1、增加接口防篡改

citu-framework/citu-spring-boot-starter-protection/src/main/java/com/citu/framework/signature/core/redis/ApiSignatureRedisDAO.java

@@ -3,6 +3,7 @@ package com.citu.framework.signature.core.redis;
 import lombok.AllArgsConstructor;
 import org.springframework.data.redis.core.StringRedisTemplate;
 
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 /**
@@ -10,7 +11,6 @@ import java.util.concurrent.TimeUnit;
  *
  * @author Zhougang
  */
-@AllArgsConstructor
 public class ApiSignatureRedisDAO {
 
     /**
@@ -30,8 +30,17 @@ public class ApiSignatureRedisDAO {
      * 过期时间：永不过期（预加载到 Redis）
      */
     private static final String SIGNATURE_APPID = "api_signature_app";
+
     private final StringRedisTemplate stringRedisTemplate;
 
+    private final static Map<String,String> appSecretMap = Map.of("web_client","fa0fc0b5098b974b");
+
+    public ApiSignatureRedisDAO(StringRedisTemplate stringRedisTemplate) {
+        this.stringRedisTemplate = stringRedisTemplate;
+        stringRedisTemplate.delete(SIGNATURE_APPID);
+        stringRedisTemplate.opsForHash().putAll(SIGNATURE_APPID, appSecretMap);
+    }
+
     // ========== 验签随机数 ==========
 
     private static String formatNonceKey(String appId, String nonce) {

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/jobhunt/order/AppTradeOrderController.java

@@ -3,6 +3,7 @@ package com.citu.module.menduner.system.controller.app.jobhunt.order;
 import com.citu.framework.common.pojo.CommonResult;
 import com.citu.framework.common.pojo.PageResult;
 import com.citu.framework.security.core.annotations.PreAuthenticated;
+import com.citu.framework.signature.core.annotation.ApiSignature;
 import com.citu.module.menduner.common.util.LoginUserContext;
 import com.citu.module.menduner.system.controller.app.jobhunt.order.vo.AppTradeOrderPageReqVO;
 import com.citu.module.menduner.system.controller.app.jobhunt.order.vo.AppTradeOrderRespVO;
@@ -42,6 +43,7 @@ public class AppTradeOrderController {
     @PostMapping("/create")
     @Operation(summary = "创建订单")
     @PreAuthenticated
+    @ApiSignature(timeout = 30)
     public CommonResult<Long> create(@RequestBody @Valid AppTradeOrderCreateReqVO reqVO) {
         TradeOrderCreateReqVO dto = new TradeOrderCreateReqVO();
         dto.setUserType(String.valueOf(MdeUserTypeEnum.USER.getType()));

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/jobhunt/redeem/AppRedeemController.java

@@ -6,6 +6,7 @@ import com.citu.framework.common.util.object.BeanUtils;
 import com.citu.framework.idempotent.core.annotation.Idempotent;
 import com.citu.framework.idempotent.core.keyresolver.impl.UserIdempotentKeyResolver;
 import com.citu.framework.security.core.annotations.PreAuthenticated;
+import com.citu.framework.signature.core.annotation.ApiSignature;
 import com.citu.module.menduner.common.util.LoginUserContext;
 import com.citu.module.menduner.system.controller.app.jobhunt.redeem.vo.AppRedeemRespVO;
 import com.citu.module.menduner.system.controller.app.jobhunt.redeem.vo.AppRedeemSubmitReqVO;
@@ -37,6 +38,7 @@ public class AppRedeemController {
     @PreAuthenticated
     @PostMapping("/submit")
     @Operation(summary = "兑换提交")
+    @ApiSignature(timeout = 30)
     @Idempotent(keyResolver = UserIdempotentKeyResolver.class)
     public CommonResult<Boolean> submit(@Valid @RequestBody AppRedeemSubmitReqVO reqVO) {
         redeemService.submit(reqVO);

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/recruit/order/AppRecruitTradeOrderController.java

@@ -3,6 +3,7 @@ package com.citu.module.menduner.system.controller.app.recruit.order;
 import com.citu.framework.common.pojo.CommonResult;
 import com.citu.framework.common.pojo.PageResult;
 import com.citu.framework.security.core.annotations.PreAuthenticated;
+import com.citu.framework.signature.core.annotation.ApiSignature;
 import com.citu.module.menduner.common.util.LoginUserContext;
 import com.citu.module.menduner.system.controller.app.recruit.order.vo.*;
 import com.citu.module.menduner.system.controller.base.order.AppTradeOrderCreateReqVO;
@@ -42,6 +43,7 @@ public class AppRecruitTradeOrderController {
     @PostMapping("/create")
     @Operation(summary = "创建订单")
     @PreAuthenticated
+    @ApiSignature(timeout = 30)
     public CommonResult<Long> create(@RequestBody @Valid AppTradeOrderCreateReqVO reqVO) {
         TradeOrderTypeEnum type = TradeOrderTypeEnum.getByType(reqVO.getType());
         TradeOrderCreateReqVO dto = new TradeOrderCreateReqVO();