Главная Обзор Помощь
Вход
reghao
/
tnb
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

JwtUtil#getAuthentication1 方法中添加 ID 混淆还原

reghao 11 месяцев назад
Родитель
7e67d7ae77
Сommit
c4f9f85086
3 измененных файлов с 9 добавлено и 6 удалено
Единый вид Показать статистику Diff
  1. 2 1
      account/account-service/src/main/java/cn/reghao/tnb/account/app/rpc/AccountQueryImpl.java
  2. 1 1
      account/account-service/src/main/java/cn/reghao/tnb/account/app/service/impl/AccountTokenServiceImpl.java
  3. 6 4
      account/account-service/src/main/java/cn/reghao/tnb/account/app/util/JwtUtil.java

+ 2 - 1
account/account-service/src/main/java/cn/reghao/tnb/account/app/rpc/AccountQueryImpl.java
Просмотреть файл 

@@ -42,7 +42,8 @@ public class AccountQueryImpl implements AccountQuery {
 
         AccountInfo accountInfo = accountTokenService.getAccountInfo(type, sessId);
 
         AccountInfo accountInfo = accountTokenService.getAccountInfo(type, sessId);
 
         if (accountInfo != null) {
 
         if (accountInfo != null) {
 
             String userIdStr = accountInfo.getUserId();
 
             String userIdStr = accountInfo.getUserId();
 
-            long userId = userIdObfuscation.restore(userIdStr);
 
+            //long userId = userIdObfuscation.restore(userIdStr);
 
+            long userId = Long.parseLong(userIdStr);
 
             UserAccount userAccount = accountRepository.getUserAccount(userId);
 
             UserAccount userAccount = accountRepository.getUserAccount(userId);
 
             String role = userAccount.getRole();
 
             String role = userAccount.getRole();
 
             return new AuthedAccount(userAccount.getUserId());
 
             return new AuthedAccount(userAccount.getUserId());

+ 1 - 1
account/account-service/src/main/java/cn/reghao/tnb/account/app/service/impl/AccountTokenServiceImpl.java
Просмотреть файл 

@@ -114,7 +114,7 @@ public class AccountTokenServiceImpl implements AccountTokenService {
 
         String savedSignKey = redisString.get(RedisKeys.getJwtSignKey("pubkey"));
 
         String savedSignKey = redisString.get(RedisKeys.getJwtSignKey("pubkey"));
 
         RSAPublicKey rsaPublicKey = RsaCryptor.getRSAPublicKey(savedSignKey);
 
         RSAPublicKey rsaPublicKey = RsaCryptor.getRSAPublicKey(savedSignKey);
 
         try {
 
         try {
 
-            AccountAuthToken userAuthToken = JwtUtil.getAuthentication1(token, rsaPublicKey);
 
+            AccountAuthToken userAuthToken = JwtUtil.getAuthentication1(token, rsaPublicKey, userIdObfuscation);
 
             if (userAuthToken != null) {
 
             if (userAuthToken != null) {
 
                 return userAuthToken;
 
                 return userAuthToken;
 
             }
 
             }

+ 6 - 4
account/account-service/src/main/java/cn/reghao/tnb/account/app/util/JwtUtil.java
Просмотреть файл 

@@ -1,5 +1,6 @@
 
 package cn.reghao.tnb.account.app.util;
 
 package cn.reghao.tnb.account.app.util;
 
 
 
+import cn.reghao.jutil.jdk.string.IDObfuscation;
 
 import cn.reghao.tnb.account.app.model.vo.RefreshPayload;
 
 import cn.reghao.tnb.account.app.model.vo.RefreshPayload;
 
 import cn.reghao.tnb.account.app.security.form.AccountAuthToken;
 
 import cn.reghao.tnb.account.app.security.form.AccountAuthToken;
 
 import io.jsonwebtoken.Claims;
 
 import io.jsonwebtoken.Claims;
 
@@ -97,21 +98,22 @@ public class JwtUtil {
 
         return new AccountAuthToken(plat, loginId, loginType, userId, authorities);
 
         return new AccountAuthToken(plat, loginId, loginType, userId, authorities);
 
     }
 
     }
 
 
 
-    public static AccountAuthToken getAuthentication1(String token, RSAPublicKey signKey) {
 
+    public static AccountAuthToken getAuthentication1(String token, RSAPublicKey signKey, IDObfuscation userIdObfuscation) {
 
         Claims claims = Jwts.parser().setSigningKey(signKey).parseClaimsJws(token).getBody();
 
         Claims claims = Jwts.parser().setSigningKey(signKey).parseClaimsJws(token).getBody();
 
         Integer plat = (Integer) claims.get("plat");
 
         Integer plat = (Integer) claims.get("plat");
 
         String loginId = (String) claims.get("loginId");
 
         String loginId = (String) claims.get("loginId");
 
         int loginType = (int) claims.get("loginType");
 
         int loginType = (int) claims.get("loginType");
 
-        String userId = claims.getSubject();
 
+        String userIdStr = claims.getSubject();
 
         // TODO userId 是系统分配且固定的,但需要检查用户的 roles 是否发生变化
 
         // TODO userId 是系统分配且固定的,但需要检查用户的 roles 是否发生变化
 
         String roles = (String) claims.get("authorities");
 
         String roles = (String) claims.get("authorities");
 
         long expireAt = claims.getExpiration().getTime();
 
         long expireAt = claims.getExpiration().getTime();
 
-        if (plat == null || loginId == null || userId == null || roles == null) {
 
+        if (plat == null || loginId == null || userIdStr == null || roles == null) {
 
             return null;
 
             return null;
 
         }
 
         }
 
 
 
         List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
 
         List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
 
-        return new AccountAuthToken(plat, loginId, loginType, userId, authorities);
 
+        long userId = userIdObfuscation.restore(userIdStr);
 
+        return new AccountAuthToken(plat, loginId, loginType, userId+"", authorities);
 
     }
 
     }
 
 
 
     /**
 
     /**