fix(interceptor): 修复复杂参数签名序列化顺序问题

2026-02-27 16:04:43 +08:00
parent 4e917d2522
commit 7fc73959ae
1 changed files with 21 additions and 1 deletions
--- a/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
+++ b/src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java
@@ -1,6 +1,7 @@
 package com.yolo.keyborad.interceptor;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.yolo.keyborad.utils.SignUtils;
 import jakarta.servlet.DispatcherType;
 import jakarta.servlet.http.HttpServletRequest;
@@ -21,6 +22,8 @@ public class SignInterceptor implements HandlerInterceptor {
    // appId -> secret 的映射（可从 DB 等处加载）
    private final Map<String, String> appSecretMap;
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final ObjectMapper signValueObjectMapper = new ObjectMapper()
            .configure(SerializationFeature.ORDER_MAP_ENTRIES_BY_KEYS, true);
    private final StringRedisTemplate redisTemplate;
    // 允许时间误差 5 分钟
@@ -103,7 +106,7 @@ public class SignInterceptor implements HandlerInterceptor {
                Map<String, Object> bodyMap = objectMapper.readValue(body, Map.class);
                bodyMap.forEach((k, v) -> {
                    if (v != null) {
-                        params.put(k, String.valueOf(v));
+                        params.put(k, stringifyForSign(v));
                    }
                });
            }
@@ -118,6 +121,23 @@ public class SignInterceptor implements HandlerInterceptor {
        return true;
    }
    private String stringifyForSign(Object value) {
        if (value == null) {
            return null;
        }
        if (value instanceof CharSequence || value instanceof Number || value instanceof Boolean) {
            return String.valueOf(value);
        }
        if (value.getClass().isArray() || value instanceof Collection || value instanceof Map) {
            try {
                return signValueObjectMapper.writeValueAsString(value);
            } catch (Exception e) {
                throw new RuntimeException("Sign body param serialize error", e);
            }
        }
        return String.valueOf(value);
    }
    private String buildNonceKey(String appId, String nonce) {
        // 可以按需加上前缀，便于区分业务
        return "sign:nonce:" + appId + ":" + nonce;