优化

src/main/java/cn/com/duiba/jdactivity/controller/Open2DuibaController.java

@@ -15,12 +15,15 @@ import cn.com.duiba.jdactivity.developer.jd.utils.AccessTokenUtils;
 import cn.com.duiba.jdactivity.developer.jd.utils.JdApiUtil;
 import cn.com.duiba.jdactivity.dto.AutologinParam;
 import cn.com.duiba.jdactivity.dto.DuibaAddCartParam;
+import cn.com.duiba.jdactivity.dto.DuibaSendBeanParam;
 import cn.com.duiba.jdactivity.dto.DuibaSendCouponParam;
 import cn.com.duiba.jdactivity.dto.DuibaSendPointsParam;
 import cn.com.duiba.jdactivity.dto.DuibaUserParam;
 import cn.com.duiba.jdactivity.dto.TbShopAccessTokenDto;
 import cn.com.duiba.jdactivity.exception.BizException;
 import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.google.common.collect.Maps;
 import com.jd.open.api.sdk.domain.crm.VenderCustomerClientJsfService.response.getCustomer.EssentialCustomerInfo;
 import com.jd.open.api.sdk.domain.user.UserRelatedRpcService.response.getUserInfoByOpenId.OAuthUserInfo;
 import org.apache.commons.lang3.StringUtils;
@@ -125,6 +128,51 @@ public class Open2DuibaController {
 
     }
 
+    /**
+     * 签名校验
+     */
+    private static <T extends DuibaUserParam> void signVerify4Post(T param, String method) throws BizException {
+        String jsonString = JSON.toJSONString(param);
+        LOGGER.info(method + "参数：" + jsonString);
+
+
+        JSONObject object = JSON.parseObject(jsonString);
+
+        //前后5分钟内有效
+        String timestamp = param.getTimestamp();
+        String appKey = param.getAppKey();
+        String sign = param.getSign();
+        DuibaAppEnum duibaAppEnum = DuibaAppEnum.getDuibaApp(appKey);
+        if (duibaAppEnum == null) {
+            throw new BizException("appKey不存在");
+        }
+        long clientTimestamp = timestamp == null ? 0L : Long.parseLong(timestamp);
+        long now = System.currentTimeMillis();
+        if (Math.abs(now - clientTimestamp) > DEFAULT_EXPIRE_TIME) {
+            throw new BizException(String.format("请同步服务器与客户端时间为%s分钟之内", DEFAULT_EXPIRE_TIME));
+        }
+
+
+        Map<String, String> parameterMap = Maps.newHashMapWithExpectedSize(object.size());
+        for (Map.Entry<String, Object> entry : object.entrySet()) {
+            parameterMap.put(entry.getKey(), entry.getValue().toString());
+        }
+
+        //验签sign
+        Map<String, String> signMap = new HashMap<>(parameterMap);
+        signMap.remove("sign");
+        signMap.put("appSecret", duibaAppEnum.getAppSecret());
+        String correctSign = SignTool.sign(signMap);
+
+        boolean signVerify = Objects.equals(correctSign, sign);
+
+        LOGGER.info("signVerify={},correctSign={}", signVerify, correctSign);
+        // 二选一，只要有一个正确就通过
+        if (!signVerify) {
+            throw new BizException("签名校验不正确");
+        }
+    }
+
     /**
      * 微信、京东端 用户登陆后跳转到星速台
      *
@@ -358,7 +406,7 @@ public class Open2DuibaController {
     public Result<Boolean> isFollowShopV2(@RequestBody DuibaUserParam duibaUserParam) {
         try {
             String uid = getUid(duibaUserParam.getUid());
-            signVerify("是否关注店铺");
+            signVerify4Post(duibaUserParam, "是否关注店铺");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(duibaUserParam);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -381,7 +429,7 @@ public class Open2DuibaController {
     public Result<Boolean> followShopV2(@RequestBody DuibaUserParam duibaUserParam) {
         try {
             String uid = getUid(duibaUserParam.getUid());
-            signVerify("关注店铺");
+            signVerify4Post(duibaUserParam, "关注店铺");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(duibaUserParam);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -408,7 +456,7 @@ public class Open2DuibaController {
             String uuid = param.getUuid();
 
             uid = uid.replaceAll(" ", "+");
-            signVerify("发放优惠券");
+            signVerify4Post(param, "发放优惠券");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(param);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -432,7 +480,7 @@ public class Open2DuibaController {
     public Result<Boolean> isMemberV2(@RequestBody DuibaUserParam duibaUserParam) {
         try {
             String uid = getUid(duibaUserParam.getUid());
-            signVerify("是否是会员");
+            signVerify4Post(duibaUserParam, "是否是会员");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(duibaUserParam);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -457,7 +505,7 @@ public class Open2DuibaController {
     public Result<Boolean> sendPoints(@RequestBody DuibaSendPointsParam param) {
         try {
             String uid = getUid(param.getUid());
-            signVerify("互动积分发放积分");
+            signVerify4Post(param, "互动积分发放积分");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(param);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -486,7 +534,7 @@ public class Open2DuibaController {
             String itemId = param.getItemId();
 
             uid = uid.replaceAll(" ", "+");
-            signVerify("通过用户pin加入购物车");
+            signVerify4Post(param, "通过用户pin加入购物车");
 
             TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(param);
             JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
@@ -502,4 +550,33 @@ public class Open2DuibaController {
             return ResultBuilder.fail("通过用户pin加入购物车失败");
         }
     }
+
+
+    /**
+     * 通过用户pin加入购物车
+     */
+    @PostMapping("/sendBean")
+    public Result<Boolean> sendBean(@RequestBody DuibaSendBeanParam param) {
+        try {
+            String uid = param.getUid();
+
+            uid = uid.replaceAll(" ", "+");
+            signVerify4Post(param, "发送京豆");
+
+            TbShopAccessTokenDto accessToken = accessTokenUtils.getAccessTokenWithCache(param);
+            JdAppEnum appEnum = JdAppEnum.getAppByAppKey(accessToken.getAppKey());
+            String pin = convert2Pin(appEnum, accessToken.getAccessToken(), uid);
+
+            Result<Boolean> sendCouponResult = jdApiUtil.sendBean(appEnum, accessToken.getAccessToken(),
+                    param.getRequestId(), param.getBeanNum(), accessToken.getVenderId(),
+                    param.getPlanId(), pin, param.getDesc());
+            LOGGER.info("通过用户pin加入购物车,sendCouponResult={}", JSON.toJSONString(sendCouponResult));
+            return sendCouponResult;
+        } catch (BizException e) {
+            return ResultBuilder.fail(e.getMessage());
+        } catch (Exception e) {
+            LOGGER.error("发送京豆,异常", e);
+            return ResultBuilder.fail("通过用户pin加入购物车失败");
+        }
+    }
 }

src/main/java/cn/com/duiba/jdactivity/dto/DuibaSendBeanParam.java

+package cn.com.duiba.jdactivity.dto;
+
+/**
+ * 发送京豆
+ *
+ * @author zsp (zengshuiping@duiba.com.cn)
+ * @date 2021/6/23 17:29
+ */
+public class DuibaSendBeanParam extends DuibaUserParam {
+    private static final long serialVersionUID = 1229521200498322163L;
+
+
+    /**
+     * 防重入Id
+     */
+    private String requestId;
+
+    /**
+     * 发豆数量
+     */
+    private Long beanNum;
+
+    /**
+     * 京豆计划
+     */
+    private Long planId;
+
+    /**
+     * 参加[desc]-获得
+     */
+    private String desc;
+
+    public String getRequestId() {
+        return requestId;
+    }
+
+    public void setRequestId(String requestId) {
+        this.requestId = requestId;
+    }
+
+    public Long getBeanNum() {
+        return beanNum;
+    }
+
+    public void setBeanNum(Long beanNum) {
+        this.beanNum = beanNum;
+    }
+
+    public Long getPlanId() {
+        return planId;
+    }
+
+    public void setPlanId(Long planId) {
+        this.planId = planId;
+    }
+
+    public String getDesc() {
+        return desc;
+    }
+
+    public void setDesc(String desc) {
+        this.desc = desc;
+    }
+}

src/main/java/cn/com/duiba/jdactivity/dto/DuibaUserParam.java

@@ -12,7 +12,7 @@ public class DuibaUserParam extends ShopParam {
     private String uid;
 
     // 签名用
-    private Long timestamp;
+    private String timestamp;
     private String appKey;
     private String sign;
 
@@ -24,11 +24,11 @@ public class DuibaUserParam extends ShopParam {
         this.uid = uid;
     }
 
-    public Long getTimestamp() {
+    public String getTimestamp() {
         return timestamp;
     }
 
-    public void setTimestamp(Long timestamp) {
+    public void setTimestamp(String timestamp) {
         this.timestamp = timestamp;
     }
 

src/test/java/cn/com/duiba/jdactivity/developer/jd/utils/JdApiUtilTest.java

@@ -32,7 +32,8 @@ class JdApiUtilTest extends BaseTest {
         token = "AAFg0u4lADCOV4CmqwHEovuhnyxBLUdITuuMPAwXN5-LXc-Rptw86qHJyMSNeEitDca9ja88OtA";
         shopId = 0L;
         venderId = 0L;
-        pin = "yi皮仔";
+        // pin = "yi皮仔";
+        pin = "jd_7c13099e13f1b";
     }
 
     @Resource
@@ -143,4 +144,13 @@ class JdApiUtilTest extends BaseTest {
                 result));
         Assertions.assertTrue(result.getSuccess());
     }
+
+    @Test
+    void sendBean() {
+        Result<Boolean> result = jdApiUtil.sendBean(JdAppEnum.DUIBA, accessToken, "3", 1L,
+                10276497L, 1334575L,
+                pin, "签到获得");
+        System.out.println(JSON.toJSONString(result));
+        Assertions.assertTrue(result.getSuccess());
+    }
 }
\ No newline at end of file