fangyeqing / xkl-interface · Commits

Go to a project

Authored by fangyeqing
Commit 71473bfc6ab72cd79b7641da2ab6cecb91967335 1 parent 6d1efda3

FIX:fix sign

Inline Side-by-side
Showing 6 changed files with 44 additions and 4 deletions
@@ -86,9 +86,9 @@ public class SignAspect { @@ -86,9 +86,9 @@ public class SignAspect {
86 * 比较sign和过期时间 86 * 比较sign和过期时间
87 */ 87 */
88 if(sign1.equals(sign)&&Math.abs(t1-t)<300){ 88 if(sign1.equals(sign)&&Math.abs(t1-t)<300){
89 - 89 + request.setAttribute("signAspect",true);
90 }else{ 90 }else{
91 - throw new Exception("您无权操作!"); 91 + request.setAttribute("signAspect",false);
92 } 92 }
93 } 93 }
94 } 94 }
@@ -5,6 +5,7 @@ package com.xkl.config; @@ -5,6 +5,7 @@ package com.xkl.config;
5 */ 5 */
6 public enum ResultStatus { 6 public enum ResultStatus {
7 SUCCESS(100, "成功"), 7 SUCCESS(100, "成功"),
  8 + SIGN_ERROR(-100, "签名错误或者客户端时间有误"),
8 9
9 USER_REGISTER(1000,"用户注册成功"), 10 USER_REGISTER(1000,"用户注册成功"),
10 USER_LOGOUT(1001,"退出登录成功"), 11 USER_LOGOUT(1001,"退出登录成功"),
@@ -41,6 +41,9 @@ public class OpenIdController { @@ -41,6 +41,9 @@ public class OpenIdController {
41 @ApiOperation(value = "OpenId绑定接口") 41 @ApiOperation(value = "OpenId绑定接口")
42 public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdType, 42 public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdType,
43 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 43 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  44 + if(!(boolean)request.getAttribute("signAspect"))
  45 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  46 +
44 Assert.notNull(username, "username can not be empty"); 47 Assert.notNull(username, "username can not be empty");
45 Assert.notNull(password, "password can not be empty"); 48 Assert.notNull(password, "password can not be empty");
46 49
@@ -71,6 +74,9 @@ public class OpenIdController { @@ -71,6 +74,9 @@ public class OpenIdController {
71 @ApiOperation(value = "OpenId解除绑定接口") 74 @ApiOperation(value = "OpenId解除绑定接口")
72 public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdType, 75 public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdType,
73 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 76 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  77 + if(!(boolean)request.getAttribute("signAspect"))
  78 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  79 +
74 Assert.notNull(username, "username can not be empty"); 80 Assert.notNull(username, "username can not be empty");
75 Assert.notNull(password, "password can not be empty"); 81 Assert.notNull(password, "password can not be empty");
76 82
@@ -95,6 +101,9 @@ public class OpenIdController { @@ -95,6 +101,9 @@ public class OpenIdController {
95 @ApiOperation(value = "OpenId登录接口") 101 @ApiOperation(value = "OpenId登录接口")
96 public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdType, 102 public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdType,
97 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 103 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  104 + if(!(boolean)request.getAttribute("signAspect"))
  105 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  106 +
98 XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdType); 107 XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdType);
99 108
100 if(xklMemberOpenid == null){ 109 if(xklMemberOpenid == null){
@@ -7,6 +7,7 @@ import com.xkl.authorization.annotation.Authorization; @@ -7,6 +7,7 @@ import com.xkl.authorization.annotation.Authorization;
7 import com.xkl.authorization.annotation.CurrentUser; 7 import com.xkl.authorization.annotation.CurrentUser;
8 import com.xkl.authorization.annotation.Sign; 8 import com.xkl.authorization.annotation.Sign;
9 import com.xkl.config.Constants; 9 import com.xkl.config.Constants;
  10 +import com.xkl.config.ResultStatus;
10 import com.xkl.domain.*; 11 import com.xkl.domain.*;
11 import com.xkl.model.ReportDetailModel; 12 import com.xkl.model.ReportDetailModel;
12 import com.xkl.model.ReportItemGraphModel; 13 import com.xkl.model.ReportItemGraphModel;
@@ -54,6 +55,9 @@ public class ReportController { @@ -54,6 +55,9 @@ public class ReportController {
54 }) 55 })
55 public ResponseEntity<ResultModel> getReportList(HttpServletRequest request, @CurrentUser User user, 56 public ResponseEntity<ResultModel> getReportList(HttpServletRequest request, @CurrentUser User user,
56 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 57 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
