package com.doumee.config.Jwt; import com.alibaba.fastjson.JSONObject; import com.doumee.biz.system.SystemDictDataBiz; import com.doumee.biz.zbom.model.zhongtai.ZTConstants; import com.doumee.config.annotation.UserLoginRequired; import com.doumee.config.annotation.LoginRequired; import com.doumee.core.constants.ResponseStatus; import com.doumee.core.exception.BusinessException; import com.doumee.core.utils.Constants; import com.doumee.core.utils.redis.RedisUtil; import com.doumee.dao.business.model.Member; import com.doumee.dao.business.model.Users; import io.jsonwebtoken.JwtException; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.jdbc.core.BeanPropertyRowMapper; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.web.client.RestTemplate; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Objects; @Configuration public class WebMvcConfig implements WebMvcConfigurer { @Autowired private JdbcTemplate dao; @Autowired private SystemDictDataBiz systemDictDataBiz; @Autowired private RedisTemplate redisTemplate; /** * 是否开发者 */ @Value("${debug_model}") private Boolean isDebug; /** * 添加拦截器 */ @Override public void addInterceptors(InterceptorRegistry registry) { //API接口JwtToken拦截器 HandlerInterceptor TokenInterceptor = new HandlerInterceptor() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 如果不是映射到方法直接通过 if (!(handler instanceof HandlerMethod)) { return true; } HandlerMethod handlerMethod = (HandlerMethod) handler; Class beanType = handlerMethod.getBeanType(); Boolean checkFlag = false; if(!( handlerMethod.hasMethodAnnotation(LoginRequired.class) || handlerMethod.hasMethodAnnotation(UserLoginRequired.class)) ){ return true; } String token = request.getHeader(JwtTokenUtil.HEADER_KEY); if(StringUtils.isBlank(token)){ throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); } if (handlerMethod.hasMethodAnnotation(LoginRequired.class)) { checkFlag = checkLogin(request,response,token); } if(!checkFlag && handlerMethod.hasMethodAnnotation(UserLoginRequired.class)){ checkFlag = checkPersonnelLogin(request,response,token); } if(!checkFlag){ throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); } return true; } }; registry.addInterceptor(TokenInterceptor).addPathPatterns("/web/**"); } public Boolean checkLogin(HttpServletRequest request, HttpServletResponse response,String token){ try { String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.CUSTOMER+"_"+token); if(StringUtils.isBlank(tokenRedis)){ return false; } Long memberId = getTokenId(token); Member member = dao.queryForObject(" select * from `member` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Member.class),memberId); if(Objects.isNull(member)){ throw new BusinessException(ResponseStatus.DATA_EMPTY); } if(Objects.isNull(member.getOpenid())){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已注销,请重新登录"); } if(Constants.equalsInteger(member.getIsdeleted(),Constants.ONE)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员"); } if(!Constants.equalsInteger(member.getStatus(),Constants.ZERO)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员"); } request.setAttribute(JwtTokenUtil.UserId_Name, memberId); request.setAttribute(JwtTokenUtil.UserType, ZTConstants.CUSTOMER); request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token); request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis); return true; } catch (IllegalArgumentException | JwtException e) { throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); } } public Boolean checkPersonnelLogin(HttpServletRequest request, HttpServletResponse response,String token){ try { String tokenRedis = (String) redisTemplate.opsForValue().get(ZTConstants.BUSINESS+"_"+token); if(StringUtils.isBlank(tokenRedis)){ return false; } Long userId = getTokenId(token); Users users = dao.queryForObject(" select * from `users` where id = ? limit 1 ", new BeanPropertyRowMapper<>(Users.class),userId); if(Objects.isNull(users)){ throw new BusinessException(ResponseStatus.DATA_EMPTY); } if(Constants.equalsInteger(users.getIsdeleted(),Constants.ONE)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已删除,请联系管理员"); } if(!StringUtils.equals(users.getStatus(),Constants.ONE+"")){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"用户已禁用,请联系管理员"); } request.setAttribute(JwtTokenUtil.UserId_Name, userId); request.setAttribute(JwtTokenUtil.UserType, ZTConstants.BUSINESS); request.setAttribute(JwtTokenUtil.HEADER_KEY, ZTConstants.CUSTOMER+"_"+token); request.setAttribute(JwtTokenUtil.UserInfo, tokenRedis); return true; } catch (IllegalArgumentException | JwtException e) { throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); } } @Bean public RestTemplate getRestTemplate(){ return new RestTemplate(); } public Long getTokenId(String token){ try { Integer lastIndex = token.lastIndexOf("_")+1; Long tokenId = Long.valueOf(token.substring(lastIndex)); return tokenId; }catch (Exception e){ throw new BusinessException(ResponseStatus.NO_LOGIN.getCode(),"未登录"); } } }