fix: 积木报表 API 数据集解析时 token 未正确解析的问题

2025-11-04 12:18:42 +08:00 · 2023-01-06 18:23:39 +08:00
parent 24f0e4dd1f
commit 717dd1ab7c
2 changed files with 25 additions and 3 deletions
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java
@@ -20,6 +20,8 @@ public class SecurityProperties {
    @NotEmpty(message = "Token Header 不能为空")
    private String tokenHeader = "Authorization";

+    private String jmTokenHeader = "X-Access-Token";
+
    /**
     * mock 模式的开关
     */
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
@@ -21,6 +21,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Optional;

 /**
 * Token 过滤器，验证 token 的有效性
@@ -62,6 +63,25 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
                return;
            }
        }
+        // 积木请求头
+        String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader());
+        if (StrUtil.isNotEmpty(jmTokenHeader)) {
+            try {
+                OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader);
+                Optional<LoginUser> optUser = Optional.ofNullable(accessToken)
+                        .map(
+                                t -> new LoginUser().setId(t.getUserId())
+                                        .setUserType(t.getUserType())
+                                        .setTenantId(t.getTenantId())
+                                        .setScopes(t.getScopes())
+                        );
+                if (optUser.isPresent()) {
+                    SecurityFrameworkUtils.setLoginUser(optUser.get(), request);
+                }
+            } catch (ServiceException ignored) {
+                // do nothing：如果报错，说明认证失败，忽略即可
+            }
+        }

        // 继续过滤链
        chain.doFilter(request, response);
@@ -88,11 +108,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {

    /**
     * 模拟登录用户，方便日常开发调试
-     *
+     * <p>
     * 注意，在线上环境下，一定要关闭该功能！！！
     *
-     * @param request 请求
-     * @param token 模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
+     * @param request  请求
+     * @param token    模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
     * @param userType 用户类型
     * @return 模拟的 LoginUser
     */