灵狐GEO系统
parent: 693f70da | 补丁 | 提交 | ignore whitespace
guyue
2025-07-17 65a038720314b4213bd546316dde5f48a1ffdb4e 
增加token拦截器
2个文件已添加
82 ■■■■■ 已修改文件
src/main/java/com/linghu/config/WebConfig.java 33 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/linghu/utils/TokenInterceptor.java 49 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 src/main/java/com/linghu/config/WebConfig.java


New file


@@ -0,0 +1,33 @@


package com.linghu.config;




import com.linghu.utils.OpenCryptUtil;


import com.linghu.utils.TokenInterceptor;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.context.annotation.Configuration;


import org.springframework.web.servlet.config.annotation.InterceptorRegistry;


import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;




@Configuration


public class WebConfig implements WebMvcConfigurer { // 实现WebMvcConfigurer


    @Autowired


    private final OpenCryptUtil openCryptUtil;


    private final TokenInterceptor tokenInterceptor;




    // 构造器注入依赖


    public WebConfig(OpenCryptUtil openCryptUtil) {


        this.openCryptUtil = openCryptUtil;


        this.tokenInterceptor = new TokenInterceptor(openCryptUtil);


    }




    // 注册拦截器


    @Override


    public void addInterceptors(InterceptorRegistry registry) {


        registry.addInterceptor(tokenInterceptor)


                .addPathPatterns("/**"); // 拦截/api/开头的请求(按需调整)


//                .excludePathPatterns( // 排除不需要拦截的路径(如登录、注册接口)


//                        "/api/login",


//                        "/api/register",


//                        "/error" // 排除错误页


//                );


    }


}




 src/main/java/com/linghu/utils/TokenInterceptor.java


New file


@@ -0,0 +1,49 @@


package com.linghu.utils;




import org.springframework.web.servlet.HandlerInterceptor;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;




public class TokenInterceptor implements HandlerInterceptor {


    private final OpenCryptUtil openCryptUtil;




    public TokenInterceptor(OpenCryptUtil openCryptUtil) {


        this.openCryptUtil = openCryptUtil;


    }




    // 预处理:控制器方法执行前调用


    @Override


    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {


        // 1. 跳过OPTIONS请求(可选,因为CORS已处理,这里只是双重保险)


        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {


            return true; // 放行OPTIONS请求


        }




        // 2. 提取并验证Token(逻辑同之前的过滤器)


        String token = extractToken(request);


        if (token == null || !validateToken(token)) {


            response.setStatus(HttpServletResponse.SC_OK);


            response.setContentType("application/json;charset=UTF-8");


            response.getWriter().write("{\"code\": 401, \"message\": \"无效的token\"}");


            return false; // 拦截无效Token请求


        }




        // 3. Token有效,放行请求到控制器


        return true;


    }




    // 提取Token(同过滤器逻辑)


    private String extractToken(HttpServletRequest request) {


        String authHeader = request.getHeader("Authorization");


        return authHeader; // 注意:实际应判断是否以"Bearer "开头并截取


    }




    // 验证Token(同过滤器逻辑)


    private boolean validateToken(String token) {


        if (token == null || token.isEmpty()) {


            return false;


        }


        String decrypted = openCryptUtil.decrypt(token);


        return decrypted != null;


    }


}