Merge branch 'main' of https://git.dirt.kz/igor/org.ccalm.jwt
# Conflicts: # src/main/java/org/ccalm/jwt/MainController.java
This commit is contained in:
12
README.md
12
README.md
@ -27,6 +27,18 @@ ____
|
|||||||
10. [Проверить валидность токена](#проверить-валидность-токена)
|
10. [Проверить валидность токена](#проверить-валидность-токена)
|
||||||
|
|
||||||
____
|
____
|
||||||
|
### Получить токен для защиты от CSRF атак
|
||||||
|
https://istransit.kz/api/authorization/v02/get_request_token
|
||||||
|
|
||||||
|
GET запрос без данных.
|
||||||
|
|
||||||
|
Пример ответа:
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"ttl":600,
|
||||||
|
"token":"VTf8zvHKqK7QFJ0ZEyheOYAUrI7cRIbejxMzRKlMzYM"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### Получить список разрешений для пользователя по Access token
|
### Получить список разрешений для пользователя по Access token
|
||||||
https://istransit.kz/api/authorization/v02/access/
|
https://istransit.kz/api/authorization/v02/access/
|
||||||
|
|||||||
@ -21,6 +21,7 @@ import net.logicsquad.nanocaptcha.image.ImageCaptcha;
|
|||||||
import net.logicsquad.nanocaptcha.image.backgrounds.GradiatedBackgroundProducer;
|
import net.logicsquad.nanocaptcha.image.backgrounds.GradiatedBackgroundProducer;
|
||||||
import net.logicsquad.nanocaptcha.image.noise.CurvedLineNoiseProducer;
|
import net.logicsquad.nanocaptcha.image.noise.CurvedLineNoiseProducer;
|
||||||
import net.logicsquad.nanocaptcha.image.renderer.DefaultWordRenderer;
|
import net.logicsquad.nanocaptcha.image.renderer.DefaultWordRenderer;
|
||||||
|
import org.apache.commons.codec.digest.DigestUtils;
|
||||||
import org.json.JSONArray;
|
import org.json.JSONArray;
|
||||||
import org.json.JSONException;
|
import org.json.JSONException;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
@ -505,26 +506,17 @@ public class MainController implements ServletContextAware {
|
|||||||
@RequestMapping(value = "/access", method = {RequestMethod.POST}, produces = "application/json;charset=utf-8")
|
@RequestMapping(value = "/access", method = {RequestMethod.POST}, produces = "application/json;charset=utf-8")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public ResponseEntity<Object> access(
|
public ResponseEntity<Object> access(
|
||||||
Model model,
|
Authentication authentication,
|
||||||
@CookieValue(value = "jwt_a", defaultValue = "") String jwt_a,
|
|
||||||
@Nullable @RequestBody ActionNameModel action_name,
|
@Nullable @RequestBody ActionNameModel action_name,
|
||||||
@CookieValue(value = "lng", defaultValue = "1") String language_id
|
@CookieValue(value = "lng", defaultValue = "1") String language_id
|
||||||
) {
|
) {
|
||||||
Translation trt = new Translation(language_id, jdbcTemplate);
|
Translation trt = new Translation(language_id, jdbcTemplate);
|
||||||
try {
|
try {
|
||||||
if (jwt_a.isEmpty() || countOccurrences(jwt_a, '.') != 2) {
|
if (authentication == null || !authentication.isAuthenticated()) {
|
||||||
return new ResponseEntity<>(new ErrorResponseModel(10000, trt.trt(false, "Please_log_in"), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
|
String uuid = UUID.randomUUID().toString();
|
||||||
}
|
return new ResponseEntity<>(new ErrorResponseModel(10401, trt.trt(false, "Please_log_in"), null, uuid), HttpStatus.UNAUTHORIZED);
|
||||||
|
|
||||||
Jws<Claims> claims;
|
|
||||||
try {
|
|
||||||
claims = Jwts.parserBuilder()
|
|
||||||
.setSigningKey(getPublicKey())
|
|
||||||
.build()
|
|
||||||
.parseClaimsJws(jwt_a);
|
|
||||||
} catch (Exception e) {
|
|
||||||
return new ResponseEntity<>(new ErrorResponseModel(10000, Arrays.asList(trt.trt(false, "Please_log_in"), trt.trt(false, "JWT_token_verification_error")), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
|
|
||||||
}
|
}
|
||||||
|
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
|
||||||
|
|
||||||
String sql = """
|
String sql = """
|
||||||
select
|
select
|
||||||
@ -538,7 +530,7 @@ public class MainController implements ServletContextAware {
|
|||||||
""";
|
""";
|
||||||
|
|
||||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||||
