|
|
@@ -1,265 +1,265 @@
|
|
1
|
|
-package com.yunzhi.marketing.interceptor;
|
|
2
|
|
-
|
|
3
|
|
-import com.alibaba.fastjson.JSONObject;
|
|
4
|
|
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
|
5
|
|
-import com.yunzhi.marketing.base.ResponseBean;
|
|
6
|
|
-import com.yunzhi.marketing.center.sysUser.entity.SysToken;
|
|
7
|
|
-import com.yunzhi.marketing.center.sysUser.service.ISysTokenService;
|
|
8
|
|
-import com.yunzhi.marketing.center.taUser.entity.TaButtonUriMap;
|
|
9
|
|
-import com.yunzhi.marketing.center.taUser.entity.TaUserRole;
|
|
10
|
|
-import com.yunzhi.marketing.center.taUser.service.ITaButtonUriMapService;
|
|
11
|
|
-import com.yunzhi.marketing.center.taUser.service.ITaUserRoleService;
|
|
12
|
|
-import com.yunzhi.marketing.common.JWTUtils;
|
|
13
|
|
-import com.yunzhi.marketing.common.StringUtils;
|
|
14
|
|
-import com.yunzhi.marketing.entity.SysButtonInMenu;
|
|
15
|
|
-import com.yunzhi.marketing.entity.TaRoleButton;
|
|
16
|
|
-import com.yunzhi.marketing.service.ISysButtonInMenuService;
|
|
17
|
|
-import com.yunzhi.marketing.service.ITaRoleButtonService;
|
|
18
|
|
-import com.yunzhi.marketing.third.service.ITaThirdPartyMiniappConfigService;
|
|
19
|
|
-import io.jsonwebtoken.*;
|
|
20
|
|
-import lombok.extern.slf4j.Slf4j;
|
|
21
|
|
-import org.springframework.beans.factory.annotation.Autowired;
|
|
22
|
|
-import org.springframework.stereotype.Component;
|
|
23
|
|
-import org.springframework.web.servlet.HandlerInterceptor;
|
|
24
|
|
-import org.springframework.web.servlet.ModelAndView;
|
|
25
|
|
-
|
|
26
|
|
-import javax.servlet.http.HttpServletRequest;
|
|
27
|
|
-import javax.servlet.http.HttpServletResponse;
|
|
28
|
|
-import java.util.List;
|
|
29
|
|
-import java.util.Map;
|
|
30
|
|
-
|
|
31
|
|
-@Slf4j
|
|
32
|
|
-@Component
|
|
33
|
|
-public class AccessInterceptor implements HandlerInterceptor {
|
|
34
|
|
-
|
|
35
|
|
- @Autowired
|
|
36
|
|
- private ISysTokenService sysTokenService;
|
|
37
|
|
-
|
|
38
|
|
- @Autowired
|
|
39
|
|
- private ITaUserRoleService taUserRoleService;
|
|
40
|
|
-
|
|
41
|
|
- @Autowired
|
|
42
|
|
- private ITaRoleButtonService taRoleButtonService;
|
|
43
|
|
-
|
|
44
|
|
- @Autowired
|
|
45
|
|
- private ISysButtonInMenuService sysButtonInMenuService;
|
|
46
|
|
-
|
|
47
|
|
- @Autowired
|
|
48
|
|
- private ITaButtonUriMapService taButtonUriMapService;
|
|
49
|
|
-
|
|
50
|
|
- @Autowired
|
|
51
|
|
- private ITaThirdPartyMiniappConfigService taThirdPartyMiniappConfigService;
|
|
52
|
|
-
|
|
53
|
|
- private String[] whiteList = {
|
|
54
|
|
- "/wx/chat", // 聊天暂时不鉴权
|
|
55
|
|
- "/api/wx/login",
|
|
56
|
|
- "/api/wx/tdCity",
|
|
57
|
|
- "/api/wx/preload",
|
|
58
|
|
- "/api/admin/signin",
|
|
59
|
|
- "/api/taCheckin/activity",
|
|
60
|
|
