1 回复
建议你把get post请求先分开,小程序客服、服务号回复消息都会推送到这上面,先把这基本的功能先走通了,再谈这个票据推送
[@RestController](/user/RestController)
[@RequestMapping](/user/RequestMapping)("/hello")
public class AuthController {
@GetMapping(produces = MediaType.TEXT_PLAIN_VALUE)
public String authGet(
@RequestParam(name = "signature", required = false) String signature,
@RequestParam(name = "timestamp", required = false) String timestamp,
@RequestParam(name = "nonce", required = false) String nonce,
@RequestParam(name = "echostr", required = false) String echostr) {
if (this.checkSignature(timestamp, nonce, signature)) {
return echostr;
}
return "非法请求";
}
@PostMapping(produces = MediaType.APPLICATION_XML_VALUE)
public String post(
@RequestBody String requestBody,
@RequestParam(name = "msg_signature", required = false) String msgSignature,
@RequestParam(name = "encrypt_type", required = false) String encryptType,
@RequestParam(name = "signature", required = false) String signature,
@RequestParam("timestamp") String timestamp,
@RequestParam("nonce") String nonce) throws Exception {
if (!this.checkSignature(timestamp, nonce, signature)) {
return "";
}
return "success";
}
private boolean checkSignature(String timestamp, String nonce, String signature) {
String token = "hello";
String[] arr = {token, timestamp, nonce};
Arrays.sort(arr);
StringBuilder stringBuilder = new StringBuilder();
for (String a : arr) {
stringBuilder.append(a);
}
return DigestUtils.sha1Hex(stringBuilder.toString()).equals(signature);
}
}