12.18

luodangjia

2025-01-13 cc134fa83edea4865b48d7afc1acda5ad70e7465

 ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java

New file
@@ -0,0 +1,117 @@
package com.ruoyi.other.filter;

import com.alibaba.fastjson.JSON;
import com.ruoyi.account.api.feignClient.AppUserClient;
import com.ruoyi.account.api.model.AppUser;
import com.ruoyi.common.core.constant.TokenConstants;
import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.api.feignClient.SysUserClient;
import org.apache.logging.log4j.core.config.Order;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @author zhibing.pu
 * @Date 2024/8/23 11:22
 */
@Order(-200)
@Component
public class AuthFilter implements Filter {
   private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
	
   @Lazy
   @Resource
   private AppUserClient appUserClient;
	
   @Lazy
   @Resource
   private SysUserClient sysUserClient;
	
	
   @Override
   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
      HttpServletRequest request = (HttpServletRequest) servletRequest;
      HttpServletResponse response = (HttpServletResponse) servletResponse;
      String userid = request.getHeader("user_id");
      if(StringUtils.isEmpty(userid)){
         filterChain.doFilter(servletRequest, servletResponse);
         return;
      }
      String userType = request.getHeader("user_type");
      //管理后台用户
      if ("system".equals(userType)) {
         SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData();
         if(null == sysUser || "2".equals(sysUser.getDelFlag())){
            log.error("[账户异常处理]请求账户id:{}", userid);
            unauthorizedResponse(response,"无效的账户");
            return;
         }
         if("1".equals(sysUser.getStatus())){
            log.error("[账户异常处理]请求账户id:{}", userid);
            unauthorizedResponse(response,"账户已被停用，请联系系统管理员！");
            return;
         }
      }
      //小程序用户
      if ("applet".equals(userType)) {
         AppUser appUser = appUserClient.getAppUserById(Long.valueOf(userid));
         if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){
            log.error("[账户异常处理]请求账户id:{}", userid);
            unauthorizedResponse(response,"无效的账户");
            return;
         }
         if(2 == appUser.getStatus()){
            log.error("[账户异常处理]请求账户id:{}", userid);
            unauthorizedResponse(response,"账户已被冻结，请联系系统管理员！");
            return;
         }
      }
      filterChain.doFilter(servletRequest, servletResponse);
   }
	
	
	
   private void unauthorizedResponse(HttpServletResponse response, String msg) {
      response.setStatus(HttpStatus.OK.value());
      response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_UTF8_VALUE);
      PrintWriter writer = null;
      try {
         writer = response.getWriter();
      } catch (IOException e) {
         throw new RuntimeException(e);
      }
      writer.println(JSON.toJSONString(R.fail(msg)));
      writer.flush();
      writer.close();
   }
	
	
	
   /**
    * 获取请求token
    */
   private String getToken(HttpServletRequest request) {
      String token = request.getHeader(TokenConstants.AUTHENTICATION);
      // 如果前端设置了令牌前缀，则裁剪掉前缀
      if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
         token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
      }
      return token;
   }
	
	
}