From 6fe2d7f0114d77c9f63f53cb22bf53e496f50774 Mon Sep 17 00:00:00 2001
From: zhibing.pu <393733352@qq.com>
Date: 星期五, 23 八月 2024 14:32:37 +0800
Subject: [PATCH] 修改

---
 ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java             |  118 +++++++++++++++++++++++++++++++++++++++
 ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java |   10 ++-
 ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java               |   10 ++-
 ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java           |   15 +++--
 ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java                         |    2 
 ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java               |   10 ++-
 6 files changed, 147 insertions(+), 18 deletions(-)

diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
index 8128e68..0ec1a71 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
@@ -74,11 +74,13 @@
 		String userkey = JwtUtils.getUserKey(claims);
 		String userid = JwtUtils.getUserId(claims);
 		String username = JwtUtils.getUserName(claims);
+		String userType = JwtUtils.getUserType(claims);
 		
 		// 设置用户信息到请求
 		addHeader(mutate, SecurityConstants.USER_KEY, userkey);
 		addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
 		addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
+		addHeader(mutate, SecurityConstants.USER_TYPE, userType);
 		// 内部请求来源参数清除
 		removeHeader(mutate, SecurityConstants.FROM_SOURCE);
 		return chain.filter(exchange.mutate().request(mutate.build()).build());
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java
new file mode 100644
index 0000000..9b0c010
--- /dev/null
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/filter/AuthFilter.java
@@ -0,0 +1,118 @@
+package com.ruoyi.system.filter;
+
+import com.alibaba.fastjson.JSON;
+import com.ruoyi.account.api.feignClient.AppUserClient;
+import com.ruoyi.account.api.model.TAppUser;
+import com.ruoyi.common.core.constant.TokenConstants;
+import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.system.api.domain.SysUser;
+import com.ruoyi.system.api.feignClient.SysUserClient;
+import com.ruoyi.system.service.ISysUserService;
+import org.apache.logging.log4j.core.config.Order;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * @author zhibing.pu
+ * @Date 2024/8/23 11:22
+ */
+@Order(-200)
+@Component
+public class AuthFilter implements Filter {
+	private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
+	
+	@Lazy
+	@Resource
+	private AppUserClient appUserClient;
+	
+	@Lazy
+	@Resource
+	private ISysUserService sysUserService;
+	
+	
+	@Override
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+		HttpServletRequest request = (HttpServletRequest) servletRequest;
+		HttpServletResponse response = (HttpServletResponse) servletResponse;
+		String userid = request.getHeader("user_id");
+		if(StringUtils.isEmpty(userid)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+		String userType = request.getHeader("user_type");
+		//管理后台用户
+		if ("system".equals(userType)) {
+			SysUser sysUser = sysUserService.getById(userid);
+			if(null == sysUser || "2".equals(sysUser.getDelFlag())){
+				log.error("[账户异常处理]请求账户id:{}", userid);
+				unauthorizedResponse(response,"无效的账户");
+				return;
+			}
+			if("1".equals(sysUser.getStatus())){
+				log.error("[账户异常处理]请求账户id:{}", userid);
+				unauthorizedResponse(response,"账户已被停用,请联系系统管理员!");
+				return;
+			}
+		}
+		//小程序用户
+		if ("applet".equals(userType)) {
+			TAppUser appUser = appUserClient.getUserById(Long.valueOf(userid)).getData();
+			if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){
+				log.error("[账户异常处理]请求账户id:{}", userid);
+				unauthorizedResponse(response,"无效的账户");
+				return;
+			}
+			if(2 == appUser.getStatus()){
+				log.error("[账户异常处理]请求账户id:{}", userid);
+				unauthorizedResponse(response,"账户已被冻结,请联系系统管理员!");
+				return;
+			}
+		}
+		filterChain.doFilter(request, response);
+	}
+	
+	
+	
+	private void unauthorizedResponse(HttpServletResponse response, String msg) {
+		response.setStatus(HttpStatus.OK.value());
+		response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_UTF8_VALUE);
+		PrintWriter writer = null;
+		try {
+			writer = response.getWriter();
+		} catch (IOException e) {
+			throw new RuntimeException(e);
+		}
+		writer.println(JSON.toJSONString(R.fail(msg)));
+		writer.flush();
+		writer.close();
+	}
+	
+	
+	
+	/**
+	 * 获取请求token
+	 */
+	private String getToken(HttpServletRequest request) {
+		String token = request.getHeader(TokenConstants.AUTHENTICATION);
+		// 如果前端设置了令牌前缀,则裁剪掉前缀
+		if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
+			token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
+		}
+		return token;
+	}
+	
+	
+}
diff --git a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java
index 2793752..494fa29 100644
--- a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java
+++ b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/filter/AuthFilter.java
@@ -3,6 +3,7 @@
 import com.alibaba.fastjson.JSON;
 import com.ruoyi.account.api.feignClient.AppUserClient;
 import com.ruoyi.account.api.model.TAppUser;
+import com.ruoyi.account.service.TAppUserService;
 import com.ruoyi.common.core.constant.TokenConstants;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.utils.JwtUtils;
@@ -37,7 +38,7 @@
 	
