From 8ef120caa0df0b9908c93dc0e6a6d26fa6f30269 Mon Sep 17 00:00:00 2001
From: HuangXin <huangxin@cmhi.chinamobile.com>
Date: Wed, 2 Sep 2020 09:05:31 +0800
Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E9=9D=9E=E5=89=8D=E7=AB=AF?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E5=A2=9E=E5=8A=A0=E7=99=BD=E5=90=8D=E5=8D=95?=
 =?UTF-8?q?=E6=A3=80=E6=B5=8B=E5=8A=9F=E8=83=BD=202.=20=E9=87=8D=E5=90=8D?=
 =?UTF-8?q?=E5=90=8D=E7=99=BD=E5=90=8D=E5=8D=95=E9=85=8D=E7=BD=AE=E9=A1=B9?=
 =?UTF-8?q?=E5=90=8D=E7=A7=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/application-dispose.properties                |  2 +-
 .../java/com/dispose/common/AuthConfigValue.java     |  2 +-
 .../java/com/dispose/config/TrustHostConfig.java     |  5 ++---
 .../com/dispose/interceptor/TokenInterceptor.java    | 12 ++++++++++++
 .../dispose/interceptor/TrustHostInterceptor.java    |  4 ++--
 5 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/config/application-dispose.properties b/config/application-dispose.properties
index c0d53856..f49d7abb 100644
--- a/config/application-dispose.properties
+++ b/config/application-dispose.properties
@@ -26,7 +26,7 @@ crypto.aes-key=hkoUV5ZWh0q1jSxMnpjovVn19Qg99HY6DD40
 crypto.des-key=P3mq9iSIvQcvfyfdWR8sAnfAadO
 
 #信任主机配置
-trust.auth-check=true
+trust.auth-white-list-check=true
 trust.auth-host-token=165B2AA40395fA27278E59eEd4DD5EA490DA175344DE2673A5B17D3760E12F0
 trust.auth-hosts=127.0.0.12,::1
 
diff --git a/src/main/java/com/dispose/common/AuthConfigValue.java b/src/main/java/com/dispose/common/AuthConfigValue.java
index 4207e2fb..9ec51481 100644
--- a/src/main/java/com/dispose/common/AuthConfigValue.java
+++ b/src/main/java/com/dispose/common/AuthConfigValue.java
@@ -42,5 +42,5 @@ public class AuthConfigValue {
     /**
      * The constant AUTH_CHECK.
      */
-    public static volatile boolean AUTH_CHECK = true;
+    public static volatile boolean AUTH_WHITE_LIST_CHECK = true;
 }
diff --git a/src/main/java/com/dispose/config/TrustHostConfig.java b/src/main/java/com/dispose/config/TrustHostConfig.java
index e62a5ef9..18db1665 100644
--- a/src/main/java/com/dispose/config/TrustHostConfig.java
+++ b/src/main/java/com/dispose/config/TrustHostConfig.java
@@ -30,7 +30,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
     /**
      * The Auth check.
      */
-    private Boolean authCheck;
+    private Boolean authWhiteListCheck;
 
     /**
      * The Auth host token.
@@ -47,8 +47,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
      */
     @PostConstruct
     private void initGlobalValue() {
-
-        AuthConfigValue.AUTH_CHECK = Optional.ofNullable(authCheck).orElse(true);
+        AuthConfigValue.AUTH_WHITE_LIST_CHECK = Optional.ofNullable(authWhiteListCheck).orElse(true);
 
         for (String s : Optional.ofNullable(authHostToken).orElse(new String[]{""})) {
             AuthConfigValue.TRUST_INFO_CACHE.put(s, System.currentTimeMillis());
diff --git a/src/main/java/com/dispose/interceptor/TokenInterceptor.java b/src/main/java/com/dispose/interceptor/TokenInterceptor.java
index bee1b38e..98c48d81 100644
--- a/src/main/java/com/dispose/interceptor/TokenInterceptor.java
+++ b/src/main/java/com/dispose/interceptor/TokenInterceptor.java
@@ -3,6 +3,7 @@ package com.dispose.interceptor;
 import com.dispose.common.AuthConfigValue;
 import com.dispose.common.ConstValue;
 import com.dispose.common.ErrorCode;
+import com.dispose.common.Helper;
 import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO;
 import com.dispose.service.UserAccountService;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -49,6 +50,17 @@ public class TokenInterceptor implements HandlerInterceptor {
 
         if (token != null && token.length() > 0) {
             token = token.replaceFirst(ConstValue.STRING_HTTP_AUTH_HEAD, "");
+
+            String ipAddr = Helper.ipAddressNormalize(request.getRemoteAddr());
+
+            // 检测是否在白名单内
+            if (AuthConfigValue.AUTH_WHITE_LIST_CHECK &&
+                AuthConfigValue.TRUST_INFO_CACHE.containsKey(ipAddr) &&
+                AuthConfigValue.TRUST_INFO_CACHE.containsKey(token)) {
+                log.debug("White list access: {} --> {}", ipAddr, token);
+                return true;
+            }
+
             ErrorCode err = userAccountService.authTokenCheck(token);
             // 判断token是否合法
             if (err != ErrorCode.ERR_OK) {
diff --git a/src/main/java/com/dispose/interceptor/TrustHostInterceptor.java b/src/main/java/com/dispose/interceptor/TrustHostInterceptor.java
index c538bc30..28299c08 100644
--- a/src/main/java/com/dispose/interceptor/TrustHostInterceptor.java
+++ b/src/main/java/com/dispose/interceptor/TrustHostInterceptor.java
@@ -35,8 +35,8 @@ public class TrustHostInterceptor implements HandlerInterceptor {
         ErrorCode err;
 
         // 是否启动授权白名单功能
-        if (!AuthConfigValue.AUTH_CHECK) {
-            return true;
+        if (!AuthConfigValue.AUTH_WHITE_LIST_CHECK) {
+            return false;
         }
 
         // 获取访问接口的客户端IP