- "/api/wx/qrcode/scene",
|
|
61
|
|
- "/api/center/signin",
|
|
62
|
|
- "/api/channel/signin",
|
|
63
|
|
- "/api/admin/taUser/signin",
|
|
64
|
|
- "/swagger-resources/configuration/ui",
|
|
65
|
|
- "/swagger-resources",
|
|
66
|
|
- "/v2/api-docs",
|
|
67
|
|
- "/swagger-resources/configuration",
|
|
68
|
|
- "/swagger-ui.html",
|
|
69
|
|
- "/webjars",
|
|
70
|
|
- "/webjars/springfox-swagger-ui",
|
|
71
|
|
- "/webjars/springfox-swagger-ui/css/typography.css",
|
|
72
|
|
- "/clean/menurole",
|
|
73
|
|
- "/clean/buttonrole",
|
|
74
|
|
- "/api/admin/taPersonFromRecord",
|
|
75
|
|
- "/api/notify",//微信支付所有回调放过
|
|
76
|
|
- "/api/refund/",//微信退款所有回调放过
|
|
77
|
|
- "/api/fadd/",//所有的法大大回调放过
|
|
78
|
|
- "/api/third",
|
|
79
|
|
- "/api/third/redirect/",
|
|
80
|
|
- "/file/",
|
|
81
|
|
- "/api/official/" // 官网接口
|
|
82
|
|
- };
|
|
83
|
|
-
|
|
84
|
|
- /*
|
|
85
|
|
- * 视图渲染之后的操作
|
|
86
|
|
- */
|
|
87
|
|
- @Override
|
|
88
|
|
- public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
|
|
89
|
|
- throws Exception {
|
|
90
|
|
-
|
|
91
|
|
- }
|
|
92
|
|
-
|
|
93
|
|
- /*
|
|
94
|
|
- * 处理请求完成后视图渲染之前的处理操作
|
|
95
|
|
- */
|
|
96
|
|
- @Override
|
|
97
|
|
- public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
|
|
98
|
|
- throws Exception {
|
|
99
|
|
-
|
|
100
|
|
- }
|
|
101
|
|
-
|
|
102
|
|
- @Override
|
|
103
|
|
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
|
|
104
|
|
- log.info("接口请求路径是{}",request.getRequestURI());
|
|
105
|
|
- //第三方权限校验
|
|
106
|
|
- String tokenHeader = request.getHeader("x-token");
|
|
107
|
|
- if (!StringUtils.isEmpty(tokenHeader)){
|
|
108
|
|
- String appidHeader = request.getHeader("x-appid");
|
|
109
|
|
- String nowHeader = request.getHeader("x-time");
|
|
110
|
|
- String thirdState = taThirdPartyMiniappConfigService.checkToken(tokenHeader,appidHeader,nowHeader);
|
|
111
|
|
- if (thirdState.equals("success")){
|
|
112
|
|
- return true;
|
|
113
|
|
- }
|
|
114
|
|
-
|
|
115
|
|
- ResponseBean resp = ResponseBean.error(thirdState , ResponseBean.ERROR_AUTH_FAIL);
|
|
116
|
|
- response.addHeader("Content-type", "application/json");
|
|
117
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
118
|
|
- return false;
|
|
119
|
|
- }
|
|
120
|
|
-
|
|
121
|
|
- // 白名单跳过
|
|
122
|
|
- if (inWhiteList(request)) {
|
|
123
|
|
- return true;
|
|
124
|
|
- }
|
|
125
|
|
-
|
|
126
|
|
- // 微信头必须对
|
|
127
|
|
- if (!checkMiniApp(request)) {
|
|
128
|
|
- ResponseBean resp = ResponseBean.error("请使用微信请求接口", ResponseBean.ERROR_ILLEGAL_PARAMS);
|
|
129
|
|
-
|
|
130
|
|
- response.addHeader("Content-type", "application/json");
|
|
131
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
132
|
|
- return false;
|
|
133
|
|
- }
|
|
134
|
|
-
|
|
135
|
|
- // 消息头必须包含 authorization 字段
|
|
136
