| | |
|---|
| | | HandlerMethod handlerMethod = (HandlerMethod) handler; |
|---|
| | | |
|---|
| | | Class<?> beanType = handlerMethod.getBeanType(); |
|---|
| | | |
|---|
| | | // Method method = handlerMethod.getMethod(); |
|---|
| | | |
|---|
| | | // 有 @LoginRequired 注解,需要登录认证 客户端使用 |
|---|
| | | if (beanType.isAnnotationPresent(LoginRequired.class) || handlerMethod.hasMethodAnnotation(LoginRequired.class)) { |
|---|
| | | //获取token |
|---|
| | | String token = request.getHeader(JwtTokenUtil.HEADER_KEY); // 从 http 请求头中取出 token |
|---|
| | | if (StringUtils.isNotBlank(token)) { |
|---|
| | | checkLogin(request,response); |
|---|
| | | } else { |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | // 有 @UserLoginRequired 注解,需要登录认证 内部人员使用 |
|---|
| | | } else if(beanType.isAnnotationPresent(UserLoginRequired.class) || handlerMethod.hasMethodAnnotation(UserLoginRequired.class)){ |
|---|
| | | //ERP 业务注解 |
|---|
| | | String token = request.getHeader(JwtTokenUtil.HEADER_KEY); |
|---|
| | | if (StringUtils.isNotBlank(token)) { |
|---|
| | | checkPersonnelLogin(request,response); |
|---|
| | | } else { |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | Boolean checkFlag = false; |
|---|
| | | if(!( handlerMethod.hasMethodAnnotation(LoginRequired.class) || handlerMethod.hasMethodAnnotation(UserLoginRequired.class)) |
|---|
| | | ){ |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | String token = request.getHeader(JwtTokenUtil.HEADER_KEY); |
|---|
| | | if(StringUtils.isBlank(token)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | if (handlerMethod.hasMethodAnnotation(LoginRequired.class)) { |
|---|
| | | checkFlag = checkLogin(request,response,token); |
|---|
| | | } |
|---|
| | | if(!checkFlag && handlerMethod.hasMethodAnnotation(UserLoginRequired.class)){ |
|---|
| | | checkFlag = checkPersonnelLogin(request,response,token); |
|---|
| | | } |
|---|
| | | if(!checkFlag){ |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response){ |
|---|
| | | String token = request.getHeader(JwtTokenUtil.HEADER_KEY); |
|---|
| | | public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response,String token){ |
|---|
| | | try { |
|---|
| | | //判断Token是否超时 |
|---|
| | | boolean expiration = JwtTokenUtil.isTokenExpired(token); |
|---|
| | | if (expiration) { |
|---|
| | | throw new BusinessException(ResponseStatus.TOKEN_EXCEED_TIME.getCode(),"长时间未操作,请重新登录"); |
|---|
| | | String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.CUSTOMER+"_"+token); |
|---|
| | | if(StringUtils.isBlank(tokenRedis)){ |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | //获取账号ID |
|---|
| | | Long memberId = JwtTokenUtil.getJwtPayLoad(token).getUserId(); |
|---|
| | | Integer userType = JwtTokenUtil.getJwtPayLoad(token).getUserType(); |
|---|
| | | if(!Constants.equalsInteger(userType,Constants.ZERO)){ |
|---|
| | | throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"无访问权限"); |
|---|
| | | } |
|---|
| | | Member member = dao.queryForObject(" select * from `member` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Member.class),memberId ); |
|---|
| | | Long memberId = getTokenId(token); |
|---|
| | | Member member = dao.queryForObject(" select * from `member` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Member.class),memberId); |
|---|
| | | if(Objects.isNull(member)){ |
|---|
| | | throw new BusinessException(ResponseStatus.DATA_EMPTY); |
|---|
| | | } |
|---|
| | | if(Objects.isNull(member.getOpenid())){ |
|---|
| | | throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已注销,请重新登录"); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger(member.getIsdeleted(),Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员"); |
|---|
| | | throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已删除,请联系管理员"); |
|---|
| | | } |
|---|
| | | if(!Constants.equalsInteger(member.getStatus(),Constants.ZERO)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员"); |
|---|
| | | throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已禁用,请联系管理员"); |
|---|
| | | } |
|---|
| | | request.setAttribute(JwtTokenUtil.UserId_Name, memberId); |
|---|
| | | request.setAttribute(JwtTokenUtil.UserType, ZTConstants.CUSTOMER); |
|---|
| | | request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token); |
|---|
| | | request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis); |
|---|
| | | return true; |
|---|
| | | } catch (IllegalArgumentException | JwtException e) { |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | public Boolean checkPersonnelLogin(HttpServletRequest request, HttpServletResponse response){ |
|---|
| | | String token = request.getHeader(JwtTokenUtil.HEADER_KEY); |
|---|
| | | public Boolean checkPersonnelLogin(HttpServletRequest request, HttpServletResponse response,String token){ |
|---|
| | | try { |
|---|
| | | if(isDebug){ |
|---|
| | | return true; |
|---|
| | | String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.BUSINESS+"_"+token); |
|---|
| | | if(StringUtils.isBlank(tokenRedis)){ |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | //判断Token是否超时 |
|---|
| | | boolean expiration = JwtTokenUtil.isTokenExpired(token); |
|---|
| | | if (expiration) { |
|---|
| | | throw new BusinessException(ResponseStatus.TOKEN_EXCEED_TIME.getCode(),"长时间未操作,请重新登录"); |
|---|
| | | } |
|---|
| | | //获取账号ID |
|---|
| | | Long userId = JwtTokenUtil.getJwtPayLoad(token).getUserId(); |
|---|
| | | Integer userType = JwtTokenUtil.getJwtPayLoad(token).getUserType(); |
|---|
| | | if(!Constants.equalsInteger(userType,Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"无访问权限"); |
|---|
| | | } |
|---|
| | | Long userId = getTokenId(token); |
|---|
| | | Users users = dao.queryForObject(" select * from `users` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Users.class),userId); |
|---|
| | | if(Objects.isNull(users)){ |
|---|
| | | throw new BusinessException(ResponseStatus.DATA_EMPTY); |
|---|
| | | } |
|---|
| | | if(Constants.equalsInteger(users.getIsdeleted(),Constants.ONE)){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员"); |
|---|
| | | throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户已删除,请联系管理员"); |
|---|
| | | } |
|---|
| | | if(!StringUtils.equals(users.getStatus(),Constants.ZERO+"")){ |
|---|
| | | throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员"); |
|---|
| | | if(!StringUtils.equals(users.getStatus(),Constants.ONE+"")){ |
|---|
| | | throw new BusinessException(ResponseStatus.USER_DISABLE_TIME.getCode(),"用户状态异常,请重新登录"); |
|---|
| | | } |
|---|
| | | request.setAttribute(JwtTokenUtil.UserId_Name, userId); |
|---|
| | | request.setAttribute(JwtTokenUtil.UserType, ZTConstants.BUSINESS); |
|---|
| | | request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token); |
|---|
| | | request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis); |
|---|
| | | return true; |
|---|
| | | } catch (IllegalArgumentException | JwtException e) { |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | |
|---|
| | | return new RestTemplate(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | public Long getTokenId(String token){ |
|---|
| | | try { |
|---|
| | | Integer lastIndex = token.lastIndexOf("_")+1; |
|---|
| | | Long tokenId = Long.valueOf(token.substring(lastIndex)); |
|---|
| | | return tokenId; |
|---|
| | | }catch (Exception e){ |
|---|
| | | throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
