SUPPORT-9572:change

2025-11-17 09:05:29 +03:00 · 2025-11-17 09:05:29 +03:00 · 97b1a3b810
commit 97b1a3b810
parent 04fe70f204
6 changed files with 63 additions and 29 deletions
--- a/backend/src/main/java/ru/micord/ervu/controller/UploadAccessController.java
+++ b/backend/src/main/java/ru/micord/ervu/controller/UploadAccessController.java
@ -0,0 +1,26 @@
+package ru.micord.ervu.controller;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
+
+/**
+ * @author Adel Kalimullin
+ */
+@RestController
+public class UploadAccessController {
+  private final JwtTokenService jwtTokenService;
+
+  public UploadAccessController(JwtTokenService jwtTokenService) {
+    this.jwtTokenService = jwtTokenService;
+  }
+
+  @GetMapping("/upload/access")
+  public ResponseEntity<Boolean> checkUploadPermission(HttpServletRequest request) {
+    boolean fileUploadAllowed = jwtTokenService.isFileUploadAllowed(request);
+    return ResponseEntity.ok(fileUploadAllowed);
+  }
+}
--- a/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java
+++ b/backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java
@ -6,6 +6,5 @@ public class SecurityConstants {
  public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul";
  public static final String PRNS_UUID = "prns_uuid_ul";
  public static final String STICKY_SESSION = "stickysession";
-  public static final String UPLOAD_ALLOWED_MARKER = "upload_allowed";
  public static final String EMPLOYEE_DOCUMENT_PATH = "/employee/document";
 }
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@ -556,7 +556,7 @@ public class EsiaAuthService {
  private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId,
      Boolean hasRole, Boolean fileUploadAllowed, Long expiresIn) {
    Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole, fileUploadAllowed);
-    securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue(), fileUploadAllowed);
+    securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue());
    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
        new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
    SecurityContext context = SecurityContextHolder.createEmptyContext();
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
@ -17,7 +17,6 @@ import static org.springframework.web.context.request.RequestAttributes.REFERENC
 import static ru.micord.ervu.security.SecurityConstants.AUTH_MARKER;
 import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN;
 import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID;
-import static ru.micord.ervu.security.SecurityConstants.UPLOAD_ALLOWED_MARKER;

 public final class SecurityHelper {
  @Value("${cookie.path:#{null}}")
@ -46,14 +45,6 @@ public final class SecurityHelper {
        .httpOnly(false)
        .build();
    addResponseCookie(response, emptyAuthMarker);
-
-    ResponseCookie emptyUploadAllowed = createCookie(UPLOAD_ALLOWED_MARKER, null, "/")
-        .maxAge(0)
-        .secure(false)
-        .httpOnly(false)
-        .build();
-    addResponseCookie(response, emptyUploadAllowed);
-
    clearCookie(response, PRNS_UUID, accessCookiePath);
  }

@ -61,8 +52,7 @@ public final class SecurityHelper {
    response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
  }

-  public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry,
-      Boolean fileUploadAllowed) {
+  public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry) {
    ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath)
        .maxAge(expiry)
        .build();
@ -74,15 +64,6 @@ public final class SecurityHelper {
        .httpOnly(false)
        .build();
    addResponseCookie(response, authMarker);
-
-    if (fileUploadAllowed) {
-      ResponseCookie uploadAllowedCookie = createCookie(UPLOAD_ALLOWED_MARKER, "true", "/")
-          .maxAge(expiry)
-          .secure(false)
-          .httpOnly(false)
-          .build();
-      addResponseCookie(response, uploadAllowedCookie);
-    }
  }

  public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) {
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
@ -97,11 +97,20 @@ public class JwtTokenService {
  }

  public String getUserAccountId(HttpServletRequest request) {
-    String authToken = extractAuthToken(request);
+    Token validatedToken = getValidatedToken(request);
+    String[] ids = validatedToken.getUserAccountId().split(":");
+    return ids[0];
+  }

+  public boolean isFileUploadAllowed(HttpServletRequest request) {
+    Token validatedToken = getValidatedToken(request);
+    return validatedToken.isFileUploadAllowed();
+  }
+
+  public Token getValidatedToken(HttpServletRequest request) {
+    String authToken = extractAuthToken(request);
    if (authToken != null) {
-      String[] ids = getToken(authToken).getUserAccountId().split(":");
-      return ids[0];
+      return getToken(authToken);
    }
    else {
      throw new UnauthorizedException("Failed to get auth data. User unauthorized.");