test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor: apikey 校验到期时间和enable状态

This commit is contained in:
CaptainB 2023-12-01 14:50:52 +08:00 committed by 刘瑞斌
parent cfd12c2f38
commit c373662d19
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java
View File

@ -5,6 +5,7 @@ import io.metersphere.sdk.util.CommonBeanFactory;
import io.metersphere.system.domain.UserKey;
import io.metersphere.system.service.UserKeyService;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
public class ApiKeyHandler {
@ -35,6 +36,14 @@ public class ApiKeyHandler {
if (userKey == null) {
throw new RuntimeException("invalid accessKey");
}
if (BooleanUtils.isFalse(userKey.getEnable())) {
throw new RuntimeException("accessKey is disabled");
}
if (BooleanUtils.isFalse(userKey.getForever())) {
if (userKey.getExpireTime() == null || userKey.getExpireTime() < System.currentTimeMillis()) {
throw new RuntimeException("accessKey is expired");
}
}
String signatureDecrypt;
try {
signatureDecrypt = CodingUtils.aesDecrypt(signature, userKey.getSecretKey(), accessKey);