1.修复：geteway中取customerId的逻辑漏洞

epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java

@@ -76,29 +76,39 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 
 			String customerId = "";
 
-			//需要认证
+			if (baseTokenDto != null) {
-			if (needAuth(requestUri)) {
-				if (StringUtils.isBlank(token)) {
-					return response(exchange,new Result<>().error(EpmetErrorCode.ERR10005.getCode(),EpmetErrorCode.ERR10005.getMsg()));
-				}
-				// 校验token
-				try {
 				if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) {
 					// 居民端
 					TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis, TokenDto.class);
-						validateTokenDto(resiTokenDto, token);
+					if (resiTokenDto != null) {
 						customerId = resiTokenDto.getCustomerId();
+						baseTokenDto = resiTokenDto;
+					}
 				} else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) {
 					// 政府端
 					GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis, GovTokenDto.class);
-						validateTokenDto(govTokenDto, token);
+					if (govTokenDto != null) {
 						customerId = govTokenDto.getCustomerId();
+						baseTokenDto = govTokenDto;
+					}
 				} else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){
 					//运营端
 					TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis, TokenDto.class);
-						validateTokenDto(resiTokenDto, token);
+					if (resiTokenDto != null) {
 						customerId = resiTokenDto.getCustomerId();
+						baseTokenDto = resiTokenDto;
 					}
+				}
+			}
+
+			//需要认证
+			if (needAuth(requestUri)) {
+				if (StringUtils.isBlank(token)) {
+					return response(exchange,new Result<>().error(EpmetErrorCode.ERR10005.getCode(),EpmetErrorCode.ERR10005.getMsg()));
+				}
+				// 校验token
+				try {
+					validateTokenDto(baseTokenDto, token);
 				} catch (RenException e) {
 					return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
 				}