fix(interceptor): 修复复杂参数签名序列化顺序问题

2026-02-27 16:04:43 +08:00
parent 4e917d2522
commit 7fc73959ae
1 changed files with 21 additions and 1 deletions
--- a/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
+++ b/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
@@ -1,6 +1,7 @@
 package com.yolo.keyborad.interceptor;

 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
 import com.yolo.keyborad.utils.SignUtils;
 import jakarta.servlet.DispatcherType;
 import jakarta.servlet.http.HttpServletRequest;
@@ -21,6 +22,8 @@ public class SignInterceptor implements HandlerInterceptor {
    // appId -> secret 的映射（可从 DB 等处加载）
    private final Map<String, String> appSecretMap;
    private final ObjectMapper objectMapper = new ObjectMapper();
+    private final ObjectMapper signValueObjectMapper = new ObjectMapper()
+            .configure(SerializationFeature.ORDER_MAP_ENTRIES_BY_KEYS, true);
    private final StringRedisTemplate redisTemplate;

    // 允许时间误差 5 分钟
@@ -103,7 +106,7 @@ public class SignInterceptor implements HandlerInterceptor {
                Map<String, Object> bodyMap = objectMapper.readValue(body, Map.class);
                bodyMap.forEach((k, v) -> {
                    if (v != null) {
-                        params.put(k, String.valueOf(v));
+                        params.put(k, stringifyForSign(v));
                    }
                });
            }
@@ -118,6 +121,23 @@ public class SignInterceptor implements HandlerInterceptor {
        return true;
    }

+    private String stringifyForSign(Object value) {
+        if (value == null) {
+            return null;
+        }
+        if (value instanceof CharSequence || value instanceof Number || value instanceof Boolean) {
+            return String.valueOf(value);
+        }
+        if (value.getClass().isArray() || value instanceof Collection || value instanceof Map) {
+            try {
+                return signValueObjectMapper.writeValueAsString(value);
+            } catch (Exception e) {
+                throw new RuntimeException("Sign body param serialize error", e);
+            }
+        }
+        return String.valueOf(value);
+    }
+
    private String buildNonceKey(String appId, String nonce) {
        // 可以按需加上前缀，便于区分业务
        return "sign:nonce:" + appId + ":" + nonce;