package com.xcong.excoin.configurations.security; import cn.hutool.core.util.StrUtil; import cn.hutool.crypto.asymmetric.KeyType; import cn.hutool.crypto.asymmetric.RSA; import com.alibaba.fastjson.JSONObject; import com.xcong.excoin.common.contants.AppContants; import com.xcong.excoin.common.system.bean.LoginUserBean; import com.xcong.excoin.configurations.properties.ApplicationProperties; import com.xcong.excoin.configurations.properties.SecurityProperties; import com.xcong.excoin.utils.RedisUtils; import com.xcong.excoin.utils.SpringContextHolder; import lombok.extern.slf4j.Slf4j; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.StringUtils; import org.springframework.web.filter.GenericFilterBean; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.ArrayList; /** * @author wzy * @date 2020-05-12 **/ @Slf4j public class TokenFilter extends GenericFilterBean { private final ApplicationProperties applicationProperties = SpringContextHolder.getBean(ApplicationProperties.class); private final SecurityProperties securityProperties = SpringContextHolder.getBean(SecurityProperties.class); private final RedisUtils redisUtils = SpringContextHolder.getBean(RedisUtils.class); @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; String token = resolveToken(request); if (StrUtil.isNotBlank(token)) { String loginStr = (String) redisUtils.get(AppContants.APP_LOGIN_PREFIX + token); if (StrUtil.isNotBlank(loginStr)) { LoginUserBean loginUser = JSONObject.parseObject(loginStr, LoginUserBean.class); Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser.getMemberEntity(), token, new ArrayList<>()); SecurityContextHolder.getContext().setAuthentication(authentication); redisUtils.expire(AppContants.APP_LOGIN_PREFIX + token, 300000); } else { SecurityContextHolder.clearContext(); } } else { SecurityContextHolder.clearContext(); } filterChain.doFilter(servletRequest, servletResponse); } /** * 解析前端传来的token,先去掉Bearer,在rsa解密得到token_time,返回token,并判断time与当前是否在5s内 * * @param request * @return */ private String resolveToken(HttpServletRequest request) { try { // TODO debug模式下写死用户 String bearerToken = ""; if (applicationProperties.isDebug()) { bearerToken = "Bearer JSEre1ZUKEu2Ga5ORM+juxXv6yBwmt+FgLhxaeHf1EEJfIb3oRir4pXqe5JDhS6sXfLYOXRIAyBpq+SYBwAtGigxwzGVPn+k4Pt6vNxZ4h8Pk4IeG4+FqbFD0guzvu3WN2eRnnzYqCepl429v9Ju7n4jSG0Hj5ViM3MHQZs3qHo="; } else { bearerToken = request.getHeader(AppContants.TOKEN_HEADER); } if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(AppContants.TOKEN_START_WITH)) { // 去掉令牌前缀 String rsaToken = bearerToken.replace(AppContants.TOKEN_START_WITH, ""); RSA rsa = new RSA(securityProperties.getPrivateKey(), null); String[] tokens = StrUtil.split(rsa.decryptStr(rsaToken, KeyType.PrivateKey), "_"); if (verifyTokenExpired(Long.parseLong(tokens[1]))) { return tokens[0]; } return null; } } catch (Exception e) { log.error("#解析token异常#", e); return null; } return null; } private Boolean verifyTokenExpired(Long time) { boolean isDebug = applicationProperties.isDebug(); if (!isDebug) { long currentTime = System.currentTimeMillis(); return currentTime - time <= 5000; } return true; } }