package com.vincent.rsf.openApi.security.filter;
|
|
import com.vincent.rsf.openApi.entity.constant.Constants;
|
import com.vincent.rsf.openApi.security.service.AppAuthService;
|
import com.vincent.rsf.openApi.security.utils.TokenUtils;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.core.annotation.Order;
|
import org.springframework.stereotype.Component;
|
import org.springframework.util.StringUtils;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
|
import javax.annotation.Resource;
|
import javax.servlet.FilterChain;
|
import javax.servlet.ServletException;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
|
/**
|
* AppId/Token 认证过滤器
|
*/
|
@Slf4j
|
@Component
|
@Order(1)
|
public class AppIdAuthenticationFilter extends OncePerRequestFilter {
|
|
@Resource
|
private AppAuthService appAuthService;
|
|
@Override
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
throws ServletException, IOException {
|
|
String requestURI = request.getRequestURI();
|
if (isAuthRequest(requestURI)) {
|
filterChain.doFilter(request, response);
|
return;
|
}
|
|
String authHeader = request.getHeader(Constants.HEADER_AUTHORIZATION);
|
if (authHeader != null) {
|
String token = TokenUtils.extractTokenFromHeader(authHeader);
|
if (token != null && TokenUtils.validateTokenTime(token)) {
|
String tokenAppId = TokenUtils.getAppIdFromToken(token);
|
String tokenAppSecret = TokenUtils.getSecretFromToken(token);
|
if (!StringUtils.hasText(tokenAppId) || !StringUtils.hasText(tokenAppSecret)
|
|| !appAuthService.validateApp(tokenAppId, tokenAppSecret)) {
|
log.warn("Token验证失败");
|
sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败,请提供有效的Token");
|
return;
|
}
|
request.setAttribute(Constants.REQUEST_ATTR_APP_ID, tokenAppId);
|
} else {
|
log.warn("Token验证失败或缺失");
|
sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败,请提供有效的Token");
|
return;
|
}
|
} else {
|
log.warn("缺少Token认证信息");
|
sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败,请提供有效的Token");
|
return;
|
}
|
|
filterChain.doFilter(request, response);
|
}
|
|
private void sendErrorResponse(HttpServletResponse response, int code, String message) throws IOException {
|
response.setStatus(code);
|
response.setContentType("application/json;charset=UTF-8");
|
PrintWriter writer = response.getWriter();
|
writer.write("{\"code\": " + code + ", \"msg\": \"" + message + "\", \"data\": null}");
|
writer.flush();
|
}
|
|
private boolean isAuthRequest(String requestURI) {
|
return requestURI != null && requestURI.contains("/getToken");
|
}
|
|
@Override
|
protected boolean shouldNotFilter(HttpServletRequest request) {
|
String requestURI = request.getRequestURI();
|
return requestURI == null
|
|| requestURI.contains("/auth/")
|
|| requestURI.contains("/public/")
|
|| requestURI.contains("/doc.html")
|
|| requestURI.contains("/swagger")
|
|| requestURI.contains("/webjars")
|
|| requestURI.contains("/v2/api-docs")
|
|| requestURI.contains("/v3/api-docs");
|
}
|
}
|
