保誠-保戶業務員媒合平台
究查 | 歷程 | 原始
jack
2023-08-02 96411b293738e86f76879bb8072dec2b5a7fd3de 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

package com.pollex.pam.web.rest;


 


import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import javax.servlet.http.HttpSession;


 


import org.slf4j.Logger;


import org.slf4j.LoggerFactory;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.HttpHeaders;


import org.springframework.http.HttpStatus;


import org.springframework.http.ResponseEntity;


import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.util.StringUtils;


import org.springframework.web.bind.annotation.PathVariable;


import org.springframework.web.bind.annotation.PostMapping;


import org.springframework.web.bind.annotation.RequestBody;


import org.springframework.web.bind.annotation.RequestMapping;


import org.springframework.web.bind.annotation.RestController;


 


import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;


import com.pollex.pam.business.security.token.EServiceAuthenticationToken;


import com.pollex.pam.business.service.ConsultantService;


import com.pollex.pam.business.service.util.AesUtil;


import com.pollex.pam.business.web.errors.OtpLoginFailException;


import com.pollex.pam.business.web.vm.EServiceLoginVM;


import com.pollex.pam.security.jwt.JWTFilter;


import com.pollex.pam.security.jwt.TokenProvider;


 


@RestController


@RequestMapping("/api/eService")


public class EServiceResource {


    


    private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);


 


 


    @Autowired


    AuthenticationManagerBuilder authenticationManagerBuilder;


 


    @Autowired


    TokenProvider tokenProvider;


 


    @Autowired


    ConsultantService consultantService;


 


    @AuditLoggingInject(type = CONSULTANT_LOGIN)


    @PostMapping("/authenticate/{imgCode}")


    public ResponseEntity<UserJWTController.JWTToken> authorize(


            @RequestBody EServiceLoginVM eServiceLoginVM


            , HttpServletResponse response, HttpServletRequest request,


            @PathVariable String imgCode){


        


        HttpSession session = request.getSession();


        String sessionImpCode = (String) session.getAttribute("img_code");


        


        if (!StringUtils.hasText(sessionImpCode)


                || !StringUtils.hasText(imgCode)) {


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        


        if(!imgCode.equals(sessionImpCode)) {


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        session.setAttribute("img_code", null);


        EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(


            eServiceLoginVM.getUsername(),


            AesUtil.aesDecode(eServiceLoginVM.getPassword())


        );


 


        Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);


        consultantService.updateLoginTime(eServiceLoginVM.getUsername());


        SecurityContextHolder.getContext().setAuthentication(authenticationToken);


 


        String jwt = tokenProvider.createToken(authentication, false);


        HttpHeaders httpHeaders = new HttpHeaders();


        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);


        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);


    }


}