From 65a038720314b4213bd546316dde5f48a1ffdb4e Mon Sep 17 00:00:00 2001
From: guyue <1721849008@qq.com>
Date: 星期四, 17 七月 2025 16:33:21 +0800
Subject: [PATCH] 增加token拦截器
---
src/main/java/com/linghu/config/WebConfig.java | 33 ++++++++++++++++
src/main/java/com/linghu/utils/TokenInterceptor.java | 49 ++++++++++++++++++++++++
2 files changed, 82 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/linghu/config/WebConfig.java b/src/main/java/com/linghu/config/WebConfig.java
new file mode 100644
index 0000000..a7f4558
--- /dev/null
+++ b/src/main/java/com/linghu/config/WebConfig.java
@@ -0,0 +1,33 @@
+package com.linghu.config;
+
+import com.linghu.utils.OpenCryptUtil;
+import com.linghu.utils.TokenInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer { // 实现WebMvcConfigurer
+ @Autowired
+ private final OpenCryptUtil openCryptUtil;
+ private final TokenInterceptor tokenInterceptor;
+
+ // 构造器注入依赖
+ public WebConfig(OpenCryptUtil openCryptUtil) {
+ this.openCryptUtil = openCryptUtil;
+ this.tokenInterceptor = new TokenInterceptor(openCryptUtil);
+ }
+
+ // 注册拦截器
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ registry.addInterceptor(tokenInterceptor)
+ .addPathPatterns("/**"); // 拦截/api/开头的请求(按需调整)
+// .excludePathPatterns( // 排除不需要拦截的路径(如登录、注册接口)
+// "/api/login",
+// "/api/register",
+// "/error" // 排除错误页
+// );
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/linghu/utils/TokenInterceptor.java b/src/main/java/com/linghu/utils/TokenInterceptor.java
new file mode 100644
index 0000000..3ec22ad
--- /dev/null
+++ b/src/main/java/com/linghu/utils/TokenInterceptor.java
@@ -0,0 +1,49 @@
+package com.linghu.utils;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class TokenInterceptor implements HandlerInterceptor {
+ private final OpenCryptUtil openCryptUtil;
+
+ public TokenInterceptor(OpenCryptUtil openCryptUtil) {
+ this.openCryptUtil = openCryptUtil;
+ }
+
+ // 预处理:控制器方法执行前调用
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+ // 1. 跳过OPTIONS请求(可选,因为CORS已处理,这里只是双重保险)
+ if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+ return true; // 放行OPTIONS请求
+ }
+
+ // 2. 提取并验证Token(逻辑同之前的过滤器)
+ String token = extractToken(request);
+ if (token == null || !validateToken(token)) {
+ response.setStatus(HttpServletResponse.SC_OK);
+ response.setContentType("application/json;charset=UTF-8");
+ response.getWriter().write("{\"code\": 401, \"message\": \"无效的token\"}");
+ return false; // 拦截无效Token请求
+ }
+
+ // 3. Token有效,放行请求到控制器
+ return true;
+ }
+
+ // 提取Token(同过滤器逻辑)
+ private String extractToken(HttpServletRequest request) {
+ String authHeader = request.getHeader("Authorization");
+ return authHeader; // 注意:实际应判断是否以"Bearer "开头并截取
+ }
+
+ // 验证Token(同过滤器逻辑)
+ private boolean validateToken(String token) {
+ if (token == null || token.isEmpty()) {
+ return false;
+ }
+ String decrypted = openCryptUtil.decrypt(token);
+ return decrypted != null;
+ }
+}
\ No newline at end of file
--
Gitblit v1.7.1