Merge branch 'main' of https://git.dirt.kz/igor/org.ccalm.jwt

# Conflicts: # src/main/java/org/ccalm/jwt/MainController.java
2025-04-03 19:27:42 +05:00
parent 4f0e0499ab bd35689d6c
commit eaff336f2a
2 changed files with 28 additions and 24 deletions
--- a/src/main/java/org/ccalm/jwt/MainController.java
+++ b/src/main/java/org/ccalm/jwt/MainController.java
@ -21,6 +21,7 @@ import net.logicsquad.nanocaptcha.image.ImageCaptcha;
 import net.logicsquad.nanocaptcha.image.backgrounds.GradiatedBackgroundProducer;
 import net.logicsquad.nanocaptcha.image.noise.CurvedLineNoiseProducer;
 import net.logicsquad.nanocaptcha.image.renderer.DefaultWordRenderer;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.springframework.beans.factory.annotation.Autowired;
@ -505,26 +506,17 @@ public class MainController implements ServletContextAware {
    @RequestMapping(value = "/access", method = {RequestMethod.POST}, produces = "application/json;charset=utf-8")
    @ResponseBody
    public ResponseEntity<Object> access(
-            Model model,
-            @CookieValue(value = "jwt_a", defaultValue = "") String jwt_a,
+            Authentication authentication,
            @Nullable @RequestBody ActionNameModel action_name,
            @CookieValue(value = "lng", defaultValue = "1") String language_id
    ) {
        Translation trt = new Translation(language_id, jdbcTemplate);
        try {
-            if (jwt_a.isEmpty() || countOccurrences(jwt_a, '.') != 2) {
-                return new ResponseEntity<>(new ErrorResponseModel(10000, trt.trt(false, "Please_log_in"), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
-            }
-
-            Jws<Claims> claims;
-            try {
-                claims = Jwts.parserBuilder()
-                        .setSigningKey(getPublicKey())
-                        .build()
-                        .parseClaimsJws(jwt_a);
-            } catch (Exception e) {
-                return new ResponseEntity<>(new ErrorResponseModel(10000, Arrays.asList(trt.trt(false, "Please_log_in"), trt.trt(false, "JWT_token_verification_error")), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
+            if (authentication == null || !authentication.isAuthenticated()) {
+                String uuid = UUID.randomUUID().toString();
+                return new ResponseEntity<>(new ErrorResponseModel(10401, trt.trt(false, "Please_log_in"), null, uuid), HttpStatus.UNAUTHORIZED);
            }
+            UserDetails userDetails = (UserDetails) authentication.getPrincipal();

            String sql = """
                select
@ -538,7 +530,7 @@ public class MainController implements ServletContextAware {
                """;

            MapSqlParameterSource parameters = new MapSqlParameterSource();
-            parameters.addValue("user_id", claims.getBody().get("user_id"));
+            parameters.addValue("user_id", userDetails.getUserId());
            if (action_name == null) {
                parameters.addValue("action_name", null);
            } else {
@ -891,9 +883,9 @@ public class MainController implements ServletContextAware {
                    if (!json.has("result") || json.getBoolean("result")) {
                        if(json.getInt("count")==0)
                        {
-                            throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
+                            throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
                        }else{
-                            throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
+                            throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
                        }
                    }
                    if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
@ -905,7 +897,7 @@ public class MainController implements ServletContextAware {
            }catch (DataAccessException ex){
                String uuid = UUID.randomUUID().toString();
                logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
-                throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
+                throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
            }*/


@ -1209,9 +1201,9 @@ public class MainController implements ServletContextAware {
                    if (!json.has("result") || json.getBoolean("result")) {
                        if(json.getInt("count")==0)
                        {
-                            throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
+                            throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
                        }else{
-                            throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
+                            throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
                        }
                    }
                    if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
@ -1223,7 +1215,7 @@ public class MainController implements ServletContextAware {
            }catch (DataAccessException ex){
                String uuid = UUID.randomUUID().toString();
                logger.error("Error executing SQL query", uuid, ex);
-                throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
+                throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
            }*/

            String sql = "";
@ -1380,7 +1372,7 @@ public class MainController implements ServletContextAware {
            //TODO проверить не заблокирован ли пользователь
            //if(json.has("block")) {
            //    if(json.getBoolean("block"))
-            //        throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"),null);
+            //        throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"), null, false);
            //    json.remove("block");
            //}

@ -1635,12 +1627,12 @@ public class MainController implements ServletContextAware {
            for (int i = 0; i < ret.size(); i++) {
                rows = new JSONObject(ret.get(i));
                if(rows.getBoolean("result")) {
-                    throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
+                    throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null, false);
                }
            }
            if(rows==null) {
                logger.error("Функция main.user_is_blocked не вернула результата!");
-                throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null);
+                throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null, false);
            }*/

            //Получаю id пользователя TODO should work through the authorization function