|
|
- String jwtHeader = request.getHeader("authorization");
|
|
137
|
|
- if (null == jwtHeader || "".equals(jwtHeader)) {
|
|
138
|
|
- ResponseBean resp = ResponseBean.error("请先进行系统登录操作", ResponseBean.ERROR_AUTH_FAIL);
|
|
139
|
|
-
|
|
140
|
|
- response.addHeader("Content-type", "application/json");
|
|
141
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
142
|
|
- return false;
|
|
143
|
|
- }
|
|
144
|
|
-
|
|
145
|
|
- String[] jwtAuths = jwtHeader.split("Bearer ");
|
|
146
|
|
- if (null == jwtAuths || jwtAuths.length < 2 || StringUtils.isEmpty(jwtAuths[1])) {
|
|
147
|
|
- ResponseBean resp = ResponseBean.error("权限验证非法, 数据格式不正确", ResponseBean.ERROR_AUTH_FAIL);
|
|
148
|
|
-
|
|
149
|
|
- response.addHeader("Content-type", "application/json");
|
|
150
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
151
|
|
- return false;
|
|
152
|
|
- }
|
|
153
|
|
-
|
|
154
|
|
- try {
|
|
155
|
|
- // 只尝试去解析
|
|
156
|
|
- Jwts.parser().setSigningKey(JWTUtils.key).parseClaimsJws(jwtAuths[1]);
|
|
157
|
|
- } catch (ExpiredJwtException e) {
|
|
158
|
|
- ResponseBean resp = ResponseBean.error("权限验证非法, 身份信息已过期", ResponseBean.ERROR_AUTH_EXPIRED);
|
|
159
|
|
- response.addHeader("Content-type", "application/json");
|
|
160
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
161
|
|
- return false;
|
|
162
|
|
-
|
|
163
|
|
- } catch (JwtException e) {
|
|
164
|
|
- ResponseBean resp = ResponseBean.error("权限验证非法, " + e.getMessage(), ResponseBean.ERROR_AUTH_FAIL);
|
|
165
|
|
-
|
|
166
|
|
-
|
|
167
|
|
- response.addHeader("Content-type", "application/json");
|
|
168
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
169
|
|
- return false;
|
|
170
|
|
- }
|
|
171
|
|
-
|
|
172
|
|
- //添加如果执行了登出操作提示先进行登录
|
|
173
|
|
- SysToken sysToken = sysTokenService.getById(jwtAuths[1]);
|
|
174
|
|
- if (null == sysToken){
|
|
175
|
|
- ResponseBean resp = ResponseBean.error("请先进行系统登录操作", ResponseBean.ERROR_AUTH_FAIL);
|
|
176
|
|
-
|
|
177
|
|
- response.addHeader("Content-type", "application/json");
|
|
178
|
|
- response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
179
|
|
- return false;
|
|
180
|
|
- }
|
|
181
|
|
-
|
|
182
|
|
-// 按钮权限校验
|
|
183
|
|
-// boolean state = checkButtonRole(request);
|
|
184
|
|
-// if (!state){
|
|
185
|
|
-// ResponseBean resp = ResponseBean.error("权限验证非法" , ResponseBean.ERROR_AUTH_FAIL);
|
|
186
|
|
-//
|
|
187
|
|
-// response.addHeader("Content-type", "application/json");
|
|
188
|
|
-// response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
189
|
|
-// return false;
|
|
190
|
|
-// }
|
|
191
|
|
-
|
|
192
|
|
- return true;
|
|
193
|
|
- }
|
|
194
|
|
-
|
|
195
|
|
- //检验按钮权限
|
|
196
|
|
- private boolean checkButtonRole(HttpServletRequest request) {
|
|
197
|
|
- String action = request.getHeader("x-action");
