diff --git a/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java b/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java index 37eb85115..26d4ad61a 100644 --- a/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java +++ b/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java @@ -1,8 +1,6 @@ package au.com.royalpay.payment.manage; import au.com.royalpay.payment.manage.permission.manager.ManagerUserInterceptor; -import au.com.royalpay.payment.manage.shopify.support.ShopifyRequestInfoInterceptor; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -17,16 +15,9 @@ public class WebConfiguration implements WebMvcConfigurer { @Resource private ManagerUserInterceptor managerUserInterceptor; - - @Bean - public ShopifyRequestInfoInterceptor shopifyRequestInfoInterceptor() { - return new ShopifyRequestInfoInterceptor(); - } - @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(managerUserInterceptor).order(1); - registry.addInterceptor(shopifyRequestInfoInterceptor()); } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java index 943481c20..4acff1ac1 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java @@ -2,7 +2,7 @@ package au.com.royalpay.payment.manage.shopify.auth.domain.graphqlclient; import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore; import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService; -import au.com.royalpay.payment.manage.shopify.support.GraphqlSchemaReaderUtil; +import au.com.royalpay.shopify.support.GraphqlSchemaReaderUtil; import com.alibaba.fastjson.JSONObject; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java index 4f3988839..1d6fd77bc 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java @@ -2,12 +2,12 @@ package au.com.royalpay.payment.manage.shopify.auth.web; import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication; import au.com.royalpay.payment.manage.shopify.auth.domain.exception.ShopifyRequestVerifyException; -import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint; import au.com.royalpay.payment.tools.env.PlatformEnvironment; import au.com.royalpay.payment.tools.exceptions.BadRequestException; import au.com.royalpay.shopify.entity.ShopifyCommonParameter; import au.com.royalpay.shopify.entity.ShopifyPermissionURL; import au.com.royalpay.shopify.service.ShopifyRequestValidator; +import au.com.royalpay.shopify.support.ShopifyEndpoint; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.StringRedisTemplate; diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java index 987bfcc15..e5a6bfc65 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java @@ -6,9 +6,9 @@ import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyCustomerReque import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyShopRedactCommand; import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore; import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService; -import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint; -import au.com.royalpay.payment.manage.shopify.support.ShopifyHttpUtils; import au.com.royalpay.shopify.service.ShopifyRequestValidator; +import au.com.royalpay.shopify.support.ShopifyEndpoint; +import au.com.royalpay.shopify.support.ShopifyHttpUtils; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import lombok.extern.slf4j.Slf4j; diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/GraphqlSchemaReaderUtil.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/GraphqlSchemaReaderUtil.java deleted file mode 100644 index 6fdfe7c21..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/GraphqlSchemaReaderUtil.java +++ /dev/null @@ -1,11 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import java.io.IOException; - -public class GraphqlSchemaReaderUtil { - - public static String getSchemaFromFileName(final String filename) throws IOException { - return new String( - GraphqlSchemaReaderUtil.class.getClassLoader().getResourceAsStream("graphql/" + filename + ".graphql").readAllBytes()); - } -} diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtil.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtil.java deleted file mode 100644 index 992b0252e..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtil.java +++ /dev/null @@ -1,75 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.codec.digest.HmacAlgorithms; -import org.apache.commons.codec.digest.HmacUtils; -import org.apache.commons.lang3.StringUtils; -import org.bouncycastle.crypto.RuntimeCryptoException; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; -import javax.xml.bind.annotation.adapters.HexBinaryAdapter; -import java.nio.charset.StandardCharsets; -import java.security.Security; -import java.util.Arrays; -import java.util.Locale; - -public class HmacVerificationUtil { - private static final Logger logger = LoggerFactory.getLogger(HmacVerificationUtil.class); - - private HmacVerificationUtil() { - } - - public static boolean checkParameters(String message, String secret, String hmac) { - try { - Security.addProvider(new BouncyCastleProvider()); - SecretKey secretKey = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"); - Mac mac = Mac.getInstance(secretKey.getAlgorithm()); - mac.init(secretKey); - byte[] digest = mac.doFinal(message.getBytes(StandardCharsets.UTF_8)); - String marshal = new HexBinaryAdapter().marshal(digest).toLowerCase(Locale.ROOT); - return StringUtils.equals(marshal, hmac); - } catch (Exception e) { - throw new RuntimeCryptoException("加密异常"); - } - } - - public static boolean hmacSHA256(String input, String key, String hmac) { - if (isHex(hmac)) { - try { - byte[] requestHmac = Hex.decodeHex(hmac); - byte[] hmacRes = hmac(input, key, HmacAlgorithms.HMAC_SHA_256); - String hmacHex = Hex.encodeHexString(hmacRes); - logger.debug("hex-mode: input={}; key={}; encoded={}; request-hmac: {}", input, key, hmacHex, hmac); - return Arrays.equals(requestHmac, hmacRes); - } catch (DecoderException ignore) { - return false; - } - } else { - //base64 - byte[] hmacRes = hmac(input, key, HmacAlgorithms.HMAC_SHA_256); - String hmacB64 = Base64.encodeBase64String(hmacRes); - logger.debug("b64-mode: input={}; key={}; encoded={}; request-hmac: {}", input, key, hmacB64, hmac); - byte[] requestHmac = Base64.decodeBase64(hmac); - return Arrays.equals(requestHmac, hmacRes); - } - } - - private static boolean isHex(String str) { - return str != null && str.toUpperCase(Locale.ROOT).matches("^[0-9A-F]+$"); - } - - private static byte[] hmac(String input, String key, HmacAlgorithms algorithm) { - Mac mac = HmacUtils.getInitializedMac(algorithm, key.getBytes(StandardCharsets.UTF_8)); - byte[] content = input.getBytes(StandardCharsets.UTF_8); - return mac.doFinal(content); - } - - -} diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java deleted file mode 100644 index f80fd004b..