From 67262509801456b5863adde6a7c6c5620e3c80f3 Mon Sep 17 00:00:00 2001
From: hongqiaowei <hongqiaowei@163.com>
Date: Thu, 14 Jul 2022 17:08:16 +0800
Subject: [PATCH] MD5 sign timestamp validation and remove log4j2 kafka

---
 fizz-bootstrap/pom.xml                        | 12 ------
 .../src/main/resources/log4j2-kafka.json      | 38 -------------------
 .../src/main/resources/log4j2-spring.xml      | 29 --------------
 fizz-common/pom.xml                           | 10 -----
 .../src/main/java/we/config/SystemConfig.java | 13 +++++--
 .../java/we/plugin/auth/ApiConfigService.java | 30 +++++++++------
 .../src/test/resources/log4j2-kafka.json      | 38 -------------------
 fizz-core/src/test/resources/log4j2-test.xml  | 13 -------
 pom.xml                                       | 12 ------
 9 files changed, 29 insertions(+), 166 deletions(-)
 delete mode 100644 fizz-bootstrap/src/main/resources/log4j2-kafka.json
 delete mode 100644 fizz-core/src/test/resources/log4j2-kafka.json

diff --git a/fizz-bootstrap/pom.xml b/fizz-bootstrap/pom.xml
index 59c1ae8..359b676 100644
--- a/fizz-bootstrap/pom.xml
+++ b/fizz-bootstrap/pom.xml
@@ -85,18 +85,6 @@
             <groupId>io.netty</groupId>
             <artifactId>netty-tcnative-classes</artifactId>
             <version>${netty-tcnative.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-layout-template-json</artifactId>
-            <version>${log4j2.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.kafka</groupId>
-            <artifactId>kafka-clients</artifactId>
-            <version>2.0.1</version>
         </dependency>-->
     </dependencies>
 
diff --git a/fizz-bootstrap/src/main/resources/log4j2-kafka.json b/fizz-bootstrap/src/main/resources/log4j2-kafka.json
deleted file mode 100644
index c540015..0000000
--- a/fizz-bootstrap/src/main/resources/log4j2-kafka.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "logTime": {
-    "$resolver": "timestamp",
-    "epoch": {
-      "unit": "millis",
-      "rounded": true
-    }
-  },
-  "logLevel": {
-    "$resolver": "level",
-    "field": "name"
-  },
-  "logMsg": {
-    "$resolver": "message",
-    "stringified": true
-  },
-  "thread": {
-    "$resolver": "thread",
-    "field": "name"
-  },
-  "loggerName": {
-    "$resolver": "logger",
-    "field": "name"
-  },
-  "thrown": {
-    "message": {
-      "$resolver": "exception",
-      "field": "message"
-    },
-    "extendedStackTrace": {
-      "$resolver": "exception",
-      "field": "stackTrace",
-      "stackTrace": {
-        "stringified": true
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/fizz-bootstrap/src/main/resources/log4j2-spring.xml b/fizz-bootstrap/src/main/resources/log4j2-spring.xml
index 943e367..a6a93bf 100644
--- a/fizz-bootstrap/src/main/resources/log4j2-spring.xml
+++ b/fizz-bootstrap/src/main/resources/log4j2-spring.xml
@@ -4,7 +4,6 @@
 	<properties>
 		<property name="APP_NAME">fizz-bootstrap</property>
 		<property name="LOG_DIR">${sys:APP_ROOT_DIR}/log</property>
-		<!--<property name="KAFKA_SERVER">1.1.1.1:9092</property>-->
 	</properties>
 	<Appenders>
 		<Console name="Console" target="SYSTEM_OUT">
@@ -21,37 +20,13 @@
 			</Policies>
 			<DefaultRolloverStrategy max="50"/>
 		</RollingRandomAccessFile>-->
-		<!--<Kafka name="KafkaAppender4biz" topic="fizz-bootstrap" syncSend="false">
-			<JsonTemplateLayout eventTemplateUri="classpath:log4j2-kafka.json">
-				<EventTemplateAdditionalField key="traceId" value="$${ctx:traceId}"/>
-			</JsonTemplateLayout>
-			<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
-		</Kafka>
-		<Kafka name="KafkaAppender4monitor" topic="fizz-bootstrap-monitor" syncSend="false">
-			<PatternLayout pattern="%m"/>
-			<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
-		</Kafka>
-		<Kafka name="KafkaAppender4stat" topic="fizz-bootstrap-stat" syncSend="false">
-			<PatternLayout pattern="%m"/>
-			<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
-		</Kafka>
-		<Kafka name="KafkaAppender4flow" topic="fizz-bootstrap-flow" syncSend="false">
-			<PatternLayout pattern="%m"/>
-			<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
-		</Kafka>
-		<Kafka name="KafkaAppender4callback" topic="fizz-bootstrap-callback" syncSend="false">
-			<PatternLayout pattern="%m"/>
-			<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
-		</Kafka>-->
 	</Appenders>
 	<Loggers>
 		<Root level="warn" includeLocation="false">
 			<AppenderRef ref="Console"/>
 			<AppenderRef ref="LogSend"/>
 			<!--<AppenderRef ref="RollingFile"/>-->
-			<!--<AppenderRef ref="KafkaAppender4biz"/>-->
 		</Root>
-		<Logger name="org.apache.kafka" level="info" includeLocation="false"/>
 		<!-- suppress the warn 'No URLs will be polled as dynamic configuration sources.' -->
 		<logger name="com.netflix.config.sources.URLConfigurationSource" level="ERROR" includeLocation="false"/>
 		<Logger name="we" level="info" includeLocation="false" additivity="false">
@@ -60,19 +35,15 @@
 		</Logger>
 		<Logger name="monitor" level="info" includeLocation="false" additivity="false">
 			<AppenderRef ref="Console"/>
-			<!--<AppenderRef ref="KafkaAppender4monitor"/>-->
 		</Logger>
 		<Logger name="stat" level="info" includeLocation="false" additivity="false">
 			<AppenderRef ref="Console"/>
-			<!--<AppenderRef ref="KafkaAppender4stat"/>-->
 		</Logger>
 		<Logger name="flow" level="info" includeLocation="false" additivity="false">
 			<AppenderRef ref="Console"/>
-			<!--<AppenderRef ref="KafkaAppender4flow"/>-->
 		</Logger>
 		<Logger name="callback" level="info" includeLocation="false" additivity="false">
 			<AppenderRef ref="Console"/>
-			<!--<AppenderRef ref="KafkaAppender4callback"/>-->
 		</Logger>
 	</Loggers>
 </Configuration>
diff --git a/fizz-common/pom.xml b/fizz-common/pom.xml
index c003c53..6c61511 100644
--- a/fizz-common/pom.xml
+++ b/fizz-common/pom.xml
@@ -17,16 +17,6 @@
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-layout-template-json</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.kafka</groupId>
-            <artifactId>kafka-clients</artifactId>
-        </dependency>
-
         <dependency>
             <groupId>org.openjdk.jol</groupId>
             <artifactId>jol-core</artifactId>
diff --git a/fizz-core/src/main/java/we/config/SystemConfig.java b/fizz-core/src/main/java/we/config/SystemConfig.java
index 7965139..83ee4c5 100644
--- a/fizz-core/src/main/java/we/config/SystemConfig.java
+++ b/fizz-core/src/main/java/we/config/SystemConfig.java
@@ -76,17 +76,24 @@ public class SystemConfig {
 
