refactor: apikey 校验到期时间和enable状态

This commit is contained in:
CaptainB 2023-12-01 14:50:52 +08:00 committed by 刘瑞斌
parent cfd12c2f38
commit c373662d19
1 changed files with 9 additions and 0 deletions

View File

@ -5,6 +5,7 @@ import io.metersphere.sdk.util.CommonBeanFactory;
import io.metersphere.system.domain.UserKey; import io.metersphere.system.domain.UserKey;
import io.metersphere.system.service.UserKeyService; import io.metersphere.system.service.UserKeyService;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
public class ApiKeyHandler { public class ApiKeyHandler {
@ -35,6 +36,14 @@ public class ApiKeyHandler {
if (userKey == null) { if (userKey == null) {
throw new RuntimeException("invalid accessKey"); throw new RuntimeException("invalid accessKey");
} }
if (BooleanUtils.isFalse(userKey.getEnable())) {
throw new RuntimeException("accessKey is disabled");
}
if (BooleanUtils.isFalse(userKey.getForever())) {
if (userKey.getExpireTime() == null || userKey.getExpireTime() < System.currentTimeMillis()) {
throw new RuntimeException("accessKey is expired");
}
}
String signatureDecrypt; String signatureDecrypt;
try { try {
signatureDecrypt = CodingUtils.aesDecrypt(signature, userKey.getSecretKey(), accessKey); signatureDecrypt = CodingUtils.aesDecrypt(signature, userKey.getSecretKey(), accessKey);