修改代登录接口

hz-pm-api/src/main/java/com/hz/pm/api/user/controller/UserAuthController.java

@@ -102,14 +102,11 @@ public class UserAuthController {
                                 @RequestParam(value = "sign") String sign,
                                 HttpServletRequest request,
                                 HttpServletResponse response) throws IOException {
-        if (System.currentTimeMillis() - timestamp > 5000) {
-            throw BizException.wrap("签名已过期");
-        }
         if (LoginUserUtil.getUserId().equals(userId)) {
             throw BizException.wrap("代登录用户无效");
         }
         String targetUserId = String.valueOf(userId);
-        if (!agentLoginManage.agentLoginProxySignCheck(targetUserId, sign)) {
+        if (!agentLoginManage.agentLoginProxySignCheck(targetUserId, timestamp, sign)) {
             throw BizException.wrap("签名错误");
         }
         String authCode = authCodeManage.generateAuthCode(targetUserId);
@@ -120,8 +117,9 @@ public class UserAuthController {
 
     @PostMapping(value = "/getAuthCode", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
     public AuthCodeVO getAuthCode(@RequestParam(value = "userId") String userId,
+                                  @RequestParam(value = "timestamp") Long timestamp,
                                   @RequestParam(value = "sign") String sign) {
-        String authCode = authCodeManage.generateAuthCode(userId, sign);
+        String authCode = authCodeManage.generateAuthCode(userId, timestamp, sign);
         return new AuthCodeVO(authCode);
     }
 

hz-pm-api/src/main/java/com/hz/pm/api/user/manage/AgentLoginManage.java

@@ -23,9 +23,12 @@ public class AgentLoginManage {
     @Value("${agent-login.proxy.secret-key}")
     private String agentLoginProxySecretKey;
 
-    public boolean agentLoginProxySignCheck(String userId, String sign) {
+    public boolean agentLoginProxySignCheck(String userId, Long timestamp, String sign) {
+        if (System.currentTimeMillis() - timestamp > 5000) {
+            return false;
+        }
         HMac hmacMd5 = SecureUtil.hmacMd5(agentLoginProxySecretKey);
-        String digestHex = hmacMd5.digestHex(userId + "#" + LoginUserUtil.getUserId());
+        String digestHex = hmacMd5.digestHex(userId + "#" + timestamp);
         return digestHex.equals(sign);
     }
 

hz-pm-api/src/main/java/com/hz/pm/api/user/manage/AuthCodeManage.java

@@ -29,10 +29,10 @@ public class AuthCodeManage {
     private final CachePlusOps cachePlusOps;
     private final AuthCodeProperties authCodeProperties;
 
-    private String generateAuthCode(String userId, boolean checkSign, String sign) {
+    private String generateAuthCode(String userId, boolean checkSign, Long timestamp, String sign) {
         if (checkSign) {
             HMac hmacMd5 = SecureUtil.hmacMd5(authCodeProperties.getSecretKey());
-            String digestHex = hmacMd5.digestHex(userId);
+            String digestHex = hmacMd5.digestHex(userId + "#" + timestamp);
             if (!digestHex.equals(sign)) {
                 throw BizException.wrap("获取授权码失败：签名错误");
             }
@@ -44,12 +44,12 @@ public class AuthCodeManage {
         return authCode;
     }
 
-    public String generateAuthCode(String userId, String sign) {
-        return generateAuthCode(userId, true, sign);
+    public String generateAuthCode(String userId, Long timestamp, String sign) {
+        return generateAuthCode(userId, true, timestamp, sign);
     }
 
     public String generateAuthCode(String userId) {
-        return generateAuthCode(userId, false, null);
+        return generateAuthCode(userId, false, null, null);
     }
 
     public boolean authCodeCheck(String userId, String authCode) {