2 jaren geleden · bbd1df9258
--- a/dfs-store/src/main/java/cn/reghao/dfs/store/controller/ObjectUploadController.java
+++ b/dfs-store/src/main/java/cn/reghao/dfs/store/controller/ObjectUploadController.java
@@ -51,28 +51,30 @@ public class ObjectUploadController {
 
				 
			
 
				     @AuthUser
			
 
				     @PostMapping(value = "/")
			
 
				-    public String postObject(MultipartFile file, String objectName, String sha256sum, Integer channelId) throws Exception {
			
 
				+    public String postObject(MultipartFile file, Integer channelId, String client) throws Exception {
			
 
				         /* permission check */
			
 
				-        String token = ServletUtil.getBearerToken();
			
 
				-        if (token == null) {
			
 
				-            return WebResult.failWithMsg("no token in request");
			
 
				-        }
			
 
				+        if (client == null) {
			
 
				+            String token = ServletUtil.getBearerToken();
			
 
				+            if (token == null) {
			
 
				+                return WebResult.failWithMsg("no token in request");
			
 
				+            }
			
 
				 
			
 
				-        OssPayload ossPayload = JwtUtil.getOssPayload(token);
			
 
				-        String action = ossPayload.getAction();
			
 
				-        if (!"upload".equals(action)) {
			
 
				-            return WebResult.failWithMsg("it's not upload token");
			
 
				-        }
			
 
				+            OssPayload ossPayload = JwtUtil.getOssPayload(token);
			
 
				+            String action = ossPayload.getAction();
			
 
				+            if (!"upload".equals(action)) {
			
 
				+                return WebResult.failWithMsg("it's not upload token");
			
 
				+            }
			
 
				 
			
 
				-        int channelId1 = ossPayload.getChannelId();
			
 
				-        if (channelId != channelId1) {
			
 
				-            return WebResult.failWithMsg("channel not match in token");
			
 
				-        }
			
 
				+            int channelId1 = ossPayload.getChannelId();
			
 
				+            if (channelId != channelId1) {
			
 
				+                return WebResult.failWithMsg("channel not match in token");
			
 
				+            }
			
 
				 
			
 
				-        long userId1 = ossPayload.getUserId();
			
 
				-        long userId = UserContext.getUser();
			
 
				-        if (userId != userId1) {
			
 
				-            return WebResult.failWithMsg("user not match in token");
			
 
				+            long userId1 = ossPayload.getUserId();
			
 
				+            long loginUser = UserContext.getUser();
			
 
				+            if (loginUser != userId1) {
			
 
				+                return WebResult.failWithMsg("user not match in token");
			
 
				+            }
			
 
				         }
			
 
				 
			
 
				         /* channel validate */
			
--- a/dfs-store/src/main/java/cn/reghao/dfs/store/inerceptor/TokenFilter.java
+++ b/dfs-store/src/main/java/cn/reghao/dfs/store/inerceptor/TokenFilter.java
@@ -9,6 +9,7 @@ import org.apache.dubbo.config.annotation.DubboReference;
 
				 import org.springframework.stereotype.Component;
			
 
				 
			
 
				 import javax.servlet.*;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				 import java.io.IOException;
			
 
				 
			
 
				 /**
			
@@ -44,6 +45,12 @@ public class TokenFilter implements Filter {
 
				             userId = accountInfo.getUserId();
			
 
				         }
			
 
				 
			
 
				+        HttpServletRequest servletRequest = (HttpServletRequest) request;
			
 
				+        String xUserId = servletRequest.getHeader("x-user-id");
			
 
				+        if (xUserId != null) {
			
 
				+            userId = Long.parseLong(xUserId);
			
 
				+        }
			
 
				+
			
 
				         try (UserContext context = new UserContext(userId)) {
			
 
				             chain.doFilter(request, response);
			
 
				         }