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java +++ /dev/null @@ -1,9 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import java.lang.annotation.*; - -@Documented -@Retention(RetentionPolicy.RUNTIME) -@Target({ElementType.METHOD, ElementType.TYPE}) -public @interface ShopifyEndpoint { -} diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyHttpUtils.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyHttpUtils.java deleted file mode 100644 index dc48f240f..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyHttpUtils.java +++ /dev/null @@ -1,28 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import au.com.royalpay.payment.tools.exceptions.ServerErrorException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.util.StreamUtils; - -import javax.servlet.http.HttpServletRequest; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; - -public class ShopifyHttpUtils { - private ShopifyHttpUtils() { - } - - private static final Logger logger = LoggerFactory.getLogger(ShopifyHttpUtils.class); - - public static String getRequestBody(HttpServletRequest request) { - try (InputStream in = request.getInputStream()) { - String body = StreamUtils.copyToString(in, StandardCharsets.UTF_8); - logger.debug("Shopify read body |-{}", body); - return body; - } catch (IOException e) { - throw new ServerErrorException("Failed to read request content"); - } - } -} diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java deleted file mode 100644 index fc9934f1b..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java +++ /dev/null @@ -1,51 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import com.alibaba.fastjson.JSON; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.core.annotation.AnnotatedElementUtils; -import org.springframework.http.HttpMethod; -import org.springframework.web.method.HandlerMethod; -import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.lang.reflect.Method; -import java.util.Optional; - -public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter { - private Logger logger = LoggerFactory.getLogger(getClass()); - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - if (!(handler instanceof HandlerMethod)){ - return super.preHandle(request, response, handler); - } - Method method = ((HandlerMethod) handler).getMethod(); - - if(HttpMethod.GET.matches(request.getMethod())) { - if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) { - String shop = request.getParameter("shop"); - if (StringUtils.isNotBlank(shop)) { - response.addHeader("Content-Security-Policy", "frame-ancestors 'none'"); - } - } - } - - if (HttpMethod.POST.matches(request.getMethod())) { - if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) { - - String requestBody = ShopifyHttpUtils.getRequestBody(request); - logger.debug("shopify request body:[POST]{} -->{}", request.getRequestURI(), requestBody); - String shop = Optional.ofNullable(requestBody).map(JSON::parseObject).map(body->body.getString("shop_domain")).orElse(null); - if (StringUtils.isNotBlank(shop)) { - response.addHeader("Content-Security-Policy", "frame-ancestors 'none'"); - } - } - } - - return super.preHandle(request, response, handler); - } - -} diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/SpringContextUtil.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/SpringContextUtil.java deleted file mode 100644 index a1ded1209..000000000 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/SpringContextUtil.java +++ /dev/null @@ -1,37 +0,0 @@ -package au.com.royalpay.payment.manage.shopify.support; - -import org.apache.poi.ss.formula.functions.T; -import org.springframework.beans.BeansException; -import org.springframework.context.ApplicationContext; - -public class SpringContextUtil { - - // Spring应用上下文环境 - private static ApplicationContext applicationContext; - - /** - * 实现ApplicationContextAware接口的回调方法,设置上下文环境 - */ - public static void setApplicationContext(ApplicationContext applicationContext)throws BeansException { - SpringContextUtil.applicationContext = applicationContext; - } - - public static ApplicationContext getApplicationContext() { - return applicationContext; - } - - /** - * 根据beanId返回Spring中的实例 - * @Date 2019-08-07 17:36 - * @param - * @return - **/ - public static Object getBean(String beanId) throws BeansException { - return applicationContext.getBean(beanId); - } - - public static Object getBean(Class className) { - return applicationContext.getBean(className); - } - -} diff --git a/src/main/resources/graphql/paymentsAppConfigure.graphql b/src/main/resources/graphql/paymentsAppConfigure.graphql deleted file mode 100644 index e6e0d32dc..000000000 --- a/src/main/resources/graphql/paymentsAppConfigure.graphql +++ /dev/null @@ -1,8 +0,0 @@ -mutation PaymentsAppConfigure($externalHandle: String, $ready: Boolean!) { - paymentsAppConfigure(externalHandle: $externalHandle, ready: $ready) { - userErrors{ - field - message - } - } -} \ No newline at end of file diff --git a/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java b/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java index acc19713a..2ee38b24e 100644 --- a/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java +++ b/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java @@ -1,5 +1,6 @@ package au.com.royalpay.payment.manage.shopify.support; +import au.com.royalpay.shopify.support.HmacVerificationUtil; import org.junit.jupiter.api.Test; import org.springframework.web.util.UriComponentsBuilder;