From 6fe2d7f0114d77c9f63f53cb22bf53e496f50774 Mon Sep 17 00:00:00 2001 From: zhibing.pu <393733352@qq.com> Date: 星期五, 23 八月 2024 14:32:37 +0800 Subject: [PATCH] 修改 --- ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java | 118 +++++++++++++++++++++++++++++++++++++++ ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java | 10 ++- ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java | 10 ++- ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java | 15 +++-- ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java | 2 ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java | 10 ++- 6 files changed, 147 insertions(+), 18 deletions(-) diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java index 8128e68..0ec1a71 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java @@ -74,11 +74,13 @@ String userkey = JwtUtils.getUserKey(claims); String userid = JwtUtils.getUserId(claims); String username = JwtUtils.getUserName(claims); + String userType = JwtUtils.getUserType(claims); // 设置用户信息到请求 addHeader(mutate, SecurityConstants.USER_KEY, userkey); addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid); addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username); + addHeader(mutate, SecurityConstants.USER_TYPE, userType); // 内部请求来源参数清除 removeHeader(mutate, SecurityConstants.FROM_SOURCE); return chain.filter(exchange.mutate().request(mutate.build()).build()); diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java new file mode 100644 index 0000000..9b0c010 --- /dev/null +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java @@ -0,0 +1,118 @@ +package com.ruoyi.system.filter; + +import com.alibaba.fastjson.JSON; +import com.ruoyi.account.api.feignClient.AppUserClient; +import com.ruoyi.account.api.model.TAppUser; +import com.ruoyi.common.core.constant.TokenConstants; +import com.ruoyi.common.core.domain.R; +import com.ruoyi.common.core.utils.StringUtils; +import com.ruoyi.system.api.domain.SysUser; +import com.ruoyi.system.api.feignClient.SysUserClient; +import com.ruoyi.system.service.ISysUserService; +import org.apache.logging.log4j.core.config.Order; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.annotation.Lazy; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Component; + +import javax.annotation.Resource; +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +/** + * @author zhibing.pu + * @Date 2024/8/23 11:22 + */ +@Order(-200) +@Component +public class AuthFilter implements Filter { + private static final Logger log = LoggerFactory.getLogger(AuthFilter.class); + + @Lazy + @Resource + private AppUserClient appUserClient; + + @Lazy + @Resource + private ISysUserService sysUserService; + + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; + String userid = request.getHeader("user_id"); + if(StringUtils.isEmpty(userid)){ + filterChain.doFilter(request, response); + return; + } + String userType = request.getHeader("user_type"); + //管理后台用户 + if ("system".equals(userType)) { + SysUser sysUser = sysUserService.getById(userid); + if(null == sysUser || "2".equals(sysUser.getDelFlag())){ + log.error("[账户异常处理]请求账户id:{}", userid); + unauthorizedResponse(response,"无效的账户"); + return; + } + if("1".equals(sysUser.getStatus())){ + log.error("[账户异常处理]请求账户id:{}", userid); + unauthorizedResponse(response,"账户已被停用,请联系系统管理员!"); + return; + } + } + //小程序用户 + if ("applet".equals(userType)) { + TAppUser appUser = appUserClient.getUserById(Long.valueOf(userid)).getData(); + if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){ + log.error("[账户异常处理]请求账户id:{}", userid); + unauthorizedResponse(response,"无效的账户"); + return; + } + if(2 == appUser.getStatus()){ + log.error("[账户异常处理]请求账户id:{}", userid); + unauthorizedResponse(response,"账户已被冻结,请联系系统管理员!"); + return; + } + } + filterChain.doFilter(request, response); + } + + + + private void unauthorizedResponse(HttpServletResponse response, String msg) { + response.setStatus(HttpStatus.OK.value()); + response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_UTF8_VALUE); + PrintWriter writer = null; + try { + writer = response.getWriter(); + } catch (IOException e) { + throw new RuntimeException(e); + } + writer.println(JSON.toJSONString(R.fail(msg))); + writer.flush(); + writer.close(); + } + + + + /** + * 获取请求token + */ + private String getToken(HttpServletRequest request) { + String token = request.getHeader(TokenConstants.AUTHENTICATION); + // 如果前端设置了令牌前缀,则裁剪掉前缀 + if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) { + token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY); + } + return token; + } + + +} diff --git a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java index 2793752..494fa29 100644 --- a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java +++ b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java @@ -3,6 +3,7 @@ import com.alibaba.fastjson.JSON; import com.ruoyi.account.api.feignClient.AppUserClient; import com.ruoyi.account.api.model.TAppUser; +import com.ruoyi.account.service.TAppUserService; import com.ruoyi.common.core.constant.TokenConstants; import com.ruoyi.common.core.domain.R; import com.ruoyi.common.core.utils.JwtUtils; @@ -37,7 +38,7 @@ @Lazy @Resource - private AppUserClient appUserClient; + private TAppUserService appUserService; @Lazy @Resource @@ -48,10 +49,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; - String token = getToken(request); - Claims claims = JwtUtils.parseToken(token); - String userid = JwtUtils.getUserId(claims); - String userType = JwtUtils.getUserType(claims); + String userid = request.getHeader("user_id"); + if(StringUtils.isEmpty(userid)){ + filterChain.doFilter(request, response); + return; + } + String userType = request.getHeader("user_type"); //管理后台用户 if ("system".equals(userType)) { SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData(); @@ -68,7 +71,7 @@ } //小程序用户 if ("applet".equals(userType)) { - TAppUser appUser = appUserClient.getUserById(Long.valueOf(userid)).getData(); + TAppUser appUser = appUserService.getById(userid); if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){ log.error("[账户异常处理]请求账户id:{}", userid); unauthorizedResponse(response,"无效的账户"); diff --git a/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java b/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java index 2ef3e20..7383d16 100644 --- a/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java +++ b/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java @@ -49,10 +49,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; - String token = getToken(request); - Claims claims = JwtUtils.parseToken(token); - String userid = JwtUtils.getUserId(claims); - String userType = JwtUtils.getUserType(claims); + String userid = request.getHeader("user_id"); + if(StringUtils.isEmpty(userid)){ + filterChain.doFilter(request, response); + return; + } + String userType = request.getHeader("user_type"); //管理后台用户 if ("system".equals(userType)) { SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData(); diff --git a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java index db9addd..9702f6d 100644 --- a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java +++ b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java @@ -48,10 +48,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; - String token = getToken(request); - Claims claims = JwtUtils.parseToken(token); - String userid = JwtUtils.getUserId(claims); - String userType = JwtUtils.getUserType(claims); + String userid = request.getHeader("user_id"); + if(StringUtils.isEmpty(userid)){ + filterChain.doFilter(request, response); + return; + } + String userType = request.getHeader("user_type"); //管理后台用户 if ("system".equals(userType)) { SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData(); diff --git a/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java b/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java index 7790a23..5fab005 100644 --- a/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java +++ b/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java @@ -48,10 +48,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; - String token = getToken(request); - Claims claims = JwtUtils.parseToken(token); - String userid = JwtUtils.getUserId(claims); - String userType = JwtUtils.getUserType(claims); + String userid = request.getHeader("user_id"); + if(StringUtils.isEmpty(userid)){ + filterChain.doFilter(request, response); + return; + } + String userType = request.getHeader("user_type"); //管理后台用户 if ("system".equals(userType)) { SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData(); -- Gitblit v1.7.1