blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
jiangping
2024-05-11 5adc2541559cfefe3f9794d4a42a705b1ce83172 
 server/system_service/src/main/java/com/doumee/config/cloudfilter/LoginHandlerInterceptor.java


@@ -1,18 +1,24 @@


package com.doumee.config.cloudfilter;




import com.alibaba.fastjson.JSONObject;


import com.doumee.config.annotation.CloudRequiredPermission;


import com.doumee.config.annotation.LoginNoRequired;


import com.doumee.core.constants.ResponseStatus;


import com.doumee.core.exception.BusinessException;


import com.doumee.core.model.LoginUserInfo;


import com.doumee.core.utils.Constants;


import org.apache.commons.lang3.StringUtils;


import org.apache.shiro.authz.UnauthorizedException;


import org.apache.shiro.authz.annotation.RequiresPermissions;


import org.springframework.data.redis.core.RedisTemplate;


import org.springframework.web.method.HandlerMethod;


import org.springframework.web.servlet.HandlerInterceptor;




import javax.servlet.http.Cookie;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.util.Arrays;


import java.util.Enumeration;




public class LoginHandlerInterceptor implements HandlerInterceptor {




@@ -26,22 +32,55 @@




    @Override


    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {


        HandlerMethod handlerMethod = (HandlerMethod) handler;


        Class<?> beanType = handlerMethod.getBeanType();


        if (!beanType.isAnnotationPresent(LoginNoRequired.class) && !handlerMethod.hasMethodAnnotation(LoginNoRequired.class)) {


            //获取token


            String token = request.getHeader(Constants.HEADER_USER_TOKEN);  // 从 http 请求头中取出 token


            if (StringUtils.isNotBlank(token)) {


                checkLogin(request,response);


            } else {


                throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");


        if(handler instanceof HandlerMethod){


            HandlerMethod handlerMethod = (HandlerMethod) handler;


            Class<?> beanType = handlerMethod.getBeanType();


            if (!beanType.isAnnotationPresent(LoginNoRequired.class) && !handlerMethod.hasMethodAnnotation(LoginNoRequired.class)) {


                //获取token


                Cookie[]  cookies =   request.getCookies();


                String token = request.getHeader(Constants.HEADER_USER_TOKEN);  // 从 http 请求头中取出 token


                if(StringUtils.isBlank(token)){


                    for(Cookie c :cookies){


                        if(StringUtils.equals(c.getName(),Constants.HEADER_USER_TOKEN)){


                            token = c.getValue();


                        }


                    }


                }


                if (StringUtils.isNotBlank(token)) {


                    LoginUserInfo user =   checkLogin(token);


                    if (handlerMethod.hasMethodAnnotation(CloudRequiredPermission.class)) {


                        CloudRequiredPermission p = handlerMethod.getMethodAnnotation(CloudRequiredPermission.class);


                        if(p.value()!=null && p.value().length>0){


                            boolean hasPermission = false;


                            for(String s :p.value()){


                                if(user.getPermissions()!=null){


                                    for(String t :user.getPermissions()){


                                        if(StringUtils.equals(t,s)){


                                            hasPermission = true;


                                            break;


                                        }


                                    }


                                }


                            }


                            if(!hasPermission) {


                                //没有操作权限


                                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"没有该操作权限");


                            }


                        }




                    }


                } else {


                    throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");


                }


            }


        }else{


            throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");


        }




        return true;


    }




    private void checkLogin(HttpServletRequest request, HttpServletResponse response) {


        String token = request.getHeader(Constants.HEADER_USER_TOKEN);


    private LoginUserInfo checkLogin(String token) {


        if (token == null || token.isEmpty()) {


            throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录");


        }


@@ -53,6 +92,8 @@


        if(user ==null ){


            throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户登陆已失效,请重新登陆!");


        }


        //权限判断------------


        return  user;


    }




    //    @Override