WxxyDeveloper/JSL_OrganizeInternalOA
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(总体、控制层): 修复错误内容

Browse Source 
- 对权限登出的 Redis 进行处理
- 修复接口漏洞
This commit is contained in:
筱锋xiao_lfeng 2024-04-17 11:10:15 +08:00
parent 0a788005a6
commit 3e67b5b94c
No known key found for this signature in database
GPG Key ID: F693AA12AABBFA87
6 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/jsl/oa/aspect/CheckUserPermissionAspect.java
View File

@ -3,11 +3,14 @@ package com.jsl.oa.aspect;
import com.google.gson.Gson; import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken; import com.google.gson.reflect.TypeToken;
import com.jsl.oa.annotations.NeedPermission; import com.jsl.oa.annotations.NeedPermission;
import com.jsl.oa.common.constant.BusinessConstants;
import com.jsl.oa.dao.RoleDAO; import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.exception.library.NotLoginException; import com.jsl.oa.exception.library.NotLoginException;
import com.jsl.oa.exception.library.PermissionDeniedException; import com.jsl.oa.exception.library.PermissionDeniedException;
import com.jsl.oa.exception.library.TokenNotFoundedException;
import com.jsl.oa.model.dodata.RoleDO; import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.utils.Processing; import com.jsl.oa.utils.Processing;
import com.jsl.oa.utils.redis.TokenRedisUtil;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.ProceedingJoinPoint;
@ -37,6 +40,7 @@ public class CheckUserPermissionAspect {
private final RoleDAO roleDAO; private final RoleDAO roleDAO;
private final Gson gson; private final Gson gson;
private final TokenRedisUtil<String> tokenRedisUtil;
/** /**
* 检查权限 * 检查权限
@ -58,6 +62,9 @@ public class CheckUserPermissionAspect {
if (getUserId == null) { if (getUserId == null) {
throw new NotLoginException("用户信息不存在"); throw new NotLoginException("用户信息不存在");
} }
if (tokenRedisUtil.getData(BusinessConstants.BUSINESS_LOGIN, getUserId.toString()) == null) {
throw new TokenNotFoundedException("用户未登录");
}
// 获取方法签名 // 获取方法签名
MethodSignature signature = (MethodSignature) pjp.getSignature(); MethodSignature signature = (MethodSignature) pjp.getSignature();
NeedPermission checkAccountPermission = signature.getMethod().getAnnotation(NeedPermission.class); NeedPermission checkAccountPermission = signature.getMethod().getAnnotation(NeedPermission.class);

3
src/main/java/com/jsl/oa/config/startup/PermissionList.java
View File

@ -19,19 +19,16 @@ public class PermissionList {
public PermissionList() { public PermissionList() {
permissionList.add(new PermissionVO("auth:logout", "账户登出"));
permissionList.add(new PermissionVO("auth:change_password", "修改密码")); permissionList.add(new PermissionVO("auth:change_password", "修改密码"));
permissionList.add(new PermissionVO("info:get_header_image", "获取头部图片")); permissionList.add(new PermissionVO("info:get_header_image", "获取头部图片"));
permissionList.add(new PermissionVO("info:edit_header_image", "编辑头部图片")); permissionList.add(new PermissionVO("info:edit_header_image", "编辑头部图片"));
permissionList.add(new PermissionVO("info:delete_header_image", "删除头部图片")); permissionList.add(new PermissionVO("info:delete_header_image", "删除头部图片"));
permissionPrincipal.add(new PermissionVO("auth:logout", "账户登出"));
permissionPrincipal.add(new PermissionVO("auth:change_password", "修改密码")); permissionPrincipal.add(new PermissionVO("auth:change_password", "修改密码"));
permissionPrincipal.add(new PermissionVO("info:get_header_image", "获取头部图片")); permissionPrincipal.add(new PermissionVO("info:get_header_image", "获取头部图片"));
permissionPrincipal.add(new PermissionVO("info:edit_header_image", "编辑头部图片")); permissionPrincipal.add(new PermissionVO("info:edit_header_image", "编辑头部图片"));
permissionPrincipal.add(new PermissionVO("info:delete_header_image", "删除头部图片")); permissionPrincipal.add(new PermissionVO("info:delete_header_image", "删除头部图片"));
permissionDeveloper.add(new PermissionVO("auth:logout", "账户登出"));
permissionDeveloper.add(new PermissionVO("auth:change_password", "修改密码")); permissionDeveloper.add(new PermissionVO("auth:change_password", "修改密码"));
permissionDeveloper.add(new PermissionVO("info:get_header_image", "获取头部图片")); permissionDeveloper.add(new PermissionVO("info:get_header_image", "获取头部图片"));
permissionDeveloper.add(new PermissionVO("info:edit_header_image", "编辑头部图片")); permissionDeveloper.add(new PermissionVO("info:edit_header_image", "编辑头部图片"));