|
|
198
|
|
- if(StringUtils.isEmpty(action)){
|
|
199
|
|
- return false;
|
|
200
|
|
- }
|
|
201
|
|
- //根据路径匹配code 一致继续 否则无权限
|
|
202
|
|
- String requestURI = request.getRequestURI();
|
|
203
|
|
- String method = request.getMethod();
|
|
204
|
|
- TaButtonUriMap taButtonUriMap = taButtonUriMapService.getByURI(requestURI+":"+method);
|
|
205
|
|
- if (null == taButtonUriMap){
|
|
206
|
|
- return true;
|
|
207
|
|
- }
|
|
208
|
|
-
|
|
209
|
|
-
|
|
210
|
|
- if (!taButtonUriMap.getButtonCode().equals(action)){
|
|
211
|
|
- return false;
|
|
212
|
|
- }
|
|
213
|
|
-
|
|
214
|
|
- //根据code查询按钮权限
|
|
215
|
|
- Map map = JWTUtils.getUserIdAndOrgId(request);
|
|
216
|
|
- QueryWrapper<SysButtonInMenu> sysButtonInMenuQueryWrapper = new QueryWrapper<>();
|
|
217
|
|
- sysButtonInMenuQueryWrapper.eq("code",action);
|
|
218
|
|
- SysButtonInMenu sysButtonInMenu = sysButtonInMenuService.getOne(sysButtonInMenuQueryWrapper);
|
|
219
|
|
- if (null == sysButtonInMenu){
|
|
220
|
|
- return false;
|
|
221
|
|
- }
|
|
222
|
|
- //查询角色
|
|
223
|
|
- QueryWrapper<TaRoleButton> taRoleButtonQueryWrapper = new QueryWrapper<>();
|
|
224
|
|
- taRoleButtonQueryWrapper.eq("btn_id",sysButtonInMenu.getBtnId());
|
|
225
|
|
- List<TaRoleButton> taRoleButtonList = taRoleButtonService.list(taRoleButtonQueryWrapper);
|
|
226
|
|
- if (taRoleButtonList.size() < 1){
|
|
227
|
|
- return true;
|
|
228
|
|
- }
|
|
229
|
|
- //查询用户
|
|
230
|
|
- QueryWrapper<TaUserRole> taUserRoleQueryWrapper = new QueryWrapper<>();
|
|
231
|
|
- taUserRoleQueryWrapper.eq("user_id",map.get("userId"));
|
|
232
|
|
- TaUserRole taUserRole = taUserRoleService.getOne(taUserRoleQueryWrapper);
|
|
233
|
|
- for (TaRoleButton taRoleButton : taRoleButtonList){
|
|
234
|
|
- if (taRoleButton.getRoleId().equals(taUserRole.getRoleId())){
|
|
235
|
|
- return true;
|
|
236
|
|
- }
|
|
237
|
|
- }
|
|
238
|
|
-
|
|
239
|
|
- return false;
|
|
240
|
|
- }
|
|
241
|
|
-
|
|
242
|
|
- private boolean checkMiniApp(HttpServletRequest request) {
|
|
243
|
|
- String requestURI = request.getRequestURI();
|
|
244
|
|
-
|
|
245
|
|
- // 非微信请求
|
|
246
|
|
- if (!requestURI.startsWith("/api/wx")) {
|
|
247
|
|
- return true;
|
|
248
|
|
- }
|
|
249
|
|
-
|
|
250
|
|
- String ua = request.getHeader("user-agent");
|
|
251
|
|
- return ua.contains("micromessenger") || ua.contains("MicroMessenger");
|
|
252
|
|
- }
|
|
253
|
|
-
|
|
254
|
|
- private boolean inWhiteList(HttpServletRequest request) {
|
|
255
|
|
- String requestURI = request.getRequestURI();
|
|
256
|
|
-
|
|
257
|
|
- for (String it : whiteList) {
|
|
258
|
|
- if (requestURI.startsWith(it)) {
|
|
259
|
|
- return true;
|
|
260
|
|
- }
|
|
261
|
|
- }
|
|
262
|
|
-
|
|
263
|
|
- return false;
|
|
264
|
|
- }
|
|
265
