feat: 发起认证加token令牌

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/ApiController.java

@@ -121,6 +121,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.mock.web.MockMultipartFile;
@@ -757,6 +758,24 @@ public class ApiController {
 				List<SysUserSubVO> userSignCertList = sysUserSignCertService.listUserSignCertForApi(sysU.getUserId());
 				mapOne.put("certList", userSignCertList);
 
+				// 获取发起认证的令牌
+				String randomStr;
+
+				// 获取操作员
+				HnqzUser finaAdmin = SecurityUtils.getUser();
+				final String token = String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId());
+
+				// 返回缓存生成好的
+				if (Boolean.TRUE.equals(redisTemplate.hasKey(token))) {
+					randomStr = (String) redisTemplate.opsForValue().get(token);
+				} else {
+					// 生成缓存key,将token缓存到redis
+					do {
+						randomStr = RandomStringUtils.randomNumeric(6);
+					} while (Boolean.FALSE.equals(redisTemplate.opsForValue().setIfAbsent(token, randomStr)));
+				}
+				mapOne.put("certToken", randomStr);
+
 				list.add(mapOne);
 
 				roleList.addAll(roleIdList);

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/SysUserSignCertController.java

@@ -14,9 +14,12 @@ import com.qunzhixinxi.hnqz.admin.service.SysUserService;
 import com.qunzhixinxi.hnqz.admin.service.gig.SysUserSignCertService;
 import com.qunzhixinxi.hnqz.common.core.util.R;
 import com.qunzhixinxi.hnqz.common.log.annotation.SysLog;
+import com.qunzhixinxi.hnqz.common.security.service.HnqzUser;
+import com.qunzhixinxi.hnqz.common.security.util.SecurityUtils;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.script.DefaultRedisScript;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -24,6 +27,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -42,7 +46,7 @@ public class SysUserSignCertController {
 
 	private final SysUserService sysUserService;
 
-	private final RedisTemplate redisTemplate;
+	private final RedisTemplate<String, Object> redisTemplate;
 
 	/**
 	 * 保存银行卡信息
@@ -163,6 +167,21 @@ public class SysUserSignCertController {
 	@SysLog("用户签约认证")
 	@PostMapping("/batch-channel-cert")
 	public R<?> batchChannelCert(@RequestBody UserSignCertDTO userSignCertDTO) {
+
+		//1、验证令牌是否合法【令牌的对比和删除必须保证原子性】
+		HnqzUser finaAdmin = SecurityUtils.getUser();
+		final String REDIS_DEL_SCRIPT = "if redis.call('get', KEYS[1]) == ARGV[1] then return redis.call('del', KEYS[1]) else return 0 end";
+		Long execute = redisTemplate.execute(new DefaultRedisScript<>(REDIS_DEL_SCRIPT, Long.class),
+				Collections.singletonList(String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId())), userSignCertDTO.getToken());
+		// 通过EVAL脚本原子验证令牌和删除令牌
+		boolean oops = (execute != null && execute == 0);
+
+		// 令牌验证失败
+		if (oops) {
+			log.error(String.format("提交 TOKEN 不正确：%s", userSignCertDTO.getToken()));
+			return R.failed("提交 TOKEN 不正确，请刷新页面重试");
+		}
+
 		if (userSignCertDTO.getUserId() == null) {
 			return R.failed("userId不能为空");
 		}

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/entity/dto/UserSignCertDTO.java

@@ -71,4 +71,9 @@ public class UserSignCertDTO implements Serializable {
 	 * 验证码
 	 */
 	private String verifyCode;
+
+	/**
+	 * 令牌
+	 */
+	private String token;
 }