forked from beauty-erp
zq-erp/src/main/java/com/matrix/system/common/interceptor/ApiUserLoginInterceptor.java
New file @@ -0,0 +1,123 @@ package com.matrix.system.common.interceptor; import com.alibaba.fastjson.JSONObject; import com.fasterxml.jackson.databind.ObjectMapper; import com.matrix.core.constance.MatrixConstance; import com.matrix.core.pojo.AjaxResult; import com.matrix.core.tools.LogUtil; import com.matrix.core.tools.RSAUtils; import com.matrix.core.tools.StringUtils; import com.matrix.system.common.bean.SysUsers; import com.matrix.system.common.dao.SysUsersDao; import com.matrix.system.common.init.LocalCache; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Objects; /** * @author wzy * @date 2020-12-21 **/ @Component public class ApiUserLoginInterceptor implements HandlerInterceptor { @Value("${login_private_key}") private String privateKey; @Value("${evn}") private String evn; @Autowired private SysUsersDao sysUsersDao; private static final String TOKEN_HEADER = "Authorization"; private static final String TOKEN_START_WITH = "Bearer "; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // if ("dev".equals(evn)) { // SysUsers sysUsers = sysUsersDao.selectById(1022L); // request.getSession().setAttribute(MatrixConstance.LOGIN_KEY, sysUsers); // return true; // } String token = resolveToken(request,privateKey); AjaxResult ajaxResult = new AjaxResult(); ajaxResult.setStatus(AjaxResult.STATUS_LOGIN_INVALID); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); if (StringUtils.isBlank(token)) { ajaxResult.setInfo("login time out"); response.getWriter().write(new ObjectMapper().writeValueAsString(ajaxResult)); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return false; } SysUsers sysUsers = LocalCache.get(token); if (Objects.isNull(sysUsers)) { ajaxResult.setInfo("login time out"); response.getWriter().write(new ObjectMapper().writeValueAsString(ajaxResult)); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return false; } request.getSession().setAttribute(MatrixConstance.LOGIN_KEY, sysUsers); return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { request.getSession().removeAttribute(MatrixConstance.LOGIN_KEY); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } /** * 解析token token_timestamp_url * * @param request * @return */ public static String resolveToken(HttpServletRequest request,String privateKey) { String headToken = request.getHeader(TOKEN_HEADER); String sb = request.getRequestURI(); if (StringUtils.isNotBlank(headToken) && headToken.startsWith(TOKEN_START_WITH)) { // 去掉令牌前缀 String rsaToken = headToken.replace(TOKEN_START_WITH, ""); try { String decryptToken = new String(RSAUtils.decryptByPrivateKey(rsaToken, privateKey)); String[] s = decryptToken.split("_"); if (s == null || s.length != 3) { return ""; } LogUtil.info("请求路径:{} -- {}", sb, s[2]); if (!sb.equals(s[2])) { return ""; } return s[0]; } catch (Exception e) { LogUtil.info("#token解析错误:{}#", e); return ""; } } return ""; } }
