调整登录和鉴权

src/main/java/org/ssssssss/magicapi/config/MagicConfiguration.java

@@ -5,10 +5,7 @@ import org.ssssssss.magicapi.interceptor.RequestInterceptor;
 import org.ssssssss.magicapi.provider.ApiServiceProvider;
 import org.ssssssss.magicapi.provider.GroupServiceProvider;
 import org.ssssssss.magicapi.provider.ResultProvider;
-import org.ssssssss.magicapi.utils.MD5Utils;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -29,7 +26,7 @@ public class MagicConfiguration {
 	 */
 	private String password;
 
-	private final String tokenKey = "MAGICTOKEN";
+	private final String tokenKey = "Magic-Token";
 
 	/**
 	 * 拦截器

src/main/java/org/ssssssss/magicapi/config/MagicController.java

@@ -3,8 +3,8 @@ package org.ssssssss.magicapi.config;
 import org.ssssssss.magicapi.interceptor.RequestInterceptor;
 import org.ssssssss.magicapi.utils.MD5Utils;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+import java.util.Objects;
 
 public class MagicController {
 
@@ -29,18 +29,14 @@ public class MagicController {
 	 * 判断是否有权限访问按钮
 	 */
 	boolean allowVisit(HttpServletRequest request, RequestInterceptor.Authorization authorization) {
-		if (authorization == null) {
-			if (configuration.getUsername()!= null && configuration.getUsername() != null) {
-				Cookie[] cookies = request.getCookies();
-				if (cookies != null) {
-					for (Cookie cookie : cookies) {
-						if (configuration.getTokenKey().equals(cookie.getName())) {
-							return cookie.getValue().equals(MD5Utils.encrypt(String.format("%s||%s", configuration.getUsername(), configuration.getPassword())));
-						}
-					}
-				}
+		if (configuration.getUsername()!= null && configuration.getUsername() != null) {
+			String headerValue = request.getHeader(configuration.getTokenKey());
+			String realValue = MD5Utils.encrypt(String.format("%s||%s", configuration.getUsername(), configuration.getPassword()));
+			if(!Objects.equals(realValue,headerValue)){
 				return false;
 			}
+		}
+		if (authorization == null) {
 			return true;
 		}
 		for (RequestInterceptor requestInterceptor : configuration.getRequestInterceptors()) {

src/main/java/org/ssssssss/magicapi/config/MagicWorkbenchController.java

@@ -1,5 +1,6 @@
 package org.ssssssss.magicapi.config;
 
+import org.springframework.http.HttpHeaders;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;
@@ -29,9 +30,8 @@ public class MagicWorkbenchController extends MagicController {
 	@ResponseBody
 	public JsonBean<Boolean> login(String username, String password, HttpServletRequest request, HttpServletResponse response) {
 		if (username != null && password != null && Objects.equals(username, configuration.getUsername()) && Objects.equals(password, configuration.getPassword())) {
-			Cookie cookie = new Cookie(configuration.getTokenKey(), MD5Utils.encrypt(String.format("%s||%s", username, password)));
-			cookie.setHttpOnly(true);
-			response.addCookie(cookie);
+			response.setHeader(configuration.getTokenKey(),MD5Utils.encrypt(String.format("%s||%s", username, password)));
+			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, configuration.getTokenKey());
 			return new JsonBean<>(true);
 		} else if (allowVisit(request, null)) {
 			return new JsonBean<>(true);

src/main/java/org/ssssssss/magicapi/config/RequestHandler.java

@@ -63,6 +63,8 @@ public class RequestHandler extends MagicController {
 		boolean requestedFromTest = isRequestedFromTest(request);
 		ApiInfo info = MappingHandlerMapping.getMappingApiInfo(request);
 		if (requestedFromTest) {
+			response.setHeader(HEADER_RESPONSE_WITH_MAGIC_API, "true");
+			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HEADER_RESPONSE_WITH_MAGIC_API);
 			if (!allowVisit(request, RequestInterceptor.Authorization.RUN)) {
 				return new JsonBean<>(-10, "无权限执行测试方法");
 			}
@@ -79,8 +81,6 @@ public class RequestHandler extends MagicController {
 			return value;
 		}
 		if (requestedFromTest) {
-			response.setHeader(HEADER_RESPONSE_WITH_MAGIC_API, "true");
-			response.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HEADER_RESPONSE_WITH_MAGIC_API);
 			if (isRequestedFromContinue(request)) {
 				return invokeContinueRequest(request, response);
 			}