From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/PasswordFreeLoginServiceImpl.java |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/PasswordFreeLoginServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/PasswordFreeLoginServiceImpl.java
index dd0988a..a4d79c9 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/PasswordFreeLoginServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/PasswordFreeLoginServiceImpl.java
@@ -4,6 +4,7 @@
 import com.vci.ubcs.code.entity.TokenUserObject;
 import com.vci.ubcs.code.service.IPasswordFreeLoginService;
 import com.vci.ubcs.starter.util.HttpUtils;
+import com.vci.ubcs.system.cache.NacosConfigCache;
 import io.jsonwebtoken.Claims;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.http.auth.AuthenticationException;
@@ -107,7 +108,7 @@
 		String token2 = JwtUtil.getToken(authToken);
 		BladeUser user = this.getUser(token2);
 		//涓嶅瓨鍦ㄥ氨璇锋眰
-		if(Func.isEmpty(authToken) || Func.isEmpty(user)){
+		if(Func.isEmpty(authToken) || Func.isEmpty(user) || !user.getTenantId().equals(NacosConfigCache.getAdminUserInfo().getTenantId())){
 			String responseBody = this.passwordFreeLogin(userName);
 			//鎷垮埌鍝嶅簲浣撳叾涓寘鍚玹oken,鐢╮equest涓殑ip鍦板潃浣滀负閿�硷紝灏唗oken瀛樺叆缂撳瓨
 			TokenUserObject tokenUserObject = null;
@@ -123,8 +124,9 @@
 			token2 = JwtUtil.getToken(authToken);
 			user = this.getUser(token2);
 		}
-		//request.setAttribute("Blade-Auth",token);
+		request.setAttribute("Blade-Auth",authToken);
 		request.setAttribute("_BLADE_USER_REQUEST_ATTR_",user);
+		request.setAttribute("Authorization",authToken);
 		return true;
 	}
 
@@ -173,8 +175,8 @@
 		}
 		String enStr2;
 		try {
-			 String enStr1 = aesDecrypt(empCode, secretKey);
-			 enStr2 = aesDecrypt(enStr1, clientId);
+			String enStr1 = aesDecrypt(empCode, secretKey);
+			enStr2 = aesDecrypt(enStr1, clientId);
 		}catch (Exception e){
 			throw new ServiceException("empCode鍙傛暟瑙ｅ瘑澶辫触锛佸師鍥�:"+e.getMessage());
 		}

--
Gitblit v1.9.3