     private  boolean      aggregateTestAuth  = false;
 
+    @Value("${fizz.md5sign-timestamp-timeliness:300}")
+    private int fizzMD5signTimestampTimeliness = 300; // unit: sec
+
+    public int fizzMD5signTimestampTimeliness() {
+        return fizzMD5signTimestampTimeliness;
+    }
+
     @Value("${route-timeout:0}")
     private  long         routeTimeout       = 0;
 
     @Value("${fizz-trace-id.header:X-Trace-Id}")
-    private   String       fizzTraceIdHeader;
+    private   String      fizzTraceIdHeader;
 
     @Value("${fizz-trace-id.value-strategy:requestId}")
-    private   String       fizzTraceIdValueStrategy;
+    private   String      fizzTraceIdValueStrategy;
 
     @Value("${fizz-trace-id.value-prefix:fizz}")
-    private   String       fizzTraceIdValuePrefix;
+    private   String      fizzTraceIdValuePrefix;
 
     @Value("${fizz.error.response.http-status.enable:true}")
     public void setFizzErrRespHttpStatusEnable(boolean fizzErrRespHttpStatusEnable) {
diff --git a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
index 8846ea9..9736d7b 100644
--- a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
+++ b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
@@ -40,6 +40,7 @@ import we.util.*;
 
