From a806973b366a69ac5f8890656d12526b773ecb7a Mon Sep 17 00:00:00 2001 From: XiaoLFeng Date: Thu, 21 Dec 2023 00:21:19 +0800 Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=90=88=E6=B3=95=E6=80=A7?= =?UTF-8?q?=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 添加AOP校验进行数据合法性验证,使用时间戳进行前后验证(误差前后5秒) --- pom.xml | 4 + .../jsl/oa/aspect/UserControllerAspect.java | 79 +++++++++++++++++++ src/main/java/com/jsl/oa/utils/ErrorCode.java | 1 + 3 files changed, 84 insertions(+) create mode 100644 src/main/java/com/jsl/oa/aspect/UserControllerAspect.java diff --git a/pom.xml b/pom.xml index 6f4f4e6..7287ece 100644 --- a/pom.xml +++ b/pom.xml @@ -62,6 +62,10 @@ spring-boot-starter-validation 3.1.5 + + org.springframework.boot + spring-boot-starter-aop + diff --git a/src/main/java/com/jsl/oa/aspect/UserControllerAspect.java b/src/main/java/com/jsl/oa/aspect/UserControllerAspect.java new file mode 100644 index 0000000..5859a68 --- /dev/null +++ b/src/main/java/com/jsl/oa/aspect/UserControllerAspect.java @@ -0,0 +1,79 @@ +package com.jsl.oa.aspect; + +import com.jsl.oa.utils.ErrorCode; +import com.jsl.oa.utils.ResultUtil; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.springframework.stereotype.Component; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.servlet.http.HttpServletRequest; +import java.util.Objects; + +/** + *

用户控制器切面

+ *
+ * 用于用户控制器的切面 + * + * @since v1.0.0 + * @version v1.0.0 + * @author 筱锋xiao_lfeng + */ +@Aspect +@Component +public class UserControllerAspect { + + /** + *

用户控制器切面

+ *
+ * 用于用户控制器的切面 + * + * @since v1.0.0 + * @param pjp ProceedingJoinPoint对象 + * @return {@link Object} + * @throws Throwable 异常 + */ + @Around("execution(* com.jsl.oa.controllers.UserController.*(..))") + public Object controllerAround(ProceedingJoinPoint pjp) throws Throwable { + // 获取HttpServletRequest对象 + HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest(); + + // 时间戳检查 + if (checkTimestamp(request)) { + // TODO: 2023/12/21 0001 后期固定业务(如:日志处理) + return pjp.proceed(); + } else { + return ResultUtil.error(ErrorCode.TIMESTAMP_ERROR); + } + + } + + /** + *

时间戳检查

+ *
+ * 用于检查时间戳是否合法,合法时间范围正负5秒 + * + * @since v1.0.0 + * @param request HttpServletRequest对象 + * @return {@link Boolean} + */ + public Boolean checkTimestamp(HttpServletRequest request) { + // 获取请求头中的时间戳 + String getTimestamp = request.getHeader("Timestamp"); + // 判断是否为空 + if (getTimestamp == null || getTimestamp.isEmpty()) { + return false; + } else { + if (getTimestamp.length() == 10) { + getTimestamp += "000"; + } + } + // 获取当前时间戳 + long nowTimestamp = System.currentTimeMillis(); + + // 时间误差允许前后五秒钟 + return nowTimestamp - Long.parseLong(getTimestamp) <= 5000 && nowTimestamp - Long.parseLong(getTimestamp) >= -5000; + } +} diff --git a/src/main/java/com/jsl/oa/utils/ErrorCode.java b/src/main/java/com/jsl/oa/utils/ErrorCode.java index 48c3b2b..1758a51 100644 --- a/src/main/java/com/jsl/oa/utils/ErrorCode.java +++ b/src/main/java/com/jsl/oa/utils/ErrorCode.java @@ -7,6 +7,7 @@ public enum ErrorCode { WRONG_PASSWORD("WrongPassword", 40010, "密码错误"), PARAMETER_ERROR("ParameterError", 40011, "参数错误"), USERNAME_EXIST("UsernameExist", 40012, "用户名已存在"), + TIMESTAMP_ERROR("TimestampError", 40013, "时间戳错误"), DATABASE_INSERT_ERROR("DatabaseInsertError", 50010, "数据库插入错误"), DATABASE_UPDATE_ERROR("DatabaseUpdateError", 50011, "数据库更新错误"), DATABASE_DELETE_ERROR("DatabaseDeleteError", 50012, "数据库删除错误");