MD5 sign timestamp validation and remove log4j2 kafka

2022-07-14 17:08:16 +08:00
parent 93faf3bed6
commit 6726250980
9 changed files with 29 additions and 166 deletions
--- a/fizz-core/src/main/java/we/config/SystemConfig.java
+++ b/fizz-core/src/main/java/we/config/SystemConfig.java
@@ -76,17 +76,24 @@ public class SystemConfig {

    private  boolean      aggregateTestAuth  = false;

+    @Value("${fizz.md5sign-timestamp-timeliness:300}")
+    private int fizzMD5signTimestampTimeliness = 300; // unit: sec
+
+    public int fizzMD5signTimestampTimeliness() {
+        return fizzMD5signTimestampTimeliness;
+    }
+
    @Value("${route-timeout:0}")
    private  long         routeTimeout       = 0;

    @Value("${fizz-trace-id.header:X-Trace-Id}")
-    private   String       fizzTraceIdHeader;
+    private   String      fizzTraceIdHeader;

    @Value("${fizz-trace-id.value-strategy:requestId}")
-    private   String       fizzTraceIdValueStrategy;
+    private   String      fizzTraceIdValueStrategy;

    @Value("${fizz-trace-id.value-prefix:fizz}")
-    private   String       fizzTraceIdValuePrefix;
+    private   String      fizzTraceIdValuePrefix;

    @Value("${fizz.error.response.http-status.enable:true}")
    public void setFizzErrRespHttpStatusEnable(boolean fizzErrRespHttpStatusEnable) {
--- a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
+++ b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
@@ -40,6 +40,7 @@ import we.util.*;

 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
+import java.time.LocalDateTime;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Supplier;
@@ -515,22 +516,29 @@ public class ApiConfigService implements ApplicationListener<ContextRefreshedEve
        if (StringUtils.isAnyBlank(timestamp, sign)) {
            r.code = Result.FAIL;
            r.msg  = a.app + " not present timestamp " + timestamp + " or sign " + sign;
-        } else if (validate(a.app, timestamp, a.secretkey, sign)) {
        } else {
-            r.code = Result.FAIL;
-            r.msg  = a.app + " sign " + sign + " invalid";
+            long ts = Long.parseLong(timestamp);
+            LocalDateTime now = LocalDateTime.now();
+            long timeliness = systemConfig.fizzMD5signTimestampTimeliness();
+            long start = DateTimeUtils.toMillis(now.minusSeconds(timeliness));
+            long end   = DateTimeUtils.toMillis(now.plusSeconds(timeliness));
+            if (start <= ts && ts <= end) {
+                StringBuilder b = ThreadContext.getStringBuilder();
+                              b.append(a.app)    .append(Consts.S.UNDER_LINE)
+                               .append(timestamp).append(Consts.S.UNDER_LINE)
+                               .append(a.secretkey);
+                if (!sign.equalsIgnoreCase(DigestUtils.md532(b.toString()))) {
+                    r.code = Result.FAIL;
+                    r.msg  = a.app + " sign " + sign + " invalid";
+                }
+            } else {
+                r.code = Result.FAIL;
+                r.msg  = a.app + " timestamp " + timestamp + " invalid";
+            }
        }
        return Mono.just(r);
    }

-    private boolean validate(String app, String timestamp, String secretKey, String sign) {
-        StringBuilder b = ThreadContext.getStringBuilder();
-        b.append(app)      .append(Consts.S.UNDER_LINE)
-         .append(timestamp).append(Consts.S.UNDER_LINE)
-         .append(secretKey);
-        return sign.equalsIgnoreCase(DigestUtils.md532(b.toString()));
-    }
-
    private Mono<Result<ApiConfig>> authSecretKey(App a, String sign, Result<ApiConfig> r) {
        if (StringUtils.isBlank(sign)) {
            r.code = Result.FAIL;
--- a/fizz-core/src/test/resources/log4j2-kafka.json
+++ b/fizz-core/src/test/resources/log4j2-kafka.json
@@ -1,38 +0,0 @@
-{
-  "logTime": {
-    "$resolver": "timestamp",
-    "epoch": {
-      "unit": "millis",
-      "rounded": true
-    }
-  },
-  "logLevel": {
-    "$resolver": "level",
-    "field": "name"
-  },
-  "logMsg": {
-    "$resolver": "message",
-    "stringified": true
-  },
-  "thread": {
-    "$resolver": "thread",
-    "field": "name"
-  },
-  "loggerName": {
-    "$resolver": "logger",
-    "field": "name"
-  },
-  "thrown": {
-    "message": {
-      "$resolver": "exception",
-      "field": "message"
-    },
-    "extendedStackTrace": {
-      "$resolver": "exception",
-      "field": "stackTrace",
-      "stackTrace": {
-        "stringified": true
-      }
-    }
-  }
-}
--- a/fizz-core/src/test/resources/log4j2-test.xml
+++ b/fizz-core/src/test/resources/log4j2-test.xml
@@ -8,26 +8,13 @@
        <Console name="Console" target="SYSTEM_OUT">
            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %level %logger{36} - %msg%n"/>
        </Console>
-        <!--<Kafka name="KafkaAppender4biz" topic="log-zt-fizz-core" syncSend="false">
-            <JsonTemplateLayout eventTemplateUri="classpath:log4j2-kafka.json">
-                <EventTemplateAdditionalField key="traceId" value="$${ctx:traceId}"/>
-            </JsonTemplateLayout>
-            <Property name="bootstrap.servers">1.1.1.1:9092</Property>
-        </Kafka>
-        <Kafka name="KafkaAppender4monitor" topic="log-zt-fizz-core-monitor" syncSend="false">
-            <PatternLayout pattern="%m"/>
-            <Property name="bootstrap.servers">1.1.1.1:9092</Property>
-        </Kafka>-->
    </Appenders>
    <Loggers>
        <Root level="warn">
            <AppenderRef ref="Console"/>
-            <!--<AppenderRef ref="KafkaAppender4biz"/>-->
        </Root>
-        <Logger name="org.apache.kafka" level="info"/>
        <Logger name="monitor" level="warn" additivity="false">
            <AppenderRef ref="Console"/>
-            <!--<AppenderRef ref="KafkaAppender4monitor"/>-->
        </Logger>
        <Logger name="we" level="debug"/>
    </Loggers>