refactor(signature): 重构了获取 appSecret 的方式，引入了 ApiSignatureSecretFetcher 接口，允许不同的服务实现获取 appSecret 的逻辑

2025-04-27 16:12:00 +08:00 · 2025-04-27 16:12:00 +08:00 · 4702d8ed74
parent fd34572c48
commit 4702d8ed74
5 changed files with 60 additions and 8 deletions
--- a/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/config/YudaoApiSignatureAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/config/YudaoApiSignatureAutoConfiguration.java
@ -2,8 +2,11 @@ package cn.iocoder.yudao.framework.signature.config;

 import cn.iocoder.yudao.framework.redis.config.YudaoRedisAutoConfiguration;
 import cn.iocoder.yudao.framework.signature.core.aop.ApiSignatureAspect;
+import cn.iocoder.yudao.framework.signature.core.fetcher.ApiSignatureSecretFetcher;
+import cn.iocoder.yudao.framework.signature.core.fetcher.DefaultApiSignatureSecretFetcherImpl;
 import cn.iocoder.yudao.framework.signature.core.redis.ApiSignatureRedisDAO;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.redis.core.StringRedisTemplate;

@ -16,8 +19,9 @@ import org.springframework.data.redis.core.StringRedisTemplate;
 public class YudaoApiSignatureAutoConfiguration {

    @Bean
-    public ApiSignatureAspect signatureAspect(ApiSignatureRedisDAO signatureRedisDAO) {
-        return new ApiSignatureAspect(signatureRedisDAO);
+    public ApiSignatureAspect signatureAspect(ApiSignatureRedisDAO signatureRedisDAO,
+        ApiSignatureSecretFetcher apiSignatureSecretFetcher) {
+        return new ApiSignatureAspect(signatureRedisDAO, apiSignatureSecretFetcher);
    }

    @Bean
@ -25,4 +29,9 @@ public class YudaoApiSignatureAutoConfiguration {
        return new ApiSignatureRedisDAO(stringRedisTemplate);
    }

+    @Bean
+    @ConditionalOnMissingBean
+    public ApiSignatureSecretFetcher apiSignatureSecretFetcher(ApiSignatureRedisDAO apiSignatureRedisDAO) {
+        return new DefaultApiSignatureSecretFetcherImpl(apiSignatureRedisDAO);
+    }
 }
--- a/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/aop/ApiSignatureAspect.java
+++ b/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/aop/ApiSignatureAspect.java
@ -10,6 +10,7 @@ import cn.iocoder.yudao.framework.common.exception.ServiceException;
 import cn.iocoder.yudao.framework.common.exception.enums.GlobalErrorCodeConstants;
 import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
 import cn.iocoder.yudao.framework.signature.core.annotation.ApiSignature;
+import cn.iocoder.yudao.framework.signature.core.fetcher.ApiSignatureSecretFetcher;
 import cn.iocoder.yudao.framework.signature.core.redis.ApiSignatureRedisDAO;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
@ -36,6 +37,7 @@ import static cn.iocoder.yudao.framework.common.exception.enums.GlobalErrorCodeC
 public class ApiSignatureAspect {

    private final ApiSignatureRedisDAO signatureRedisDAO;
+    private final ApiSignatureSecretFetcher apiSignatureSecretFetcher;

    @Before("@annotation(signature)")
    public void beforePointCut(JoinPoint joinPoint, ApiSignature signature) {
@ -58,7 +60,7 @@ public class ApiSignatureAspect {
        }
        // 1.2 校验 appId 是否能获取到对应的 appSecret
        String appId = request.getHeader(signature.appId());
-        String appSecret = signatureRedisDAO.getAppSecret(appId);
+        String appSecret = apiSignatureSecretFetcher.getAppSecret(appId);
        Assert.notNull(appSecret, "[appId({})] 找不到对应的 appSecret", appId);

