пре 7 месеци · 762588d8a7
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/java/com/xingxi/api/configuration/security/SpringWebSecurityConfiguration.java
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/java/com/xingxi/api/configuration/security/SpringWebSecurityConfiguration.java
@@ -1,7 +1,9 @@
 
				 package com.xingxi.api.configuration.security;
			
 
				 
			
 
				+import cn.binarywang.wx.miniapp.api.WxMaService;
			
 
				 import lombok.RequiredArgsConstructor;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				+import me.chanjar.weixin.mp.api.WxMpService;
			
 
				 import org.springframework.beans.factory.annotation.Value;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
@@ -10,6 +12,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 
				 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			
 
				 import org.springframework.security.config.http.SessionCreationPolicy;
			
 
				+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			
 
				 import org.springframework.web.cors.CorsConfiguration;
			
 
				 import org.springframework.web.cors.CorsConfigurationSource;
			
 
				 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
			
@@ -30,6 +33,15 @@ class SpringWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				     @Value("${spring.application.cors.allowedHeaders}")
			
 
				     private String[] allowedHeaders;
			
 
				 
			
 
				+    private final JwtAuthenticationManager jwtAuthenticationManager;
			
 
				+    private final WxLoginAuthenticationManager wxLoginAuthenticationManager;
			
 
				+    private final WxAuthenticationSuccessHandler wxAuthenticationSuccessHandler;
			
 
				+    private final WxAuthenticationFailureHandler wxAuthenticationFailureHandler;
			
 
				+    private final WxAuthenticationEntryPoint wxAuthenticationEntryPoint;
			
 
				+    private final WxAccessDeniedHandler wxAccessDeniedHandler;
			
 
				+    private final WxMaService wxMaService;
			
 
				+    private final WxMpService wxMpService;
			
 
				+
			
 
				     // cors
			
 
				     @Bean("corsConfigurationSource")
			
 
				     public CorsConfigurationSource corsConfigurationSource() {
			
@@ -41,7 +53,6 @@ class SpringWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				         source.registerCorsConfiguration(pathPattern, configuration);
			
 
				         return source;
			
 
				     }
			
 
				-
			
 
				     @Override
			
 
				     protected void configure(HttpSecurity http) throws Exception {
			
 
				         http.csrf()
			
@@ -52,16 +63,37 @@ class SpringWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
				                 .cors()
			
 
				                 .and()
			
 
				                 .authorizeRequests()
			
 
				-                .antMatchers("/error/**", "/unifiedpay/**", "/api/store/wxlogin", "/wxpay/**").permitAll()
			
 
				+                .antMatchers("/error/**", "/unifiedpay/**").permitAll()
			
 
				                 .anyRequest().authenticated()
			
 
				                 .and()
			
 
				                 .exceptionHandling()
			
 
				-                .authenticationEntryPoint(null)
			
 
				-                .accessDeniedHandler(null);
			
 
				+                .authenticationEntryPoint(wxAuthenticationEntryPoint)
			
 
				+                .accessDeniedHandler(wxAccessDeniedHandler);
			
 
				+        // 使用WxAppletAuthenticationFilter替换默认的认证过滤器UsernamePasswordAuthenticationFilter
			
 
				+
			
 
				+
			
 
				+        http.addFilterAt(wxLoginAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
			
 
				+                // 在WxAppletAuthenticationFilter前面添加用于验证jwt，识别用户是否登录的过滤器
			
 
				+                .addFilterBefore(jwtAuthenticationTokenFilter(), WxLoginAuthenticationProcessingFilter.class);
			
 
				+    }
			
 
				+
			
 
				+    @Bean
			
 
				+    public JwtAuthenticationFilter jwtAuthenticationTokenFilter() {
			
 
				+        log.debug("JwtAuthenticationFilter created.");
			
 
				+        return new JwtAuthenticationFilter(jwtAuthenticationManager);
			
 
				+    }
			
 
				+
			
 
				+    @Bean
			
 
				+    public WxLoginAuthenticationProcessingFilter wxLoginAuthenticationProcessingFilter() {
			
 
				+        log.debug("WxLoginAuthenticationProcessingFilter created.");
			
 
				+        WxLoginAuthenticationProcessingFilter filter = new WxLoginAuthenticationProcessingFilter(wxLoginAuthenticationManager, wxMaService, wxMpService);
			
 
				+        filter.setAuthenticationSuccessHandler(wxAuthenticationSuccessHandler);
			
