feat(openapi):优化token验证与单位信息获取逻辑

- 在OpenApiControllerAop中增加token有效性检查，防止无效token继续执行 - 修改BizTokenModel中使用appId替代product作为对接单位标识 - 新增queryUnitInfoByAppId方法，通过appId从数据库查询单位信息 - 增加文件上传大小限制配置及Feign客户端超时时间配置 - 调整cylinderFillingHandler方法中的公司名称和编码来源，改为从token中获取

feat(openapi):优化token验证与单位信息获取逻辑
6222eafd · tianbo · 752b66e1 · 6222eafd · 6222eafd · 6222eafd
Commit 6222eafd authored Nov 14, 2025 by tianbo
5 changed files
--- a/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/aop/OpenApiControllerAop.java
+++ b/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/aop/OpenApiControllerAop.java
@@ -68,12 +68,15 @@ public class OpenApiControllerAop {


    private void fillRequestContext(String token) {
-    	String tokenKey = Redis.genKey(Constant.TOKEN_PREFIX,token);
+    	String tokenKey = Redis.genKey(Constant.TOKEN_PREFIX, token);
+        if (ValidationUtil.isEmpty(redisTemplate.opsForValue().get(tokenKey))) {
+            throw new AuthException("错误的token.");
+        }
    	BizTokenModel bizTokenModel = (BizTokenModel) redisTemplate.opsForValue().get(tokenKey);
        if(null == bizTokenModel) {
        	throw new AuthException("请求未包含认证信息.");
        }
-        String product = bizTokenModel.getProduct();
+        String product = bizTokenModel.getAppId(); // 使用appId作为每个对接单位的product
        String appKey = bizTokenModel.getAppKey();
        RequestContext.setToken(token);
        RequestContext.setProduct(product);

--- a/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/orm/dao/OpenapiBizTokenMapper.java
+++ b/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/orm/dao/OpenapiBizTokenMapper.java
 package com.yeejoin.amos.api.openapi.face.orm.dao;

-import org.apache.ibatis.annotations.Param;
-import org.apache.ibatis.annotations.Select;
-
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.yeejoin.amos.api.openapi.face.orm.entity.OpenapiBizToken;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;

 import java.util.List;
+import java.util.Map;

 /**
 * 
@@ -31,4 +31,7 @@ public interface OpenapiBizTokenMapper extends BaseMapper<OpenapiBizToken> {

 	@Select("select DEVELOPER_AGENCY from iot_openapi_biz_token  where DEVELOPER_AGENCY is not null AND DATA_TYPE = 'cyl' group by DEVELOPER_AGENCY")
 	public List<String> getServiceList();
+
+	@Select("select use_unit_code, use_unit from amos_tzs_biz.tz_base_enterprise_info where app_id = '${appId}'")
+	Map<String, String> queryUnitInfoByAppId(@Param("appId") String appId);
 }	
\ No newline at end of file
--- a/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/service/CylinderService.java
+++ b/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/service/CylinderService.java
@@ -8,8 +8,6 @@ import com.yeejoin.amos.api.openapi.face.model.*;
 import com.yeejoin.amos.api.openapi.face.orm.dao.ESCylinderFillingInfoRepository;
 import com.yeejoin.amos.boot.module.cylinder.api.entity.CylinderFillingMessageEntity;
 import com.yeejoin.amos.boot.module.cylinder.api.entity.ESCylinderFillingInfoDto;
-import com.yeejoin.amos.feign.privilege.Privilege;
-import com.yeejoin.amos.feign.privilege.model.AgencyUserModel;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 import org.apache.logging.log4j.LogManager;
@@ -72,16 +70,17 @@ public class CylinderService {

    @DSTransactional
    public void cylinderFillingHandler(String fillingData) throws MqttException {
-        String token = RequestContext.getToken();
-        AgencyUserModel me = Privilege.agencyUserClient.getme().getResult();
-        String tokenKey = Redis.genKey(Constant.TOKEN_PREFIX, token);
+        String tokenKey = Redis.genKey(Constant.TOKEN_PREFIX, RequestContext.getToken());
+        if (ValidationUtil.isEmpty(this.redisTemplate.opsForValue().get(tokenKey))) {
+            return;
+        }
        BizTokenModel bizTokenModel = (BizTokenModel) this.redisTemplate.opsForValue().get(tokenKey);

        JSONObject jsonobject = JSONObject.fromObject(fillingData);
        CylinderFillingMessageEntity cylinderFillingMessageEntity = new CylinderFillingMessageEntity();
        cylinderFillingMessageEntity.setTime(simpleDateFormat.format(new Date()));
-        cylinderFillingMessageEntity.setFillingCompanyName(me.getCompanys().get(0).getCompanyName());
-        cylinderFillingMessageEntity.setFillingCompanyCode(me.getCompanys().get(0).getCompanyCode());
+        cylinderFillingMessageEntity.setFillingCompanyName(bizTokenModel.getApiCompanyName());
+        cylinderFillingMessageEntity.setFillingCompanyCode(bizTokenModel.getApiCompanyCode());
        cylinderFillingMessageEntity.setAppId(cylinderFillingService.getAppId());
        cylinderFillingMessageEntity.setRawData(fillingData);


--- a/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/service/OpenapiBizTokenService.java
+++ b/amos-boot-data/amos-boot-data-openapi/src/main/java/com/yeejoin/amos/api/openapi/face/service/OpenapiBizTokenService.java
 package com.yeejoin.amos.api.openapi.face.service;


