Added support for checking product during authorization

This commit is contained in:
Mikhail Trofimov 2025-06-16 13:31:57 +03:00
parent 073932748f
commit 69dbb5ea6e
4 changed files with 29 additions and 8 deletions

View file

@ -134,9 +134,10 @@ public class SignalFacade {
try { try {
// проверка авторизации // проверка авторизации
if (!authorizationService.hasAuthorization(monitoringRequest.getUserId(), monitoringRequest.getPassword())) { AuthorizationService.AuthResult authResult = authorizationService.findAuthInfo(monitoringRequest.getUserId(), monitoringRequest.getPassword());
if (!authResult.isSuccess()) {
signalService.rejectPackage(monitoringRequest); signalService.rejectPackage(monitoringRequest);
return getBadResponse(SignalError.ERROR_005); // TODO расширить с возвращением отсутствия продукта return getBadResponse(authResult.getError());
} }
// проверка на уникальность пакета // проверка на уникальность пакета

View file

@ -3,9 +3,11 @@ package ru.nbch.credit_tracker.mapper.scoring;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
import java.util.List;
@Mapper @Mapper
public interface ModelUsersMapper { public interface ModelUsersMapper {
boolean hasAuthorization(@Param("userId") String userId, @Param("password") String password, @Param("productCode") String productCode); List<String> findUserProductCodes(@Param("userId") String userId, @Param("password") String password);
} }

View file

@ -1,10 +1,14 @@
package ru.nbch.credit_tracker.service.scoring; package ru.nbch.credit_tracker.service.scoring;
import jakarta.xml.bind.DatatypeConverter; import jakarta.xml.bind.DatatypeConverter;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import ru.nbch.credit_tracker.enums.SignalError;
import ru.nbch.credit_tracker.mapper.scoring.ModelUsersMapper; import ru.nbch.credit_tracker.mapper.scoring.ModelUsersMapper;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.util.List;
@Service @Service
public class AuthorizationService { public class AuthorizationService {
@ -17,9 +21,16 @@ public class AuthorizationService {
this.mapper = mapper; this.mapper = mapper;
} }
public boolean hasAuthorization(String userId, String password) throws Exception { public AuthResult findAuthInfo(String userId, String password) throws Exception {
String hashedPassword = hashPassword(password); String hashedPassword = hashPassword(password);
return mapper.hasAuthorization(userId, hashedPassword, SGNL_CODE); List<String> productCodes = mapper.findUserProductCodes(userId, hashedPassword);
if (productCodes.isEmpty()) {
return new AuthResult(false, SignalError.ERROR_005);
}
if (productCodes.stream().noneMatch(productCode -> productCode.equals(SGNL_CODE))) {
return new AuthResult(false, SignalError.ERROR_006);
}
return new AuthResult(true, null);
} }
private String hashPassword(String password) throws Exception { private String hashPassword(String password) throws Exception {
@ -31,4 +42,11 @@ public class AuthorizationService {
throw new Exception("Unable to hash password", e); throw new Exception("Unable to hash password", e);
} }
} }
@AllArgsConstructor
@Getter
public static class AuthResult {
private boolean success;
private SignalError error;
}
} }

View file

@ -5,9 +5,9 @@
<mapper namespace="ru.nbch.credit_tracker.mapper.scoring.ModelUsersMapper"> <mapper namespace="ru.nbch.credit_tracker.mapper.scoring.ModelUsersMapper">
<select id="hasAuthorization" resultType="boolean"> <select id="findUserProductCodes" resultType="string">
SELECT COUNT(*) > 0 SELECT PRODUCT
FROM XMODEL_USERS FROM XMODEL_USERS
WHERE USERNAME = #{userId} AND PASSWORD = #{password} AND PRODUCT = #{productCode} WHERE USERNAME = #{userId} AND PASSWORD = #{password}
</select> </select>
</mapper> </mapper>