  58 + if(!(boolean)request.getAttribute("signAspect"))
  59 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  60 +
57 long member_id=user.getMemberId(); 61 long member_id=user.getMemberId();
58 List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id); 62 List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id);
59 return new ResponseEntity<>(ResultModel.ok(xklAmpReportEntity), HttpStatus.OK); 63 return new ResponseEntity<>(ResultModel.ok(xklAmpReportEntity), HttpStatus.OK);
@@ -68,6 +72,9 @@ public class ReportController { @@ -68,6 +72,9 @@ public class ReportController {
68 }) 72 })
69 public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id, 73 public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id,
70 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 74 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
  75 + if(!(boolean)request.getAttribute("signAspect"))
  76 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  77 +
71 XklAmpReportEntity report=xklAmpReportRespository.findOne(report_id); 78 XklAmpReportEntity report=xklAmpReportRespository.findOne(report_id);
72 List<ReportDetailModel> reportDetailModelList = new ArrayList<>(); 79 List<ReportDetailModel> reportDetailModelList = new ArrayList<>();
73 if(report != null ){ 80 if(report != null ){
@@ -99,7 +106,7 @@ public class ReportController { @@ -99,7 +106,7 @@ public class ReportController {
99 return new ResponseEntity<>(ResultModel.ok(reportModel), HttpStatus.OK); 106 return new ResponseEntity<>(ResultModel.ok(reportModel), HttpStatus.OK);
100 } 107 }
101 108
102 - @RequestMapping(value="/score",method = RequestMethod.GET) 109 + /*@RequestMapping(value="/score",method = RequestMethod.GET)
103 @Authorization 110 @Authorization
104 @Sign 111 @Sign
105 @ApiOperation(value = "健康评分接口(测试service用,后续可以注释掉)") 112 @ApiOperation(value = "健康评分接口(测试service用,后续可以注释掉)")
@@ -108,10 +115,13 @@ public class ReportController { @@ -108,10 +115,13 @@ public class ReportController {
108 }) 115 })
109 public ResponseEntity<ResultModel> getReportScore(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id, 116 public ResponseEntity<ResultModel> getReportScore(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id,
110 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 117 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
  118 + if(!(boolean)request.getAttribute("signAspect"))
  119 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  120 +
111 //单独测试需要删除xkl_amp_report_health_scroe表中数据 121 //单独测试需要删除xkl_amp_report_health_scroe表中数据
112 scoreService.getScore(report_id); 122 scoreService.getScore(report_id);
113 return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); 123 return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
114 - } 124 + }*/
115 125
116 @RequestMapping(value="/itemInfo",method = RequestMethod.GET) 126 @RequestMapping(value="/itemInfo",method = RequestMethod.GET)
117 @Authorization 127 @Authorization
@@ -122,6 +132,9 @@ public class ReportController { @@ -122,6 +132,9 @@ public class ReportController {
122 }) 132 })
123 public ResponseEntity<ResultModel> getReportItemInfo(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam int status, 133 public ResponseEntity<ResultModel> getReportItemInfo(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam int status,
124 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 134 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
  135 + if(!(boolean)request.getAttribute("signAspect"))
  136 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  137 +
125 XklAmpReportMetaItemsEntity metaItems = Constants.itemMetaMap.get(itemId); 138 XklAmpReportMetaItemsEntity metaItems = Constants.itemMetaMap.get(itemId);
126 String result=""; 139 String result="";
127 //0, normal,1, lower,2, higher 140 //0, normal,1, lower,2, higher
@@ -146,6 +159,9 @@ public class ReportController { @@ -146,6 +159,9 @@ public class ReportController {
146 }) 159 })
147 public ResponseEntity<ResultModel> getReportItemGraph(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam String stime,@RequestParam String etime, 160 public ResponseEntity<ResultModel> getReportItemGraph(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam String stime,@RequestParam String etime,
148 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 161 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
  162 + if(!(boolean)request.getAttribute("signAspect"))
