H5离线包下载安全改造

2024-05-09 16:51:12 +08:00 · 2024-05-09 16:51:12 +08:00 · 7ee1884c72
commit 7ee1884c72
parent 1063187101
2 changed files with 27 additions and 4 deletions
--- a/sf-common/src/main/java/com/sf/common/enums/RequestHeaderEnums.java
+++ b/sf-common/src/main/java/com/sf/common/enums/RequestHeaderEnums.java
@ -15,6 +15,11 @@ public enum RequestHeaderEnums
     * 通知完成指令，用于客户端收到通知消息的确认
     */
    APP_CODE("appCode"),
+
+    /**
+     * 通知完成指令，用于客户端收到通知消息的确认  Authorization
+     */
+    AUTHORIZATION("Authorization"),
    ;

    private static Map<String, RequestHeaderEnums> map = new HashMap<>();
--- a/sf-system/src/main/java/com/sf/system/deployment/controller/DeploymentModuleListController.java
+++ b/sf-system/src/main/java/com/sf/system/deployment/controller/DeploymentModuleListController.java
@ -3,10 +3,14 @@ package com.sf.system.deployment.controller;
 import java.io.InputStream;
 import java.net.URL;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
 import javax.servlet.http.HttpServletResponse;
+
+import com.sf.common.core.redis.RedisCache;
 import com.sf.common.enums.RequestHeaderEnums;
 import com.sf.common.utils.http.RequestUtils;
 import com.sf.common.utils.openssl.AES256Util;
+import com.sf.common.utils.uuid.UUID;
 import com.sf.system.deployment.domain.rqs.ModuleListByCoreRequest;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.beans.factory.annotation.Autowired;
@ -39,6 +43,8 @@ import com.sf.common.core.page.TableDataInfo;
 public class DeploymentModuleListController extends BaseController {
    @Autowired
    private IDeploymentModuleListService deploymentModuleListService;
+    @Autowired
+    private RedisCache redisCache;

    /**
     * 查询H5模块包列表
@ -71,24 +77,36 @@ public class DeploymentModuleListController extends BaseController {
    public AjaxResult queryByCore(ModuleListByCoreRequest request, HttpServletResponse response) {
        DeploymentModuleList deploymentModuleList = new DeploymentModuleList();
        deploymentModuleList.setAppCode(RequestUtils.getHeader(RequestHeaderEnums.APP_CODE.getCode()));
+        String authorization = RequestUtils.getHeader(RequestHeaderEnums.AUTHORIZATION.getCode());
        deploymentModuleList.setSysType(request.getSysType());
        deploymentModuleList.setModuleType(request.getModuleType());
        List<DeploymentModuleList> list = deploymentModuleListService.selectDeploymentModuleListList(deploymentModuleList);
        if (list.isEmpty() && null == list.get(0)) {
            throw new SecurityException("无可用模块包");
        }
-
        try {
-            InputStream inputStream = new URL(list.get(0).getModuleUrl()).openStream();
-//            InputStream inputStream = Files.newInputStream(Paths.get("/Users/a1234/Downloads/dist.zip"));
-            InputStream inputStream1 = AES256Util.encryptFile("efghijklmnopqrstuvwxyz0123456789", inputStream);
+            String password = UUID.randomUUID().toString().trim().replaceAll("-", "");
+            //加密
+            InputStream inputStream1 = AES256Util.encryptFile(password, new URL(list.get(0).getModuleUrl()).openStream());
            FileCopyUtils.copy(inputStream1, response.getOutputStream());
+            redisCache.setCacheObject(authorization + request.getModuleType(), password, 3000, TimeUnit.MINUTES);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        return success(null);
    }

+    /**
+     * 获取压缩包密码
+     */
+    @GetMapping("/qurey/ZipCore")
+    public AjaxResult queryZipCore(ModuleListByCoreRequest request) {
+        String authorization = RequestUtils.getHeader(RequestHeaderEnums.AUTHORIZATION.getCode());
+        String cacheObject = redisCache.getCacheObject(authorization + request.getModuleType());
+        return success(cacheObject);
+    }
+
+
    /**
     * 导出H5模块包列表
     */