micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9572:change

Browse source
This commit is contained in:
adel.ka 2025-11-17 09:05:29 +03:00
parent 04fe70f204
commit 97b1a3b810
6 changed files with 63 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

26
backend/src/main/java/ru/micord/ervu/controller/UploadAccessController.java Normal file
View file

@ -0,0 +1,26 @@
package ru.micord.ervu.controller;
import javax.servlet.http.HttpServletRequest;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
/**
* @author Adel Kalimullin
*/
@RestController
public class UploadAccessController {
private final JwtTokenService jwtTokenService;
public UploadAccessController(JwtTokenService jwtTokenService) {
this.jwtTokenService = jwtTokenService;
}
@GetMapping("/upload/access")
public ResponseEntity<Boolean> checkUploadPermission(HttpServletRequest request) {
boolean fileUploadAllowed = jwtTokenService.isFileUploadAllowed(request);
return ResponseEntity.ok(fileUploadAllowed);
}
}

1
backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java
View file

@ -6,6 +6,5 @@ public class SecurityConstants {
public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul"; public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul";
public static final String PRNS_UUID = "prns_uuid_ul"; public static final String PRNS_UUID = "prns_uuid_ul";
public static final String STICKY_SESSION = "stickysession"; public static final String STICKY_SESSION = "stickysession";
public static final String UPLOAD_ALLOWED_MARKER = "upload_allowed";
public static final String EMPLOYEE_DOCUMENT_PATH = "/employee/document"; public static final String EMPLOYEE_DOCUMENT_PATH = "/employee/document";
} }

2
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -556,7 +556,7 @@ public class EsiaAuthService {
private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId, private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId,
Boolean hasRole, Boolean fileUploadAllowed, Long expiresIn) { Boolean hasRole, Boolean fileUploadAllowed, Long expiresIn) {
Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole, fileUploadAllowed); Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole, fileUploadAllowed);
securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue(), fileUploadAllowed); securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue());
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null); new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext(); SecurityContext context = SecurityContextHolder.createEmptyContext();

21
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
View file

@ -17,7 +17,6 @@ import static org.springframework.web.context.request.RequestAttributes.REFERENC
import static ru.micord.ervu.security.SecurityConstants.AUTH_MARKER; import static ru.micord.ervu.security.SecurityConstants.AUTH_MARKER;
import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN; import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN;
import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID; import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID;
import static ru.micord.ervu.security.SecurityConstants.UPLOAD_ALLOWED_MARKER;
public final class SecurityHelper { public final class SecurityHelper {
@Value("${cookie.path:#{null}}") @Value("${cookie.path:#{null}}")
@ -46,14 +45,6 @@ public final class SecurityHelper {
.httpOnly(false) .httpOnly(false)
.build(); .build();
addResponseCookie(response, emptyAuthMarker); addResponseCookie(response, emptyAuthMarker);
ResponseCookie emptyUploadAllowed = createCookie(UPLOAD_ALLOWED_MARKER, null, "/")
.maxAge(0)
.secure(false)
.httpOnly(false)
.build();
addResponseCookie(response, emptyUploadAllowed);
clearCookie(response, PRNS_UUID, accessCookiePath); clearCookie(response, PRNS_UUID, accessCookiePath);
} }
@ -61,8 +52,7 @@ public final class SecurityHelper {
response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
} }
public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry, public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry) {
Boolean fileUploadAllowed) {
ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath) ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath)
.maxAge(expiry) .maxAge(expiry)
.build(); .build();
@ -74,15 +64,6 @@ public final class SecurityHelper {
.httpOnly(false) .httpOnly(false)
.build(); .build();
addResponseCookie(response, authMarker); addResponseCookie(response, authMarker);
if (fileUploadAllowed) {
ResponseCookie uploadAllowedCookie = createCookie(UPLOAD_ALLOWED_MARKER, "true", "/")
.maxAge(expiry)
.secure(false)
.httpOnly(false)
.build();
addResponseCookie(response, uploadAllowedCookie);
}
} }
public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) { public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) {

17
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
View file

@ -97,12 +97,21 @@ public class JwtTokenService {
} }
public String getUserAccountId(HttpServletRequest request) { public String getUserAccountId(HttpServletRequest request) {
String authToken = extractAuthToken(request); Token validatedToken = getValidatedToken(request);
String[] ids = validatedToken.getUserAccountId().split(":");
if (authToken != null) {
String[] ids = getToken(authToken).getUserAccountId().split(":");
return ids[0]; return ids[0];
} }
public boolean isFileUploadAllowed(HttpServletRequest request) {
Token validatedToken = getValidatedToken(request);
return validatedToken.isFileUploadAllowed();
}
public Token getValidatedToken(HttpServletRequest request) {
String authToken = extractAuthToken(request);
if (authToken != null) {
return getToken(authToken);
}
else { else {
throw new UnauthorizedException("Failed to get auth data. User unauthorized."); throw new UnauthorizedException("Failed to get auth data. User unauthorized.");
} }

27
frontend/src/ts/ervu/FileUploadChecker.ts
View file

@ -1,15 +1,34 @@
import {Behavior, Visible} from "@webbpm/base-package"; import {Behavior, Visible} from "@webbpm/base-package";
import {CookieService} from "ngx-cookie"; import {HttpClient} from "@angular/common/http";
import {AuthenticationService} from "../modules/security/authentication.service";
export class FileUploadChecker extends Behavior { export class FileUploadChecker extends Behavior {
private cookieService: CookieService; private httpClient: HttpClient;
private authService: AuthenticationService;
private allowed: boolean = false;
initialize() { initialize() {
this.cookieService = this.injector.get(CookieService); this.httpClient = this.injector.get(HttpClient);
this.authService = this.injector.get(AuthenticationService);
}
postStart() {
super.postStart();
if (this.authService.isAuthenticated()){
this.checkUploadPermission();
}
} }
@Visible() @Visible()
public fileUploadAllowed(): boolean { public fileUploadAllowed(): boolean {
return this.cookieService.get("upload_allowed") != null; return this.allowed;
}
private checkUploadPermission(): void {
this.httpClient.get<boolean>('upload/access')
.toPromise()
.then(response => {
this.allowed = response;
});
} }
} }