+import cn.hutool.core.map.MapUtil;
 import com.yeejoin.amos.api.openapi.constant.Constant;
 import com.yeejoin.amos.api.openapi.face.model.BizTokenModel;
 import com.yeejoin.amos.api.openapi.face.model.OpenapiBizTokenModel;
 import com.yeejoin.amos.api.openapi.face.orm.dao.OpenapiBizTokenMapper;
 import com.yeejoin.amos.api.openapi.face.orm.entity.OpenapiBizToken;
 import com.yeejoin.amos.component.feign.model.FeignClientResult;
+import com.yeejoin.amos.component.robot.AmosRequestContext;
+import com.yeejoin.amos.component.robot.SystemUserInfo;
 import com.yeejoin.amos.feign.privilege.Privilege;
-import com.yeejoin.amos.feign.privilege.model.AgencyUserModel;
 import com.yeejoin.amos.feign.privilege.model.IdPasswordAuthModel;
 import com.yeejoin.amos.feign.privilege.util.DesUtil;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -16,10 +18,12 @@ import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Component;
 import org.typroject.tyboot.component.cache.Redis;
 import org.typroject.tyboot.core.foundation.context.RequestContext;
+import org.typroject.tyboot.core.foundation.utils.ValidationUtil;
 import org.typroject.tyboot.core.rdbms.service.BaseService;

 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;


 /**
@@ -36,6 +40,12 @@ public class OpenapiBizTokenService extends BaseService<OpenapiBizTokenModel, Op
    @Autowired
    private RedisTemplate redisTemplate;

+	@Autowired
+	AmosRequestContext amosRequestContext;
+
+	@Autowired
+	SystemUserInfo systemUserInfo;
+
 	public static final String DEFAULT_PASSWORD = "a1234560";

    public List<String> getServiceList() {
@@ -43,21 +53,32 @@ public class OpenapiBizTokenService extends BaseService<OpenapiBizTokenModel, Op
 	}
    
 	public String getByAppId(String appId) {
+		Map<String, String> unitInfo = baseMapper.queryUnitInfoByAppId(appId);
+		if (ValidationUtil.isEmpty(unitInfo)) {
+			throw new RuntimeException("未找到对接单位信息");
+		}
+		String unitCode = MapUtil.getStr(unitInfo, "use_unit_code");
+		String unitName = MapUtil.getStr(unitInfo, "use_unit");
+
 		IdPasswordAuthModel idPasswordAuthModel = new IdPasswordAuthModel();
-		idPasswordAuthModel.setLoginId(appId);
-		idPasswordAuthModel.setPassword(DesUtil.encode(DEFAULT_PASSWORD, Constant.PASSWORD_ENCODE_KEY));
+		// 使用机器人登录：采用不同的product获取token
+		idPasswordAuthModel.setLoginId(amosRequestContext.getUserName());
+		idPasswordAuthModel.setPassword(DesUtil.encode(systemUserInfo.getPassword(), Constant.PASSWORD_ENCODE_KEY));
 		BizTokenModel bizTokenModel = new BizTokenModel();
 		bizTokenModel.setAppId(appId);
-		RequestContext.setProduct(bizTokenModel.getProduct());
+		RequestContext.setProduct(appId);
 	    RequestContext.setAppKey(bizTokenModel.getAppKey());
 		FeignClientResult<HashMap<String, Object>> responseModel = Privilege.authClient.idpassword(idPasswordAuthModel);
 		HashMap<String, Object> authModel = responseModel.getResult();
 		String token = (String) authModel.get("token");
 		bizTokenModel.setToken(token);
 		RequestContext.setToken(token);
-		AgencyUserModel user = Privilege.agencyUserClient.getme().getResult();
-		bizTokenModel.setApiCompanyCode(user.getCompanys().get(0).getCompanyCode()); // 当前一个人只能有一个单位
-		bizTokenModel.setApiCompanyName(user.getCompanys().get(0).getCompanyName()); // 当前一个人只能有一个单位
+//		AgencyUserModel user = Privilege.agencyUserClient.getme().getResult();
+//		bizTokenModel.setApiCompanyCode(user.getCompanys().get(0).getCompanyCode()); // 当前一个人只能有一个单位
+//		bizTokenModel.setApiCompanyName(user.getCompanys().get(0).getCompanyName()); // 当前一个人只能有一个单位
+		// 调整为从业务表根据appId查询单位信息
+		bizTokenModel.setApiCompanyCode(unitCode);
+		bizTokenModel.setApiCompanyName(unitName);
 		String tokenKey = Redis.genKey(Constant.TOKEN_PREFIX, token);
 		this.redisTemplate.opsForValue().set(tokenKey, bizTokenModel);
 		return token;

--- a/amos-boot-data/amos-boot-data-openapi/src/main/resources/application-vb.properties
+++ b/amos-boot-data/amos-boot-data-openapi/src/main/resources/application-vb.properties
@@ -67,4 +67,10 @@ biz.lxyd.lift.url=http://39.106.181.149:8088/elevatorapi
 ## ES properties:
 elasticsearch.username=elastic
 elasticsearch.password=a123456
-spring.elasticsearch.rest.uris=http://172.16.10.243:9200
\ No newline at end of file
+spring.elasticsearch.rest.uris=http://172.16.10.243:9200
+
+spring.servlet.multipart.max-file-size=100MB
+spring.servlet.multipart.max-request-size=100MB
+
+feign.client.config.default.connect-timeout=600000
+feign.client.config.default.read-timeout=600000
\ No newline at end of file