小程序验证token

boman-wechat/pom.xml

@@ -8,7 +8,7 @@
         <version>2.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
-    <artifactId>boman-wechat</artifactId>
+    <artifactId>jiaoyu-wechat</artifactId>
 
     <properties>
 

boman-wechat/src/main/java/com/boman/wechat/controller/PushMsgController.java

@@ -0,0 +1,55 @@
+package com.boman.wechat.controller;
+
+import com.boman.wechat.utils.CheckAuthUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+import java.util.Objects;
+
+import static com.boman.wechat.utils.CheckAuthUtils.*;
+
+/**
+ * 微信登录验证
+ *
+ * @author zhong.h
+ */
+@RestController
+@RequestMapping("/push/msg")
+public class PushMsgController {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(PushMsgController.class);
+
+    @GetMapping
+    public void pushMsg(HttpServletRequest request, HttpServletResponse response) {
+        // 微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
+        String signature = request.getParameter(SIGNATURE);
+        // 时间戳
+        String timestamp = request.getParameter(TIMESTAMP);
+        // 随机数
+        String nonce = request.getParameter(NONCE);
+        // 随机字符串
+        String echostr = request.getParameter(ECHOSTR);
+        LOGGER.info("method: pushMsg, signature: {}, timestamp: {}, nonce: {}, echostr: {}", signature, timestamp, nonce, echostr);
+        PrintWriter out = null;
+        try {
+            out = response.getWriter();
+            if (checkSignature(signature, timestamp, nonce)) {
+                out.print(echostr);
+                out.flush();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            if (Objects.nonNull(out)) {
+                out.close();
+            }
+        }
+    }
+
+}

boman-wechat/src/main/java/com/boman/wechat/utils/CheckAuthUtils.java

@@ -0,0 +1,81 @@
+package com.boman.wechat.utils;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+import static com.boman.common.core.utils.obj.ObjectUtils.*;
+
+/**
+ * @author shiqian
+ * @date 2021年08月04日 13:38
+ **/
+public class CheckAuthUtils {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(CheckAuthUtils.class);
+
+    /** 定义Token 务必与服务器保持一**/
+    private static String AUTHORIZATION = "Authorization";
+
+    public static final String SIGNATURE = "signature";
+    public static final String TIMESTAMP = "timestamp";
+    public static final String NONCE = "nonce";
+    public static final String ECHOSTR = "echostr";
+    public static final String SHA_1 = "SHA-1";
+
+
+    /**
+     * 验证签名
+     *
+     * @param signature
+     * @param timestamp
+     * @param nonce
+     * @return
+     */
+    public static boolean checkSignature(String signature, String timestamp, String nonce) {
+        // 将token、timestamp、nonce三个参数进行字典排序
+        String[] arr = new String[]{AUTHORIZATION, timestamp, nonce};
+        Arrays.sort(arr);
+
+        // 将三个参数字符串拼接成一个字符串
+        StringBuilder content = new StringBuilder();
+        for (String s : arr) {
+            content.append(s);
+        }
+
+        try {
+            //获取加密工具
+            MessageDigest md = MessageDigest.getInstance(SHA_1);
+            // 对拼接好的字符串进行sha1加密
+            byte[] digest = md.digest(content.toString().getBytes());
+            String tmpStr = byteToStr(digest);
+            //获得加密后的字符串与signature对比
+            boolean result = tmpStr.equals(signature.toUpperCase());
+            LOGGER.info("method: checkSignature, tmpStr: {}, result: {}", tmpStr, result);
+            return result;
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return false;
+    }
+
+    private static String byteToStr(byte[] byteArray) {
+        StringBuilder strDigest = new StringBuilder();
+        for (byte b : byteArray) {
+            strDigest.append(byteToHexStr(b));
+        }
+        return strDigest.toString();
+    }
+
+    private static String byteToHexStr(byte mByte) {
+        char[] digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
+        char[] tempArr = new char[2];
+        tempArr[0] = digit[(mByte >>> 4) & 0X0F];
+        tempArr[1] = digit[mByte & 0X0F];
+        return new String(tempArr);
+    }
+
+}