Merge branch 'refs/heads/feature-lihb-20251009-gfzxLogin' into dev

blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java

@@ -37,6 +37,7 @@ public class AuthProvider {
         DEFAULT_SKIP_URL.add("/oauth/token/**");
         DEFAULT_SKIP_URL.add("/loginByToken");
         DEFAULT_SKIP_URL.add("/loginByToken2");
+        DEFAULT_SKIP_URL.add("/loginByToken5");
         DEFAULT_SKIP_URL.add("/submit2");
         DEFAULT_SKIP_URL.add("/exceltab/callbackSave");
         DEFAULT_SKIP_URL.add("/oauth/captcha/**");

blade-service-api/blade-user-api/src/main/java/org/springblade/system/user/dto/TokenVerifyResult.java

@@ -0,0 +1,25 @@
+package org.springblade.system.user.dto;
+
+import lombok.Data;
+
+/**
+ * @author LHB
+ */
+@Data
+public class TokenVerifyResult {
+    // 验证结果
+    private boolean valid;
+    // 提示消息
+    private String message;
+    // JWT解析出的账号
+    private String account;
+
+    public TokenVerifyResult() {
+    }
+
+    public TokenVerifyResult(boolean valid, String message, String account) {
+        this.valid = valid;
+        this.message = message;
+        this.account = account;
+    }
+}

blade-service/blade-user/src/main/java/org/springblade/system/user/controller/UserController.java

@@ -56,12 +56,14 @@ import org.springblade.system.cache.ParamCache;
 import org.springblade.system.user.bean.CyGetToken;
 import org.springblade.system.user.bean.ResultCYData;
 import org.springblade.system.user.bean.ResultCYKey;
+import org.springblade.system.user.dto.TokenVerifyResult;
 import org.springblade.system.user.dto.UserDTO;
 import org.springblade.system.user.entity.User;
 import org.springblade.system.user.excel.UserExcel;
 import org.springblade.system.user.excel.UserExcel2;
 import org.springblade.system.user.excel.UserImporter;
 import org.springblade.system.user.service.IUserService;
+import org.springblade.system.user.util.RSA256Utils;
 import org.springblade.system.user.util.RsaUtils;
 import org.springblade.system.user.vo.UserVO;
 import org.springblade.system.user.wrapper.UserWrapper;
@@ -474,7 +476,7 @@ public class UserController {
     @PostMapping("/loginByToken")
     @ApiOperationSupport(order = 20)
     @ApiOperation(value = "token验证加密", notes = "token验证登录")
-    public R loginByToken(String token, HttpServletRequest request) {
+    public R loginByToken(String token, String gfzxToken, HttpServletRequest request) {
         String sys_isonline = ParamCache.getValue(CommonConstant.SYS_ISONLINE);
         token = "bearer " + token;
         HttpClient httpClient = HttpClientBuilder.create().build();
@@ -815,4 +817,51 @@ public class UserController {
         }
         return this.getLoginInfo(Authorization,userInfo);
     }
+
+
+    /**
+     * 成渝获取token接口
+     *
+     * @param request
+     * @return
+     */
+    @PostMapping("/loginByToken5")
+    public R loginByToken5(String token, HttpServletRequest request) {
+        if (token == null) {
+            return R.fail("token值不能为空");
+        }
+        //获取公钥 存放在系统配置中
+        String sql = "select param_value from blade_param where param_key = 'gfzx.publicKey' and is_deleted = 0";
+        String publicKey = jdbcTemplate.queryForObject(sql, String.class);
+        if (StringUtil.isBlank(publicKey)) {
+            return R.fail("系统中不存在公钥信息，请联系管理员");
+        }
+        //解密
+        TokenVerifyResult tokenVerifyResult = RSA256Utils.verifyToken(token, publicKey);
+        if(!tokenVerifyResult.isValid()){
+            return R.fail(tokenVerifyResult.getMessage());
+        }
+
+
+
+        QueryWrapper<User> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("account", tokenVerifyResult.getAccount());
+        queryWrapper.eq("sys_type", 2);
+        User userInfo = userService.getOne(queryWrapper);
+        if (userInfo == null) {
+            return R.fail("用户名或密码错误");
+        }
+
+        String Authorization = request.getHeader("Authorization");
+
+        if (Authorization == null || StringUtil.isEmpty(Authorization)) {
+            String dataInfo = "archives:archives_secret";
+            Authorization = "Basic " + Func.encodeBase64(dataInfo);
+            R loginInfo = this.getLoginInfo(Authorization, userInfo);
+            if (loginInfo.getCode() == 200) {
+                return loginInfo;
+            }
+        }
+        return this.getLoginInfo(Authorization, userInfo);
+    }
 }

blade-service/blade-user/src/main/java/org/springblade/system/user/util/RSA256Utils.java

@@ -0,0 +1,79 @@
+package org.springblade.system.user.util;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import org.springblade.system.user.dto.TokenVerifyResult;
+
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+
+public class RSA256Utils {
+
+    /**
+     * Base64字符串公钥返回PublicKey
+     */
+    public static PublicKey getPublicSecretKey(String publicKey) throws Exception {
+        byte[] keyBytes = Base64.getDecoder().decode(publicKey);
+        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
+        KeyFactory kf = KeyFactory.getInstance("RSA");
+        return kf.generatePublic(spec);
+    }
+
+    /**
+     * 使用公钥对字符串进行验签
+     */
+    public static boolean verifySign(String data, String sign, String publicKey) throws Exception  {
+        Signature verifier = Signature.getInstance("SHA256withRSA");
+        verifier.initVerify(getPublicSecretKey(publicKey)); // 公钥验证
+        verifier.update(data.getBytes());
+        return verifier.verify(Base64.getDecoder().decode(sign));
+    }
+
+    /**
+     * 校验Token是否合法
+     */
+    public static TokenVerifyResult verifyToken(String token, String publicKey) {
+        try {
+            Claims claims = Jwts.parser()
+                    .setSigningKey(RSA256Utils.getPublicSecretKey(publicKey))
+                    .parseClaimsJws(token)
+                    .getBody();
+
+            String account = (String) claims.get("account");
+            String name = (String) claims.get("name");
+            String tag = (String) claims.get("tag");
+            Object tsObj = claims.get("timestamp");
+            String sign = (String) claims.get("sign");
+
+            if (tsObj == null) {
+                return new TokenVerifyResult(false,"缺少时间戳(timestamp)","");
+            }
+
+            long timestamp;
+            try {
+                timestamp = ((Number) tsObj).longValue();
+            } catch (Exception e) {
+                return new TokenVerifyResult(false,"时间戳格式错误","");
+            }
+
+            if (sign == null) {
+                return new TokenVerifyResult(false,"缺少签名字段","");
+            }
+
+            boolean signResult = RSA256Utils.verifySign(account + "|" + name + "|" + tag + "|" + timestamp, sign, publicKey);
+            if (!signResult) {
+                return new TokenVerifyResult(false,"签名不匹配","");
+            }
+            return new TokenVerifyResult(true,"",account);
+        } catch (ExpiredJwtException e) {
+            e.printStackTrace();
+            return new TokenVerifyResult(false,"Token已过期","");
+        } catch (Exception e) {
+            return new TokenVerifyResult(false,"Token非法","");
+        }
+    }
+}