commit f621bf17e49bd8ecf2a8e52f3ba309809161e7cc
author Tang Cheng <cheng.tang@supwisdom.com> 周一 7月 15 10:42:24 2019 +0800
committer Tang Cheng <cheng.tang@supwisdom.com> 周一 7月 15 10:42:29 2019 +0800
tree 7c704ec417ce4f623001d1842c4fa960a030721d
parent 23a80454223b271dc0f3a674ca06dbaa6aa34aa5

修改api authentication 的bug

payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt

diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
index 84bba9f..e4a7088 100644
--- a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
+++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt
@@ -74,16 +74,12 @@
         } ?: throw TransactionCheckException(TradeErrorCode.BUSINESS_DEAL_ERROR,
                 "系统未配置租户信息")
 
-        apiClientDao.findById(appid).run {
-            if (!isPresent) {
-                return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
-            }
-            if (get().status != TradeDict.STATUS_NORMAL) {
+        apiClientDao.findByAppid(appid)?.apply {
+            if (this.status != TradeDict.STATUS_NORMAL) {
                 return ResponseEntity.ok(ResponseBodyBuilder.create()
                         .fail(TradeErrorCode.BUSINESS_DEAL_ERROR, "API状态错误"))
             }
-            get()
-        }.let { api ->
+        }?.let { api ->
             val token = generateRandomToken()
             val now = systemUtil.sysdatetime.hostdatetime
             ApiClientRedis().also {
@@ -97,7 +93,7 @@
             }
             return ResponseEntity.ok(ResponseBodyBuilder.create()
                     .success(ApiLoginInitResponse(now, token)))
-        }
+        } ?: return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
     }
 
     private fun generateRandomToken(): String {
@@ -148,14 +144,14 @@
         }
         val jwt = JwtTokenUtil(jwtConfig).verifyToken(auth.substring(jwtConfig.tokenHeader.length))
         val appid = jwt["uid"] as String
-        return apiClientDao.findById(appid).let {
-            if (it.isPresent && it.get().status == TradeDict.STATUS_NORMAL) {
+        return apiClientDao.findByAppid(appid)?.let {
+            if (it.status == TradeDict.STATUS_NORMAL) {
                 // 新证书
                 val token = JwtTokenUtil(jwtConfig).generateToken(
                         mapOf(Constants.JWT_CLAIM_UID to appid,
                                 "issuer" to "payapi",
                                 "audience" to jwt["audience"],
-                                Constants.JWT_CLAIM_AUTHORITIES to it.get().roles.split(";")))
+                                Constants.JWT_CLAIM_AUTHORITIES to it.roles.split(";")))
                 JwtRedis().apply {
                     jti = token.jti
                     uid = appid
@@ -171,7 +167,7 @@
             } else {
                 ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
             }
-        }
+        } ?: ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
     }
 }