comfig

4 years ago · 7da38806e4
5 changed files with 149 additions and 18 deletions
--- a/signin/src/main/java/com/ccsens/signin/config/SpringConfig.java
+++ b/signin/src/main/java/com/ccsens/signin/config/SpringConfig.java
@ -126,32 +126,33 @@ public class SpringConfig implements WebMvcConfigurer {
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
-        //addPathPatterns 用于添加拦截规则
-        //excludePathPatterns 用于排除拦截
-//        registry.addInterceptor(tokenInterceptor())
+//        addPathPatterns 用于添加拦截规则
+//        excludePathPatterns 用于排除拦截
+        registry.addInterceptor(tokenInterceptor())
 //                .addPathPatterns("/projects/**")
 //                .addPathPatterns("/messages/**")
-//                .addPathPatterns("/users/**")
-//                    .excludePathPatterns("/users/signin")
-//                    .excludePathPatterns("/users/smscode")
-//                    .excludePathPatterns("/users/signup")
-//                    .excludePathPatterns("/users/password")
-//                    .excludePathPatterns("/users/account")
-//                    .excludePathPatterns("/users/token")
-//                    .excludePathPatterns("/users/claims")
+                .addPathPatterns("/users/**")
+                    .excludePathPatterns("/users/signin")
+                    .excludePathPatterns("/users/smscode")
+                    .excludePathPatterns("/users/signup")
+                    .excludePathPatterns("/users/password")
+                    .excludePathPatterns("/users/account")
+                    .excludePathPatterns("/users/token")
+                    .excludePathPatterns("/users/claims")
+                    .excludePathPatterns("/users/userId");
 //                .addPathPatterns("/plugins/**")
 //                .addPathPatterns("/delivers/**")
 //                .addPathPatterns("/tasks/**")
 //                .addPathPatterns("/members/**")
 //                .addPathPatterns("/templates/**")
 //                .addPathPatterns("/hardware/**");
-        //super.addInterceptors(registry);
+//        super.addInterceptors(registry);
+    }
+
+    @Bean
+    public TokenInterceptor tokenInterceptor(){
+        return new TokenInterceptor();
    }
-//
-//    @Bean
-//    public TokenInterceptor tokenInterceptor(){
-//        return new TokenInterceptor();
-//    }

    /**
     * 配置数据源（单数据源）
--- a/signin/src/main/java/com/ccsens/signin/config/TokenInterceptor.java
+++ b/signin/src/main/java/com/ccsens/signin/config/TokenInterceptor.java
@ -0,0 +1,79 @@
+package com.ccsens.signin.config;
+
+import com.ccsens.signin.bean.po.SysUser;
+import com.ccsens.signin.service.IUserService;
+import com.ccsens.util.*;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.SignatureException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class TokenInterceptor implements HandlerInterceptor {
+    @Autowired
+    private IUserService userService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
+        // 验证token是否存在
+        final String authHeader = httpServletRequest.getHeader(WebConstant.HEADER_KEY_TOKEN);
+        if (authHeader == null || !authHeader.startsWith(WebConstant.HEADER_KEY_TOKEN_PREFIX)) {
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().tokenNotFound()));
+            return false;
+        }
+        final String token = authHeader.substring(WebConstant.HEADER_KEY_TOKEN_PREFIX.length());
+
+        //验证token是否有效
+        Claims claims = null;
+        try {
+            claims = JwtUtil.parseJWT(token, WebConstant.JWT_ACCESS_TOKEN_SECERT);
+        }catch(SignatureException e){
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().tokenSignatureFail(e.getMessage())));
+            return false;
+        }catch(ExpiredJwtException e){
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().tokenExpire(e.getMessage())));
+            return false;
+        }catch(Exception e){
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().tokenFailed(e.getMessage())));
+            return false;
+        }
+
+        //验证用户存根
+        if(userService.tokenNotExistInCache(Long.valueOf(claims.getSubject()))){
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().tokenStubNotFound()));
+            return false;
+        }
+
+
+        //验证用户是否禁用
+        SysUser user = userService.getUserById(Long.valueOf(claims.getSubject()));
+        if(user.getRecStatus() == WebConstant.REC_STATUS.Disabled.value){
+            HttpServletUtil.responseJson(httpServletResponse,
+                    JacksonUtil.beanToJson(JsonResponse.newInstance().userDisabled()));
+            return false;
+        }
+
+        //在request中存放claims
+        httpServletRequest.setAttribute(WebConstant.REQUEST_KEY_CLAIMS,claims);
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
+
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
+
+    }
+}
--- a/util/src/main/java/com/ccsens/util/Md5Util.java
+++ b/util/src/main/java/com/ccsens/util/Md5Util.java
@ -100,4 +100,6 @@ public class Md5Util {
 //        System.out.println(getMd5File(path1));
 //    }

