1 jaar geleden · f0c27d1412
--- a/src/main/java/com/smppw/analysis/client/TestApi.java
+++ b/src/main/java/com/smppw/analysis/client/TestApi.java
@@ -1,12 +1,11 @@
 
				 package com.smppw.analysis.client;
			
 
				 
			
 
				-import cn.hutool.core.map.MapUtil;
			
 
				 import cn.hutool.crypto.SignUtil;
			
 
				 import com.smppw.analysis.infrastructure.config.AnalysisProperty;
			
 
				 import com.smppw.common.pojo.ResultVo;
			
 
				+import jakarta.servlet.http.HttpServletRequest;
			
 
				 import org.springframework.web.bind.annotation.GetMapping;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestParam;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.List;
			
@@ -24,17 +23,19 @@ public class TestApi {
 
				     /**
			
 
				      * 生成签名，测试用的
			
 
				      *
			
 
				-     * @param params 请求参数，包含appKey
			
 
				+     * @param request 请求参数，包含appKey
			
 
				      * @return /
			
 
				      */
			
 
				     @GetMapping("sign")
			
 
				-    public ResultVo<String> generateSign(@RequestParam Map<String, Object> params) {
			
 
				-        String appKey = MapUtil.getStr(params, "appKey");
			
 
				-        params.entrySet().removeIf(e -> "appKey".equals(e.getKey()));
			
 
				+    public ResultVo<String> generateSign(HttpServletRequest request) {
			
 
				+        Map<String, String[]> parameterMap = request.getParameterMap();
			
 
				+        String[] appKeys = parameterMap.get("appKey");
			
 
				+        String appKey = appKeys[0];
			
 
				+        parameterMap.entrySet().removeIf(next -> "appKey".equalsIgnoreCase(next.getKey()));
			
 
				         List<AnalysisProperty.AppSign> appSigns = this.property.getAppSigns();
			
 
				         String secret = appSigns.stream().filter(e -> appKey.equalsIgnoreCase(e.getAppKey()))
			
 
				                 .map(AnalysisProperty.AppSign::getAppSecret).findFirst().orElse(null);
			
 
				-        String sign = SignUtil.signParamsMd5(params, secret);
			
 
				+        String sign = SignUtil.signParamsMd5(parameterMap, secret);
			
 
				         return ResultVo.ok(sign);
			
 
				     }
			
 
				 }
			
--- a/src/main/java/com/smppw/analysis/infrastructure/components/ApiSignInterceptor.java
+++ b/src/main/java/com/smppw/analysis/infrastructure/components/ApiSignInterceptor.java
@@ -82,7 +82,7 @@ public class ApiSignInterceptor implements HandlerInterceptor {
 
				         long millis = System.currentTimeMillis();
			
 
				         long time = Long.parseLong(timestamp);
			
 
				         long seconds = Math.min(timeout.getSeconds(), MAX_TIMEOUT);
			
 
				-        if (millis - time > seconds) {
			
 
				+        if (millis - time > seconds * 1000) {
			
 
				             logger.error(StrUtil.format("接口有重放攻击，调用方：{}-{}"), request.getRemoteUser(), request.getRemoteAddr());
			
 
				             this.writeFailJson(response, "请求失败！");
			
 
				             return false;