优化鉴权,优化获取联系人
This commit is contained in:
@@ -39,21 +39,12 @@ public class ContactController {
|
|||||||
|
|
||||||
@PostMapping("/user_add_contact")
|
@PostMapping("/user_add_contact")
|
||||||
public Result userAddContact(
|
public Result userAddContact(
|
||||||
@RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
|
@RequestParam(value = "user_id") String userId,
|
||||||
@RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn,
|
@RequestParam(value = "sn") String sn,
|
||||||
@RequestPart(value = "file", required = false) MultipartFile file,
|
@RequestPart(value = "file", required = false) MultipartFile file,
|
||||||
@RequestPart("contact_json") String jsonData
|
@RequestPart("contact_json") String jsonData
|
||||||
) throws JsonProcessingException {
|
) throws JsonProcessingException {
|
||||||
|
|
||||||
if (!authHeader.startsWith("Bearer ")) {
|
|
||||||
return Result.error().message("Invalid Authorization header");
|
|
||||||
}
|
|
||||||
String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
|
|
||||||
|
|
||||||
if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
|
|
||||||
return Result.error().message("Invalid token");
|
|
||||||
}
|
|
||||||
|
|
||||||
User user = userService.getUserByUserId(userId);
|
User user = userService.getUserByUserId(userId);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
return Result.error().message("user not found");
|
return Result.error().message("user not found");
|
||||||
@@ -83,17 +74,8 @@ public class ContactController {
|
|||||||
|
|
||||||
@GetMapping("/get_contacts")
|
@GetMapping("/get_contacts")
|
||||||
public Result getContacts(
|
public Result getContacts(
|
||||||
@RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
|
|
||||||
@RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn
|
@RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn
|
||||||
) {
|
) {
|
||||||
if (!authHeader.startsWith("Bearer ")) {
|
|
||||||
return Result.error().message("Invalid Authorization header");
|
|
||||||
}
|
|
||||||
String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
|
|
||||||
|
|
||||||
if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
|
|
||||||
return Result.error().message("Invalid token");
|
|
||||||
}
|
|
||||||
|
|
||||||
User user = userService.getUserByUserId(userId);
|
User user = userService.getUserByUserId(userId);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
|
|||||||
@@ -53,6 +53,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
if (uripath.startsWith("/user")) {
|
if (uripath.startsWith("/user")) {
|
||||||
// 从请求头中获取Token
|
// 从请求头中获取Token
|
||||||
String authorizationHeader = wrappedRequest.getHeader("Authorization");
|
String authorizationHeader = wrappedRequest.getHeader("Authorization");
|
||||||
|
String deviceId = wrappedRequest.getHeader("Device-ID");
|
||||||
// 增强header检查日志
|
// 增强header检查日志
|
||||||
if (authorizationHeader == null) {
|
if (authorizationHeader == null) {
|
||||||
logger.debug("Missing Authorization header for: " + wrappedRequest.getRequestURI());
|
logger.debug("Missing Authorization header for: " + wrappedRequest.getRequestURI());
|
||||||
@@ -62,31 +63,31 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
logger.debug("Found Authorization header");
|
logger.debug("Found Authorization header");
|
||||||
}
|
}
|
||||||
|
|
||||||
String username = null;
|
String userId = null;
|
||||||
String jwt = null;
|
String accessToken = null;
|
||||||
|
|
||||||
// 检查Authorization头是否存在且以Bearer开头
|
// 检查Authorization头是否存在且以Bearer开头
|
||||||
if (authorizationHeader.startsWith("Bearer ")) {
|
if (authorizationHeader.startsWith("Bearer ")) {
|
||||||
jwt = authorizationHeader.substring(7);
|
accessToken = authorizationHeader.substring(7);
|
||||||
try {
|
try {
|
||||||
username = jwtUtil.getUsernameFromToken(jwt);
