修改用户模块

2026-04-13 17:13:29 +08:00
parent a489e2b204
commit 7172861e67
4 changed files with 49 additions and 32 deletions
--- a/src/main/java/com/label/common/shiro/TokenFilter.java
+++ b/src/main/java/com/label/common/shiro/TokenFilter.java
@@ -67,12 +67,12 @@ public class TokenFilter extends OncePerRequestFilter {
                || path.equals("/api/auth/login")
                || path.equals("/api/video/callback")
                || path.startsWith("/swagger-ui")
-                || path.startsWith("/v3/api-docs");  // AI 服务内部回调，不走用户 Token 认证
+                || path.startsWith("/v3/api-docs"); // AI 服务内部回调，不走用户 Token 认证
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
-                                     FilterChain filterChain) throws ServletException, IOException {
+            FilterChain filterChain) throws ServletException, IOException {
        try {
            if (!authEnabled) {
                TokenPrincipal principal = new TokenPrincipal(
@@ -85,12 +85,17 @@ public class TokenFilter extends OncePerRequestFilter {
            }

            String authHeader = request.getHeader("Authorization");
-            if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            if (authHeader == null || !authHeader.toLowerCase().startsWith("bearer ")) {
                writeUnauthorized(response, "缺少或无效的认证令牌");
                return;
            }
-
-            String token = authHeader.substring(7).trim();
+            String[] parts = authHeader.split("\\s+");
+            if (parts.length != 2 || !"Bearer".equalsIgnoreCase(parts[0])) {
+                writeUnauthorized(response, "无效的认证格式");
+                return;
+            }
+            String token = parts[1];
+            //String token = authHeader.substring(7).trim();
            Map<Object, Object> tokenData = redisService.hGetAll(RedisKeyManager.tokenKey(token));

            if (tokenData == null || tokenData.isEmpty()) {