  163 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  164 +
149 long member_id=user.getMemberId(); 165 long member_id=user.getMemberId();
150 List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id); 166 List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id);
151 List<ReportItemGraphModel> reportItemGraphModelList =new ArrayList<>(); 167 List<ReportItemGraphModel> reportItemGraphModelList =new ArrayList<>();
@@ -41,6 +41,9 @@ public class TokenController { @@ -41,6 +41,9 @@ public class TokenController {
41 @ApiOperation(value = "用户登录接口") 41 @ApiOperation(value = "用户登录接口")
42 public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password, 42 public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
43 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 43 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  44 + if(!(boolean)request.getAttribute("signAspect"))
  45 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  46 +
44 Assert.notNull(username, "username can not be empty"); 47 Assert.notNull(username, "username can not be empty");
45 Assert.notNull(password, "password can not be empty"); 48 Assert.notNull(password, "password can not be empty");
46 49
@@ -64,6 +67,9 @@ public class TokenController { @@ -64,6 +67,9 @@ public class TokenController {
64 }) 67 })
65 public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user, 68 public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
66 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 69 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  70 + if(!(boolean)request.getAttribute("signAspect"))
  71 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  72 +
67 tokenManager.deleteToken(String.valueOf(user.getId())); 73 tokenManager.deleteToken(String.valueOf(user.getId()));
68 return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK); 74 return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK);
69 } 75 }
@@ -47,6 +47,9 @@ public class UserInfoController { @@ -47,6 +47,9 @@ public class UserInfoController {
47 @ApiOperation(value = "用户注册接口") 47 @ApiOperation(value = "用户注册接口")
48 public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password, 48 public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
49 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 49 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  50 + if(!(boolean)request.getAttribute("signAspect"))
  51 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  52 +
50 Assert.notNull(username, "username can not be empty"); 53 Assert.notNull(username, "username can not be empty");
51 Assert.notNull(password, "password can not be empty"); 54 Assert.notNull(password, "password can not be empty");
52 55
@@ -84,6 +87,9 @@ public class UserInfoController { @@ -84,6 +87,9 @@ public class UserInfoController {
84 }) 87 })
85 public ResponseEntity<ResultModel> modPassword(HttpServletRequest request,@CurrentUser User user,@RequestParam String password, 88 public ResponseEntity<ResultModel> modPassword(HttpServletRequest request,@CurrentUser User user,@RequestParam String password,
86 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 89 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  90 + if(!(boolean)request.getAttribute("signAspect"))
  91 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
  92 +
87 Assert.notNull(password, "password can not be empty"); 93 Assert.notNull(password, "password can not be empty");
88 String salt= SecurityTool.genSalt(); 94 String salt= SecurityTool.genSalt();
89 String pass=SecurityTool.getPassword(user.getLoginAccount(),password,salt); 95 String pass=SecurityTool.getPassword(user.getLoginAccount(),password,salt);
@@ -104,6 +110,8 @@ public class UserInfoController { @@ -104,6 +110,8 @@ public class UserInfoController {
104 }) 110 })
105 public ResponseEntity<ResultModel> getUserInfo(HttpServletRequest request,@CurrentUser User user, 111 public ResponseEntity<ResultModel> getUserInfo(HttpServletRequest request,@CurrentUser User user,
106 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 112 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
  113 + if(!(boolean)request.getAttribute("signAspect"))
  114 + return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
107 115
108 long member_id=user.getMemberId(); 116 long member_id=user.getMemberId();
109 XklMemberEntity xklMemberEntity=xklMemberRespository.findOne(member_id); 117 XklMemberEntity xklMemberEntity=xklMemberRespository.findOne(member_id);