修改头部校验

e2f100a5 · zhangzc · 21738dd8 · e2f100a5 · e2f100a5 · e2f100a5
Commit e2f100a5 authored Apr 28, 2020 by zhangzc
8 changed files
--- a/src/main/java/com/esv/freight/app/common/filter/AuthFilter.java
+++ b/src/main/java/com/esv/freight/app/common/filter/AuthFilter.java
@@ -78,39 +78,18 @@ public class AuthFilter implements Filter {
        // TODO 设备标识，用于日后消息推送
        String token = request.getHeader("Union-Authorization");
-        log.info(token);
+        log.info(SecurityUtils.desDecode(AES_KEY, token));
        CustomToken customToken = CheckCustomToken.getCustomToken(SecurityUtils.desDecode(AES_KEY, token));
-        request.setAttribute("tokenInfo", customToken);
-        log.info(customToken.toString());
-        Long tenantId = customToken.getTenantId();
-        // TODO 判断租户ID是否正确，如果不存在此租户，直接返回，目前暂定租户名"100100100"
-        if(tenantId != 100100100L) {
-            this.errorResponse(EResponse.error(ECode.TOKEN_INVALID), response);
-            return;
-        }
-        // TODO 如果租户ID正确，进行设置操作，网关请求头
+        // 校验token
        RestRequestWrapper requestWrapper = new RestRequestWrapper((HttpServletRequest)servletRequest);
        String url = requestWrapper.getRequestURI();
+        CheckCustomToken.check(customToken, url);
+        request.setAttribute("tokenInfo", customToken);
-        if("/app/ownerBackend/account/login/loginByPwd".equals(url) ||
+        // TODO 如果租户ID正确，进行设置操作，网关请求头
-                "/app/ownerBackend/account/login/loginBySms".equals(url) ||
+        String userId = customToken.getUserId();
-                "/app/ownerBackend/password/reset".equals(url) ||
+        // TODO 将userId进行设置操作，网关请求头
-                "/app/driverBackend/account/login/loginBySms".equals(url) ||
-                "/app/driverBackend/account/login/loginByPwd".equals(url) ||
-                "/app/driverBackend/password/reset".equals(url)) {
-            //此类接口不校验token
-        }
-        else {
-            log.info("start check");
-            CheckCustomToken.check(customToken);
-            log.info("check success");
-            String userId = customToken.getUserId();
-            // TODO 将userId进行设置操作，网关请求头
-        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

--- a/src/main/java/com/esv/freight/app/common/filter/CheckCustomToken.java
+++ b/src/main/java/com/esv/freight/app/common/filter/CheckCustomToken.java
@@ -23,21 +23,55 @@ public class CheckCustomToken {
        customToken.setAccessToken(ss[1]);
        customToken.setRefreshToken(ss[2]);
        customToken.setUserId(ss[3]);
-        customToken.setAccount(ss[4].substring(0,11));
+        if(!StringUtils.isEmpty(ss[4]) && ss[4].length() >= 11) {
+            customToken.setAccount(ss[4].substring(0,11));
+        }
+        else {
+            customToken.setAccount(null);
+        }
        return customToken;
    }
    /**
     * 校验token有效性
     */
-    public static void check(CustomToken customToken) {
+    public static void check(CustomToken customToken, String url) {
-        if (StringUtils.isEmpty(customToken.getAccount()) || StringUtils.isEmpty(customToken.getAccessToken()) || StringUtils.isEmpty(customToken.getRefreshToken())|| StringUtils.isEmpty(customToken.getUserId())) {
+        Long tenantId = customToken.getTenantId();
+        // TODO 判断租户ID是否正确，如果不存在此租户，直接返回，目前暂定租户名"100100100"
+        if(tenantId != 100100100L) {
+            throw new EException(401, "没有访问权限");
+        }
+        if("/app/ownerBackend/account/login/loginByPwd".equals(url) ||
+                "/app/ownerBackend/account/login/loginBySms".equals(url) ||
+                "/app/ownerBackend/password/reset".equals(url) ||
+                "/app/driverBackend/account/login/loginBySms".equals(url) ||
+                "/app/driverBackend/account/login/loginByPwd".equals(url) ||
+                "/app/driverBackend/password/reset".equals(url)) {
+            //此类接口不校验token
+            return;
+        }
+        if (StringUtils.isEmpty(customToken.getAccount()) || StringUtils.isEmpty(customToken.getAccessToken()) || StringUtils.isEmpty(customToken.getRefreshToken())) {
            throw new EException(601, "无效的Token");
        }
        if(!isPhone(customToken.getAccount())) {
            throw new EException(601, "无效的Token");
        }
+        if("/app/ownerBackend/account/detail".equals(url) ||
+                "/app/driverBackend/account/detail".equals(url)) {
+            //此类接口不校验userId
+            return;
+        }
+        if(StringUtils.isEmpty(customToken.getUserId())) {
+            throw new EException(601, "无效的Token");
+        }
    }
    /**

