diff --git a/ghy-admin/src/main/java/com/ghy/web/controller/pay/WxPayController.java b/ghy-admin/src/main/java/com/ghy/web/controller/pay/WxPayController.java new file mode 100644 index 00000000..40033f8e --- /dev/null +++ b/ghy-admin/src/main/java/com/ghy/web/controller/pay/WxPayController.java @@ -0,0 +1,14 @@ +package com.ghy.web.controller.pay; + +import com.ghy.common.core.controller.BaseController; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; + +@Controller +@RequestMapping("/pay/wx") +public class WxPayController extends BaseController { + + + + +} diff --git a/ghy-admin/src/main/java/com/ghy/web/controller/tool/WxController.java b/ghy-admin/src/main/java/com/ghy/web/controller/tool/WxController.java new file mode 100644 index 00000000..ebb68044 --- /dev/null +++ b/ghy-admin/src/main/java/com/ghy/web/controller/tool/WxController.java @@ -0,0 +1,78 @@ +package com.ghy.web.controller.tool; + +import com.ghy.common.core.controller.BaseController; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; + +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +@Controller +@RequestMapping("/wx") +public class WxController extends BaseController { + + @GetMapping("/token") + @ResponseBody + public String demo3(String timestamp, String nonce, String signature, String echostr, HttpServletRequest request) throws IOException { + String token = "gqz"; + boolean checkSignature = checkSignature(signature, timestamp, nonce, token); + if (checkSignature) { + return echostr; + } else { + return null; + } + } + + /** + * 验证微信签名 + */ + public static boolean checkSignature(String signature, String timestamp, + String nonce, String token) { + // 1.将token、timestamp、nonce三个参数进行字典序排序 + String[] arr = new String[]{token, timestamp, nonce}; + Arrays.sort(arr); + // 2. 将三个参数字符串拼接成一个字符串进行sha1加密 + StringBuilder content = new StringBuilder(); + for (int i = 0; i < arr.length; i++) { + content.append(arr[i]); + } + MessageDigest md = null; + String tmpStr = null; + try { + md = MessageDigest.getInstance("SHA-1"); + // 将三个参数字符串拼接成一个字符串进行sha1加密 + byte[] digest = md.digest(content.toString().getBytes()); + tmpStr = byteToStr(digest); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + content = null; + // 3.将sha1加密后的字符串可与signature对比,标识该请求来源于微信 + return tmpStr != null && tmpStr.equals(signature.toUpperCase()); + } + + private static String byteToStr(byte[] byteArray) { + StringBuilder strDigest = new StringBuilder(); + for (int i = 0; i < byteArray.length; i++) { + strDigest.append(byteToHexStr(byteArray[i])); + } + return strDigest.toString(); + } + + private static String byteToHexStr(byte mByte) { + char[] Digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', + 'B', 'C', 'D', 'E', 'F'}; + char[] tempArr = new char[2]; + tempArr[0] = Digit[(mByte >>> 4) & 0X0F]; + tempArr[1] = Digit[mByte & 0X0F]; + String s = new String(tempArr); + return s; + } + + +} diff --git a/ghy-admin/src/main/resources/test1.zip b/ghy-admin/src/main/resources/test1.zip deleted file mode 100644 index 2b09d85e..00000000 Binary files a/ghy-admin/src/main/resources/test1.zip and /dev/null differ diff --git a/ghy-framework/src/main/java/com/ghy/framework/config/ShiroConfig.java b/ghy-framework/src/main/java/com/ghy/framework/config/ShiroConfig.java index 1c173eed..1ddd5113 100644 --- a/ghy-framework/src/main/java/com/ghy/framework/config/ShiroConfig.java +++ b/ghy-framework/src/main/java/com/ghy/framework/config/ShiroConfig.java @@ -275,6 +275,8 @@ public class ShiroConfig shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl); // Shiro连接约束配置,即过滤链的定义 LinkedHashMap filterChainDefinitionMap = new LinkedHashMap<>(); + //部分接口不需要登陆校验 + filterChainDefinitionMap.put("/wx/**", "anon"); // 对静态资源设置匿名访问 filterChainDefinitionMap.put("/favicon.ico**", "anon"); filterChainDefinitionMap.put("/ruoyi.png**", "anon");