 
				+        filter.setAuthenticationFailureHandler(wxAuthenticationFailureHandler);
			
 
				+        return filter;
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    public void configure(WebSecurity web) throws Exception {
			
 
				+        web.ignoring().antMatchers("/api/store/wxlogin", "/wxpay/**");
			
 
				     }
			
 
				-//
			
 
				-//    @Override
			
 
				-//    public void configure(WebSecurity web) throws Exception {
			
 
				-//
			
 
				-//    }
			
 
				 }
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/META-INF/apiclient_cert.pem
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/META-INF/apiclient_cert.pem
@@ -0,0 +1,25 @@
 
				+-----BEGIN CERTIFICATE-----
			
 
				+MIIEITCCAwmgAwIBAgIUT74STeWq1T4f9S50ATGmBy/mkvEwDQYJKoZIhvcNAQEL
			
 
				+BQAwXjELMAkGA1UEBhMCQ04xEzARBgNVBAoTClRlbnBheS5jb20xHTAbBgNVBAsT
			
 
				+FFRlbnBheS5jb20gQ0EgQ2VudGVyMRswGQYDVQQDExJUZW5wYXkuY29tIFJvb3Qg
			
 
				+Q0EwHhcNMjUwNTA2MTI0MTQ5WhcNMzAwNTA1MTI0MTQ5WjB7MRMwEQYDVQQDDAox
			
 
				+NzA5MzM3MjEwMRswGQYDVQQKDBLlvq7kv6HllYbmiLfns7vnu58xJzAlBgNVBAsM
			
 
				+HuS4iua1t+mmqOemp+WVhui0uOaciemZkOWFrOWPuDELMAkGA1UEBhMCQ04xETAP
			
 
				+BgNVBAcMCFNoZW5aaGVuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
			
 
				+vwu+mxVg80S1sLasQt9tJXSiP6y6EvBqA+I+ILsjcjvNhLyklUR8heh4bZII7laF
			
 
				+Z1865HZvQFy6gMM8cHAY29gYtGAHJpmMaDRstQUhZsUB0V3SJexGdJMXFJzDcTEG
			
 
				+pwKC1V+nKo8oLYu0Z1Qp8qRRMfnxZRTHpsGxS3urrIvuxjUYT4MtP5LfpFgGyzzA
			
 
				+KkESxazNNF/tmSPcFsJ4Avvi0185pk0ywUteI1v1X6TNwveSoVEsTCQkCY+xHQ8s
			
 
				+wgXKzsWltND7izxV9v160l0lDm+BE6WlCIOkpgpg4NvCUMs09XJqIKJ5WTpZZ7KS
			
 
				+e8ZNsu0710DkIaaRyKqsywIDAQABo4G5MIG2MAkGA1UdEwQCMAAwCwYDVR0PBAQD
			
 
				+AgP4MIGbBgNVHR8EgZMwgZAwgY2ggYqggYeGgYRodHRwOi8vZXZjYS5pdHJ1cy5j
			
 
				+b20uY24vcHVibGljL2l0cnVzY3JsP0NBPTFCRDQyMjBFNTBEQkMwNEIwNkFEMzk3
			
 
				+NTQ5ODQ2QzAxQzNFOEVCRDImc2c9SEFDQzQ3MUI2NTQyMkUxMkIyN0E5RDMzQTg3
			
 
				+QUQxQ0RGNTkyNkUxNDAzNzEwDQYJKoZIhvcNAQELBQADggEBAJbIWrtDSomABA61
			
 
				+5X4FgVC4M9WIjiZJDgPgf3W8ztVnXTMuk5uD1Lxb/W5Dx04ZXfbcb/ALz00MnbyK
			
 
				+JOvY0w34p0ye8wsHAUlxhXOMOjiNSIQrzbMeeO4IicD6bFIFfVS7iS1WkH4MuiC0
			
 
				+qrt3+UPWVBa3e8BAca+8TohM+HJpSWxpy9vxRNi5ESWR1DSupPykJEJiRquQ3eXT
			
 
				+z00lQuuqxgldT2qioGoxcjCn891UedKtViE3PXgkU34YWLqrMu5O0PvcDyVb9/fT
			
 
				+6IbG9C4Z4AyN91oYwpeXph5WQApgiOLl9LLwUN1IDzYvbXGbRudYbvypSHy88+Yf
			
 
				+6y1/s3w=
			
 
				+-----END CERTIFICATE-----
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/META-INF/apiclient_key.pem
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/META-INF/apiclient_key.pem
@@ -0,0 +1,28 @@
 