--- a/src/main/java/com/esv/freight/app/module/account/controller/DriverAccountController.java
+++ b/src/main/java/com/esv/freight/app/module/account/controller/DriverAccountController.java
@@ -3,6 +3,7 @@ package com.esv.freight.app.module.account.controller;
 import com.alibaba.fastjson.JSONObject;
 import com.esv.freight.app.common.response.ECode;
 import com.esv.freight.app.common.response.EResponse;
+import com.esv.freight.app.common.util.ReqUtils;
 import com.esv.freight.app.common.validator.groups.ValidatorInsert;
 import com.esv.freight.app.feign.DictInterface;
 import com.esv.freight.app.feign.NoticeInterface;
@@ -97,7 +98,8 @@ public class DriverAccountController {
     * createTime 2020/04/14 14:00
     **/
    @PostMapping("/logout")
-    public EResponse logout(@RequestHeader("Union-Authorization") String accessToken) {
+    public EResponse logout() {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        appLoginService.logout(accessToken);
        return EResponse.ok();
    }
@@ -110,8 +112,9 @@ public class DriverAccountController {
     * createTime 2020/04/13 09:00
     **/
    @PostMapping("/token/refresh")
-    public EResponse refresh(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorInsert.class) RefreshTokenForm refreshTokenForm) {
+    public EResponse refresh(@RequestBody(required=false) @Validated(ValidatorInsert.class) RefreshTokenForm refreshTokenForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        LoginVO loginByPwdVO = appLoginService.refreshToken(accessToken, refreshTokenForm);
        return EResponse.ok(loginByPwdVO);
    }
@@ -124,8 +127,8 @@ public class DriverAccountController {
     * createTime 2020/04/14 15:00
     **/
    @PostMapping("/detail")
-    public EResponse detail(@RequestHeader("Union-Authorization") String accessToken) {
+    public EResponse detail() {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }

--- a/src/main/java/com/esv/freight/app/module/account/controller/OwnerAccountController.java
+++ b/src/main/java/com/esv/freight/app/module/account/controller/OwnerAccountController.java
@@ -2,6 +2,7 @@ package com.esv.freight.app.module.account.controller;
 import com.alibaba.fastjson.JSONObject;
 import com.esv.freight.app.common.util.ReqUtils;
+import com.esv.freight.app.common.util.SecurityUtils;
 import com.esv.freight.app.feign.DictInterface;
 import com.esv.freight.app.feign.FileInterface;
 import com.esv.freight.app.feign.GoodsOwnerInterface;
@@ -153,7 +154,7 @@ public class OwnerAccountController {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
-        String phone = appLoginService.getPhoneByAccessToken(accessToken);
+        String phone = ReqUtils.getTokenInfo().getAccount();
        // 调用帐号密码校验接口
        JSONObject reqJsonDetail = new JSONObject();

--- a/src/main/java/com/esv/freight/app/module/account/controller/OwnerPasswordController.java
+++ b/src/main/java/com/esv/freight/app/module/account/controller/OwnerPasswordController.java
@@ -112,7 +112,7 @@ public class OwnerPasswordController {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
-        String phone = appLoginService.getPhoneByAccessToken(accessToken);
+        String phone = ReqUtils.getTokenInfo().getAccount();
        // 调用帐号密码校验接口
        JSONObject reqJson = new JSONObject();

