fix api signuature credential auth bug

WeBankBlockchain · Sep 2, 2024 · 0c1f8e6 · 0c1f8e6
1 parent f7e5978
commit 0c1f8e6
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 3 deletions.
diff --git a/wedpr-adm/conf/application-wedpr.properties b/wedpr-adm/conf/application-wedpr.properties
@@ -94,3 +94,5 @@ quartz-cron-report-job=0/2 * * * * ? *
 
 springfox.documentation.enabled=true
 
+server.type=site_end
+
diff --git a/wedpr-admin/conf/application-wedpr.properties b/wedpr-admin/conf/application-wedpr.properties
@@ -89,4 +89,5 @@ wedpr.user.jwt.publicKey=
 wedpr.user.jwt.sessionKey=
 
 springfox.documentation.enabled=true
+server.type=admin_end
 
diff --git a/...main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java b/...main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java
@@ -55,8 +55,17 @@ public MemoryCredentialCache(
         this.credentialToolkit = credentialToolkit;
     }
 
+    private void get(String accessKeyID) {
+        try {
+            cache.get(accessKeyID);
+        } catch (Exception e) {
+            logger.warn("get {} failed for ", accessKeyID, e);
+        }
+    }
+
     @Override
     public ApiCredentialDO getAccessKey(String accessKeyID) {
+        get(accessKeyID);
         return cache.getIfPresent(accessKeyID);
     }
 

diff --git a/...curity/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java b/...curity/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java
@@ -75,7 +75,7 @@ public MemoryUserCache(
                 new CacheLoader<String, UserToken>() {
                     @Override
                     public UserToken load(String username) throws NoValueInCacheException {
-                        logger.info("从数据库查询用户信息：{}", username);
+                        logger.info("fetch userInformation from DB：{}", username);
                         // check the existence of user
                         if (wedprUserService.getWedprUserByNameService(username) != null) {
                             return fetchUserToken(username);
@@ -96,6 +96,7 @@ public UserToken load(String username) throws NoValueInCacheException {
     public Pair<Boolean, UserToken> getUserToken(HttpServletRequest request) throws Exception {
         UserToken userToken = TokenUtils.getLoginUser(request);
         String username = userToken.getUsername();
+        get(username);
         UserToken latestUserToken = userCache.getIfPresent(username);
         // the user not exists
         if (latestUserToken == null) {
@@ -113,9 +114,18 @@ public Pair<Boolean, UserToken> getUserToken(HttpServletRequest request) throws
         return new ImmutablePair<>(false, userToken);
     }
 
+    private void get(String userName) {
+        try {
+            userCache.get(userName);
+        } catch (Exception e) {
+            logger.warn("get record for {} failed, error: ", e.getMessage());
+        }
+    }
+
     @Override
     public UserToken getUserToken(String userName) throws Exception {
         wedprUserService.updateAllowedTimeAndTryCount(userName, 0L, 0);
+        get(userName);
         return userCache.getIfPresent(userName);
     }
 

diff --git a/...ity/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java b/...ity/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java
@@ -28,6 +28,7 @@
 import lombok.SneakyThrows;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.util.StringUtils;
 
 public class APISignatureAuthFilter extends BasicAuthenticationFilter {
     private final CredentialVerifier credentialVerifier;
@@ -47,6 +48,11 @@ public APISignatureAuthFilter(
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
         try {
+            // auth by token
+            if (!StringUtils.isEmpty(request.getHeader(Constant.TOKEN_FIELD))) {
+                chain.doFilter(request, response);
+                return;
+            }
             ApiCredentialDO credential = this.credentialVerifier.verify(request);
             UserToken userToken = userCache.getUserToken(credential.getOwner());
             if (userToken == null) {

diff --git a/...ty/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java b/...ty/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java
@@ -74,9 +74,10 @@ protected void doFilterInternal(
             response.setHeader(Constant.TOKEN_FIELD, newJwt);
             chain.doFilter(request, response);
         } catch (Exception e) {
-            logger.info("认证已过期或token错误，请重新登录: ", e);
+            logger.info("jwt auth failed, error: ", e);
             String wedprResponse =
-                    new WeDPRResponse(Constant.WEDPR_FAILED, "认证已过期或token错误，请重新登录").serialize();
+                    new WeDPRResponse(Constant.WEDPR_FAILED, "auth failed for " + e.getMessage())
+                            .serialize();
             TokenUtils.responseToClient(response, wedprResponse, HttpServletResponse.SC_FORBIDDEN);
         }
     }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -94,3 +94,5 @@ quartz-cron-report-job=0/2 * * * * ? *

		springfox.documentation.enabled=true

		server.type=site_end
Original file line number	Diff line number	Diff line change
Expand Up		@@ -89,4 +89,5 @@ wedpr.user.jwt.publicKey=
		wedpr.user.jwt.sessionKey=

		springfox.documentation.enabled=true
		server.type=admin_end