package com.doumee.core.Jwt; import com.doumee.core.annotation.LoginRequired; import com.doumee.core.constants.Constants; import com.doumee.core.constants.ResponseStatus; import com.doumee.core.exception.BusinessException; import io.jsonwebtoken.JwtException; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.web.client.RestTemplate; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; @Configuration public class WebMvcConfig implements WebMvcConfigurer { @Autowired private JdbcTemplate dao; /** * 添加拦截器 */ @Override public void addInterceptors(InterceptorRegistry registry) { //API接口JwtToken拦截器 HandlerInterceptor TokenInterceptor = new HandlerInterceptor() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 如果不是映射到方法直接通过 if (!(handler instanceof HandlerMethod)) { return true; } HandlerMethod handlerMethod = (HandlerMethod) handler; Class beanType = handlerMethod.getBeanType(); // Method method = handlerMethod.getMethod(); // 有 @LoginRequired 注解,需要登录认证 if (beanType.isAnnotationPresent(LoginRequired.class)) { //获取token String token = request.getHeader(JwtTokenUtil.HEADER_KEY); // 从 http 请求头中取出 token if (StringUtils.isNotBlank(token)) { checkLogin(request,response); } else { throw new BusinessException(ResponseStatus.BE_OVERDUE.getCode(),"未登录"); } }else if (handlerMethod.hasMethodAnnotation(LoginRequired.class)){ //获取token String token = request.getHeader(JwtTokenUtil.HEADER_KEY); // 从 http 请求头中取出 token if (StringUtils.isNotBlank(token)) { checkLogin(request,response); } else { throw new BusinessException(ResponseStatus.BE_OVERDUE.getCode(),"未登录"); } } return true; } }; registry.addInterceptor(TokenInterceptor).addPathPatterns("/web/**"); } public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response){ String token = request.getHeader(JwtTokenUtil.HEADER_KEY); try { //判断Token是否超时 boolean expiration = JwtTokenUtil.isTokenExpired(token); if (expiration) { throw new BusinessException(ResponseStatus.TOKEN_EXCEED_TIME.getCode(),"长时间未操作,请重新登录"); } //获取账号ID String memberId = JwtTokenUtil.getJwtPayLoad(token).getMemberId(); Integer isDeleted = dao.queryForObject(" select COALESCE(isdeleted,1) from member where id = ?", Integer.class, memberId); if(isDeleted.equals(Constants.ONE)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员"); } Integer isForbidden = dao.queryForObject(" select COALESCE(STATUS,1) from member where id = ?", Integer.class, memberId); if(isForbidden.equals(Constants.ONE)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员"); } Integer count = dao.queryForObject("select count(1) from member where id = ?", Integer.class, memberId); if (count != null && count > 0) { request.setAttribute(JwtTokenUtil.UserId_Name, memberId); return true; }else{ throw new BusinessException(ResponseStatus.BE_OVERDUE.getCode(),"用户信息出错"); } } catch (IllegalArgumentException | JwtException e) { throw new BusinessException(ResponseStatus.BE_OVERDUE.getCode(),"未登录"); } } @Bean public RestTemplate getRestTemplate(){ return new RestTemplate(); } }