedMap.entrySet().stream().map(
e -> String.join("=", e.getKey(), e.getValue().toString())).collect(Collectors.joining("&"));
HMac mac = new HMac(HmacAlgorithm.HmacSHA256,(signHeader+"&"+signParam).getBytes(StandardCharsets.UTF_8));
String digestBase64 = mac.digestBase64(signHeader + "&" + signParam, StandardCharsets.UTF_8, false);
if (StringUtils.equals(digestBase64,signature)) {
log.info("签名通过");
return chain.filter(exchange);
} else {
log.info("参数校验出错");
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), "参数校验出错");
}
} catch (Exception e) {
log.error("签名验证异常",e);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), e.getMessage());
}
}
}