保誠-保戶業務員媒合平台
究查 | 歷程 | 修補檔 | 提交 | 提交差異 | 忽略空白
jack
2024-12-25 db15612798841319bafcb3ed4e77c7c013b9446f 
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java


@@ -1,9 +1,13 @@


package com.pollex.pam.web.rest;




import com.pollex.pam.security.jwt.JWTFilter;


import com.pollex.pam.security.jwt.TokenProvider;


import com.pollex.pam.security.token.EServiceAuthenticationToken;


import com.pollex.pam.web.rest.vm.EServiceLoginVM;


import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;




import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import javax.servlet.http.HttpSession;




import org.slf4j.Logger;


import org.slf4j.LoggerFactory;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.HttpHeaders;


import org.springframework.http.HttpStatus;


@@ -11,14 +15,28 @@


import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.util.StringUtils;


import org.springframework.web.bind.annotation.PathVariable;


import org.springframework.web.bind.annotation.PostMapping;


import org.springframework.web.bind.annotation.RequestBody;


import org.springframework.web.bind.annotation.RequestMapping;


import org.springframework.web.bind.annotation.RestController;




import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;


import com.pollex.pam.business.security.token.EServiceAuthenticationToken;


import com.pollex.pam.business.service.ConsultantService;


import com.pollex.pam.business.service.util.AesUtil;


import com.pollex.pam.business.web.errors.OtpLoginFailException;


import com.pollex.pam.business.web.vm.EServiceLoginVM;


import com.pollex.pam.security.jwt.JWTFilter;


import com.pollex.pam.security.jwt.TokenProvider;




@RestController


@RequestMapping("/api/eService")


public class EServiceResource {




   private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);






    @Autowired


    AuthenticationManagerBuilder authenticationManagerBuilder;


@@ -26,18 +44,44 @@


    @Autowired


    TokenProvider tokenProvider;




    @PostMapping("/authenticate")


    public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) {


        EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(


    @Autowired


    ConsultantService consultantService;




    @Autowired


    AesUtil aesUtil;




    @AuditLoggingInject(type = CONSULTANT_LOGIN)


    @PostMapping("/authenticate/{imgCode}")


    public void authorize(


          @RequestBody EServiceLoginVM eServiceLoginVM


          , HttpServletResponse response, HttpServletRequest request,


         @PathVariable String imgCode) throws Exception{






       String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());


       if(!StringUtils.hasText(paswword)) {


          throw new OtpLoginFailException("密碼解密失敗");


       }




       HttpSession session = request.getSession();


       String sessionImpCode = (String) session.getAttribute("img_code");




       if (!StringUtils.hasText(sessionImpCode)


            || !StringUtils.hasText(imgCode)) {


          throw new OtpLoginFailException("驗證碼輸入錯誤");


      }




       if(!imgCode.equals(sessionImpCode)) {


          throw new OtpLoginFailException("驗證碼輸入錯誤");


       }




       session.setAttribute("img_code", null);


       EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(


            eServiceLoginVM.getUsername(),


            eServiceLoginVM.getPassword()


            paswword


        );




        Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);


        SecurityContextHolder.getContext().setAuthentication(authenticationToken);


        String jwt = tokenProvider.createToken(authentication, false);


        HttpHeaders httpHeaders = new HttpHeaders();


        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);


        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);


        session.setAttribute("authentication", authentication);


    }


}