From c373662d19b82bfb6381c209d6b1427b1033d39e Mon Sep 17 00:00:00 2001 From: CaptainB Date: Fri, 1 Dec 2023 14:50:52 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20apikey=20=E6=A0=A1=E9=AA=8C?= =?UTF-8?q?=E5=88=B0=E6=9C=9F=E6=97=B6=E9=97=B4=E5=92=8Cenable=E7=8A=B6?= =?UTF-8?q?=E6=80=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/metersphere/system/security/ApiKeyHandler.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java b/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java index e5be4c4b0b..c64604f922 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/security/ApiKeyHandler.java @@ -5,6 +5,7 @@ import io.metersphere.sdk.util.CommonBeanFactory; import io.metersphere.system.domain.UserKey; import io.metersphere.system.service.UserKeyService; import jakarta.servlet.http.HttpServletRequest; +import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; public class ApiKeyHandler { @@ -35,6 +36,14 @@ public class ApiKeyHandler { if (userKey == null) { throw new RuntimeException("invalid accessKey"); } + if (BooleanUtils.isFalse(userKey.getEnable())) { + throw new RuntimeException("accessKey is disabled"); + } + if (BooleanUtils.isFalse(userKey.getForever())) { + if (userKey.getExpireTime() == null || userKey.getExpireTime() < System.currentTimeMillis()) { + throw new RuntimeException("accessKey is expired"); + } + } String signatureDecrypt; try { signatureDecrypt = CodingUtils.aesDecrypt(signature, userKey.getSecretKey(), accessKey);