|
|
@@ -97,6 +97,7 @@ public class WeChatController {
|
|
|
// 优先使用拦截器放入的 currentUserId(AuthInterceptor 已验证 X-Token)
|
|
|
Object attr = request.getAttribute("currentUserId");
|
|
|
Long userId = null;
|
|
|
+
|
|
|
if (attr instanceof Long) {
|
|
|
userId = (Long) attr;
|
|
|
} else if (attr instanceof Integer) {
|
|
|
@@ -104,26 +105,9 @@ public class WeChatController {
|
|
|
userId = ((Integer) attr).longValue();
|
|
|
}
|
|
|
|
|
|
- // 如果拦截器没有提供 userId,则回退到兼容旧接口的 token (header: token 或 body.token)
|
|
|
+ // 如果拦截器没有提供 userId,则401
|
|
|
if (userId == null) {
|
|
|
- String token = null;
|
|
|
- // 兼容拦截器使用的 X-Token header,如果外部直接调用也允许使用 token header 或 body
|
|
|
- if (request.getHeader("X-Token") != null && !request.getHeader("X-Token").isEmpty()) {
|
|
|
- token = request.getHeader("X-Token");
|
|
|
- } else if (request.getHeader("token") != null && !request.getHeader("token").isEmpty()) {
|
|
|
- token = request.getHeader("token");
|
|
|
- } else if (body != null && body.get("token") != null && !body.get("token").isEmpty()) {
|
|
|
- token = body.get("token");
|
|
|
- }
|
|
|
-
|
|
|
- if (token == null || token.isEmpty()) {
|
|
|
- return R.fail(401, "Missing token");
|
|
|
- }
|
|
|
-
|
|
|
- userId = tokenService.validateToken(token);
|
|
|
- if (userId == null) {
|
|
|
- return R.fail(401, "Invalid or expired token");
|
|
|
- }
|
|
|
+ return R.fail(401, "No valid userId");
|
|
|
}
|
|
|
|
|
|
UserInfo ui = userInfoMapper.selectById(userId);
|
mcbaiyun