From 2260b36cfe77a2ae8df7d90d6925443a9514c57e Mon Sep 17 00:00:00 2001
From: ronger <ronger-x@outlook.com>
Date: Sun, 30 Oct 2022 19:15:54 +0800
Subject: [PATCH] =?UTF-8?q?:bug:=20=E7=BC=96=E8=BE=91=E5=99=A8=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=E6=96=87=E4=BB=B6=E4=BD=BF=E7=94=A8=20X-Upload-Token?=
 =?UTF-8?q?=20=E8=AF=B7=E6=B1=82=E5=A4=B4=E4=BC=A0=E9=80=92=20token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/com/rymcu/forest/auth/JwtFilter.java | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/rymcu/forest/auth/JwtFilter.java b/src/main/java/com/rymcu/forest/auth/JwtFilter.java
index 189bd5a..b2fb341 100644
--- a/src/main/java/com/rymcu/forest/auth/JwtFilter.java
+++ b/src/main/java/com/rymcu/forest/auth/JwtFilter.java
@@ -6,6 +6,7 @@ import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureException;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authz.UnauthenticatedException;
 import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
 import org.springframework.http.HttpStatus;
@@ -33,8 +34,12 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
      */
     @Override
     protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
-        HttpServletRequest req = (HttpServletRequest) request;
-        String authorization = req.getHeader(JwtConstants.AUTHORIZATION);
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String authorization = httpServletRequest.getHeader(JwtConstants.AUTHORIZATION);
+        if (StringUtils.isBlank(authorization)) {
+            // 编辑器上传文件使用 X-Upload-Token 请求头传递 token
+            authorization = httpServletRequest.getHeader(JwtConstants.UPLOAD_TOKEN);
+        }
         return authorization != null;
     }
 
@@ -45,6 +50,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
     protected boolean executeLogin(ServletRequest request, ServletResponse response) {
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
         String authorization = httpServletRequest.getHeader(JwtConstants.AUTHORIZATION);
+        if (StringUtils.isBlank(authorization)) {
+            // 编辑器上传文件使用 X-Upload-Token 请求头传递 token
+            authorization = httpServletRequest.getHeader(JwtConstants.UPLOAD_TOKEN);
+        }
         // 验证token
         Claims claims;
         try {