fix(backend): validate digital sync client key header
This commit is contained in:
@@ -7,7 +7,9 @@ import com.xspaceagi.agent.core.adapter.dto.digital.DigitalEmployeeSyncResponseD
|
||||
import com.xspaceagi.system.spec.annotation.RequireResource;
|
||||
import com.xspaceagi.system.spec.dto.ReqResult;
|
||||
import jakarta.annotation.Resource;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
@@ -19,11 +21,30 @@ import static com.xspaceagi.system.spec.enums.ResourceEnum.CONTENT_DIGITAL_EMPLO
|
||||
@RequestMapping("/api/digital-employee/sync")
|
||||
public class DigitalEmployeeSyncController {
|
||||
|
||||
private static final String CLIENT_KEY_HEADER = "X-Qiming-Client-Key";
|
||||
|
||||
@Resource
|
||||
private DigitalEmployeeSyncApplicationService digitalEmployeeSyncApplicationService;
|
||||
|
||||
@RequestMapping(path = "/outbox", method = RequestMethod.POST)
|
||||
public ReqResult<DigitalEmployeeSyncResponseDto> syncOutbox(@RequestBody DigitalEmployeeSyncRequestDto request) {
|
||||
public ReqResult<DigitalEmployeeSyncResponseDto> syncOutbox(
|
||||
@RequestHeader(name = CLIENT_KEY_HEADER, required = false) String headerClientKey,
|
||||
@RequestBody(required = false) DigitalEmployeeSyncRequestDto request
|
||||
) {
|
||||
if (StringUtils.isBlank(headerClientKey)) {
|
||||
return ReqResult.create("0001", "客户端 Key header 缺失", null);
|
||||
}
|
||||
if (request == null) {
|
||||
request = new DigitalEmployeeSyncRequestDto();
|
||||
}
|
||||
String normalizedHeaderClientKey = headerClientKey.trim();
|
||||
if (StringUtils.isBlank(request.getClientKey())) {
|
||||
request.setClientKey(normalizedHeaderClientKey);
|
||||
} else if (!StringUtils.equals(request.getClientKey().trim(), normalizedHeaderClientKey)) {
|
||||
return ReqResult.create("0001", "客户端 Key header 与请求体不一致", null);
|
||||
} else {
|
||||
request.setClientKey(request.getClientKey().trim());
|
||||
}
|
||||
return ReqResult.success(digitalEmployeeSyncApplicationService.syncOutbox(request));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user