From 36522188abad5daa8798ef16b2d403cf811ae476 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 30 十二月 2024 10:01:26 +0800
Subject: [PATCH] [UPDATE] 移除有個資的log

---
 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java |  109 ++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 96 insertions(+), 13 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index e0cebb7..1176bc0 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -3,7 +3,15 @@
 import java.util.Arrays;
 import java.util.UUID;
 
-import com.pollex.pam.aop.logging.audit.AuditLoggingInject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.domain.Consultant;
+import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
+import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.web.vm.EServiceLoginVM;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -11,28 +19,34 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.domain.Customer;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.repository.CustomerRepository;
+import com.pollex.pam.business.domain.Customer;
+import com.pollex.pam.business.enums.OtpLoginTypeEnum;
+import com.pollex.pam.business.repository.CustomerRepository;
 import com.pollex.pam.security.jwt.JWTFilter;
 import com.pollex.pam.security.jwt.TokenProvider;
 import com.pollex.pam.service.CustomerAuthService;
 import com.pollex.pam.service.CustomerService;
-import com.pollex.pam.service.OtpTmpService;
+import com.pollex.pam.business.service.OtpTmpService;
 import com.pollex.pam.service.OtpUtilService;
 import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.OtpLoginVM;
-import com.pollex.pam.web.rest.vm.VerifyOtpVM;
+import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.OtpLoginVM;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
 
-import static com.pollex.pam.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
 
 @RestController
 @RequestMapping("/api/otp")
@@ -67,8 +81,27 @@
     @Autowired
     CustomerRepository customerRepository;
 
-    @PostMapping("/sendOtp")
-    public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
+    @Autowired
+    ConsultantService consultantService;
+
+    @PostMapping("/sendOtp/{imgCode}")
+    public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
+    		, @PathVariable String imgCode, HttpServletRequest request) {
+
+    	HttpSession session = request.getSession();
+    	String sessionImpCode = (String) session.getAttribute("img_code");
+
+    	if (!StringUtils.hasText(sessionImpCode)
+				|| !StringUtils.hasText(imgCode)) {
+    		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+		}
+
+    	if(!imgCode.equals(sessionImpCode)) {
+    		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+    	}
+
+    	session.setAttribute("img_code", null);
+
     	OtpResponseDTO otpResponse;
         if(applicationProperty.isMockLogin()) {
             otpResponse = getMockSendOtpResponse();
@@ -81,12 +114,15 @@
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
         }
         otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
+
         return new ResponseEntity<>(otpResponse, HttpStatus.OK);
     }
 
     @AuditLoggingInject(type = CUSTOMER_LOGIN)
     @PostMapping("/verify")
-    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
+    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+    		) {
+
     	otpUtilService.verifyOtp(verifyOtpParam);
 
     	Customer customer = customerRepository
@@ -117,5 +153,52 @@
         return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
     }
 
+    @PostMapping("/consultant/sendOtp/{login}")
+    public ResponseEntity<Object> consultantSendOtp(@PathVariable String login) {
+        Consultant consultant = consultantService.findByAgentNo(login);
+        OtpResponseDTO otpResponse;
+        if(applicationProperty.isMockLogin()) {
+            otpResponse = getMockSendOtpResponse();
+        }else if(StringUtils.hasText(consultant.getPhoneNumber())) {
+            otpResponse = otpWebService.sendByPhone(consultant.getPhoneNumber());
+        }else if(StringUtils.hasText(consultant.getEmail())) {
+            otpResponse = otpWebService.sendByEmail(consultant.getEmail());
+        }else {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not find phone and email to send otp, loginType = " + login);
+        }
+        otpTmpService.createOtpTmp(login, otpResponse.getIndexKey());
+
+        return new ResponseEntity<>(otpResponse, HttpStatus.OK);
+    }
+
+    @PostMapping("/consultant/verifyOtp")
+    public ResponseEntity<UserJWTController.JWTToken> consultantVerifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+     , HttpServletRequest request) {
+
+        HttpSession session = request.getSession();
+        Authentication authentication = (Authentication) session.getAttribute("authentication");
+        String authAccount = authentication.getPrincipal().toString();
+
+        if(!authAccount.equals(verifyOtpParam.getAccount())){
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        }
+
+        otpUtilService.verifyOtp(verifyOtpParam);
+        Consultant consultant = consultantService.findByAgentNo(verifyOtpParam.getAccount());
+
+        if (consultant == null) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+
+        consultantService.updateLoginTime(verifyOtpParam.getAccount());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        String jwt = tokenProvider.createToken(authentication, false);
+        HttpHeaders httpHeaders = new HttpHeaders();
+        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
+        session.setAttribute("authentication", null);
+        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
+
+    }
 
 }

--
Gitblit v1.8.0