1
src/main/java/com/jsl/oa/controllers/AuthController.java
View File

@ -147,7 +147,6 @@ public class AuthController {
* @since v1.1.0 * @since v1.1.0
*/ */
@GetMapping("/auth/logout") @GetMapping("/auth/logout")
@NeedPermission("auth:logout")
public BaseResponse authLogout(HttpServletRequest request) { public BaseResponse authLogout(HttpServletRequest request) {
return authService.authLogout(request); return authService.authLogout(request);
} }

7
src/main/java/com/jsl/oa/exception/ProcessException.java
View File

@ -1,6 +1,7 @@
package com.jsl.oa.exception; package com.jsl.oa.exception;
import com.jsl.oa.exception.library.PermissionDeniedException; import com.jsl.oa.exception.library.PermissionDeniedException;
import com.jsl.oa.exception.library.TokenNotFoundedException;
import com.jsl.oa.utils.BaseResponse; import com.jsl.oa.utils.BaseResponse;
import com.jsl.oa.utils.ErrorCode; import com.jsl.oa.utils.ErrorCode;
import com.jsl.oa.utils.ResultUtil; import com.jsl.oa.utils.ResultUtil;
@ -110,4 +111,10 @@ public class ProcessException {
log.warn("[EXCEPTION] 无权限操作,需要权限: {}", e.getNeedPermission()); log.warn("[EXCEPTION] 无权限操作,需要权限: {}", e.getNeedPermission());
return ResultUtil.error("需要权限: " + e.getNeedPermission(), ErrorCode.PERMISSION_NOT_EXIST); return ResultUtil.error("需要权限: " + e.getNeedPermission(), ErrorCode.PERMISSION_NOT_EXIST);
} }
@ExceptionHandler(value = TokenNotFoundedException.class)
public BaseResponse businessTokenNotFoundedException(TokenNotFoundedException e) {
log.warn("[EXCEPTION] {}", e.getMessage());
return ResultUtil.error(e.getMessage(), ErrorCode.TOKEN_NOT_EXIST);
}
} }

7
src/main/java/com/jsl/oa/exception/library/TokenNotFoundedException.java Normal file
View File

@ -0,0 +1,7 @@
package com.jsl.oa.exception.library;
public class TokenNotFoundedException extends RuntimeException {
public TokenNotFoundedException(String message) {
super(message);
}
}

2
src/main/java/com/jsl/oa/services/impl/AuthServiceImpl.java
View File

@ -213,7 +213,7 @@ public class AuthServiceImpl implements AuthService {
if (tokenRedisUtil.delData(BusinessConstants.BUSINESS_LOGIN, userDO.getId().toString())) { if (tokenRedisUtil.delData(BusinessConstants.BUSINESS_LOGIN, userDO.getId().toString())) {
return ResultUtil.success("登出成功"); return ResultUtil.success("登出成功");
} else { } else {
return ResultUtil.error(ErrorCode.DATABASE_DELETE_ERROR); return ResultUtil.error(ErrorCode.TOKEN_NOT_EXIST);
} }
} }