最高最低价

zainali5120

2020-10-15 3474e43d869f6dda297dba0dcf24694a36dc6b9d

 src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java

@@ -4,8 +4,11 @@
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.xcong.excoin.common.LoginUserUtils;
import com.xcong.excoin.common.contants.AppContants;
import com.xcong.excoin.common.exception.GlobalException;
import com.xcong.excoin.common.response.Result;
import com.xcong.excoin.common.system.bean.LoginUserBean;
import com.xcong.excoin.configurations.properties.ApplicationProperties;
import com.xcong.excoin.configurations.properties.SecurityProperties;
@@ -24,6 +27,7 @@
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;

@@ -43,31 +47,37 @@
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String token = resolveToken(request);
        log.info("token为-->{}", token);
        if (StrUtil.isNotBlank(token)) {
            String redisKey = "";
            // 根据user-agent判断pc端还是app端
            if (LoginUserUtils.isBrowser(request)) {
                redisKey = AppContants.PC_LOGIN_PREFIX + token;
            } else {
                redisKey = AppContants.APP_LOGIN_PREFIX + token;
            }

            String loginStr = (String) redisUtils.get(redisKey);
            log.info("当前登陆用户为:{}", loginStr);
            if (StrUtil.isNotBlank(loginStr)) {
                MemberEntity loginUser = JSONObject.parseObject(loginStr, MemberEntity.class);
                Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser, token, new ArrayList<>());
                SecurityContextHolder.getContext().setAuthentication(authentication);
                redisUtils.expire(redisKey, 300000);
        if (!AppContants.TIME_OUT.equals(token)) {
            if (StrUtil.isNotBlank(token)) {
                String redisKey = "";
                // 根据user-agent判断pc端还是app端
                if (LoginUserUtils.isBrowser(request)) {
                    redisKey = AppContants.PC_LOGIN_PREFIX + token;
                } else {
                    redisKey = AppContants.APP_LOGIN_PREFIX + token;
                }

                String loginStr = (String) redisUtils.get(redisKey);
                if (StrUtil.isNotBlank(loginStr)) {
                    MemberEntity loginUser = JSONObject.parseObject(loginStr, MemberEntity.class);
                    Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser, token, new ArrayList<>());
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                    redisUtils.expire(redisKey, 36000);
                } else {
                    log.info("token无法查询:{}", token);
                    SecurityContextHolder.clearContext();
                }
            } else {
//                log.info("token为空:{}", request.getRequestURI());
                SecurityContextHolder.clearContext();
            }
        } else {
            response.setHeader("TimeOut", AppContants.TIME_OUT);
            SecurityContextHolder.clearContext();
        }

        filterChain.doFilter(servletRequest, servletResponse);
    }

@@ -79,23 +89,22 @@
     */
    private String resolveToken(HttpServletRequest request) {
        try {
            // TODO debug模式下写死用户
            String bearerToken = request.getHeader(AppContants.TOKEN_HEADER);
//            if (applicationProperties.isDebug()) {
//                bearerToken = "Bearer JSEre1ZUKEu2Ga5ORM+juxXv6yBwmt+FgLhxaeHf1EEJfIb3oRir4pXqe5JDhS6sXfLYOXRIAyBpq+SYBwAtGigxwzGVPn+k4Pt6vNxZ4h8Pk4IeG4+FqbFD0guzvu3WN2eRnnzYqCepl429v9Ju7n4jSG0Hj5ViM3MHQZs3qHo=";
//            } else {
//                bearerToken = request.getHeader(AppContants.TOKEN_HEADER);
//            }
            if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(AppContants.TOKEN_START_WITH)) {
                // 去掉令牌前缀
                String rsaToken = bearerToken.replace(AppContants.TOKEN_START_WITH, "");
                RSA rsa = new RSA(securityProperties.getPrivateKey(), null);
                String[] tokens = StrUtil.split(rsa.decryptStr(rsaToken, KeyType.PrivateKey), "_");

                if (verifyTokenExpired(Long.parseLong(tokens[1]))) {
                    return tokens[0];
                } else {
//                    log.info("前面token为{}", tokens[0]);
//                    log.info("时间为:{}, 当前时间为:{}", tokens[1], System.currentTimeMillis());
                    return AppContants.TIME_OUT;
                }
                return null;
            }
//            log.info("bearerToken---->{}", bearerToken);
        } catch (Exception e) {
            log.error("#解析token异常#", e);
            return null;
@@ -107,7 +116,7 @@
        boolean isDebug = applicationProperties.isDebug();
        if (!isDebug) {
            long currentTime = System.currentTimeMillis();
            return currentTime - time <= 5000;
            return currentTime - time <= 30000;
        }
        return true;
    }