From b075056e19b8f59f61fce3433aa04ffed3d746a4 Mon Sep 17 00:00:00 2001
From: Helius <wangdoubleone@gmail.com>
Date: Mon, 14 Nov 2022 09:07:46 +0800
Subject: [PATCH] fix

---
 src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java |   54 ++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java b/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
index d3c1604..a0d0218 100644
--- a/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
+++ b/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
@@ -1,43 +1,75 @@
 package cc.mrbird.febs.common.interceptor;
 
+import cc.mrbird.febs.common.contants.AppContants;
 import cc.mrbird.febs.common.entity.FebsResponse;
+import cc.mrbird.febs.common.properties.SystemProperties;
+import cc.mrbird.febs.common.utils.LoginUserUtil;
 import cc.mrbird.febs.common.utils.RedisUtils;
 import cc.mrbird.febs.common.utils.SpringContextUtil;
 import cc.mrbird.febs.dapp.entity.DappMemberEntity;
 import cc.mrbird.febs.dapp.mapper.DappMemberDao;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import com.alibaba.fastjson.JSONObject;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.servlet.HandlerInterceptor;
+import org.web3j.crypto.Hash;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Map;
 
 /**
- * @author wzy
+ * @author 
  * @date 2022-03-17
  **/
 @Slf4j
 public class DappInterceptor implements HandlerInterceptor {
 
     private final DappMemberDao dappMemberDao = SpringContextUtil.getBean(DappMemberDao.class);
+    private final RedisUtils redisUtils = SpringContextUtil.getBean(RedisUtils.class);
+
+    private SystemProperties systemProperties = SpringContextUtil.getBean(SystemProperties.class);
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         if ("OPTIONS".equals(request.getMethod().toUpperCase())) {
             return true;
         }
+        String headAddress = request.getHeader("address");
+        String key = request.getHeader("key");
+        String path = request.getServletPath().replace("/dapi", "");
 
-        String headAddress = request.getHeader("token");
-        log.info("进入拦截:{}", headAddress);
-        if (StrUtil.isBlank(headAddress)) {
+        String chain = request.getHeader("chain");
+        if (StrUtil.isBlank(headAddress) || StrUtil.isBlank(key)) {
             responseUnAuth(response);
             return false;
         }
 
-        DappMemberEntity memberEntity = dappMemberDao.selectByAddress(headAddress);
+        if (!systemProperties.isDebug()) {
+            Map<Object, Object> signKey = redisUtils.hmget(AppContants.REDIS_KEY_SIGN);
+            Object signObj = signKey.get(headAddress);
+
+            if (signObj == null) {
+                responseUnAuth(response);
+                return false;
+            }
+            String sign = (String) signObj;
+
+            String calKey = LoginUserUtil.sha3(sign + path + headAddress).replace("0x", "");
+            if (!calKey.equals(key)) {
+                responseUnAuth(response);
+                return false;
+            }
+        }
+
+        DappMemberEntity memberEntity = dappMemberDao.selectByAddress(headAddress, null);
         if (memberEntity == null) {
             responseUnAuth(response);
             return false;
@@ -50,6 +82,16 @@
     private void responseUnAuth(HttpServletResponse response) throws IOException {
         response.setCharacterEncoding("UTF-8");
         response.setContentType("application/json; charset=utf-8");
-        response.getWriter().write(new ObjectMapper().writeValueAsString(new FebsResponse().code(HttpStatus.UNAUTHORIZED)));
+
+        FebsResponse code = new FebsResponse().code(HttpStatus.UNAUTHORIZED);
+        String encryptBase64 = SecureUtil.rsa(AppContants.RESP_PRIVATE_KEY, AppContants.RESP_PUBLIC_KEY).encryptBase64(JSONObject.toJSONString(code).getBytes(), KeyType.PublicKey);
+        response.getWriter().write(new ObjectMapper().writeValueAsString(encryptBase64));
+    }
+
+    public static void main(String[] args) {
+        String headAddress = "0x971c09aa9735eb98459b17ec8b48932d24cbb931";
+        String path = "/member/walletInfo";
+        String sign = "0x1fd3f82895ca4615daa10ec245d628ca230358e08423df71c8f6c8d3d4163520";
+//        System.out.println(Hash.sha3(sign + path + headAddress));
     }
 }

--
Gitblit v1.9.1