Authored by fangyeqing

FIX:fix bug

1 package com.xkl.authorization.aspect; 1 package com.xkl.authorization.aspect;
2 2
  3 +import com.xkl.domain.XklApiKeyEntity;
  4 +import com.xkl.repository.XklApiKeyRespository;
3 import com.xkl.repository.XklInterKeyRespository; 5 import com.xkl.repository.XklInterKeyRespository;
4 import com.xkl.security.SecurityTool; 6 import com.xkl.security.SecurityTool;
5 import com.xkl.tools.UtilTools; 7 import com.xkl.tools.UtilTools;
@@ -32,7 +34,7 @@ import java.util.Map; @@ -32,7 +34,7 @@ import java.util.Map;
32 @CommonsLog 34 @CommonsLog
33 public class SignAspect { 35 public class SignAspect {
34 @Autowired 36 @Autowired
35 - private XklInterKeyRespository xklInterKeyRespository; 37 + private XklApiKeyRespository xklApiKeyRespository;
36 38
37 /** 39 /**
38 * 由接口传过来的type获取xkl_inter_key表中的key 40 * 由接口传过来的type获取xkl_inter_key表中的key
@@ -41,7 +43,13 @@ public class SignAspect { @@ -41,7 +43,13 @@ public class SignAspect {
41 */ 43 */
42 private String getKeyByType(int type){ 44 private String getKeyByType(int type){
43 long id = (long)type; 45 long id = (long)type;
44 - return (xklInterKeyRespository.findOne(id) == null)?"":xklInterKeyRespository.findOne(id).getKey(); 46 + XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne(id);
  47 + if(xklApiKey != null){
  48 + if(xklApiKey.getStatus()==1 && (xklApiKey.getAccessStatus()==2||xklApiKey.getAccessStatus()==3)){
  49 + return xklApiKey.getApiKey();
  50 + }
  51 + }
  52 + return null;
45 } 53 }
46 /** 54 /**
47 * 定义切点,定位到@Sign注解的地方 55 * 定义切点,定位到@Sign注解的地方
@@ -5,9 +5,8 @@ package com.xkl.config; @@ -5,9 +5,8 @@ package com.xkl.config;
5 */ 5 */
6 public enum ResultStatus { 6 public enum ResultStatus {
7 SUCCESS(100, "成功/Success"), 7 SUCCESS(100, "成功/Success"),
8 - SIGN_ERROR(-100, "签名错误或者客户端时间有误"),  
9 - SIGN_NO_ACCESS(-101, "签名未授权"),  
10 - SIGN_NO_ACTIVE(-102, "签名未激活"), 8 + SIGN_ERROR(-100, "签名错误、未授权或者客户端时间有误"),
  9 + SIGN_NO_ACTIVE(-101, "数据共享签名未激活"),
11 10
12 USER_REGISTER(1000,"用户注册成功"), 11 USER_REGISTER(1000,"用户注册成功"),
13 USER_LOGOUT(1001,"退出登录成功"), 12 USER_LOGOUT(1001,"退出登录成功"),
@@ -2,12 +2,14 @@ package com.xkl.controller; @@ -2,12 +2,14 @@ package com.xkl.controller;
2 2
3 import com.wordnik.swagger.annotations.ApiOperation; 3 import com.wordnik.swagger.annotations.ApiOperation;
4 import com.xkl.authorization.annotation.LogAnnotation; 4 import com.xkl.authorization.annotation.LogAnnotation;
  5 +import com.xkl.authorization.annotation.Sign;
5 import com.xkl.config.Constants; 6 import com.xkl.config.Constants;
6 import com.xkl.domain.*; 7 import com.xkl.domain.*;
7 import com.xkl.model.ReportDetailModel; 8 import com.xkl.model.ReportDetailModel;
8 import com.xkl.model.ReportModel; 9 import com.xkl.model.ReportModel;
9 import com.xkl.model.ResultModel; 10 import com.xkl.model.ResultModel;
10 import com.xkl.repository.*; 11 import com.xkl.repository.*;
  12 +import com.xkl.security.AntiXSS;
11 import com.xkl.service.IScoreService; 13 import com.xkl.service.IScoreService;
12 import org.springframework.beans.factory.annotation.Autowired; 14 import org.springframework.beans.factory.annotation.Autowired;
13 import org.springframework.http.HttpStatus; 15 import org.springframework.http.HttpStatus;
@@ -43,22 +45,19 @@ public class DataShareController { @@ -43,22 +45,19 @@ public class DataShareController {
43 private IScoreService scoreService; 45 private IScoreService scoreService;
44 46
45 @LogAnnotation 47 @LogAnnotation
46 - //@AntiXSS  
47 - //@Sign 48 + @AntiXSS
  49 + @Sign
48 @RequestMapping(value = "/list", method = RequestMethod.GET) 50 @RequestMapping(value = "/list", method = RequestMethod.GET)
49 @ApiOperation(value = "体检报告列表共享接口") 51 @ApiOperation(value = "体检报告列表共享接口")
50 public ResponseEntity<ResultModel> getReportList(HttpServletRequest request, 52 public ResponseEntity<ResultModel> getReportList(HttpServletRequest request,
51 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 53 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
52 - //if (!(boolean) request.getAttribute("signAspect"))  
53 - //return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK); 54 + if (!(boolean) request.getAttribute("signAspect"))
  55 + return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
54 XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type); 56 XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
