package com.gk.firework.Config.Oauth2;
|
|
import cn.hutool.core.util.ObjectUtil;
|
import cn.hutool.core.util.StrUtil;
|
import com.alibaba.fastjson.JSON;
|
import com.gk.firework.Domain.AuthorizationInfo;
|
import com.gk.firework.Domain.Utils.CommonUtil;
|
import com.gk.firework.Domain.Utils.Constants;
|
import com.gk.firework.Domain.Utils.Msg;
|
import com.gk.firework.Domain.Vo.UserVo;
|
import com.gk.firework.Service.AuthorizationService;
|
import com.gk.firework.Service.UserService;
|
import io.jsonwebtoken.Claims;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpStatus;
|
import org.springframework.util.AntPathMatcher;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
import java.util.List;
|
import java.util.Map;
|
|
/**
|
* AccessToken filter
|
*
|
* @author zhangby
|
* @date 2019-05-20 20:32
|
*/
|
public class AccessTokenFilter implements Filter {
|
private final Logger logger = LoggerFactory.getLogger(this.getClass());
|
|
/**
|
* redis service
|
*/
|
IRedisService redisService = SpringContextUtil.getBean(IRedisService.class);
|
|
UserService userService = SpringContextUtil.getBean(UserService.class);
|
|
AuthorizationService authorizationService = SpringContextUtil.getBean(AuthorizationService.class);
|
|
/**
|
* do filter
|
*
|
* @param servletRequest servletRequest
|
* @param servletResponse servletResponse
|
* @param filterChain filterChain
|
* @throws IOException IOException
|
* @throws ServletException ServletException
|
*/
|
@Override
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
|
Msg msg = new Msg();
|
try {
|
// filter url && !request.getMethod().equals("OPTIONS")
|
if (urlMatcher(request.getRequestURI(), Constants.FILTER_EXCLUDE_PATH)){
|
String token = request.getHeader(HttpHeaders.AUTHORIZATION);
|
if (null != token && !token.equals("undefined")) {
|
/** 解析token */
|
Claims claims = CommonUtil.parseJWT(token);
|
if (ObjectUtil.isNotNull(claims)) {
|
//设置当前登录用户
|
System.setProperty(Constants.CURRENT_USER_ID, claims.get("user_id").toString());
|
try {
|
//获取redis 查询token是否有效 [jti]
|
String tokenKey = StrUtil.format(RedisKeyEnum.AUTH_TOKEN.getKey(), claims.getId());
|
Object userInfo = redisService.get(tokenKey);
|
if (ObjectUtil.isNotNull(userInfo)) {
|
Map map = JSON.parseObject(userInfo.toString(), Map.class);
|
UserVo userVo = userService.selectUserVoByName(map.get("username").toString());
|
if (null == userVo) {
|
msg.setCode("100");
|
msg.setMessage("用户不存在");
|
returnJson(response, msg);
|
return;
|
}
|
if (userVo.getIssale() == 1){
|
if (userVo.getStatus()!=null && userVo.getStatus() != 1){
|
msg.setCode("100");
|
msg.setMessage("用户已失效");
|
returnJson(response, msg);
|
return;
|
}
|
if (userVo.getExpiredate() != null && userVo.getExpiredate().getTime() < System.currentTimeMillis()){
|
msg.setCode("100");
|
msg.setMessage("用户已超期");
|
returnJson(response, msg);
|
return;
|
}
|
|
Object loginObj = map.get("logintime");
|
Object authObj = map.get("auth");
|
if (loginObj != null && authObj != null){
|
//通过auth查询授权码最后登录时间
|
AuthorizationInfo authInfo = authorizationService.selectByUser(userVo.getCompanynumber(),authObj.toString());
|
if (authInfo == null){
|
msg.setCode("100");
|
msg.setMessage("授权码无效");
|
returnJson(response, msg);
|
return;
|
}
|
if (authInfo.getLasttime().getTime() > Long.parseLong(loginObj.toString())){
|
redisService.set(tokenKey, userInfo, 0L);
|
msg.setCode("100");
|
msg.setMessage("登录失效,请重新登录");
|
returnJson(response, msg);
|
return;
|
}
|
}
|
}
|
//更新登录超时时间
|
redisService.set(tokenKey, userInfo, 60L*60L*18L);
|
} else {
|
logger.info("998:登录超时,无效认证");
|
msg.setCode("100");
|
msg.setMessage("登录超时,无效认证");
|
returnJson(response, msg);
|
return;
|
}
|
} catch (Exception e) {
|
logger.info("401:非授权访问,无效的token");
|
}
|
} else {
|
logger.info("500: 账户或密码不正确,登录失败");
|
}
|
}
|
else if(request.getMethod().equals("OPTIONS")) {
|
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS");
|
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Auth-Token, Authorization");
|
response.setHeader("Access-Control-Max-Age","3600");
|
response.setStatus(HttpStatus.OK.value());
|
return;
|
}
|
else {
|
logger.info("500: token不存在");
|
}
|
}
|
} catch (Exception e) {
|
e.printStackTrace();
|
//系统异常
|
msg.setCode("100");
|
msg.setMessage("系统异常请稍后重试");
|
returnJson(response, msg);
|
response.setStatus(HttpStatus.OK.value());
|
}
|
filterChain.doFilter(servletRequest, servletResponse);
|
//过滤器结束之后销毁
|
System.clearProperty(Constants.CURRENT_USER_ID);
|
}
|
|
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
}
|
|
@Override
|
public void destroy() {
|
|
}
|
|
/**
|
* 认证是否需要,验证session url
|
*
|
* @param real_url
|
* @return
|
*/
|
private boolean urlMatcher(String real_url, String pathFilter) {
|
AntPathMatcher antPathMatcher = new AntPathMatcher();
|
/** 验证添加项url */
|
if (StrUtil.isNotBlank(pathFilter)) {
|
for (String path : pathFilter.split(",")) {
|
if (antPathMatcher.match(path.trim(), real_url.trim())) {
|
return false;
|
}
|
}
|
}
|
return true;
|
}
|
|
/**
|
* 返回url
|
*
|
* @param response
|
* @param json
|
*/
|
private void returnJson(HttpServletResponse response, Msg msg) {
|
PrintWriter writer = null;
|
response.setCharacterEncoding("UTF-8");
|
response.setContentType("text/html; charset=utf-8");
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS");
|
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Auth-Token, Authorization");
|
response.setHeader("Access-Control-Max-Age","3600");
|
try {
|
writer = response.getWriter();
|
writer.print(JSON.toJSON(msg));
|
} catch (IOException e) {
|
} finally {
|
if (writer != null) {
|
writer.close();
|
}
|
}
|
}
|
}
|