        // 2. 校验签名【重要！】
--- a/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/fetcher/ApiSignatureSecretFetcher.java
+++ b/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/fetcher/ApiSignatureSecretFetcher.java
@ -0,0 +1,18 @@
+package cn.iocoder.yudao.framework.signature.core.fetcher;
+
+/**
+ * Secret 提取器 <br/>
+ * 允许不同的服务获取 appSecret
+ *
+ * @author diaohang
+ */
+public interface ApiSignatureSecretFetcher {
+
+    /**
+     * 获取 appSecret
+     *
+     * @param appId appId
+     * @return 可以为空，表示找不到对应的 appSecret
+     */
+    String getAppSecret(String appId);
+}
--- a/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/fetcher/DefaultApiSignatureSecretFetcherImpl.java
+++ b/yudao-framework/yudao-spring-boot-starter-protection/src/main/java/cn/iocoder/yudao/framework/signature/core/fetcher/DefaultApiSignatureSecretFetcherImpl.java
@ -0,0 +1,18 @@
+package cn.iocoder.yudao.framework.signature.core.fetcher;
+
+import cn.iocoder.yudao.framework.signature.core.redis.ApiSignatureRedisDAO;
+import lombok.RequiredArgsConstructor;
+
+/**
+ * @author diaohang
+ */
+@RequiredArgsConstructor
+public class DefaultApiSignatureSecretFetcherImpl implements ApiSignatureSecretFetcher {
+
+    private final ApiSignatureRedisDAO apiSignatureRedisDAO;
+
+    @Override
+    public String getAppSecret(String appId) {
+        return apiSignatureRedisDAO.getAppSecret(appId);
+    }
+}
--- a/yudao-framework/yudao-spring-boot-starter-protection/src/test/java/cn/iocoder/yudao/framework/signature/core/ApiSignatureTest.java
+++ b/yudao-framework/yudao-spring-boot-starter-protection/src/test/java/cn/iocoder/yudao/framework/signature/core/ApiSignatureTest.java
@ -5,6 +5,7 @@ import cn.hutool.core.util.IdUtil;
 import cn.hutool.crypto.digest.DigestUtil;
 import cn.iocoder.yudao.framework.signature.core.annotation.ApiSignature;
 import cn.iocoder.yudao.framework.signature.core.aop.ApiSignatureAspect;
+import cn.iocoder.yudao.framework.signature.core.fetcher.ApiSignatureSecretFetcher;
 import cn.iocoder.yudao.framework.signature.core.redis.ApiSignatureRedisDAO;
 import jakarta.servlet.http.HttpServletRequest;
 import org.junit.jupiter.api.Test;
@ -20,7 +21,8 @@ import java.util.concurrent.TimeUnit;

 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;

 /**
 * {@link ApiSignatureTest} 的单元测试
@ -31,6 +33,9 @@ public class ApiSignatureTest {
    @InjectMocks
    private ApiSignatureAspect apiSignatureAspect;

+    @Mock
+    private ApiSignatureSecretFetcher apiSignatureSecretFetcher;
+
    @Mock
    private ApiSignatureRedisDAO signatureRedisDAO;

@ -57,12 +62,12 @@ public class ApiSignatureTest {
        when(request.getHeader(eq("timestamp"))).thenReturn(String.valueOf(timestamp));
        when(request.getHeader(eq("nonce"))).thenReturn(nonce);
        when(request.getHeader(eq("sign"))).thenReturn(sign);
-        when(request.getParameterMap()).thenReturn(MapUtil.<String, String[]>builder()
-                .put("v1", new String[]{"k1"}).put("k1", new String[]{"v1"}).build());
+        when(request.getParameterMap()).thenReturn(
+            MapUtil.<String, String[]>builder().put("v1", new String[] {"k1"}).put("k1", new String[] {"v1"}).build());
        when(request.getContentType()).thenReturn("application/json");
        when(request.getReader()).thenReturn(new BufferedReader(new StringReader("test")));
        // mock 方法
-        when(signatureRedisDAO.getAppSecret(eq(appId))).thenReturn(appSecret);
+        when(apiSignatureSecretFetcher.getAppSecret(eq(appId))).thenReturn(appSecret);
        when(signatureRedisDAO.setNonce(eq(appId), eq(nonce), eq(120), eq(TimeUnit.SECONDS))).thenReturn(true);

        // 调用