From 7672968d78a959559f6067aa9aa13b28dc28f8aa Mon Sep 17 00:00:00 2001
From: zhibing.pu <393733352@qq.com>
Date: 星期三, 07 八月 2024 12:06:29 +0800
Subject: [PATCH] 添加网关参数签名校验
---
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java | 82 ++++++++++++++++++++--------------------
1 files changed, 41 insertions(+), 41 deletions(-)
diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
index 101de63..3b4a17d 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
@@ -3,6 +3,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
@@ -27,8 +28,7 @@
* @author ruoyi
*/
@Component
-public class AuthFilter implements GlobalFilter, Ordered
-{
+public class AuthFilter implements GlobalFilter, Ordered {
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
// 排除过滤的 uri 地址,nacos自行添加
@@ -37,56 +37,59 @@
@Autowired
private RedisService redisService;
+
+ @Value("${security.sign}")
+ private boolean parameter_signature;
@Override
- public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
- {
+ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpRequest.Builder mutate = request.mutate();
String url = request.getURI().getPath();
// 跳过不需要验证的路径
- if (StringUtils.matches(url, ignoreWhite.getWhites()))
- {
+ if (StringUtils.matches(url, ignoreWhite.getWhites())) {
return chain.filter(exchange);
}
- String token = getToken(request);
- if (StringUtils.isEmpty(token))
- {
- return unauthorizedResponse(exchange, "令牌不能为空");
+// String token = getToken(request);
+// if (StringUtils.isEmpty(token)) {
+// return unauthorizedResponse(exchange, "令牌不能为空");
+// }
+// Claims claims = JwtUtils.parseToken(token);
+// if (claims == null) {
+// return unauthorizedResponse(exchange, "令牌已过期或验证不正确!");
+// }
+// String userkey = JwtUtils.getUserKey(claims);
+// boolean islogin = redisService.hasKey(getTokenKey(userkey));
+// if (!islogin) {
+// return unauthorizedResponse(exchange, "登录状态已过期");
+// }
+// String userid = JwtUtils.getUserId(claims);
+// String username = JwtUtils.getUserName(claims);
+// if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
+// return unauthorizedResponse(exchange, "令牌验证失败");
+// }
+ if(parameter_signature){
+ String sign = request.getHeaders().getFirst(TokenConstants.SING);
+ String nonce_str = request.getHeaders().getFirst(TokenConstants.NONCE_STR);
+ if(StringUtils.isEmpty(sign) || StringUtils.isEmpty(nonce_str)){
+ log.error("[鉴权签名异常处理]请求路径:{}", exchange.getRequest().getPath());
+ return ServletUtils.webFluxResponseWriter(exchange.getResponse(), "签名校验失败", HttpStatus.BAD_REQUEST);
+ }
}
- Claims claims = JwtUtils.parseToken(token);
- if (claims == null)
- {
- return unauthorizedResponse(exchange, "令牌已过期或验证不正确!");
- }
- String userkey = JwtUtils.getUserKey(claims);
- boolean islogin = redisService.hasKey(getTokenKey(userkey));
- if (!islogin)
- {
- return unauthorizedResponse(exchange, "登录状态已过期");
- }
- String userid = JwtUtils.getUserId(claims);
- String username = JwtUtils.getUserName(claims);
- if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
- {
- return unauthorizedResponse(exchange, "令牌验证失败");
- }
-
+
// 设置用户信息到请求
- addHeader(mutate, SecurityConstants.USER_KEY, userkey);
- addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
- addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
+// addHeader(mutate, SecurityConstants.USER_KEY, userkey);
+// addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
+// addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
// 内部请求来源参数清除
removeHeader(mutate, SecurityConstants.FROM_SOURCE);
return chain.filter(exchange.mutate().request(mutate.build()).build());
}
- private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)
- {
- if (value == null)
- {
+ private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
+ if (value == null) {
return;
}
String valueStr = value.toString();
@@ -94,13 +97,11 @@
mutate.header(name, valueEncode);
}
- private void removeHeader(ServerHttpRequest.Builder mutate, String name)
- {
+ private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
}
- private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg)
- {
+ private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
log.error("[鉴权异常处理]请求路径:{}", exchange.getRequest().getPath());
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
}
@@ -116,8 +117,7 @@
/**
* 获取请求token
*/
- private String getToken(ServerHttpRequest request)
- {
+ private String getToken(ServerHttpRequest request) {
String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION);
// 如果前端设置了令牌前缀,则裁剪掉前缀
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
--
Gitblit v1.7.1