From adfe8eced108841bb5f1da673f7a1884792ddb5d Mon Sep 17 00:00:00 2001
From: tongtongstudio <tongtongstudio@outlook.com>
Date: Thu, 11 Sep 2025 19:35:11 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=89=B4=E6=9D=83=EF=BC=8C?=
 =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=8E=B7=E5=8F=96=E8=81=94=E7=B3=BB=E4=BA=BA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/user/ContactController.java    | 22 ++----------------
 .../filter/JwtAuthenticationFilter.java       | 23 ++++++++++---------
 .../onekeycall/videotablet/utils/JwtUtil.java | 12 +++++++++-
 3 files changed, 25 insertions(+), 32 deletions(-)

diff --git a/src/main/java/com/onekeycall/videotablet/controller/user/ContactController.java b/src/main/java/com/onekeycall/videotablet/controller/user/ContactController.java
index 476ebd3..b54b666 100644
--- a/src/main/java/com/onekeycall/videotablet/controller/user/ContactController.java
+++ b/src/main/java/com/onekeycall/videotablet/controller/user/ContactController.java
@@ -39,21 +39,12 @@ public class ContactController {
 
     @PostMapping("/user_add_contact")
     public Result userAddContact(
-            @RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
-            @RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn,
+            @RequestParam(value = "user_id") String userId,
+            @RequestParam(value = "sn") String sn,
             @RequestPart(value = "file", required = false) MultipartFile file,
             @RequestPart("contact_json") String jsonData
     ) throws JsonProcessingException {
 
-        if (!authHeader.startsWith("Bearer ")) {
-            return Result.error().message("Invalid Authorization header");
-        }
-        String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
-
-        if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
-            return Result.error().message("Invalid token");
-        }
-
         User user = userService.getUserByUserId(userId);
         if (user == null) {
             return Result.error().message("user not found");
@@ -83,17 +74,8 @@ public class ContactController {
 
     @GetMapping("/get_contacts")
     public Result getContacts(
-            @RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
             @RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn
     ) {
-        if (!authHeader.startsWith("Bearer ")) {
-            return Result.error().message("Invalid Authorization header");
-        }
-        String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
-
-        if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
-            return Result.error().message("Invalid token");
-        }
 
         User user = userService.getUserByUserId(userId);
         if (user == null) {
diff --git a/src/main/java/com/onekeycall/videotablet/filter/JwtAuthenticationFilter.java b/src/main/java/com/onekeycall/videotablet/filter/JwtAuthenticationFilter.java
index 20b5e4e..b48ca38 100644
--- a/src/main/java/com/onekeycall/videotablet/filter/JwtAuthenticationFilter.java
+++ b/src/main/java/com/onekeycall/videotablet/filter/JwtAuthenticationFilter.java
@@ -53,6 +53,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
         if (uripath.startsWith("/user")) {
             // 从请求头中获取Token
             String authorizationHeader = wrappedRequest.getHeader("Authorization");
+            String deviceId = wrappedRequest.getHeader("Device-ID");
             // 增强header检查日志
             if (authorizationHeader == null) {
                 logger.debug("Missing Authorization header for: " + wrappedRequest.getRequestURI());
@@ -62,31 +63,31 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
                 logger.debug("Found Authorization header");
             }
 
-            String username = null;
-            String jwt = null;
+            String userId = null;
+            String accessToken = null;
 
             // 检查Authorization头是否存在且以Bearer开头
             if (authorizationHeader.startsWith("Bearer ")) {
-                jwt = authorizationHeader.substring(7);
+                accessToken = authorizationHeader.substring(7);
                 try {
-                    username = jwtUtil.getUsernameFromToken(jwt);
-                    logger.debug("Extracted username: " + username);
+                    userId = jwtUtil.getUsernameFromToken(accessToken);
+                    logger.debug("Extracted userId: " + userId);
                 } catch (Exception e) {
-                    logger.error("Token解析失败 | Token: " + jwt, e);
+                    logger.error("Token解析失败 | Token: " + accessToken, e);
                     setUnauthorizedResponse(response, Result.unAuthorized().message("Invalid credentials"));
                     return;  // 重要！验证失败时终止过滤器链
                 }
             }
 
             // 如果获取到用户名且当前上下文没有认证信息
-            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-                User user = this.userService.loadUserByUsername(username);
+            if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                User user = this.userService.loadUserByUsername(userId);
 
                 // 新增权限检查日志
                 logger.debug("Loaded user authorities: " + user.getAuthorities());
 
                 // 验证Token
-                if (jwtUtil.validateToken(jwt, user)) {
+                if (jwtUtil.validateToken(accessToken, user,deviceId)) {
                     // 创建认证令牌
                     UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
                             new UsernamePasswordAuthenticationToken(
@@ -97,9 +98,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
                     // 将认证信息存入上下文
                     SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
-                    logger.debug("Successfully authenticated user: " + username);
+                    logger.debug("Successfully authenticated user: " + userId);
                 } else {
-                    logger.warn("Token验证失败 | User: " + username);
+                    logger.warn("Token验证失败 | User: " + userId);
                     setUnauthorizedResponse(response, Result.unAuthorized().message("Token validation failed"));
                     return;  // 重要！验证失败时终止过滤器链
                 }
diff --git a/src/main/java/com/onekeycall/videotablet/utils/JwtUtil.java b/src/main/java/com/onekeycall/videotablet/utils/JwtUtil.java
index d782bb9..30c1274 100644
--- a/src/main/java/com/onekeycall/videotablet/utils/JwtUtil.java
+++ b/src/main/java/com/onekeycall/videotablet/utils/JwtUtil.java
@@ -204,6 +204,11 @@ public class JwtUtil {
         return claimsResolver.apply(claims);
     }
 
+    // 从Token中获取设备ID
+    public String getDeviceIdFromToken(String token) {
+        return getClaimFromToken(token, claims -> claims.get("deviceId", String.class));
+    }
+
     // 从Token中获取所有声明
     private Claims getAllClaimsFromToken(String token) {
         return Jwts.parser()
@@ -237,10 +242,15 @@ public class JwtUtil {
     }
 
     // 验证Token
-    public Boolean validateToken(String token, UserDetails userDetails) {
+    public Boolean validateToken(String token, UserDetails userDetails, String deviceId) {
         final String username = getUsernameFromToken(token);
         boolean isExpired = isTokenExpired(token);
         boolean result = username.equals(userDetails.getUsername());
+        // 验证设备ID
+        String tokenDeviceId = getDeviceIdFromToken(token);
+        if (!deviceId.equals(tokenDeviceId)) {
+            return false;
+        }
         return result && !isExpired;
     }