lin pannong

igirl-channel-gateway/app/base/api/impl/action/service.js

@@ -11,18 +11,24 @@ class TradetransferAPI extends APIBase {
     this.utilsServiceSve = system.getObject("service.utilsSve.utilsServiceSve");
     this.utilsServiceSve = system.getObject("service.utilsSve.utilsServiceSve");
   }
   }
 
 
-  async create(pobj) {
+  async create(pobj,query,req) {
     console.log(pobj);
     console.log(pobj);
     // 校验必填 pannong 2.1
     // 校验必填 pannong 2.1
-    var checkResult = await this.serviceCreateCheck(pobj);
+    var checkResult = await this.serviceCreateCheck(pobj,req.headers);
     if(checkResult.status != 0) {
     if(checkResult.status != 0) {
       return checkResult;
       return checkResult;
     }
     }
-    var result = await this.utilsServiceSve.submitService(pobj);
+    var result = await this.utilsServiceSve.submitService(pobj,req.headers);
     return result
     return result
   }
   }
-  
-  async serviceCreateCheck(pobj) {
+
+  async serviceCreateCheck(pobj,headers) {
+    if(!headers.appkey) {
+      return system.getResult(null, "headers.appkey cannot be empty");
+    }
+    if(!headers.sign) {
+      return system.getResult(null, "headers.sign cannot be empty");
+    }
     if(!pobj.bizId) {
     if(!pobj.bizId) {
       return system.getResult(null, "bizId cannot be empty");
       return system.getResult(null, "bizId cannot be empty");
     }
     }

igirl-channel-gateway/app/base/service/impl/utilsSve/utilsServiceSve.js

@@ -2,6 +2,7 @@ var system = require("../../../system");
 var settings = require("../../../../config/settings");
 var settings = require("../../../../config/settings");
 const AppServiceBase = require("../../app.base");
 const AppServiceBase = require("../../app.base");
 const uuidv4 = require('uuid/v4');
 const uuidv4 = require('uuid/v4');
+const md5 = require("MD5");
 const logCtl = system.getObject("service.common.oplogSve");
 const logCtl = system.getObject("service.common.oplogSve");
 //商标查询操作
 //商标查询操作
 class UtilsNeedSve extends AppServiceBase {
 class UtilsNeedSve extends AppServiceBase {
@@ -45,7 +46,7 @@ class UtilsNeedSve extends AppServiceBase {
   }
   }
 
 
   // 2020 1103 lin 新增 磐农2.1 创建服务单
   // 2020 1103 lin 新增 磐农2.1 创建服务单
-  async submitService(pobj) {
+  async submitService(pobj,heade) {
     var tokenInfo = await this.getCenterToken();
     var tokenInfo = await this.getCenterToken();
     if (tokenInfo.status != 0) {
     if (tokenInfo.status != 0) {
       return system.getResult(null, "submitService get token fail")
       return system.getResult(null, "submitService get token fail")
@@ -73,10 +74,33 @@ class UtilsNeedSve extends AppServiceBase {
         return system.getResult(null, "submitService get userpin fail")
         return system.getResult(null, "submitService get userpin fail")
       }
       }
     }
     }
+
+    // 2020 1104 lin 验签
+    // 1.TODO:验证数据签名
+    var sobj = {
+      "actionType": "getAppInfoByAppKey",
+      "actionBody": heade.appkey
+    }
+    url = settings.centerChannelUrl() + "/api/action/sign/springBoard";
+    var rtn = rtn = await this.execlient.execDataPostByTokenUserPin(sobj, url, token, userpin);
+    if (!rtn || !rtn.stdout) {
+      return system.getResult(null, "getAppInfoByAppKey stdout fail")
+    }
+    var result = JSON.parse(rtn.stdout);
+    if(!result || result.status!=0){
+      return system.getResult(null, result.msg)
+    }
+    var appInfo = result.data;
+		// 2.通过appsecret 验签
+    pobj.sign = heade.sign;
+    var verifyRes = await this.verifySign(pobj,appInfo.uapp_secret);
+		if(!verifyRes || verifyRes.status!=0){
+			return system.getResult(null, verifyRes.msg)
+    }
+      
     //带userpin请求
     //带userpin请求
     url = settings.centerChannelUrl() + "/api/opreceive/service/springBoard";
     url = settings.centerChannelUrl() + "/api/opreceive/service/springBoard";
     var sobj = {
     var sobj = {
-      // "actionType": pobj.action_type,
       "actionType": "submitService",
       "actionType": "submitService",
       "actionBody": pobj
       "actionBody": pobj
     }
     }
@@ -92,6 +116,44 @@ class UtilsNeedSve extends AppServiceBase {
     }
     }
   }
   }
 
 
+  /**
+    * 验证签名
+    * @param {*} params 要验证的参数 
+    * @param {*} app_secret 应用的校验key
+    */
+  async verifySign(params, app_secret) {
+    if (!params) {
+      return system.getResult(null, "请求参数为空");
+    }
+    if (!params.sign) {
+      return system.getResult(null, "请求参数sign为空");
+    }
+    var signArr = [];
+    var keys = Object.keys(params).sort();
+    if (keys.length == 0) {
+      return system.getResult(null, "请求参数信息为空");
+    }
+    for (let k = 0; k < keys.length; k++) {
+      const tKey = keys[k];
+      if (tKey != "sign" && params[tKey]) {
+        let tmpKeyValue = params[tKey];
+        if (tmpKeyValue instanceof Array || tmpKeyValue instanceof Object) {
+          tmpKeyValue = JSON.stringify(tmpKeyValue);
+        }
+        signArr.push(tKey + "=" + tmpKeyValue);
+      }
+    }
+    if (signArr.length == 0) {
+      return system.getResult(null, "请求参数组装签名参数信息为空");
+    }
+    var resultSignStr = signArr.join("&") + "&key=" + app_secret;
+    var resultTmpSign = md5(resultSignStr).toUpperCase();
+    if (params.sign != resultTmpSign) {
+      return system.getResult(null, "返回值签名验证失败");
+    }
+    return system.getResultSuccess();
+  }
+
   // 2020 0926 lin 新增 阿里文网文 服务商侧提供接口2.2 关闭需求通知服务商
   // 2020 0926 lin 新增 阿里文网文 服务商侧提供接口2.2 关闭需求通知服务商
   async needCloseAliEsp(pobj) {
   async needCloseAliEsp(pobj) {
     var tokenInfo = await this.getCenterToken();
     var tokenInfo = await this.getCenterToken();