diff --git a/tenant-service/src/main/java/com/xuqm/tenant/controller/AppController.java b/tenant-service/src/main/java/com/xuqm/tenant/controller/AppController.java index ea1e1f8..fbdb923 100644 --- a/tenant-service/src/main/java/com/xuqm/tenant/controller/AppController.java +++ b/tenant-service/src/main/java/com/xuqm/tenant/controller/AppController.java @@ -180,13 +180,24 @@ public class AppController { * Used by the security center to verify license file information. */ @PostMapping("/license/parse") - public ResponseEntity>> parseLicenseFile(@RequestBody Map body) { + public ResponseEntity>> parseLicenseFile( + @RequestBody Map body, + @AuthenticationPrincipal String tenantId) { String content = body.get("content"); if (content == null || content.isBlank()) { throw new BusinessException("License file content is required"); } try { LicenseFileCrypto.LicensePayload payload = LicenseFileCrypto.decrypt(content.trim()); + // Verify the license file belongs to the current tenant + try { + appService.getByAppKey(payload.appKey(), tenantId); + } catch (BusinessException e) { + if (e.getCode() == 403 || e.getCode() == 404) { + throw new BusinessException(403, "权限不足无法展示"); + } + throw e; + } Map data = new java.util.LinkedHashMap<>(); data.put("appKey", payload.appKey()); data.put("appName", payload.appName()); @@ -196,6 +207,8 @@ public class AppController { data.put("baseUrl", payload.baseUrl()); data.put("serverUrl", payload.serverUrl()); return ResponseEntity.ok(ApiResponse.success(data)); + } catch (BusinessException e) { + throw e; } catch (IllegalArgumentException e) { throw new BusinessException("Invalid license file: " + e.getMessage()); } catch (Exception e) {