fix : token升级加密算法, 增加安全编码

game-module/game-module-sdk/src/main/java/com/zanxiang/game/module/sdk/SDKApplication.java

@@ -25,7 +25,7 @@ public class SDKApplication {
 
     public static void main(String[] args) {
         SpringApplication.run(SDKApplication.class, args);
-        System.out.println("赞象SDK服务启动成功 <32位token统一失效01> ( ´･･)ﾉ(._.`) \n" +
+        System.out.println("赞象SDK服务启动成功 <token升级加密算法, 增加安全编码> ( ´･･)ﾉ(._.`) \n" +
                 " ___________ _   __\n" +
                 "/  ___|  _  \\ | / /\n" +
                 "\\ `--.| | | | |/ / \n" +

game-module/game-module-sdk/src/main/java/com/zanxiang/game/module/sdk/service/impl/UserTokenServiceImpl.java

@@ -89,20 +89,20 @@ public class UserTokenServiceImpl extends ServiceImpl<UserTokenMapper, UserToken
         }
         //用户信息
         User user = userService.getById(userId);
-//        //获取检测token
-//        UserToken userToken = this.getCheckUserToken(userId, token);
-//        //判断token是否存在, 并且没有过期
-//        if (userToken == null || userToken.getExpireTime() < DateUtils.localDateTimeToSecond(LocalDateTime.now())) {
-//            log.error("token验证失败 , token不存在或者已经失效, appId : {}, userId : {}, token : {}", appId, userId, token);
-//            return ResultVO.fail(TokenCheckEnum.SIGN_ERROR.getMsg());
-//        }
-//        //获取计算签名
-//        Tuple2<String, String> tuple2 = this.getMySign(gameExt, userId, token);
-//        //签名错误
-//        if (!Objects.equals(tuple2.getT2(), sign)) {
-//            log.error("token验证失败 , str : {}, mySign : {}, sign : {}", tuple2.getT1(), tuple2.getT2(), sign);
-//            return ResultVO.fail(TokenCheckEnum.CHECK_FAIL.getMsg());
-//        }
+        //获取检测token
+        UserToken userToken = this.getCheckUserToken(userId, token);
+        //判断token是否存在, 并且没有过期
+        if (userToken == null || userToken.getExpireTime() < DateUtils.localDateTimeToSecond(LocalDateTime.now())) {
+            log.error("token验证失败 , token不存在或者已经失效, appId : {}, userId : {}, token : {}", appId, userId, token);
+            return ResultVO.fail(TokenCheckEnum.SIGN_ERROR.getMsg());
+        }
+        //获取计算签名
+        Tuple2<String, String> tuple2 = this.getMySign(gameExt, userId, token);
+        //签名错误
+        if (!Objects.equals(tuple2.getT2(), sign)) {
+            log.error("token验证失败 , str : {}, mySign : {}, sign : {}", tuple2.getT1(), tuple2.getT2(), sign);
+            return ResultVO.fail(TokenCheckEnum.CHECK_FAIL.getMsg());
+        }
         //构造返回
         return ResultVO.ok(CpTokenCheckVO.builder()
                 .userId(userId)
@@ -208,7 +208,8 @@ public class UserTokenServiceImpl extends ServiceImpl<UserTokenMapper, UserToken
                 .eq(UserToken::getDeviceType, userData.getDeviceType()));
         //token已经更新, 返回失效
         String token = Optional.ofNullable(userToken).map(UserToken::getToken).orElse(null);
-        if (Strings.isBlank(token) || token.length() <= 32) {
+        LocalDateTime localDateTime = DateUtil.parseLocalDateTime("2025-03-11 18:30:00");
+        if (Strings.isBlank(token) || userToken.getUpdateTime().isBefore(localDateTime)) {
             return Boolean.FALSE;
         }
         //判断是否ip封禁
@@ -346,8 +347,10 @@ public class UserTokenServiceImpl extends ServiceImpl<UserTokenMapper, UserToken
                 UUID.randomUUID().toString(),
                 Long.toString(System.nanoTime())
         );
+        //先进行AES加密
+        String encrypted = AESUtil.encrypt(random, this.tokenSecret);
         //创建token
-        return AESUtil.encrypt(random, this.tokenSecret);
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(encrypted.getBytes());
     }
 
     private String getUserTokenKey(Long userId, Integer deviceType) {