				+-----BEGIN PRIVATE KEY-----
			
 
				+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/C76bFWDzRLWw
			
 
				+tqxC320ldKI/rLoS8GoD4j4guyNyO82EvKSVRHyF6HhtkgjuVoVnXzrkdm9AXLqA
			
 
				+wzxwcBjb2Bi0YAcmmYxoNGy1BSFmxQHRXdIl7EZ0kxcUnMNxMQanAoLVX6cqjygt
			
 
				+i7RnVCnypFEx+fFlFMemwbFLe6usi+7GNRhPgy0/kt+kWAbLPMAqQRLFrM00X+2Z
			
 
				+I9wWwngC++LTXzmmTTLBS14jW/VfpM3C95KhUSxMJCQJj7EdDyzCBcrOxaW00PuL
			
 
				+PFX2/XrSXSUOb4ETpaUIg6SmCmDg28JQyzT1cmogonlZOllnspJ7xk2y7TvXQOQh
			
 
				+ppHIqqzLAgMBAAECggEBAIHa98nt9CImd+EPqXMi7stgxc/GFgw9gbH2HAifau6A
			
 
				+m6c3mh8jmAhlBUZk1tE52h9zaVJU9jWnUdWn3vMGHr9/2PrxsqqYAAnsaF96h0OV
			
 
				+cTDgNrE0MoeWWz/Vdjr/+eeXG1rxU2zoNYUPyqXZXVHiQpZXr67nOvWr/liyTPRQ
			
 
				+Ue2d/mHYFXlWfEURPcBsyL8Tk33Ehz4Q2QYykn71q002qgb91vnvyjMaQsUsuQZ6
			
 
				+OZVlvbte3p74MWDLv/XNd2LbesWosyRs6BXxMauckXcK1WVKCV5C5feWu76daHOv
			
 
				+7Q5jOuN4KgCDlZ0Q+I9tA0T4HYqNSaD1FufZdKAeAWECgYEA+5X9ZGeiAbYoKOR4
			
 
				+A9srNhLEkEKko8dVUvtomnV0WAaZ2tuiWzOBmTyZFrdQkQV9P8oxad0X5pl7tdKF
			
 
				+Vm5RLtb1LWcodf4f2KZiqQOPpoDAYvCJ14EfLdFo3K/HJXMeNdcCYHyTN0cCJuYz
			
 
				+zLFeUolVt4nPN7B+w+q6pWLQVMMCgYEAwmXWGRMX5UpW5qKOrVWW8MQe1STi9lgo
			
 
				+IvjJhB/CITXruA3Cskpvt8yZPCB/w9Lgpjy6mf8UZoB+nUPB7Yd1uVJdmh9bHaOW
			
 
				+zRx+4JZujBsbeWUsTJMn58g4c0SzZLU3weKj5KyfQxNK7zJ5MLm+xQ5ckrJ5YP8T
			
 
				+6oKpySYmp1kCgYANhjOX6SZBV0xzXkzBUE/TWVDtvFdjYnzIuDEYVIYLkVdF95aT
			
 
				+toIZ/bLxEKupEBV6j2D2oub9A3UuAgIe8lE05mNJrIj1RtLpb5BQK5vWRIeTCgEu
			
 
				+74cAjIhJjL102upd1JARJcE4MH4CH0/bihFa+Hz+H89e3AMEfyLHbzdpxwKBgHt0
			
 
				+WOdLrN08vLtzeNCzjkwRANOzvT9c9QBgpvl1gb+9kpksg/zeMNy03ovEx98AyRJJ
			
 
				+dufdioMeD0qogTvrzuOGX1NFnoPQJDDWa+0NG992R5hsnBl1St5z1QW/F35ZZ7OF
			
 
				+zzemOO5MDkah8zzyeSiD2l5/YX4r/+XqXREVXW7hAoGAPCCPTfM5wFBPejI5SUDS
			
 
				+Bs1FPvRY0nDJrTQ9JlYdcaSHDHy3nLukJKrl9JoApFTgyUQFllP4JpniFPqGKh/x
			
 
				+xs8u2xvzxwcePbliTRHnfkjTf0paez7QGkJf7PJ1qPzH3f5+btmIsS+utB5v29LJ
			
 
				+TbctUOY6P/kh2C518AmGOq8=
			
 
				+-----END PRIVATE KEY-----
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-local.yml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-local.yml
@@ -11,8 +11,8 @@ spring:
 
				           enabled: "true"
			
 
				           app-id: "wx12e34630814e5d30"
			
 
				           mch-id: "1709337210"
			
