Home Explore Help
Sign In
reghao
/
oss
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

通过 oss-sdk 上传文件不需要进行权限校验

reghao 2 years ago
parent
8e7e74dda2
commit
bbd1df9258
2 changed files with 27 additions and 18 deletions
Unified View Show Diff Stats
  1. 20 18
      dfs-store/src/main/java/cn/reghao/dfs/store/controller/ObjectUploadController.java
  2. 7 0
      dfs-store/src/main/java/cn/reghao/dfs/store/inerceptor/TokenFilter.java

+ 20 - 18
dfs-store/src/main/java/cn/reghao/dfs/store/controller/ObjectUploadController.java
View File 

@@ -51,28 +51,30 @@ public class ObjectUploadController {
 
 
 
     @AuthUser
 
     @AuthUser
 
     @PostMapping(value = "/")
 
     @PostMapping(value = "/")
 
-    public String postObject(MultipartFile file, String objectName, String sha256sum, Integer channelId) throws Exception {
 
+    public String postObject(MultipartFile file, Integer channelId, String client) throws Exception {
 
         /* permission check */
 
         /* permission check */
 
-        String token = ServletUtil.getBearerToken();
 
-        if (token == null) {
 
-            return WebResult.failWithMsg("no token in request");
 
-        }
 
+        if (client == null) {
 
+            String token = ServletUtil.getBearerToken();
 
+            if (token == null) {
 
+                return WebResult.failWithMsg("no token in request");
 
+            }
 
 
 
-        OssPayload ossPayload = JwtUtil.getOssPayload(token);
 
-        String action = ossPayload.getAction();
 
-        if (!"upload".equals(action)) {
 
-            return WebResult.failWithMsg("it's not upload token");
 
-        }
 
+            OssPayload ossPayload = JwtUtil.getOssPayload(token);
 
+            String action = ossPayload.getAction();
 
+            if (!"upload".equals(action)) {
 
+                return WebResult.failWithMsg("it's not upload token");
 
+            }
 
 
 
-        int channelId1 = ossPayload.getChannelId();
 
-        if (channelId != channelId1) {
 
-            return WebResult.failWithMsg("channel not match in token");
 
-        }
 
+            int channelId1 = ossPayload.getChannelId();
 
+            if (channelId != channelId1) {
 
+                return WebResult.failWithMsg("channel not match in token");
 
+            }
 
 
 
-        long userId1 = ossPayload.getUserId();
 
-        long userId = UserContext.getUser();
 
-        if (userId != userId1) {
 
-            return WebResult.failWithMsg("user not match in token");
 
+            long userId1 = ossPayload.getUserId();
 
+            long loginUser = UserContext.getUser();
 
+            if (loginUser != userId1) {
 
+                return WebResult.failWithMsg("user not match in token");
 
+            }
 
         }
 
         }
 
 
 
         /* channel validate */
 
         /* channel validate */

+ 7 - 0
dfs-store/src/main/java/cn/reghao/dfs/store/inerceptor/TokenFilter.java
View File 

@@ -9,6 +9,7 @@ import org.apache.dubbo.config.annotation.DubboReference;
 
 import org.springframework.stereotype.Component;
 
 import org.springframework.stereotype.Component;
 
 
 
 import javax.servlet.*;
 
 import javax.servlet.*;
 
+import javax.servlet.http.HttpServletRequest;
 
 import java.io.IOException;
 
 import java.io.IOException;
 
 
 
 /**
 
 /**
 
@@ -44,6 +45,12 @@ public class TokenFilter implements Filter {
 
             userId = accountInfo.getUserId();
 
             userId = accountInfo.getUserId();
 
         }
 
         }
 
 
 
+        HttpServletRequest servletRequest = (HttpServletRequest) request;
 
+        String xUserId = servletRequest.getHeader("x-user-id");
 
+        if (xUserId != null) {
 
+            userId = Long.parseLong(xUserId);
 
+        }
 
+
 
         try (UserContext context = new UserContext(userId)) {
 
         try (UserContext context = new UserContext(userId)) {
 
             chain.doFilter(request, response);
 
             chain.doFilter(request, response);
 
         }
 
         }