4 years ago · 826e7baf7a
--- a/src/main/java/org/ssssssss/magicapi/config/MagicConfiguration.java
+++ b/src/main/java/org/ssssssss/magicapi/config/MagicConfiguration.java
@@ -5,10 +5,7 @@ import org.ssssssss.magicapi.interceptor.RequestInterceptor;
 
				 import org.ssssssss.magicapi.provider.ApiServiceProvider;
			
 
				 import org.ssssssss.magicapi.provider.GroupServiceProvider;
			
 
				 import org.ssssssss.magicapi.provider.ResultProvider;
			
 
				-import org.ssssssss.magicapi.utils.MD5Utils;
			
 
				 
			
 
				-import javax.servlet.http.Cookie;
			
 
				-import javax.servlet.http.HttpServletRequest;
			
 
				 import java.util.ArrayList;
			
 
				 import java.util.List;
			
 
				 
			
@@ -29,7 +26,7 @@ public class MagicConfiguration {
 
				 	 */
			
 
				 	private String password;
			
 
				 
			
 
				-	private final String tokenKey = "MAGICTOKEN";
			
 
				+	private final String tokenKey = "Magic-Token";
			
 
				 
			
 
				 	/**
			
 
				 	 * 拦截器
			
--- a/src/main/java/org/ssssssss/magicapi/config/MagicController.java
+++ b/src/main/java/org/ssssssss/magicapi/config/MagicController.java
@@ -3,8 +3,8 @@ package org.ssssssss.magicapi.config;
 
				 import org.ssssssss.magicapi.interceptor.RequestInterceptor;
			
 
				 import org.ssssssss.magicapi.utils.MD5Utils;
			
 
				 
			
 
				-import javax.servlet.http.Cookie;
			
 
				 import javax.servlet.http.HttpServletRequest;
			
 
				+import java.util.Objects;
			
 
				 
			
 
				 public class MagicController {
			
 
				 
			
@@ -29,18 +29,14 @@ public class MagicController {
 
				 	 * 判断是否有权限访问按钮
			
 
				 	 */
			
 
				 	boolean allowVisit(HttpServletRequest request, RequestInterceptor.Authorization authorization) {
			
 
				-		if (authorization == null) {
			
 
				-			if (configuration.getUsername()!= null && configuration.getUsername() != null) {
			
 
				-				Cookie[] cookies = request.getCookies();
			
 
				-				if (cookies != null) {
			
 
				-					for (Cookie cookie : cookies) {
			
 
				-						if (configuration.getTokenKey().equals(cookie.getName())) {
			
 
				-							return cookie.getValue().equals(MD5Utils.encrypt(String.format("%s||%s", configuration.getUsername(), configuration.getPassword())));
			
 
				-						}
			
 
				-					}
			
 
				-				}
			
 
				+		if (configuration.getUsername()!= null && configuration.getUsername() != null) {
			
 
				+			String headerValue = request.getHeader(configuration.getTokenKey());
			
 
				+			String realValue = MD5Utils.encrypt(String.format("%s||%s", configuration.getUsername(), configuration.getPassword()));
			
 
				+			if(!Objects.equals(realValue,headerValue)){
			
 
				 				return false;
			
 
				 			}
			
 
				+		}
			
 
				+		if (authorization == null) {
			
 
				 			return true;
			
 
				 		}
			
 
				 		for (RequestInterceptor requestInterceptor : configuration.getRequestInterceptors()) {
			
--- a/src/main/java/org/ssssssss/magicapi/config/MagicWorkbenchController.java
+++ b/src/main/java/org/ssssssss/magicapi/config/MagicWorkbenchController.java
@@ -1,5 +1,6 @@
 
				 package org.ssssssss.magicapi.config;
			
 
				 
			
 
				+import org.springframework.http.HttpHeaders;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				 import org.springframework.web.bind.annotation.ResponseBody;
			
 
				 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;
			
@@ -29,9 +30,8 @@ public class MagicWorkbenchController extends MagicController {
 
				 	@ResponseBody
			
 
				 	public JsonBean<Boolean> login(String username, String password, HttpServletRequest request, HttpServletResponse response) {
			
 
				 		if (username != null && password != null && Objects.equals(username, configuration.getUsername()) && Objects.equals(password, configuration.getPassword())) {
			
 
				-			Cookie cookie = new Cookie(configuration.getTokenKey(), MD5Utils.encrypt(String.format("%s||%s", username, password)));
			
 
				-			cookie.setHttpOnly(true);
			
 
				-			response.addCookie(cookie);
			
 
				+			response.setHeader(configuration.getTokenKey(),MD5Utils.encrypt(String.format("%s||%s", username, password)));
			
 
				+			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, configuration.getTokenKey());
			
 
				 			return new JsonBean<>(true);
			
 
				 		} else if (allowVisit(request, null)) {
			
 
				 			return new JsonBean<>(true);
			
--- a/src/main/java/org/ssssssss/magicapi/config/RequestHandler.java
+++ b/src/main/java/org/ssssssss/magicapi/config/RequestHandler.java
@@ -63,6 +63,8 @@ public class RequestHandler extends MagicController {
 
				 		boolean requestedFromTest = isRequestedFromTest(request);
			
 
				 		ApiInfo info = MappingHandlerMapping.getMappingApiInfo(request);
			
 
				 		if (requestedFromTest) {
			
 
				+			response.setHeader(HEADER_RESPONSE_WITH_MAGIC_API, "true");
			
 
				+			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HEADER_RESPONSE_WITH_MAGIC_API);
			
 
				 			if (!allowVisit(request, RequestInterceptor.Authorization.RUN)) {
			
 
				 				return new JsonBean<>(-10, "无权限执行测试方法");
			
 
				 			}
			
@@ -79,8 +81,6 @@ public class RequestHandler extends MagicController {
 
				 			return value;
			
 
				 		}
			
 
				 		if (requestedFromTest) {
			
 
				-			response.setHeader(HEADER_RESPONSE_WITH_MAGIC_API, "true");
			
 
				-			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HEADER_RESPONSE_WITH_MAGIC_API);
			
 
				 			if (isRequestedFromContinue(request)) {
			
 
				 				return invokeContinueRequest(request, response);
			
 
				 			}