package com.linghu.utils;
|
|
import org.springframework.web.servlet.HandlerInterceptor;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
|
public class TokenInterceptor implements HandlerInterceptor {
|
private final OpenCryptUtil openCryptUtil;
|
|
public TokenInterceptor(OpenCryptUtil openCryptUtil) {
|
this.openCryptUtil = openCryptUtil;
|
}
|
|
// 预处理:控制器方法执行前调用
|
@Override
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
// 1. 跳过OPTIONS请求(可选,因为CORS已处理,这里只是双重保险)
|
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
|
return true; // 放行OPTIONS请求
|
}
|
|
// 2. 提取并验证Token(逻辑同之前的过滤器)
|
String token = extractToken(request);
|
if (token == null || !validateToken(token)) {
|
response.setStatus(HttpServletResponse.SC_OK);
|
response.setContentType("application/json;charset=UTF-8");
|
response.getWriter().write("{\"code\": 401, \"message\": \"无效的token\"}");
|
return false; // 拦截无效Token请求
|
}
|
|
// 3. Token有效,放行请求到控制器
|
return true;
|
}
|
|
// 提取Token(同过滤器逻辑)
|
private String extractToken(HttpServletRequest request) {
|
String authHeader = request.getHeader("Authorization");
|
return authHeader; // 注意:实际应判断是否以"Bearer "开头并截取
|
}
|
|
// 验证Token(同过滤器逻辑)
|
private boolean validateToken(String token) {
|
if (token == null || token.isEmpty()) {
|
return false;
|
}
|
String decrypted = openCryptUtil.decrypt(token);
|
return decrypted != null;
|
}
|
}
|