+
+
 }
--- a/util/src/main/java/com/ccsens/util/notice/NoticePropUtil.java
+++ b/util/src/main/java/com/ccsens/util/notice/NoticePropUtil.java
@ -14,7 +14,7 @@ import org.springframework.stereotype.Component;
 * @author: wu huijuan
 * @create: 2019/10/21 10:37
 */
-@PropertySource(name="noticePropUtil",value = {"classpath:notice/notice.yml"}, factory = MyPropertySourceFactory.class)
+//@PropertySource(name="noticePropUtil",value = {"classpath:notice/notice.yml"}, factory = MyPropertySourceFactory.class)
@Component
 public class NoticePropUtil {
    @ApiModelProperty("host")
--- a/util/src/test/java/com/ccsens/util/Base64Test.java
+++ b/util/src/test/java/com/ccsens/util/Base64Test.java
@ -1,8 +1,13 @@
 package com.ccsens.util;

 import cn.hutool.core.codec.Base64;
+import cn.hutool.core.lang.Console;
 import cn.hutool.core.util.ZipUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
+import com.alibaba.fastjson.JSONObject;
 import com.ccsens.util.exception.BaseException;
+import io.swagger.annotations.ApiModelProperty;
 import lombok.extern.slf4j.Slf4j;
 import org.junit.Test;
 import sun.misc.BASE64Decoder;
@ -12,6 +17,7 @@ import sun.misc.BASE64Encoder;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
+import java.security.MessageDigest;

 /**
 * @description:
@ -22,6 +28,8 @@ import java.io.FileOutputStream;
 public class Base64Test {


+    private static Object TestEncrypt;
+
    @Test
    public void test01() throws Exception {
        File file = new File("d:" + File.separator + "1.png");
@ -118,4 +126,45 @@ public class Base64Test {
        System.out.println(((Class)c.getClass().getField("TYPE").get(null)).isPrimitive());
    }

+    public static class TestEncrypt{
+        private Long p = 1386496320902139904L;
+        private Long r = 1386496320902139904L;
+    }
+
+    /**加密*/
+    @Test
+    public void test3()throws Exception{
+        String string1 = Md5Util.stringTo(JSONObject.toJSONString(Base64Test.TestEncrypt));
+        System.out.println(string1);
+//        SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, Base64.decode(key));
+//        String encryptHex = aes.encryptHex(string);
+//        System.out.println(encryptHex);
+        String s = Base64Test.shaEncode(JSONObject.toJSONString(Base64Test.TestEncrypt));
+        System.out.println(s);
+
+    }
+
+    public static String shaEncode(String inStr) throws Exception {
+        MessageDigest sha = null;
+        try {
+            sha = MessageDigest.getInstance("SHA");
+        } catch (Exception e) {
+            System.out.println(e.toString());
+            e.printStackTrace();
+            return "";
+        }
+
+        byte[] byteArray = inStr.getBytes("UTF-8");
+        byte[] md5Bytes = sha.digest(byteArray);
+        StringBuffer hexValue = new StringBuffer();
+        for (int i = 0; i < md5Bytes.length; i++) {
+            int val = ((int) md5Bytes[i]) & 0xff;
+            if (val < 16) {
+                hexValue.append("0");
+            }
+            hexValue.append(Integer.toHexString(val));
+        }
+        return hexValue.toString();
+    }
+
 }