 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
+import java.time.LocalDateTime;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Supplier;
@@ -515,22 +516,29 @@ public class ApiConfigService implements ApplicationListener<ContextRefreshedEve
         if (StringUtils.isAnyBlank(timestamp, sign)) {
             r.code = Result.FAIL;
             r.msg  = a.app + " not present timestamp " + timestamp + " or sign " + sign;
-        } else if (validate(a.app, timestamp, a.secretkey, sign)) {
         } else {
-            r.code = Result.FAIL;
-            r.msg  = a.app + " sign " + sign + " invalid";
+            long ts = Long.parseLong(timestamp);
+            LocalDateTime now = LocalDateTime.now();
+            long timeliness = systemConfig.fizzMD5signTimestampTimeliness();
+            long start = DateTimeUtils.toMillis(now.minusSeconds(timeliness));
+            long end   = DateTimeUtils.toMillis(now.plusSeconds(timeliness));
+            if (start <= ts && ts <= end) {
+                StringBuilder b = ThreadContext.getStringBuilder();
+                              b.append(a.app)    .append(Consts.S.UNDER_LINE)
+                               .append(timestamp).append(Consts.S.UNDER_LINE)
+                               .append(a.secretkey);
+                if (!sign.equalsIgnoreCase(DigestUtils.md532(b.toString()))) {
+                    r.code = Result.FAIL;
+                    r.msg  = a.app + " sign " + sign + " invalid";
+                }
+            } else {
+                r.code = Result.FAIL;
+                r.msg  = a.app + " timestamp " + timestamp + " invalid";
+            }
         }
         return Mono.just(r);
     }
 
-    private boolean validate(String app, String timestamp, String secretKey, String sign) {
-        StringBuilder b = ThreadContext.getStringBuilder();
-        b.append(app)      .append(Consts.S.UNDER_LINE)
-         .append(timestamp).append(Consts.S.UNDER_LINE)
-         .append(secretKey);
-        return sign.equalsIgnoreCase(DigestUtils.md532(b.toString()));
-    }
-
     private Mono<Result<ApiConfig>> authSecretKey(App a, String sign, Result<ApiConfig> r) {
         if (StringUtils.isBlank(sign)) {
             r.code = Result.FAIL;
diff --git a/fizz-core/src/test/resources/log4j2-kafka.json b/fizz-core/src/test/resources/log4j2-kafka.json
deleted file mode 100644
index c540015..0000000
--- a/fizz-core/src/test/resources/log4j2-kafka.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "logTime": {
-    "$resolver": "timestamp",
-    "epoch": {
-      "unit": "millis",
-      "rounded": true
-    }
-  },
-  "logLevel": {
-    "$resolver": "level",
-    "field": "name"
-  },
-  "logMsg": {
-    "$resolver": "message",
-    "stringified": true
-  },
-  "thread": {
-    "$resolver": "thread",
-    "field": "name"
-  },
-  "loggerName": {
-    "$resolver": "logger",
-    "field": "name"
-  },
-  "thrown": {
-    "message": {
-      "$resolver": "exception",
-      "field": "message"
-    },
-    "extendedStackTrace": {
-      "$resolver": "exception",
-      "field": "stackTrace",
-      "stackTrace": {
-        "stringified": true
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/fizz-core/src/test/resources/log4j2-test.xml b/fizz-core/src/test/resources/log4j2-test.xml
index b3b16f9..4148b77 100644
--- a/fizz-core/src/test/resources/log4j2-test.xml
+++ b/fizz-core/src/test/resources/log4j2-test.xml
@@ -8,26 +8,13 @@
         <Console name="Console" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %level %logger{36} - %msg%n"/>
         </Console>
-        <!--<Kafka name="KafkaAppender4biz" topic="log-zt-fizz-core" syncSend="false">
-            <JsonTemplateLayout eventTemplateUri="classpath:log4j2-kafka.json">
-                <EventTemplateAdditionalField key="traceId" value="$${ctx:traceId}"/>
-            </JsonTemplateLayout>
-            <Property name="bootstrap.servers">1.1.1.1:9092</Property>
-        </Kafka>
-        <Kafka name="KafkaAppender4monitor" topic="log-zt-fizz-core-monitor" syncSend="false">
-            <PatternLayout pattern="%m"/>
-            <Property name="bootstrap.servers">1.1.1.1:9092</Property>
-        </Kafka>-->
     </Appenders>
     <Loggers>
         <Root level="warn">
             <AppenderRef ref="Console"/>
-            <!--<AppenderRef ref="KafkaAppender4biz"/>-->
         </Root>
-        <Logger name="org.apache.kafka" level="info"/>
         <Logger name="monitor" level="warn" additivity="false">
             <AppenderRef ref="Console"/>
-            <!--<AppenderRef ref="KafkaAppender4monitor"/>-->
         </Logger>
         <Logger name="we" level="debug"/>
     </Loggers>
diff --git a/pom.xml b/pom.xml
index de7f1b5..f1637cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,18 +70,6 @@
 
 	<dependencyManagement>
 		<dependencies>
-			<dependency>
-				<groupId>org.apache.logging.log4j</groupId>
-				<artifactId>log4j-layout-template-json</artifactId>
-				<version>${log4j2.version}</version>
-			</dependency>
-
-			<dependency>
-				<groupId>org.apache.kafka</groupId>
-				<artifactId>kafka-clients</artifactId>
-				<version>2.0.1</version>
-			</dependency>
-
 			<dependency>
 				<groupId>org.openjdk.jol</groupId>
 				<artifactId>jol-core</artifactId>