token校验租户

0bc6d068 · 李健华 · b8b2a0c4 · 0bc6d068
Commit 0bc6d068 authored Nov 17, 2021 by 李健华
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 2 deletions

PasswordFreeAccessValidateAdvisor.java .../xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java +18 -2

No files found.
--- a/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
@@ -3,6 +3,7 @@ package cn.quantgroup.xyqb.aspect.limit;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
+import cn.quantgroup.xyqb.model.LoginProperties;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
 import cn.quantgroup.xyqb.util.IpUtil;
@@ -12,8 +13,6 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -85,12 +84,29 @@ public class PasswordFreeAccessValidateAdvisor {
            log.info("非法请求 - 无效token, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
            return false;
        }
+
        // 当前session
        SessionStruct session = XyqbSessionContextHolder.getXSessionFromRedis(token);
        if (Objects.isNull(session) || Objects.isNull(session.getValues()) || Objects.isNull(session.getValues().getUser())) {
            log.info("非法请求 - 未登录, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
            return false;
        }
+
+        // 获取头部qg-tenant-id
+        String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
+        LoginProperties loginProperties = session.getValues().getLoginProperties();
+        if (!Objects.isNull(loginProperties.getTenantId())) {
+            if (!loginProperties.getTenantId().toString().equals(tenantId)) {
+                log.info("非法请求 - 错误租户, token={}, phoneNo={}, userId={}, clientIp={}, tenantId={}, loginTenantId={}", token, phoneNo, userId, clientIp, tenantId, loginProperties.getTenantId().toString());
+                return false;
+            }
+        } else {
+           if(!StringUtils.isBlank(tenantId))  {
+               log.info("非法请求 - 错误租户, token={}, phoneNo={}, userId={}, clientIp={}, tenantId={}", token, phoneNo, userId, clientIp, tenantId);
+               return false;
+           }
+        }
+
        // 当前用户
        User user = session.getValues().getUser();
        if (Objects.isNull(user.getId()) && StringUtils.isBlank(user.getPhoneNo())) {