|
|
-}
|
|
|
1
|
+package com.yunzhi.marketing.interceptor;
|
|
|
2
|
+
|
|
|
3
|
+import com.alibaba.fastjson.JSONObject;
|
|
|
4
|
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
|
|
5
|
+import com.yunzhi.marketing.base.ResponseBean;
|
|
|
6
|
+import com.yunzhi.marketing.center.sysUser.entity.SysToken;
|
|
|
7
|
+import com.yunzhi.marketing.center.sysUser.service.ISysTokenService;
|
|
|
8
|
+import com.yunzhi.marketing.center.taUser.entity.TaButtonUriMap;
|
|
|
9
|
+import com.yunzhi.marketing.center.taUser.entity.TaUserRole;
|
|
|
10
|
+import com.yunzhi.marketing.center.taUser.service.ITaButtonUriMapService;
|
|
|
11
|
+import com.yunzhi.marketing.center.taUser.service.ITaUserRoleService;
|
|
|
12
|
+import com.yunzhi.marketing.common.JWTUtils;
|
|
|
13
|
+import com.yunzhi.marketing.common.StringUtils;
|
|
|
14
|
+import com.yunzhi.marketing.entity.SysButtonInMenu;
|
|
|
15
|
+import com.yunzhi.marketing.entity.TaRoleButton;
|
|
|
16
|
+import com.yunzhi.marketing.service.ISysButtonInMenuService;
|
|
|
17
|
+import com.yunzhi.marketing.service.ITaRoleButtonService;
|
|
|
18
|
+import com.yunzhi.marketing.third.service.ITaThirdPartyMiniappConfigService;
|
|
|
19
|
+import io.jsonwebtoken.*;
|
|
|
20
|
+import lombok.extern.slf4j.Slf4j;
|
|
|
21
|
+import org.springframework.beans.factory.annotation.Autowired;
|
|
|
22
|
+import org.springframework.stereotype.Component;
|
|
|
23
|
+import org.springframework.web.servlet.HandlerInterceptor;
|
|
|
24
|
+import org.springframework.web.servlet.ModelAndView;
|
|
|
25
|
+
|
|
|
26
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
27
|
+import javax.servlet.http.HttpServletResponse;
|
|
|
28
|
+import java.util.List;
|
|
|
29
|
+import java.util.Map;
|
|
|
30
|
+
|
|
|
31
|
+@Slf4j
|
|
|
32
|
+@Component
|
|
|
33
|
+public class AccessInterceptor implements HandlerInterceptor {
|
|
|
34
|
+
|
|
|
35
|
+ @Autowired
|
|
|
36
|
+ private ISysTokenService sysTokenService;
|
|
|
37
|
+
|
|
|
38
|
+ @Autowired
|
|
|
39
|
+ private ITaUserRoleService taUserRoleService;
|
|
|
40
|
+
|
|
|
41
|
+ @Autowired
|
|
|
42
|
+ private ITaRoleButtonService taRoleButtonService;
|
|
|
43
|
+
|
|
|
44
|
+ @Autowired
|
|
|
45
|
+ private ISysButtonInMenuService sysButtonInMenuService;
|
|
|
46
|
+
|
|
|
47
|
+ @Autowired
|
|
|
48
|
+ private ITaButtonUriMapService taButtonUriMapService;
|
|
|
49
|
+
|
|
|
50
|
+ @Autowired
|
|
|
51
|
+ private ITaThirdPartyMiniappConfigService taThirdPartyMiniappConfigService;
|
|
|
52
|
+
|
|
|
53
|
+ private String[] whiteList = {
|
|
|
54
|
+ "/wx/chat", // 聊天暂时不鉴权
|
|
|
55
|
+ "/api/wx/login",
|
|
|
56
|
+ "/api/wx/tdCity",
|
|
|
57
|
+ "/api/wx/preload",
|
|
|
58
|
+ "/api/admin/signin",
|
|
|
59
|
+ "/api/taCheckin/activity",
|
|
|
60
|
+ "/api/wx/qrcode/scene",
