wangyunpeng 1 день назад
Родитель
Сommit
5e407f082b

+ 1 - 0
api-module/src/main/java/com/tzld/piaoquan/api/common/enums/ExceptionEnum.java

@@ -25,6 +25,7 @@ public enum ExceptionEnum {
     ACCOUNT_BANNED(1007, "账号被封禁"),
     USER_NOT_EXIST(1008, "user not exist"),
     SmsCodeExpired(1010, "短信验证码无效"),
+    DOMAIN_NOT_ALLOWED(1009, "无权访问"),
     ACCOUNT_NOT_EXISTS_WRONG(1011, "用户不存在"),
     ACCOUNT_PRICE_ERROR(1012, "定价格式错误"),
     ACCOUNT_PRICE_NULL_ERROR(1013, "定价不能为空"),

+ 29 - 0
api-module/src/main/java/com/tzld/piaoquan/api/config/JwtInterceptor.java

@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import com.tzld.piaoquan.api.annotation.JwtIgnore;
 import com.tzld.piaoquan.api.common.enums.ExceptionEnum;
+import com.tzld.piaoquan.api.common.enums.contentplatform.ContentPlatformAccountTypeEnum;
 import com.tzld.piaoquan.api.common.exception.CommonException;
 import com.tzld.piaoquan.api.model.config.LoginUserContext;
 import com.tzld.piaoquan.api.model.po.contentplatform.ContentPlatformAccount;
@@ -40,6 +41,11 @@ public class JwtInterceptor implements HandlerInterceptor {
     private Set<String> excludePaths;
     private Set<String> excludeUris;
 
+    /**
+     * 内部管理平台调用时携带的鉴权 Key,用于绕过 JWT 校验
+     */
+    private String internalKey;
+
     @Autowired
     private RedisUtils redisUtils;
 
@@ -77,6 +83,13 @@ public class JwtInterceptor implements HandlerInterceptor {
             //放行excludePaths包含的目录路径和excludeUris包含的URI
             return true;
         }
+        // 管理平台内部调用:通过 X-Internal-Key 鉴权,绕过 JWT 校验
+        if (StringUtils.isNotBlank(internalKey) && uri.startsWith("/contentPlatform/account/")) {
+            String requestInternalKey = request.getHeader("X-Internal-Key");
+            if (internalKey.equals(requestInternalKey)) {
+                return Boolean.TRUE;
+            }
+        }
         final String authHeader = request.getHeader("token");
         if (StringUtils.isBlank(authHeader)) {
             throw new CommonException(ExceptionEnum.Not_LOGIN);
@@ -84,6 +97,14 @@ public class JwtInterceptor implements HandlerInterceptor {
 
         validToken(authHeader);
 
+        // account 管理接口仅允许内部账号访问
+        if (uri.startsWith("/contentPlatform/account/")) {
+            ContentPlatformAccount loginUser = LoginUserContext.getUser();
+            if (loginUser == null || loginUser.getType() != ContentPlatformAccountTypeEnum.INTERNAL.getVal()) {
+                throw new CommonException(ExceptionEnum.Not_LOGIN);
+            }
+        }
+
         return Boolean.TRUE;
     }
 
@@ -140,6 +161,14 @@ public class JwtInterceptor implements HandlerInterceptor {
         this.excludeUris = excludeUris;
     }
 
+    public String getInternalKey() {
+        return internalKey;
+    }
+
+    public void setInternalKey(String internalKey) {
+        this.internalKey = internalKey;
+    }
+
     private void renewalToken(String token) {
         executor.execute(() -> {
             try {

+ 0 - 3
api-module/src/main/java/com/tzld/piaoquan/api/controller/contentplatform/ContentPlatformAccountController.java

@@ -40,14 +40,12 @@ public class ContentPlatformAccountController {
 
     @ApiOperation(value = "分页获取账户")
     @PostMapping(value = "/list")
-    @JwtIgnore
     public CommonResponse<Page<AccountVO>> pageAccount(@RequestBody AccountListParam param) {
         return CommonResponse.success(accountService.pageAccount(param));
     }
 
     @ApiOperation(value = "账户封禁")
     @PostMapping(value = "/forbidden")
-    @JwtIgnore
     public CommonResponse<Void> accountForbidden(@RequestBody AccountForbiddenParam param) {
         accountService.accountForbidden(param);
         return CommonResponse.success();
@@ -55,7 +53,6 @@ public class ContentPlatformAccountController {
 
     @ApiOperation(value = "账户创建/更新")
     @PostMapping(value = "/save")
-    @JwtIgnore
     public CommonResponse<Void> saveAccount(@RequestBody AccountSaveParam param) {
         accountService.saveAccount(param);
         return CommonResponse.success();

+ 2 - 3
api-module/src/main/resources/application.properties

@@ -64,9 +64,8 @@ author.interceptor.excludePaths[3]=/account/
 author.interceptor.excludePaths[4]=/cgi/
 author.interceptor.excludePaths[5]=/wecom/
 author.interceptor.excludePaths[6]=/3rdParty/
-author.interceptor.excludePaths[7]=/contentPlatform/account/
-author.interceptor.excludePaths[8]=/webjars/
-author.interceptor.excludePaths[9]=/swagger-ui.html/
+author.interceptor.excludePaths[7]=/webjars/
+author.interceptor.excludePaths[8]=/swagger-ui.html/
 author.interceptor.excludeUris[0]=/login
 author.interceptor.excludeUris[1]=/api-docs
 author.interceptor.excludeUris[2]=/swagger-ui.html