From b7e79b1a0a954a6d15dc45d835e0024b6b51c211 Mon Sep 17 00:00:00 2001
From: Helius <wangdoubleone@gmail.com>
Date: Mon, 06 Jun 2022 16:01:34 +0800
Subject: [PATCH] fix
---
src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java | 41 ++++++++++++++++++++++++++++++++++++-----
1 files changed, 36 insertions(+), 5 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java b/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
index d3c1604..c906df8 100644
--- a/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
+++ b/src/main/java/cc/mrbird/febs/common/interceptor/DappInterceptor.java
@@ -1,6 +1,8 @@
package cc.mrbird.febs.common.interceptor;
+import cc.mrbird.febs.common.contants.AppContants;
import cc.mrbird.febs.common.entity.FebsResponse;
+import cc.mrbird.febs.common.utils.LoginUserUtil;
import cc.mrbird.febs.common.utils.RedisUtils;
import cc.mrbird.febs.common.utils.SpringContextUtil;
import cc.mrbird.febs.dapp.entity.DappMemberEntity;
@@ -8,36 +10,58 @@
import cn.hutool.core.util.StrUtil;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.HandlerInterceptor;
+import org.web3j.crypto.Hash;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
+import java.util.Map;
/**
- * @author wzy
+ * @author
* @date 2022-03-17
**/
@Slf4j
public class DappInterceptor implements HandlerInterceptor {
private final DappMemberDao dappMemberDao = SpringContextUtil.getBean(DappMemberDao.class);
+ private final RedisUtils redisUtils = SpringContextUtil.getBean(RedisUtils.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if ("OPTIONS".equals(request.getMethod().toUpperCase())) {
return true;
}
+ String headAddress = request.getHeader("address");
+ String key = request.getHeader("key");
+ String path = request.getServletPath().replace("/dapi", "");
+ log.info("进入拦截:{}, {}, {}", headAddress, path, key);
- String headAddress = request.getHeader("token");
- log.info("进入拦截:{}", headAddress);
- if (StrUtil.isBlank(headAddress)) {
+ String chain = request.getHeader("chain");
+ if (StrUtil.isBlank(headAddress) || StrUtil.isBlank(key)) {
responseUnAuth(response);
return false;
}
- DappMemberEntity memberEntity = dappMemberDao.selectByAddress(headAddress);
+ Map<Object, Object> signKey = redisUtils.hmget(AppContants.REDIS_KEY_SIGN);
+ Object signObj = signKey.get(headAddress);
+
+ if (signObj == null) {
+ responseUnAuth(response);
+ return false;
+ }
+ String sign = (String) signObj;
+
+ String calKey = LoginUserUtil.sha3(sign + path + headAddress).replace("0x", "");
+ if (!calKey.equals(key)) {
+ responseUnAuth(response);
+ return false;
+ }
+
+ DappMemberEntity memberEntity = dappMemberDao.selectByAddress(headAddress, null);
if (memberEntity == null) {
responseUnAuth(response);
return false;
@@ -52,4 +76,11 @@
response.setContentType("application/json; charset=utf-8");
response.getWriter().write(new ObjectMapper().writeValueAsString(new FebsResponse().code(HttpStatus.UNAUTHORIZED)));
}
+
+ public static void main(String[] args) {
+ String headAddress = "0x971c09aa9735eb98459b17ec8b48932d24cbb931";
+ String path = "/member/walletInfo";
+ String sign = "0x1fd3f82895ca4615daa10ec245d628ca230358e08423df71c8f6c8d3d4163520";
+// System.out.println(Hash.sha3(sign + path + headAddress));
+ }
}
--
Gitblit v1.9.1