|
|
|
61
|
+ "/api/center/signin",
|
|
|
62
|
+ "/api/channel/signin",
|
|
|
63
|
+ "/api/admin/taUser/signin",
|
|
|
64
|
+ "/swagger-resources/configuration/ui",
|
|
|
65
|
+ "/swagger-resources",
|
|
|
66
|
+ "/v2/api-docs",
|
|
|
67
|
+ "/swagger-resources/configuration",
|
|
|
68
|
+ "/swagger-ui.html",
|
|
|
69
|
+ "/webjars",
|
|
|
70
|
+ "/webjars/springfox-swagger-ui",
|
|
|
71
|
+ "/webjars/springfox-swagger-ui/css/typography.css",
|
|
|
72
|
+ "/clean/menurole",
|
|
|
73
|
+ "/clean/buttonrole",
|
|
|
74
|
+ "/api/admin/taPersonFromRecord",
|
|
|
75
|
+ "/api/notify",//微信支付所有回调放过
|
|
|
76
|
+ "/api/refund/",//微信退款所有回调放过
|
|
|
77
|
+ "/api/fadd/",//所有的法大大回调放过
|
|
|
78
|
+ "/api/third",
|
|
|
79
|
+ "/api/third/redirect/",
|
|
|
80
|
+ "/file/",
|
|
|
81
|
+ "/api/official/" // 官网接口
|
|
|
82
|
+ };
|
|
|
83
|
+
|
|
|
84
|
+ /*
|
|
|
85
|
+ * 视图渲染之后的操作
|
|
|
86
|
+ */
|
|
|
87
|
+ @Override
|
|
|
88
|
+ public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
|
|
|
89
|
+ throws Exception {
|
|
|
90
|
+
|
|
|
91
|
+ }
|
|
|
92
|
+
|
|
|
93
|
+ /*
|
|
|
94
|
+ * 处理请求完成后视图渲染之前的处理操作
|
|
|
95
|
+ */
|
|
|
96
|
+ @Override
|
|
|
97
|
+ public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
|
|
|
98
|
+ throws Exception {
|
|
|
99
|
+
|
|
|
100
|
+ }
|
|
|
101
|
+
|
|
|
102
|
+ @Override
|
|
|
103
|
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
|
|
|
104
|
+ log.info("接口请求路径是{}",request.getRequestURI());
|
|
|
105
|
+ //第三方权限校验
|
|
|
106
|
+ String tokenHeader = request.getHeader("x-token");
|
|
|
107
|
+ if (!StringUtils.isEmpty(tokenHeader)){
|
|
|
108
|
+ String appidHeader = request.getHeader("x-appid");
|
|
|
109
|
+ String nowHeader = request.getHeader("x-time");
|
|
|
110
|
+ String thirdState = taThirdPartyMiniappConfigService.checkToken(tokenHeader,appidHeader,nowHeader);
|
|
|
111
|
+ if (thirdState.equals("success")){
|
|
|
112
|
+ return true;
|
|
|
113
|
+ }
|
|
|
114
|
+
|
|
|
115
|
+ ResponseBean resp = ResponseBean.error(thirdState , ResponseBean.ERROR_AUTH_FAIL);
|
|
|
116
|
+ response.addHeader("Content-type", "application/json");
|
|
|
117
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
118
|
+ return false;
|
|
|
119
|
+ }
|
|
|
120
|
+
|
|
|
121
|
+ // 白名单跳过
|
|
|
122
|
+ if (inWhiteList(request)) {
|
|
|
123
|
+ return true;
|
|
|
124
|
+ }
|
|
|
125
|
+
|
|
|
126
|
+ // 微信头必须对
|
|
|
127
|
+ if (!checkMiniApp(request)) {
|
|
|
128
|
+ ResponseBean resp = ResponseBean.error("请使用微信请求接口", ResponseBean.ERROR_ILLEGAL_PARAMS);
|
|
|
129
|
+
|
|
|
130
|
+ response.addHeader("Content-type", "application/json");
|
|
|
131
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
132
|
+ return false;
|
|
|
133
|
+ }
|
|
|
134
|
+
|
|
|
135
|
+ // 消息头必须包含 authorization 字段
|
|
|
136
|