|
userId = jwtUtil.getUsernameFromToken(accessToken);
|
||||||
logger.debug("Extracted username: " + username);
|
logger.debug("Extracted userId: " + userId);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error("Token解析失败 | Token: " + jwt, e);
|
logger.error("Token解析失败 | Token: " + accessToken, e);
|
||||||
setUnauthorizedResponse(response, Result.unAuthorized().message("Invalid credentials"));
|
setUnauthorizedResponse(response, Result.unAuthorized().message("Invalid credentials"));
|
||||||
return; // 重要!验证失败时终止过滤器链
|
return; // 重要!验证失败时终止过滤器链
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 如果获取到用户名且当前上下文没有认证信息
|
// 如果获取到用户名且当前上下文没有认证信息
|
||||||
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||||
User user = this.userService.loadUserByUsername(username);
|
User user = this.userService.loadUserByUsername(userId);
|
||||||
|
|
||||||
// 新增权限检查日志
|
// 新增权限检查日志
|
||||||
logger.debug("Loaded user authorities: " + user.getAuthorities());
|
logger.debug("Loaded user authorities: " + user.getAuthorities());
|
||||||
|
|
||||||
// 验证Token
|
// 验证Token
|
||||||
if (jwtUtil.validateToken(jwt, user)) {
|
if (jwtUtil.validateToken(accessToken, user,deviceId)) {
|
||||||
// 创建认证令牌
|
// 创建认证令牌
|
||||||
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
|
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
|
||||||
new UsernamePasswordAuthenticationToken(
|
new UsernamePasswordAuthenticationToken(
|
||||||
@@ -97,9 +98,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
|
|
||||||
// 将认证信息存入上下文
|
// 将认证信息存入上下文
|
||||||
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
|
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
|
||||||
logger.debug("Successfully authenticated user: " + username);
|
logger.debug("Successfully authenticated user: " + userId);
|
||||||
} else {
|
} else {
|
||||||
logger.warn("Token验证失败 | User: " + username);
|
logger.warn("Token验证失败 | User: " + userId);
|
||||||
setUnauthorizedResponse(response, Result.unAuthorized().message("Token validation failed"));
|
setUnauthorizedResponse(response, Result.unAuthorized().message("Token validation failed"));
|
||||||
return; // 重要!验证失败时终止过滤器链
|
return; // 重要!验证失败时终止过滤器链
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -204,6 +204,11 @@ public class JwtUtil {
|
|||||||
return claimsResolver.apply(claims);
|
return claimsResolver.apply(claims);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 从Token中获取设备ID
|
||||||
|
public String getDeviceIdFromToken(String token) {
|
||||||
|
return getClaimFromToken(token, claims -> claims.get("deviceId", String.class));
|
||||||
|
}
|
||||||
|
|
||||||
// 从Token中获取所有声明
|
// 从Token中获取所有声明
|
||||||
private Claims getAllClaimsFromToken(String token) {
|
private Claims getAllClaimsFromToken(String token) {
|
||||||
return Jwts.parser()
|
return Jwts.parser()
|
||||||
@@ -237,10 +242,15 @@ public class JwtUtil {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 验证Token
|
// 验证Token
|
||||||
public Boolean validateToken(String token, UserDetails userDetails) {
|
public Boolean validateToken(String token, UserDetails userDetails, String deviceId) {
|
||||||
final String username = getUsernameFromToken(token);
|
final String username = getUsernameFromToken(token);
|
||||||
boolean isExpired = isTokenExpired(token);
|
boolean isExpired = isTokenExpired(token);
|
||||||
boolean result = username.equals(userDetails.getUsername());
|
boolean result = username.equals(userDetails.getUsername());
|
||||||
|
// 验证设备ID
|
||||||
|
String tokenDeviceId = getDeviceIdFromToken(token);
|
||||||
|
if (!deviceId.equals(tokenDeviceId)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
return result && !isExpired;
|
return result && !isExpired;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user