feat: 登录接口增加timestamp、sign字段，用于验证本次是否通过

springboot-login/src/main/java/com/tiesheng/login/config/token/TsTokenConfig.java

@@ -27,6 +27,7 @@ public class TsTokenConfig {
     private String encryptKey = "%kIp9frQCu";
     private Integer expireHours = 48;
     private String[] ignorePaths;
+    private boolean validLoginSign = false;
 
 
     /**
@@ -148,4 +149,12 @@ public class TsTokenConfig {
     public void setIgnorePaths(String[] ignorePaths) {
         this.ignorePaths = ignorePaths;
     }
+
+    public boolean isValidLoginSign() {
+        return validLoginSign;
+    }
+
+    public void setValidLoginSign(boolean validLoginSign) {
+        this.validLoginSign = validLoginSign;
+    }
 }

springboot-login/src/main/java/com/tiesheng/login/controller/LoginController.java

@@ -6,6 +6,7 @@ import cn.hutool.core.util.URLUtil;
 import com.alibaba.fastjson.JSON;
 import com.tiesheng.annotation.operation.OperationIgnore;
 import com.tiesheng.annotation.token.TokenIgnore;
+import com.tiesheng.login.config.token.TsTokenConfig;
 import com.tiesheng.login.config.token.bean.TokenBean;
 import com.tiesheng.login.pojos.CodeExtraDTO;
 import com.tiesheng.login.pojos.DoLoginInfo;
@@ -20,6 +21,7 @@ import com.tiesheng.platform.config.wxmp.PlatformWxmpConfig;
 import com.tiesheng.platform.config.wxmp.bean.WxConfigBean;
 import com.tiesheng.platform.config.wxmp.bean.WxJsapiSignature;
 import com.tiesheng.platform.config.wxmp.bean.WxUserInfo;
+import com.tiesheng.util.ServletKit;
 import com.tiesheng.util.config.GlobalConfig;
 import com.tiesheng.util.exception.ApiException;
 import com.tiesheng.util.pojos.ApiResp;
@@ -50,6 +52,8 @@ public class LoginController {
     TieshengLoginConfigurer tieshengLoginConfigurer;
     @Autowired
     GlobalConfig globalConfig;
+    @Autowired
+    TsTokenConfig tsTokenConfig;
 
 
     /**
@@ -60,6 +64,11 @@ public class LoginController {
     @GetMapping("/unique/redirect")
     @OperationIgnore
     public void uniqueIndex(UniqueIndexDTO dto, HttpServletResponse response) {
+        if (tsTokenConfig.isValidLoginSign() && !dto.validSign()) {
+            ServletKit.write(response, "404", "text");
+            return;
+        }
+
         TokenBean tokenBean = tieshengLoginConfigurer.doLogin(new DoLoginInfo("web_unique_redirect",
                 dto.getNo(), dto.getPlatform(), dto.getInfo()));
         tieshengLoginConfigurer.onLoginRedirect(tokenBean, dto.getTo(), dto.getExtra(), response);

springboot-login/src/main/java/com/tiesheng/login/pojos/UniqueIndexDTO.java

@@ -1,6 +1,10 @@
 package com.tiesheng.login.pojos;
 
+import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+
+import java.util.Objects;
 
 public class UniqueIndexDTO extends LoginToInfo {
 
@@ -8,6 +12,26 @@ public class UniqueIndexDTO extends LoginToInfo {
     private String extra;
     private String info;
     private String platform = "web";
+    private Long timestamp;
+    private String sign;
+
+
+    /**
+     * 验证签名是否正确
+     */
+    public boolean validSign() {
+        if (StrUtil.isEmpty(getNo()) || getTimestamp() == null) {
+            return false;
+        }
+        if ((DateUtil.currentSeconds() - getTimestamp()) > 60) {
+            return false;
+        }
+        String mySign = getNo() + getTimestamp();
+        for (int i = 0; i < 11; i++) {
+            mySign = SecureUtil.md5(mySign);
+        }
+        return Objects.equals(sign, mySign);
+    }
 
     ///////////////////////////////////////////////////////////////////////////
     // setter\getter
@@ -47,4 +71,20 @@ public class UniqueIndexDTO extends LoginToInfo {
     public void setPlatform(String platform) {
         this.platform = platform;
     }
+
+    public Long getTimestamp() {
+        return timestamp;
+    }
+
+    public void setTimestamp(Long timestamp) {
+        this.timestamp = timestamp;
+    }
+
+    public String getSign() {
+        return sign;
+    }
+
+    public void setSign(String sign) {
+        this.sign = sign;
+    }
 }