diff --git a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java index 959ee0ad..e30609a4 100644 --- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java +++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseWareApi.java @@ -14,6 +14,7 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -99,8 +100,8 @@ public class CourseWareApi extends ApiBaseController { * @throws Exception */ @GetMapping("/resource") - public JsonResponse getVideo(HttpServletRequest request, HttpServletResponse response, String sign) throws Exception { - + public JsonResponse getVideo(HttpServletRequest request, HttpServletResponse response, String sign, + @CookieValue String token) throws Exception { if (StringUtils.isBlank(sign)) { return badRequest("非法请求"); } @@ -119,10 +120,6 @@ public class CourseWareApi extends ApiBaseController { if(!has) { return badRequest("页面不存在"); } - String token = request.getHeader("Xboe-Access-Token"); - if (StringUtils.isEmpty(token)) { - token = request.getHeader("token"); - } // 读取cookies中的时间 String cookieTime = getSignTimeCookie(request); if (StringUtils.isBlank(cookieTime)) { @@ -155,11 +152,12 @@ public class CourseWareApi extends ApiBaseController { return badRequest("验证错误"); } - String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中,long - String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号,long +// String time = signStr.substring(0, signStr.indexOf("/"));// 时间字符中,long +// String workNum = signStr.substring(2, signStr.indexOf("/"));// 工号,long + String[] array = signStr.split("/"); String cfid = signStr.substring(index+1);// 文件路径 - if (!workNum.equals(userNo)){ - return badRequest("工号不匹配"); + if (!array[2].equals(userNo)){ + return badRequest("token验证失败"); } // if (!time.equals(cookieTime)) { // log.info("请求头时间和解析后的时间对比:"+"解析时间:"+time+" 请求头时间:"+cookieTime);