 	@Lazy
 	@Resource
-	private AppUserClient appUserClient;
+	private TAppUserService appUserService;
 	
 	@Lazy
 	@Resource
@@ -48,10 +49,12 @@
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
-		String token = getToken(request);
-		Claims claims = JwtUtils.parseToken(token);
-		String userid = JwtUtils.getUserId(claims);
-		String userType = JwtUtils.getUserType(claims);
+		String userid = request.getHeader("user_id");
+		if(StringUtils.isEmpty(userid)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+		String userType = request.getHeader("user_type");
 		//管理后台用户
 		if ("system".equals(userType)) {
 			SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData();
@@ -68,7 +71,7 @@
 		}
 		//小程序用户
 		if ("applet".equals(userType)) {
-			TAppUser appUser = appUserClient.getUserById(Long.valueOf(userid)).getData();
+			TAppUser appUser = appUserService.getById(userid);
 			if(null == appUser || appUser.getDelFlag() || 3 == appUser.getStatus()){
 				log.error("[账户异常处理]请求账户id:{}", userid);
 				unauthorizedResponse(response,"无效的账户");
diff --git a/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java b/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java
index 2ef3e20..7383d16 100644
--- a/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java
+++ b/ruoyi-service/ruoyi-chargingPile/src/main/java/com/ruoyi/chargingPile/filter/AuthFilter.java
@@ -49,10 +49,12 @@
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
-		String token = getToken(request);
-		Claims claims = JwtUtils.parseToken(token);
-		String userid = JwtUtils.getUserId(claims);
-		String userType = JwtUtils.getUserType(claims);
+		String userid = request.getHeader("user_id");
+		if(StringUtils.isEmpty(userid)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+		String userType = request.getHeader("user_type");
 		//管理后台用户
 		if ("system".equals(userType)) {
 			SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData();
diff --git a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java
index db9addd..9702f6d 100644
--- a/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java
+++ b/ruoyi-service/ruoyi-order/src/main/java/com/ruoyi/order/filter/AuthFilter.java
@@ -48,10 +48,12 @@
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
-		String token = getToken(request);
-		Claims claims = JwtUtils.parseToken(token);
-		String userid = JwtUtils.getUserId(claims);
-		String userType = JwtUtils.getUserType(claims);
+		String userid = request.getHeader("user_id");
+		if(StringUtils.isEmpty(userid)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+		String userType = request.getHeader("user_type");
 		//管理后台用户
 		if ("system".equals(userType)) {
 			SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData();
diff --git a/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java b/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java
index 7790a23..5fab005 100644
--- a/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java
+++ b/ruoyi-service/ruoyi-other/src/main/java/com/ruoyi/other/filter/AuthFilter.java
@@ -48,10 +48,12 @@
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
-		String token = getToken(request);
-		Claims claims = JwtUtils.parseToken(token);
-		String userid = JwtUtils.getUserId(claims);
-		String userType = JwtUtils.getUserType(claims);
+		String userid = request.getHeader("user_id");
+		if(StringUtils.isEmpty(userid)){
+			filterChain.doFilter(request, response);
+			return;
+		}
+		String userType = request.getHeader("user_type");
 		//管理后台用户
 		if ("system".equals(userType)) {
 			SysUser sysUser = sysUserClient.getSysUser(Long.valueOf(userid)).getData();

--
Gitblit v1.7.1