OCT

REM: 1. 修正单元测试协议无 code 返回字段问题 2. 严格校验 Authorization 字段是否是 Bearer 格式
2020-05-20 15:20:46 +08:00 · 2020-05-20 15:20:46 +08:00 · c6cbc91d59
parent 6e668cae04
commit c6cbc91d59
2 changed files with 12 additions and 5 deletions
--- a/src/main/java/com/dispose/pojo/dto/ProtocolReqDTO.java
+++ b/src/main/java/com/dispose/pojo/dto/ProtocolReqDTO.java
@ -73,9 +73,14 @@ public class ProtocolReqDTO extends ProtocolDTO {
        }

        try {
+            String authString = Objects.requireNonNull(headers.get("Authorization")).get(0);
+
+            if (authString.length() == 0 || !authString.startsWith("Bearer ")) {
+                log.error("Input Authorization header error: [{}]", authString);
+                return ErrorCode.ERR_PARAMEXCEPTION;
+            }
            // 保持当前请求token内容
-            ProtocolReqDTO.token = Objects.requireNonNull(headers.get("Authorization"))
-                    .get(0).replaceFirst("Bearer ", "");
+            ProtocolReqDTO.token = authString.replaceFirst("Bearer ", "");
        } catch (Exception ex) {
            log.error(ex.getMessage());
            return ErrorCode.ERR_MISSAUTHHEAD;
@ -91,7 +96,7 @@ public class ProtocolReqDTO extends ProtocolDTO {
     */
    public ErrorCode verifyRequest() {

-        if(this.getVer() == null || this.getCryptoType() == null || this.getTimeStamp() == null) {
+        if (this.getVer() == null || this.getCryptoType() == null || this.getTimeStamp() == null) {
            log.error("request params error: ver:{}, cryptoType:{}, TimeStamp:{}", this.getVer(), this.getCryptoType(), this.getTimeStamp());
            return ErrorCode.ERR_PARAMEXCEPTION;
        }
--- a/src/main/java/com/dispose/pojo/dto/ProtocolRespDTO.java
+++ b/src/main/java/com/dispose/pojo/dto/ProtocolRespDTO.java
@ -8,13 +8,15 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
-import lombok.Setter;

 /**
 * The type Protocol resp dto.
 */
-@Setter
+@EqualsAndHashCode(callSuper = true)
+@Data
@NoArgsConstructor
@AllArgsConstructor
@JsonPropertyOrder({"ver", "cryptoType", "timeStamp", "code", "msgContent"})