优化鉴权,优化获取联系人
This commit is contained in:
@@ -39,21 +39,12 @@ public class ContactController {
|
||||
|
||||
@PostMapping("/user_add_contact")
|
||||
public Result userAddContact(
|
||||
@RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
|
||||
@RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn,
|
||||
@RequestParam(value = "user_id") String userId,
|
||||
@RequestParam(value = "sn") String sn,
|
||||
@RequestPart(value = "file", required = false) MultipartFile file,
|
||||
@RequestPart("contact_json") String jsonData
|
||||
) throws JsonProcessingException {
|
||||
|
||||
if (!authHeader.startsWith("Bearer ")) {
|
||||
return Result.error().message("Invalid Authorization header");
|
||||
}
|
||||
String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
|
||||
|
||||
if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
|
||||
return Result.error().message("Invalid token");
|
||||
}
|
||||
|
||||
User user = userService.getUserByUserId(userId);
|
||||
if (user == null) {
|
||||
return Result.error().message("user not found");
|
||||
@@ -83,17 +74,8 @@ public class ContactController {
|
||||
|
||||
@GetMapping("/get_contacts")
|
||||
public Result getContacts(
|
||||
@RequestHeader("Authorization") String authHeader, @RequestHeader("Device-ID") String deviceId,
|
||||
@RequestParam(value = "user_id") String userId, @RequestParam(value = "sn") String sn
|
||||
) {
|
||||
if (!authHeader.startsWith("Bearer ")) {
|
||||
return Result.error().message("Invalid Authorization header");
|
||||
}
|
||||
String token = authHeader.substring(7); // 去掉 "Bearer " 前缀
|
||||
|
||||
if (!jwtUtil.validateAccessToken(userId, token, deviceId)) {
|
||||
return Result.error().message("Invalid token");
|
||||
}
|
||||
|
||||
User user = userService.getUserByUserId(userId);
|
||||
if (user == null) {
|
||||
|
||||
@@ -53,6 +53,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
if (uripath.startsWith("/user")) {
|
||||
// 从请求头中获取Token
|
||||
String authorizationHeader = wrappedRequest.getHeader("Authorization");
|
||||
String deviceId = wrappedRequest.getHeader("Device-ID");
|
||||
// 增强header检查日志
|
||||
if (authorizationHeader == null) {
|
||||
logger.debug("Missing Authorization header for: " + wrappedRequest.getRequestURI());
|
||||
@@ -62,31 +63,31 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
logger.debug("Found Authorization header");
|
||||
}
|
||||
|
||||
String username = null;
|
||||
String jwt = null;
|
||||
String userId = null;
|
||||
String accessToken = null;
|
||||
|
||||
// 检查Authorization头是否存在且以Bearer开头
|
||||
if (authorizationHeader.startsWith("Bearer ")) {
|
||||
jwt = authorizationHeader.substring(7);
|
||||
accessToken = authorizationHeader.substring(7);
|
||||
try {
|
||||
username = jwtUtil.getUsernameFromToken(jwt);
|
||||
logger.debug("Extracted username: " + username);
|
||||
userId = jwtUtil.getUsernameFromToken(accessToken);
|
||||
logger.debug("Extracted userId: " + userId);
|
||||
} catch (Exception e) {
|
||||
logger.error("Token解析失败 | Token: " + jwt, e);
|
||||
logger.error("Token解析失败 | Token: " + accessToken, e);
|
||||
setUnauthorizedResponse(response, Result.unAuthorized().message("Invalid credentials"));
|
||||
return; // 重要!验证失败时终止过滤器链
|
||||
}
|
||||
}
|
||||
|
||||
// 如果获取到用户名且当前上下文没有认证信息
|
||||
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
User user = this.userService.loadUserByUsername(username);
|
||||
if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
User user = this.userService.loadUserByUsername(userId);
|
||||
|
||||
// 新增权限检查日志
|
||||
logger.debug("Loaded user authorities: " + user.getAuthorities());
|
||||
|
||||
// 验证Token
|
||||
if (jwtUtil.validateToken(jwt, user)) {
|
||||
if (jwtUtil.validateToken(accessToken, user,deviceId)) {
|
||||
// 创建认证令牌
|
||||
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
|
||||
new UsernamePasswordAuthenticationToken(
|
||||
@@ -97,9 +98,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
// 将认证信息存入上下文
|
||||
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
|
||||
logger.debug("Successfully authenticated user: " + username);
|
||||
logger.debug("Successfully authenticated user: " + userId);
|
||||
} else {
|
||||
logger.warn("Token验证失败 | User: " + username);
|
||||
logger.warn("Token验证失败 | User: " + userId);
|
||||
setUnauthorizedResponse(response, Result.unAuthorized().message("Token validation failed"));
|
||||
return; // 重要!验证失败时终止过滤器链
|
||||
}
|
||||
|
||||
@@ -204,6 +204,11 @@ public class JwtUtil {
|
||||
return claimsResolver.apply(claims);
|
||||
}
|
||||
|
||||
// 从Token中获取设备ID
|
||||
public String getDeviceIdFromToken(String token) {
|
||||
return getClaimFromToken(token, claims -> claims.get("deviceId", String.class));
|
||||
}
|
||||
|
||||
// 从Token中获取所有声明
|
||||
private Claims getAllClaimsFromToken(String token) {
|
||||
return Jwts.parser()
|
||||
@@ -237,10 +242,15 @@ public class JwtUtil {
|
||||
}
|
||||
|
||||
// 验证Token
|
||||
public Boolean validateToken(String token, UserDetails userDetails) {
|
||||
public Boolean validateToken(String token, UserDetails userDetails, String deviceId) {
|
||||
final String username = getUsernameFromToken(token);
|
||||
boolean isExpired = isTokenExpired(token);
|
||||
boolean result = username.equals(userDetails.getUsername());
|
||||
// 验证设备ID
|
||||
String tokenDeviceId = getDeviceIdFromToken(token);
|
||||
if (!deviceId.equals(tokenDeviceId)) {
|
||||
return false;
|
||||
}
|
||||
return result && !isExpired;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user