55 List<XklAmpReportEntity> xklAmpReportResult = new ArrayList<>(); 57 List<XklAmpReportEntity> xklAmpReportResult = new ArrayList<>();
56 if(xklApiKey.getActiveStatus()!=1){ 58 if(xklApiKey.getActiveStatus()!=1){
57 return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK); 59 return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
58 } 60 }
59 - if(xklApiKey.getAccessStatus()!=3){  
60 - return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);  
61 - }  
62 61
63 long companyId = xklApiKey.getCompanyId(); 62 long companyId = xklApiKey.getCompanyId();
64 XklCompanyEntity xklCompany = xklCompanyRespository.findOne(companyId); 63 XklCompanyEntity xklCompany = xklCompanyRespository.findOne(companyId);
@@ -87,23 +86,20 @@ public class DataShareController { @@ -87,23 +86,20 @@ public class DataShareController {
87 } 86 }
88 87
89 @LogAnnotation 88 @LogAnnotation
90 - //@AntiXSS  
91 - //@Sign 89 + @AntiXSS
  90 + @Sign
92 @RequestMapping(value = "/detail", method = RequestMethod.GET) 91 @RequestMapping(value = "/detail", method = RequestMethod.GET)
93 @ApiOperation(value = "体检报告详情共享接口") 92 @ApiOperation(value = "体检报告详情共享接口")
94 public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @RequestParam long report_id, 93 public ResponseEntity<ResultModel> getReportDetail(HttpServletRequest request, @RequestParam long report_id,
95 @RequestParam String sign, @RequestParam long t, @RequestParam int type) { 94 @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
96 - //if (!(boolean) request.getAttribute("signAspect"))  
97 - // return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK); 95 + if (!(boolean) request.getAttribute("signAspect"))
  96 + return new ResponseEntity<>(ResultModel.error(SIGN_ERROR), HttpStatus.OK);
98 XklAmpReportEntity report = xklAmpReportRespository.findOne(report_id); 97 XklAmpReportEntity report = xklAmpReportRespository.findOne(report_id);
99 98
100 XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type); 99 XklApiKeyEntity xklApiKey = xklApiKeyRespository.findOne((long)type);
101 if(xklApiKey.getActiveStatus()!=1){ 100 if(xklApiKey.getActiveStatus()!=1){
102 return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK); 101 return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACTIVE), HttpStatus.OK);
103 } 102 }
104 - if(xklApiKey.getAccessStatus()!=3){  
105 - return new ResponseEntity<>(ResultModel.error(SIGN_NO_ACCESS), HttpStatus.OK);  
106 - }  
107 103
108 long companyId = xklApiKey.getCompanyId(); 104 long companyId = xklApiKey.getCompanyId();
109 XklCompanyEntity company = xklCompanyRespository.findOne(companyId); 105 XklCompanyEntity company = xklCompanyRespository.findOne(companyId);
@@ -78,11 +78,11 @@ public class XklAmpReportMetaScoreStandardEntity { @@ -78,11 +78,11 @@ public class XklAmpReportMetaScoreStandardEntity {
78 */ 78 */
79 public double getScore(double score){ 79 public double getScore(double score){
80 double result = 0; 80 double result = 0;
81 - if(score>=interval1Min && score<interval1Max) 81 + if(score>=interval1Min && score<=interval1Max)
82 result = interval1Score; 82 result = interval1Score;
83 - else if(score>=interval2Min && score<interval2Max) 83 + else if(score>=interval2Min && score<=interval2Max)
84 result = interval2Score; 84 result = interval2Score;
85 - else if(score>=interval3Min && score<interval3Max) 85 + else if(score>=interval3Min && score<=interval3Max)
86 result = interval3Score; 86 result = interval3Score;
87 else if(score>=interval4Min && score<=interval4Max) 87 else if(score>=interval4Min && score<=interval4Max)
88 result = interval4Score; 88 result = interval4Score;
@@ -22,14 +22,14 @@ public class XklApiKeyEntity { @@ -22,14 +22,14 @@ public class XklApiKeyEntity {
22 private long companyId; 22 private long companyId;
23 @Basic 23 @Basic
24 @Column(name = "access_status") 24 @Column(name = "access_status")
25 - private byte accessStatus; 25 + private byte accessStatus;//状态,2/3为可用
26 @Basic 26 @Basic
27 @Column(name = "active_status") 27 @Column(name = "active_status")
28 - private byte activeStatus; 28 + private byte activeStatus;//数据共享接口开关,1为激活
29 @Basic 29 @Basic
30 @Column(name = "remark") 30 @Column(name = "remark")
31 private String remark; 31 private String remark;
32 @Basic 32 @Basic
33 @Column(name = "status") 33 @Column(name = "status")
34 - private byte status; 34 + private byte status;//是否删除标记,0为删除,1为有效
35 } 35 }