From bc5b433028879348a63fd7f2b5845ae17df896a6 Mon Sep 17 00:00:00 2001
From: luodangjia <luodangjia>
Date: 星期四, 08 八月 2024 16:19:46 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'
---
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java | 50 +++++++++++++++++++++++++-------------------------
1 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
index 101de63..d59c735 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
@@ -3,6 +3,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
@@ -27,8 +28,7 @@
* @author ruoyi
*/
@Component
-public class AuthFilter implements GlobalFilter, Ordered
-{
+public class AuthFilter implements GlobalFilter, Ordered {
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
// 排除过滤的 uri 地址,nacos自行添加
@@ -37,43 +37,48 @@
@Autowired
private RedisService redisService;
+
+ @Value("${security.sign}")
+ private boolean parameter_signature;
@Override
- public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
- {
+ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpRequest.Builder mutate = request.mutate();
String url = request.getURI().getPath();
// 跳过不需要验证的路径
- if (StringUtils.matches(url, ignoreWhite.getWhites()))
- {
+ if (StringUtils.matches(url, ignoreWhite.getWhites())) {
return chain.filter(exchange);
}
String token = getToken(request);
- if (StringUtils.isEmpty(token))
- {
+ if (StringUtils.isEmpty(token)) {
return unauthorizedResponse(exchange, "令牌不能为空");
}
Claims claims = JwtUtils.parseToken(token);
- if (claims == null)
- {
+ if (claims == null) {
return unauthorizedResponse(exchange, "令牌已过期或验证不正确!");
}
String userkey = JwtUtils.getUserKey(claims);
boolean islogin = redisService.hasKey(getTokenKey(userkey));
- if (!islogin)
- {
+ if (!islogin) {
return unauthorizedResponse(exchange, "登录状态已过期");
}
String userid = JwtUtils.getUserId(claims);
String username = JwtUtils.getUserName(claims);
- if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
- {
+ if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
return unauthorizedResponse(exchange, "令牌验证失败");
}
-
+ if(parameter_signature){
+ String sign = request.getHeaders().getFirst(TokenConstants.SING);
+ String nonce_str = request.getHeaders().getFirst(TokenConstants.NONCE_STR);
+ if(StringUtils.isEmpty(sign) || StringUtils.isEmpty(nonce_str)){
+ log.error("[鉴权签名异常处理]请求路径:{}", exchange.getRequest().getPath());
+ return ServletUtils.webFluxResponseWriter(exchange.getResponse(), "签名校验失败", HttpStatus.BAD_REQUEST);
+ }
+ }
+
// 设置用户信息到请求
addHeader(mutate, SecurityConstants.USER_KEY, userkey);
addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
@@ -83,10 +88,8 @@
return chain.filter(exchange.mutate().request(mutate.build()).build());
}
- private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)
- {
- if (value == null)
- {
+ private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
+ if (value == null) {
return;
}
String valueStr = value.toString();
@@ -94,13 +97,11 @@
mutate.header(name, valueEncode);
}
- private void removeHeader(ServerHttpRequest.Builder mutate, String name)
- {
+ private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
}
- private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg)
- {
+ private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
log.error("[鉴权异常处理]请求路径:{}", exchange.getRequest().getPath());
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
}
@@ -116,8 +117,7 @@
/**
* 获取请求token
*/
- private String getToken(ServerHttpRequest request)
- {
+ private String getToken(ServerHttpRequest request) {
String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION);
// 如果前端设置了令牌前缀,则裁剪掉前缀
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
--
Gitblit v1.7.1