exchange.git - Gitblit

			@@ -48,16 +48,16 @@
			public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
			HttpServletRequest request = (HttpServletRequest) servletRequest;
			HttpServletResponse response = (HttpServletResponse) servletResponse;
			String token = resolveToken(request);
			String token = resolveTokenOutCenter(request);

			if (!AppContants.TIME_OUT.equals(token)) {
			if (StrUtil.isNotBlank(token)) {
			String redisKey = "";
			// 根据user-agent判断pc端还是app端
			if (LoginUserUtils.isBrowser(request)) {
			redisKey = AppContants.PC_LOGIN_PREFIX + token;
			redisKey = token;;
			} else {
			redisKey = AppContants.APP_LOGIN_PREFIX + token;
			redisKey = token;;
			}

			String loginStr = (String) redisUtils.get(redisKey);
			@@ -65,13 +65,12 @@
			MemberEntity loginUser = JSONObject.parseObject(loginStr, MemberEntity.class);
			Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser, token, new ArrayList<>());
			SecurityContextHolder.getContext().setAuthentication(authentication);
			redisUtils.expire(redisKey, 300000);
			} else {
			log.info("token无法查询:{}", token);
			SecurityContextHolder.clearContext();
			}
			} else {
			log.info("token为空:{}", request.getRequestURI());
			// log.info("token为空:{}", request.getRequestURI());
			SecurityContextHolder.clearContext();
			}
			} else {
			@@ -79,6 +78,41 @@
			SecurityContextHolder.clearContext();
			}
			filterChain.doFilter(servletRequest, servletResponse);
			}

			/**
			* 解析前端传来的token，md5加密后的地址_设备iD_/api
			*
			* @param request
			* @return
			*/
			private String resolveTokenOutCenter(HttpServletRequest request) {
			try {
			String bearerToken = request.getHeader(AppContants.TOKEN_HEADER);
			//获取请求的完整路径
			StringBuffer requestURL = request.getRequestURL();

			if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(AppContants.TOKEN_START_WITH)) {
			// 去掉令牌前缀
			String rsaToken = bearerToken.replace(AppContants.TOKEN_START_WITH, "");
			RSA rsa = new RSA(securityProperties.getPrivateKey(), null);
			String decryptStr = rsa.decryptStr(rsaToken, KeyType.PrivateKey);
			String[] tokens = StrUtil.split(decryptStr, "_");

			if (StrUtil.isNotEmpty(requestURL) && requestURL.toString().contains(tokens[2])) {
			return tokens[0];
			} else {
			// log.info("前面token为{}", tokens[0]);
			// log.info("时间为:{}, 当前时间为:{}", tokens[1], System.currentTimeMillis());
			return AppContants.TIME_OUT;
			}
			}
			// log.info("bearerToken---->{}", bearerToken);
			} catch (Exception e) {
			log.error("#解析token异常#", e);
			return null;
			}
			return null;
			}

			/**
			@@ -99,12 +133,12 @@
			if (verifyTokenExpired(Long.parseLong(tokens[1]))) {
			return tokens[0];
			} else {
			log.info("前面token为{}", tokens[0]);
			log.info("时间为:{}, 当前时间为:{}", tokens[1], System.currentTimeMillis());
			// log.info("前面token为{}", tokens[0]);
			// log.info("时间为:{}, 当前时间为:{}", tokens[1], System.currentTimeMillis());
			return AppContants.TIME_OUT;
			}
			}
			log.info("bearerToken---->{}", bearerToken);
			// log.info("bearerToken---->{}", bearerToken);
			} catch (Exception e) {
			log.error("#解析token异常#", e);
			return null;
			@@ -116,7 +150,7 @@
			boolean isDebug = applicationProperties.isDebug();
			if (!isDebug) {
			long currentTime = System.currentTimeMillis();
			return currentTime - time <= 5000;
			return currentTime - time <= 30000;
			}
			return true;
			}