parameters.addValue("user_id", claims.getBody().get("user_id"));
|
parameters.addValue("user_id", userDetails.getUserId());
|
||||||
if (action_name == null) {
|
if (action_name == null) {
|
||||||
parameters.addValue("action_name", null);
|
parameters.addValue("action_name", null);
|
||||||
} else {
|
} else {
|
||||||
@ -891,9 +883,9 @@ public class MainController implements ServletContextAware {
|
|||||||
if (!json.has("result") || json.getBoolean("result")) {
|
if (!json.has("result") || json.getBoolean("result")) {
|
||||||
if(json.getInt("count")==0)
|
if(json.getInt("count")==0)
|
||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
|
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
|
||||||
}else{
|
}else{
|
||||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||||
@ -905,7 +897,7 @@ public class MainController implements ServletContextAware {
|
|||||||
}catch (DataAccessException ex){
|
}catch (DataAccessException ex){
|
||||||
String uuid = UUID.randomUUID().toString();
|
String uuid = UUID.randomUUID().toString();
|
||||||
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
|
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
|
||||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
|
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
|
||||||
}*/
|
}*/
|
||||||
|
|
||||||
|
|
||||||
@ -1209,9 +1201,9 @@ public class MainController implements ServletContextAware {
|
|||||||
if (!json.has("result") || json.getBoolean("result")) {
|
if (!json.has("result") || json.getBoolean("result")) {
|
||||||
if(json.getInt("count")==0)
|
if(json.getInt("count")==0)
|
||||||
{
|
{
|
||||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
|
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
|
||||||
}else{
|
}else{
|
||||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||||
@ -1223,7 +1215,7 @@ public class MainController implements ServletContextAware {
|
|||||||
}catch (DataAccessException ex){
|
}catch (DataAccessException ex){
|
||||||
String uuid = UUID.randomUUID().toString();
|
String uuid = UUID.randomUUID().toString();
|
||||||
logger.error("Error executing SQL query", uuid, ex);
|
logger.error("Error executing SQL query", uuid, ex);
|
||||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
|
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
|
||||||
}*/
|
}*/
|
||||||
|
|
||||||
String sql = "";
|
String sql = "";
|
||||||
@ -1380,7 +1372,7 @@ public class MainController implements ServletContextAware {
|
|||||||
//TODO проверить не заблокирован ли пользователь
|
//TODO проверить не заблокирован ли пользователь
|
||||||
//if(json.has("block")) {
|
//if(json.has("block")) {
|
||||||
// if(json.getBoolean("block"))
|
// if(json.getBoolean("block"))
|
||||||
// throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"),null);
|
// throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"), null, false);
|
||||||
// json.remove("block");
|
// json.remove("block");
|
||||||
//}
|
//}
|
||||||
|
|
||||||
@ -1635,12 +1627,12 @@ public class MainController implements ServletContextAware {
|
|||||||
for (int i = 0; i < ret.size(); i++) {
|
for (int i = 0; i < ret.size(); i++) {
|
||||||
rows = new JSONObject(ret.get(i));
|
rows = new JSONObject(ret.get(i));
|
||||||
if(rows.getBoolean("result")) {
|
if(rows.getBoolean("result")) {
|
||||||
throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
|
throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null, false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(rows==null) {
|
if(rows==null) {
|
||||||
logger.error("Функция main.user_is_blocked не вернула результата!");
|
logger.error("Функция main.user_is_blocked не вернула результата!");
|
||||||
throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null);
|
throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null, false);
|
||||||
}*/
|
}*/
|
||||||
|
|
||||||
//Получаю id пользователя TODO should work through the authorization function
|
//Получаю id пользователя TODO should work through the authorization function
|
||||||
|
|||||||
Reference in New Issue
Block a user