 
				-          apiv3-key: "Xiangmai20231225Xiangmai20231225"
			
 
				-          cert-serial-no: 6BAA04DCBF80E735518219CC8BCD196BE039F713
			
 
				+          apiv3-key: "mF9oH1oV9wY3gL8iW3kU4fJ7fE1dW4vK"
			
 
				+          cert-serial-no: 4FBE124DE5AAD53E1FF52E740131A6072FE692F1
			
 
				           private-key-path: "classpath:META-INF/apiclient_key.pem"
			
 
				           private-cert-path: "classpath:META-INF/apiclient_cert.pem"
			
 
				     request:
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-release.yml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-release.yml
@@ -11,8 +11,8 @@ spring:
 
				           enabled: "true"
			
 
				           app-id: "wx12e34630814e5d30"
			
 
				           mch-id: "1709337210"
			
 
				-          apiv3-key: "Xiangmai20231225Xiangmai20231225"
			
 
				-          cert-serial-no: 6BAA04DCBF80E735518219CC8BCD196BE039F713
			
 
				+          apiv3-key: "mF9oH1oV9wY3gL8iW3kU4fJ7fE1dW4vK"
			
 
				+          cert-serial-no: 4FBE124DE5AAD53E1FF52E740131A6072FE692F1
			
 
				           private-key-path: "classpath:META-INF/apiclient_key.pem"
			
 
				           private-cert-path: "classpath:META-INF/apiclient_cert.pem"
			
 
				     request:
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-test.yml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/application-test.yml
@@ -11,8 +11,8 @@ spring:
 
				           enabled: "true"
			
 
				           app-id: "wx12e34630814e5d30"
			
 
				           mch-id: "1709337210"
			
 
				-          apiv3-key: "Xiangmai20231225Xiangmai20231225"
			
 
				-          cert-serial-no: 6BAA04DCBF80E735518219CC8BCD196BE039F713
			
 
				+          apiv3-key: "mF9oH1oV9wY3gL8iW3kU4fJ7fE1dW4vK"
			
 
				+          cert-serial-no: 4FBE124DE5AAD53E1FF52E740131A6072FE692F1
			
 
				           private-key-path: "classpath:META-INF/apiclient_key.pem"
			
 
				           private-cert-path: "classpath:META-INF/apiclient_cert.pem"
			
 
				     request:
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-local.xml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-local.xml
@@ -1,7 +1,7 @@
 
				 <?xml version="1.0" encoding="UTF-8"?>
			
 
				 <configuration>
			
 
				     <!-- 日志存放路径 -->
			
 
				-	<property name="log.path" value="/home/appuser/server/dev/xingxi-miniprogram-store-api/logs/" />
			
 
				+	<property name="log.path" value="/home/appuser/server/dev/xingxi-miniprogram-api/logs/" />
			
 
				     <!-- 日志输出格式 -->
			
 
				 	<property name="log.pattern" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{20} - [%method,%line] - %msg%n" />
			
 
				 
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-release.xml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-release.xml
@@ -1,7 +1,7 @@
 
				 <?xml version="1.0" encoding="UTF-8"?>
			
 
				 <configuration>
			
 
				     <!-- 日志存放路径 -->
			
 
				-	<property name="log.path" value="/home/appuser/server/xingxi-miniprogram-store-api/logs/" />
			
 
				+	<property name="log.path" value="/home/appuser/server/xingxi-miniprogram-api/logs/" />
			
 
				     <!-- 日志输出格式 -->
			
 
				 	<property name="log.pattern" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{20} - [%method,%line] - %msg%n" />
			
 
				 
			
--- a/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-test.xml
+++ b/08.src/Xingxi/xingxi-miniprogram-api/src/main/resources/logback-test.xml
@@ -1,7 +1,7 @@
 
				 <?xml version="1.0" encoding="UTF-8"?>
			
 
				 <configuration>
			
 
				     <!-- 日志存放路径 -->
			
 
				-	<property name="log.path" value="/home/appuser/server/xingxi-miniprogram-store-api/logs/" />
			
 
				+	<property name="log.path" value="/home/appuser/server/xingxi-miniprogram-api/logs/" />
			
 
				     <!-- 日志输出格式 -->
			
 
				 	<property name="log.pattern" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{20} - [%method,%line] - %msg%n" />