| | |
|---|
| | | import com.ruoyi.common.core.constant.HttpStatus; |
|---|
| | | import com.ruoyi.common.core.constant.TokenConstants; |
|---|
| | | import com.ruoyi.common.core.utils.JwtUtils; |
|---|
| | | import com.ruoyi.common.core.utils.ServletUtils; |
|---|
| | | import com.ruoyi.common.core.utils.StringUtils; |
|---|
| | | import com.ruoyi.system.api.domain.SysUser; |
|---|
| | | import com.ruoyi.system.api.feignClient.SysUserClient; |
|---|
| | |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.context.annotation.Lazy; |
|---|
| | | import org.springframework.http.server.reactive.ServerHttpRequest; |
|---|
| | | import org.springframework.stereotype.Component; |
|---|
| | | import org.springframework.web.server.ServerWebExchange; |
|---|
| | | import org.springframework.web.server.WebFilter; |
|---|
| | | import org.springframework.web.server.WebFilterChain; |
|---|
| | | import reactor.core.publisher.Mono; |
|---|
| | | |
|---|
| | | import javax.annotation.Resource; |
|---|
| | | import javax.servlet.*; |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | | import java.io.IOException; |
|---|
| | | import java.io.PrintWriter; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * @author zhibing.pu |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Order(-200) |
|---|
| | | @Component |
|---|
| | | public class AuthFilter implements WebFilter { |
|---|
| | | public class AuthFilter implements Filter { |
|---|
| | | private static final Logger log = LoggerFactory.getLogger(AuthFilter.class); |
|---|
| | | |
|---|
| | | @Lazy |
|---|
| | |
|---|
| | | |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { |
|---|
| | | ServerHttpRequest request = exchange.getRequest(); |
|---|
| | | public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { |
|---|
| | | HttpServletRequest request = (HttpServletRequest) servletRequest; |
|---|
| | | HttpServletResponse response = (HttpServletResponse) servletResponse; |
|---|
| | | String token = getToken(request); |
|---|
| | | Claims claims = JwtUtils.parseToken(token); |
|---|
| | | String userid = JwtUtils.getUserId(claims); |
|---|
| | |
|---|
| | | SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData(); |
|---|
| | | if(null == sysUser || "2".equals(sysUser.getDelFlag())){ |
|---|
| | | log.error("[账户异常处理]请求账户id:{}", userid); |
|---|
| | | return unauthorizedResponse(exchange,"无效的账户"); |
|---|
| | | unauthorizedResponse(response,"无效的账户"); |
|---|
| | | } |
|---|
| | | if("1".equals(sysUser.getStatus())){ |
|---|
| | | log.error("[账户异常处理]请求账户id:{}", userid); |
|---|
| | | return unauthorizedResponse(exchange,"账户已被停用,请联系系统管理员!"); |
|---|
| | | unauthorizedResponse(response,"账户已被停用,请联系系统管理员!"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | //小程序用户 |
|---|
| | |
|---|
| | | TAppUser appUser = appUserClient.getUserById(Long.valueOf(userid)).getData(); |
|---|
| | | if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){ |
|---|
| | | log.error("[账户异常处理]请求账户id:{}", userid); |
|---|
| | | return unauthorizedResponse(exchange,"无效的账户"); |
|---|
| | | unauthorizedResponse(response,"无效的账户"); |
|---|
| | | } |
|---|
| | | if(2 == appUser.getStatus()){ |
|---|
| | | log.error("[账户异常处理]请求账户id:{}", userid); |
|---|
| | | return unauthorizedResponse(exchange,"账户已被冻结,请联系系统管理员!"); |
|---|
| | | unauthorizedResponse(response,"账户已被冻结,请联系系统管理员!"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return chain.filter(exchange); |
|---|
| | | filterChain.doFilter(request, response); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) { |
|---|
| | | return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED); |
|---|
| | | |
|---|
| | | private void unauthorizedResponse(HttpServletResponse response, String msg) { |
|---|
| | | response.setStatus(HttpStatus.UNAUTHORIZED); |
|---|
| | | PrintWriter writer = null; |
|---|
| | | try { |
|---|
| | | writer = response.getWriter(); |
|---|
| | | } catch (IOException e) { |
|---|
| | | throw new RuntimeException(e); |
|---|
| | | } |
|---|
| | | writer.println(msg); |
|---|
| | | writer.flush(); |
|---|
| | | writer.close(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 获取请求token |
|---|
| | | */ |
|---|
| | | private String getToken(ServerHttpRequest request) { |
|---|
| | | String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION); |
|---|
| | | private String getToken(HttpServletRequest request) { |
|---|
| | | String token = request.getHeader(TokenConstants.AUTHENTICATION); |
|---|
| | | // 如果前端设置了令牌前缀,则裁剪掉前缀 |
|---|
| | | if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) { |
|---|
| | | token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY); |
|---|
| | | } |
|---|
| | | return token; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
