Merge branch 'main' of https://git.dirt.kz/igor/org.ccalm.jwt
# Conflicts: # src/main/java/org/ccalm/jwt/MainController.java
This commit is contained in:
12
README.md
12
README.md
@ -27,6 +27,18 @@ ____
|
||||
10. [Проверить валидность токена](#проверить-валидность-токена)
|
||||
|
||||
____
|
||||
### Получить токен для защиты от CSRF атак
|
||||
https://istransit.kz/api/authorization/v02/get_request_token
|
||||
|
||||
GET запрос без данных.
|
||||
|
||||
Пример ответа:
|
||||
```json
|
||||
{
|
||||
"ttl":600,
|
||||
"token":"VTf8zvHKqK7QFJ0ZEyheOYAUrI7cRIbejxMzRKlMzYM"
|
||||
}
|
||||
```
|
||||
|
||||
### Получить список разрешений для пользователя по Access token
|
||||
https://istransit.kz/api/authorization/v02/access/
|
||||
|
||||
@ -21,6 +21,7 @@ import net.logicsquad.nanocaptcha.image.ImageCaptcha;
|
||||
import net.logicsquad.nanocaptcha.image.backgrounds.GradiatedBackgroundProducer;
|
||||
import net.logicsquad.nanocaptcha.image.noise.CurvedLineNoiseProducer;
|
||||
import net.logicsquad.nanocaptcha.image.renderer.DefaultWordRenderer;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.json.JSONArray;
|
||||
import org.json.JSONException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -505,26 +506,17 @@ public class MainController implements ServletContextAware {
|
||||
@RequestMapping(value = "/access", method = {RequestMethod.POST}, produces = "application/json;charset=utf-8")
|
||||
@ResponseBody
|
||||
public ResponseEntity<Object> access(
|
||||
Model model,
|
||||
@CookieValue(value = "jwt_a", defaultValue = "") String jwt_a,
|
||||
Authentication authentication,
|
||||
@Nullable @RequestBody ActionNameModel action_name,
|
||||
@CookieValue(value = "lng", defaultValue = "1") String language_id
|
||||
) {
|
||||
Translation trt = new Translation(language_id, jdbcTemplate);
|
||||
try {
|
||||
if (jwt_a.isEmpty() || countOccurrences(jwt_a, '.') != 2) {
|
||||
return new ResponseEntity<>(new ErrorResponseModel(10000, trt.trt(false, "Please_log_in"), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
|
||||
Jws<Claims> claims;
|
||||
try {
|
||||
claims = Jwts.parserBuilder()
|
||||
.setSigningKey(getPublicKey())
|
||||
.build()
|
||||
.parseClaimsJws(jwt_a);
|
||||
} catch (Exception e) {
|
||||
return new ResponseEntity<>(new ErrorResponseModel(10000, Arrays.asList(trt.trt(false, "Please_log_in"), trt.trt(false, "JWT_token_verification_error")), null, null), HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
if (authentication == null || !authentication.isAuthenticated()) {
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
return new ResponseEntity<>(new ErrorResponseModel(10401, trt.trt(false, "Please_log_in"), null, uuid), HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
|
||||
|
||||
String sql = """
|
||||
select
|
||||
@ -538,7 +530,7 @@ public class MainController implements ServletContextAware {
|
||||
""";
|
||||
|
||||
MapSqlParameterSource parameters = new MapSqlParameterSource();
|
||||
parameters.addValue("user_id", claims.getBody().get("user_id"));
|
||||
parameters.addValue("user_id", userDetails.getUserId());
|
||||
if (action_name == null) {
|
||||
parameters.addValue("action_name", null);
|
||||
} else {
|
||||
@ -891,9 +883,9 @@ public class MainController implements ServletContextAware {
|
||||
if (!json.has("result") || json.getBoolean("result")) {
|
||||
if(json.getInt("count")==0)
|
||||
{
|
||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
|
||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
|
||||
}else{
|
||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
|
||||
}
|
||||
}
|
||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||
@ -905,7 +897,7 @@ public class MainController implements ServletContextAware {
|
||||
}catch (DataAccessException ex){
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
|
||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
|
||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
|
||||
}*/
|
||||
|
||||
|
||||
@ -1209,9 +1201,9 @@ public class MainController implements ServletContextAware {
|
||||
if (!json.has("result") || json.getBoolean("result")) {
|
||||
if(json.getInt("count")==0)
|
||||
{
|
||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null);
|
||||
throw new CustomException(10000, trt.trt(false, "The_user_account_is_blocked"),null,false);
|
||||
}else{
|
||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null);
|
||||
throw new CustomException(10000, trt.trt(false, "The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), String.valueOf(json.getInt("limit_duration")),(String)null,false);
|
||||
}
|
||||
}
|
||||
if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
|
||||
@ -1223,7 +1215,7 @@ public class MainController implements ServletContextAware {
|
||||
}catch (DataAccessException ex){
|
||||
String uuid = UUID.randomUUID().toString();
|
||||
logger.error("Error executing SQL query", uuid, ex);
|
||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid);
|
||||
throw new CustomException(10000, trt.trt(false, "Error_executing_SQL_query"),uuid,false);
|
||||
}*/
|
||||
|
||||
String sql = "";
|
||||
@ -1380,7 +1372,7 @@ public class MainController implements ServletContextAware {
|
||||
//TODO проверить не заблокирован ли пользователь
|
||||
//if(json.has("block")) {
|
||||
// if(json.getBoolean("block"))
|
||||
// throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"),null);
|
||||
// throw new CustomException(10006,trt.trt(false, "The_user_account_is_blocked"), null, false);
|
||||
// json.remove("block");
|
||||
//}
|
||||
|
||||
@ -1635,12 +1627,12 @@ public class MainController implements ServletContextAware {
|
||||
for (int i = 0; i < ret.size(); i++) {
|
||||
rows = new JSONObject(ret.get(i));
|
||||
if(rows.getBoolean("result")) {
|
||||
throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null);
|
||||
throw new CustomException(10000, String.format(trt.trt(false,"The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), 5),null, false);
|
||||
}
|
||||
}
|
||||
if(rows==null) {
|
||||
logger.error("Функция main.user_is_blocked не вернула результата!");
|
||||
throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null);
|
||||
throw new CustomException(10000, trt.trt(false,"Error_executing_SQL_query"),null, false);
|
||||
}*/
|
||||
|
||||
//Получаю id пользователя TODO should work through the authorization function
|
||||
|
||||
Reference in New Issue
Block a user