+ String jwtHeader = request.getHeader("authorization");
|
|
|
137
|
+ if (null == jwtHeader || "".equals(jwtHeader)) {
|
|
|
138
|
+ ResponseBean resp = ResponseBean.error("请先进行系统登录操作", ResponseBean.ERROR_AUTH_FAIL);
|
|
|
139
|
+
|
|
|
140
|
+ response.addHeader("Content-type", "application/json");
|
|
|
141
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
142
|
+ return false;
|
|
|
143
|
+ }
|
|
|
144
|
+
|
|
|
145
|
+ String[] jwtAuths = jwtHeader.split("Bearer ");
|
|
|
146
|
+ if (null == jwtAuths || jwtAuths.length < 2 || StringUtils.isEmpty(jwtAuths[1])) {
|
|
|
147
|
+ ResponseBean resp = ResponseBean.error("权限验证非法, 数据格式不正确", ResponseBean.ERROR_AUTH_FAIL);
|
|
|
148
|
+
|
|
|
149
|
+ response.addHeader("Content-type", "application/json");
|
|
|
150
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
151
|
+ return false;
|
|
|
152
|
+ }
|
|
|
153
|
+
|
|
|
154
|
+ try {
|
|
|
155
|
+ // 只尝试去解析
|
|
|
156
|
+ Jwts.parser().setSigningKey(JWTUtils.key).parseClaimsJws(jwtAuths[1]);
|
|
|
157
|
+ } catch (ExpiredJwtException e) {
|
|
|
158
|
+ ResponseBean resp = ResponseBean.error("身份信息已过期,请刷新网页重新登录", ResponseBean.ERROR_AUTH_EXPIRED);
|
|
|
159
|
+ response.addHeader("Content-type", "application/json");
|
|
|
160
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
161
|
+ return false;
|
|
|
162
|
+
|
|
|
163
|
+ } catch (JwtException e) {
|
|
|
164
|
+ ResponseBean resp = ResponseBean.error("权限验证非法, " + e.getMessage(), ResponseBean.ERROR_AUTH_FAIL);
|
|
|
165
|
+
|
|
|
166
|
+
|
|
|
167
|
+ response.addHeader("Content-type", "application/json");
|
|
|
168
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
169
|
+ return false;
|
|
|
170
|
+ }
|
|
|
171
|
+
|
|
|
172
|
+ //添加如果执行了登出操作提示先进行登录
|
|
|
173
|
+ SysToken sysToken = sysTokenService.getById(jwtAuths[1]);
|
|
|
174
|
+ if (null == sysToken){
|
|
|
175
|
+ ResponseBean resp = ResponseBean.error("请先进行系统登录操作", ResponseBean.ERROR_AUTH_FAIL);
|
|
|
176
|
+
|
|
|
177
|
+ response.addHeader("Content-type", "application/json");
|
|
|
178
|
+ response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
179
|
+ return false;
|
|
|
180
|
+ }
|
|
|
181
|
+
|
|
|
182
|
+// 按钮权限校验
|
|
|
183
|
+// boolean state = checkButtonRole(request);
|
|
|
184
|
+// if (!state){
|
|
|
185
|
+// ResponseBean resp = ResponseBean.error("权限验证非法" , ResponseBean.ERROR_AUTH_FAIL);
|
|
|
186
|
+//
|
|
|
187
|
+// response.addHeader("Content-type", "application/json");
|
|
|
188
|
+// response.getOutputStream().write(JSONObject.toJSONBytes(resp));
|
|
|
189
|
+// return false;
|
|
|
190
|
+// }
|
|
|
191
|
+
|
|
|
192
|
+ return true;
|
|
|
193
|
+ }
|
|
|
194
|
+
|
|
|
195
|
+ //检验按钮权限
|
|
|
196
|
+ private boolean checkButtonRole(HttpServletRequest request) {
|
|
|
197
|
+ String action = request.getHeader("x-action");
