FIX:fix sign

fangyeqing
Commit 71473bfc6ab72cd79b7641da2ab6cecb91967335 1 parent 6d1efda3
Showing 6 changed files with 44 additions and 4 deletions
src/main/java/com/xkl/authorization/aspect/SignAspect.java
src/main/java/com/xkl/config/ResultStatus.java
src/main/java/com/xkl/controller/OpenIdController.java
src/main/java/com/xkl/controller/ReportController.java
src/main/java/com/xkl/controller/TokenController.java
src/main/java/com/xkl/controller/UserInfoController.java
--- a/src/main/java/com/xkl/authorization/aspect/SignAspect.java
View file @71473bf
+++ b/src/main/java/com/xkl/authorization/aspect/SignAspect.java
View file @71473bf
@@ -86,9 +86,9 @@ public class SignAspect {
          *  比较sign和过期时间
          */
         if(sign1.equals(sign)&&Math.abs(t1-t)<300){
- 
+             request.setAttribute("signAspect",true);
         }else{
-             throw new Exception("您无权操作！");
+             request.setAttribute("signAspect",false);
         }
     }
 }
--- a/src/main/java/com/xkl/config/ResultStatus.java
View file @71473bf
+++ b/src/main/java/com/xkl/config/ResultStatus.java
View file @71473bf
@@ -5,6 +5,7 @@ package com.xkl.config;
  */
 public enum ResultStatus {
     SUCCESS(100, "成功"),
+     SIGN_ERROR(-100, "签名错误或者客户端时间有误"),
 
     USER_REGISTER(1000,"用户注册成功"),
     USER_LOGOUT(1001,"退出登录成功"),
--- a/src/main/java/com/xkl/controller/OpenIdController.java
View file @71473bf
+++ b/src/main/java/com/xkl/controller/OpenIdController.java
View file @71473bf
@@ -41,6 +41,9 @@ public class OpenIdController {
     @ApiOperation(value = "OpenId绑定接口")
     public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdType,
                                                 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
 
@@ -71,6 +74,9 @@ public class OpenIdController {
     @ApiOperation(value = "OpenId解除绑定接口")
     public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdType,
                                                    @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
 
@@ -95,6 +101,9 @@ public class OpenIdController {
     @ApiOperation(value = "OpenId登录接口")
     public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdType,
                                                     @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdType);
 
         if(xklMemberOpenid == null){
--- a/src/main/java/com/xkl/controller/ReportController.java
View file @71473bf
+++ b/src/main/java/com/xkl/controller/ReportController.java
View file @71473bf
@@ -7,6 +7,7 @@ import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.annotation.Sign;
 import com.xkl.config.Constants;
+ import com.xkl.config.ResultStatus;
 import com.xkl.domain.*;
 import com.xkl.model.ReportDetailModel;
 import com.xkl.model.ReportItemGraphModel;
@@ -54,6 +55,9 @@ public class ReportController {
     })
     public ResponseEntity<ResultModel> getReportList(HttpServletRequest request, @CurrentUser User user,
                                                    @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         long member_id=user.getMemberId();
         List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id);
         return new ResponseEntity<>(ResultModel.ok(xklAmpReportEntity), HttpStatus.OK);
@@ -68,6 +72,9 @@ public class ReportController {
     })
     public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id,
                                                        @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         XklAmpReportEntity report=xklAmpReportRespository.findOne(report_id);
         List<ReportDetailModel> reportDetailModelList = new ArrayList<>();
         if(report != null ){
@@ -99,7 +106,7 @@ public class ReportController {
         return new ResponseEntity<>(ResultModel.ok(reportModel), HttpStatus.OK);
     }
 
-     @RequestMapping(value="/score",method = RequestMethod.GET)
+     /*@RequestMapping(value="/score",method = RequestMethod.GET)
     @Authorization
     @Sign
     @ApiOperation(value = "健康评分接口(测试service用，后续可以注释掉)")
@@ -108,10 +115,13 @@ public class ReportController {
     })
     public ResponseEntity<ResultModel> getReportScore(HttpServletRequest request, @CurrentUser User user,@RequestParam long report_id,
                                                      @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         //单独测试需要删除xkl_amp_report_health_scroe表中数据
         scoreService.getScore(report_id);
         return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
-     }
+     }*/
 
     @RequestMapping(value="/itemInfo",method = RequestMethod.GET)
     @Authorization
@@ -122,6 +132,9 @@ public class ReportController {
     })
     public ResponseEntity<ResultModel> getReportItemInfo(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam int status,
                                                       @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         XklAmpReportMetaItemsEntity metaItems = Constants.itemMetaMap.get(itemId);
         String result="";
         //0, normal,1, lower,2, higher
@@ -146,6 +159,9 @@ public class ReportController {
     })
     public ResponseEntity<ResultModel> getReportItemGraph(HttpServletRequest request, @CurrentUser User user,@RequestParam int itemId,@RequestParam String stime,@RequestParam String etime,
                                                          @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         long member_id=user.getMemberId();
         List<XklAmpReportEntity> xklAmpReportEntity=xklAmpReportRespository.findByMemberId(member_id);
         List<ReportItemGraphModel> reportItemGraphModelList =new ArrayList<>();
--- a/src/main/java/com/xkl/controller/TokenController.java
View file @71473bf
+++ b/src/main/java/com/xkl/controller/TokenController.java
View file @71473bf
@@ -41,6 +41,9 @@ public class TokenController {
     @ApiOperation(value = "用户登录接口")
     public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
                                              @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
 
@@ -64,6 +67,9 @@ public class TokenController {
     })
     public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
                                               @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         tokenManager.deleteToken(String.valueOf(user.getId()));
         return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK);
     }
--- a/src/main/java/com/xkl/controller/UserInfoController.java
View file @71473bf
+++ b/src/main/java/com/xkl/controller/UserInfoController.java
View file @71473bf
@@ -47,6 +47,9 @@ public class UserInfoController {
     @ApiOperation(value = "用户注册接口")
     public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
                                                 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
 
@@ -84,6 +87,9 @@ public class UserInfoController {
     })
     public ResponseEntity<ResultModel> modPassword(HttpServletRequest request,@CurrentUser User user,@RequestParam String password,
                                                    @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
+ 
         Assert.notNull(password, "password can not be empty");
         String salt= SecurityTool.genSalt();
         String pass=SecurityTool.getPassword(user.getLoginAccount(),password,salt);
@@ -104,6 +110,8 @@ public class UserInfoController {
     })
     public ResponseEntity<ResultModel> getUserInfo(HttpServletRequest request,@CurrentUser User user,
                                                    @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
+         if(!(boolean)request.getAttribute("signAspect"))
+             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
 
         long member_id=user.getMemberId();
         XklMemberEntity xklMemberEntity=xklMemberRespository.findOne(member_id);