Signature validation ignore empty values

e86c19c3 · liaozan · 56051fe7 · e86c19c3 · e86c19c3 · e86c19c3
Commit e86c19c3 authored Aug 22, 2023 by liaozan 🏀
3 changed files
--- a/commons/common-util/src/main/java/com/schbrain/common/util/StreamUtils.java
+++ b/commons/common-util/src/main/java/com/schbrain/common/util/StreamUtils.java
@@ -158,11 +158,15 @@ public class StreamUtils {
    }

    public static <T> String join(Iterable<T> data, String delimiter) {
-        return join(data, delimiter, Objects::toString);
+        return join(data, delimiter, Objects::toString, any -> true);
    }

-    public static <T> String join(Iterable<T> data, String delimiter, Function<T, String> toStringFunction) {
-        return from(data).map(toStringFunction).collect(joining(delimiter));
+    public static <T> String join(Iterable<T> data, String delimiter, Predicate<String> predicate) {
+        return join(data, delimiter, Objects::toString, predicate);
+    }
+
+    public static <T> String join(Iterable<T> data, String delimiter, Function<T, String> toStringFunction, Predicate<String> predicate) {
+        return from(data).map(toStringFunction).filter(predicate).collect(joining(delimiter));
    }

    public static List<String> split(String data) {

--- a/commons/web-common/src/main/java/com/schbrain/common/web/exception/DefaultExceptionTranslator.java
+++ b/commons/web-common/src/main/java/com/schbrain/common/web/exception/DefaultExceptionTranslator.java
@@ -12,11 +12,7 @@ import org.springframework.core.Ordered;
 */
 public class DefaultExceptionTranslator implements ExceptionTranslator<ResponseDTO<String>> {

-    private final boolean isProduction;
-
-    public DefaultExceptionTranslator() {
-        this.isProduction = EnvUtils.isProduction();
-    }
+    private final boolean isProduction = EnvUtils.isProduction();

    @Override
    public ResponseDTO<String> translate(Throwable throwable, int code, int action, String message) {

--- a/commons/web-common/src/main/java/com/schbrain/common/web/support/signature/AbstractSignatureValidationInterceptor.java
+++ b/commons/web-common/src/main/java/com/schbrain/common/web/support/signature/AbstractSignatureValidationInterceptor.java
 package com.schbrain.common.web.support.signature;

 import cn.hutool.crypto.digest.DigestUtil;
-import com.google.common.base.Joiner;
+import com.schbrain.common.util.StreamUtils;
 import com.schbrain.common.web.support.BaseHandlerInterceptor;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.method.HandlerMethod;
@@ -9,6 +9,7 @@ import org.springframework.web.util.ContentCachingRequestWrapper;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.List;
 import java.util.Objects;

 import static cn.hutool.core.text.StrPool.UNDERLINE;
@@ -17,8 +18,6 @@ import static org.springframework.web.util.WebUtils.getNativeRequest;

 public abstract class AbstractSignatureValidationInterceptor<T extends SignatureContext> extends BaseHandlerInterceptor {

-    private static final Joiner JOINER = Joiner.on(UNDERLINE).skipNulls();
-
    private static final String SCH_APP_KEY = "Sch-App-Key";
    private static final String SCH_TIMESTAMP = "Sch-Timestamp";
    private static final String SCH_SIGNATURE = "Sch-Signature";
@@ -69,7 +68,7 @@ public abstract class AbstractSignatureValidationInterceptor<T extends Signature
    }

    protected String signParams(String requestUri, String queryString, String bodyString, String timestamp, String appKey, String appSecret) {
-        String toSign = JOINER.join(requestUri, queryString, bodyString, timestamp, appKey, appSecret);
+        String toSign = StreamUtils.join(List.of(requestUri, queryString, bodyString, timestamp, appKey, appSecret), UNDERLINE, StringUtils::isNotBlank);
        return DigestUtil.sha256Hex(toSign);
    }