|
|
|
198
|
+ if(StringUtils.isEmpty(action)){
|
|
|
199
|
+ return false;
|
|
|
200
|
+ }
|
|
|
201
|
+ //根据路径匹配code 一致继续 否则无权限
|
|
|
202
|
+ String requestURI = request.getRequestURI();
|
|
|
203
|
+ String method = request.getMethod();
|
|
|
204
|
+ TaButtonUriMap taButtonUriMap = taButtonUriMapService.getByURI(requestURI+":"+method);
|
|
|
205
|
+ if (null == taButtonUriMap){
|
|
|
206
|
+ return true;
|
|
|
207
|
+ }
|
|
|
208
|
+
|
|
|
209
|
+
|
|
|
210
|
+ if (!taButtonUriMap.getButtonCode().equals(action)){
|
|
|
211
|
+ return false;
|
|
|
212
|
+ }
|
|
|
213
|
+
|
|
|
214
|
+ //根据code查询按钮权限
|
|
|
215
|
+ Map map = JWTUtils.getUserIdAndOrgId(request);
|
|
|
216
|
+ QueryWrapper<SysButtonInMenu> sysButtonInMenuQueryWrapper = new QueryWrapper<>();
|
|
|
217
|
+ sysButtonInMenuQueryWrapper.eq("code",action);
|
|
|
218
|
+ SysButtonInMenu sysButtonInMenu = sysButtonInMenuService.getOne(sysButtonInMenuQueryWrapper);
|
|
|
219
|
+ if (null == sysButtonInMenu){
|
|
|
220
|
+ return false;
|
|
|
221
|
+ }
|
|
|
222
|
+ //查询角色
|
|
|
223
|
+ QueryWrapper<TaRoleButton> taRoleButtonQueryWrapper = new QueryWrapper<>();
|
|
|
224
|
+ taRoleButtonQueryWrapper.eq("btn_id",sysButtonInMenu.getBtnId());
|
|
|
225
|
+ List<TaRoleButton> taRoleButtonList = taRoleButtonService.list(taRoleButtonQueryWrapper);
|
|
|
226
|
+ if (taRoleButtonList.size() < 1){
|
|
|
227
|
+ return true;
|
|
|
228
|
+ }
|
|
|
229
|
+ //查询用户
|
|
|
230
|
+ QueryWrapper<TaUserRole> taUserRoleQueryWrapper = new QueryWrapper<>();
|
|
|
231
|
+ taUserRoleQueryWrapper.eq("user_id",map.get("userId"));
|
|
|
232
|
+ TaUserRole taUserRole = taUserRoleService.getOne(taUserRoleQueryWrapper);
|
|
|
233
|
+ for (TaRoleButton taRoleButton : taRoleButtonList){
|
|
|
234
|
+ if (taRoleButton.getRoleId().equals(taUserRole.getRoleId())){
|
|
|
235
|
+ return true;
|
|
|
236
|
+ }
|
|
|
237
|
+ }
|
|
|
238
|
+
|
|
|
239
|
+ return false;
|
|
|
240
|
+ }
|
|
|
241
|
+
|
|
|
242
|
+ private boolean checkMiniApp(HttpServletRequest request) {
|
|
|
243
|
+ String requestURI = request.getRequestURI();
|
|
|
244
|
+
|
|
|
245
|
+ // 非微信请求
|
|
|
246
|
+ if (!requestURI.startsWith("/api/wx")) {
|
|
|
247
|
+ return true;
|
|
|
248
|
+ }
|
|
|
249
|
+
|
|
|
250
|
+ String ua = request.getHeader("user-agent");
|
|
|
251
|
+ return ua.contains("micromessenger") || ua.contains("MicroMessenger");
|
|
|
252
|
+ }
|
|
|
253
|
+
|
|
|
254
|
+ private boolean inWhiteList(HttpServletRequest request) {
|
|
|
255
|
+ String requestURI = request.getRequestURI();
|
|
|
256
|
+
|
|
|
257
|
+ for (String it : whiteList) {
|
|
|
258
|
+ if (requestURI.startsWith(it)) {
|
|
|
259
|
+ return true;
|
|
|
260
|
+ }
|
|
|
261
|
+ }
|
|
|
262
|
+
|
|
|
263
|
+ return false;
|
|
|
264
|
+ }
|
|
|
265
|
+}
|