--- a/src/main/java/com/esv/freight/app/module/account/service/AppLoginService.java
+++ b/src/main/java/com/esv/freight/app/module/account/service/AppLoginService.java
@@ -23,6 +23,4 @@ public interface AppLoginService extends IService<AppLoginEntity> {
    boolean isInvalidAccessToken(String accessToken);
    boolean isInvalidRefreshToken(String refreshToken);
-    String getPhoneByAccessToken(String accessToken);
 }
\ No newline at end of file
--- a/src/main/java/com/esv/freight/app/module/account/service/impl/AppLoginImpl.java
+++ b/src/main/java/com/esv/freight/app/module/account/service/impl/AppLoginImpl.java
@@ -142,16 +142,6 @@ public class AppLoginImpl extends ServiceImpl<AppLoginDao, AppLoginEntity> imple
        return false;
    }
-    @Override
-    public String getPhoneByAccessToken(String accessToken) {
-        AppLoginEntity entity = this.getAccountByAccessToken(accessToken);
-        if(entity == null) {
-            throw new EException(602, "Token已过期,请重新登录");
-        }
-        return entity.getPhone();
-    }
    private AppLoginEntity getAccountByPhone(String phone) {
        QueryWrapper<AppLoginEntity> queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("phone", phone);

--- a/src/main/java/com/esv/freight/app/module/order/controller/OrderController.java
+++ b/src/main/java/com/esv/freight/app/module/order/controller/OrderController.java
@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import com.esv.freight.app.common.response.ECode;
 import com.esv.freight.app.common.response.EResponse;
+import com.esv.freight.app.common.util.ReqUtils;
 import com.esv.freight.app.common.validator.groups.ValidatorDetail;
 import com.esv.freight.app.common.validator.groups.ValidatorInsert;
 import com.esv.freight.app.common.validator.groups.ValidatorList;
@@ -56,8 +57,9 @@ public class OrderController {
     * createTime 2020/04/11 11:00
     **/
    @PostMapping("/statistics/getCountByType")
-    public EResponse getCountByType(@RequestHeader("Union-Authorization") String accessToken) {
+    public EResponse getCountByType() {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
@@ -79,8 +81,9 @@ public class OrderController {
     * createTime 2020/04/18 11:00
     **/
    @PostMapping("/list")
-    public EResponse list(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorList.class) OrderQueryForm orderQueryForm) {
+    public EResponse list(@RequestBody(required=false) @Validated(ValidatorList.class) OrderQueryForm orderQueryForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
@@ -143,8 +146,9 @@ public class OrderController {
     * createTime 2020/04/13 14:00
     **/
    @PostMapping("/add")
-    public EResponse add(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorInsert.class) OrderForm orderForm) {
+    public EResponse add(@RequestBody(required=false) @Validated(ValidatorInsert.class) OrderForm orderForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
@@ -188,8 +192,9 @@ public class OrderController {
     * createTime 2020/04/21 14:00
     **/
    @PostMapping("/cancel")
-    public EResponse cancel(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorDetail.class) OrderQueryForm orderQueryForm) {
+    public EResponse cancel(@RequestBody(required=false) @Validated(ValidatorDetail.class) OrderQueryForm orderQueryForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
@@ -216,8 +221,9 @@ public class OrderController {
     * createTime 2020/04/21 14:00
     **/
    @PostMapping("/detail")
-    public EResponse detail(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorDetail.class) OrderQueryForm orderQueryForm) {
+    public EResponse detail(@RequestBody(required=false) @Validated(ValidatorDetail.class) OrderQueryForm orderQueryForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }
@@ -267,8 +273,9 @@ public class OrderController {
     * createTime 2020/04/21 14:00
     **/
    @PostMapping("/edit")
-    public EResponse edit(@RequestHeader("Union-Authorization") String accessToken, @RequestBody(required=false) @Validated(ValidatorUpdate.class) OrderForm orderForm) {
+    public EResponse edit(@RequestBody(required=false) @Validated(ValidatorUpdate.class) OrderForm orderForm) {
+        String accessToken = ReqUtils.getTokenInfo().getAccessToken();
        if(appLoginService.isInvalidAccessToken(accessToken)) {
            return EResponse.error(ECode.TOKEN_EXPIRED);
        }