package com.zy.common.config;
|
|
import com.alibaba.fastjson.JSON;
|
import com.baomidou.mybatisplus.mapper.EntityWrapper;
|
import com.core.annotations.AppAuth;
|
import com.core.annotations.ManagerAuth;
|
import com.core.common.BaseRes;
|
import com.core.common.Cools;
|
import com.zy.common.properties.SystemProperties;
|
import com.zy.common.utils.Http;
|
import com.zy.system.entity.*;
|
import com.zy.system.service.*;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.lang.Nullable;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.servlet.ModelAndView;
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.lang.reflect.Method;
|
import java.util.Date;
|
|
/**
|
* Created by vincent on 2019-06-13
|
*/
|
@Component
|
public class AdminInterceptor extends HandlerInterceptorAdapter {
|
|
@Value("${super.pwd}")
|
private String superPwd;
|
@Autowired
|
private UserService userService;
|
@Autowired
|
private UserLoginService userLoginService;
|
@Autowired
|
private OperateLogService operateLogService;
|
@Autowired
|
private PermissionService permissionService;
|
@Autowired
|
private RolePermissionService rolePermissionService;
|
|
@Override
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
cors(response);
|
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
|
return true;
|
}
|
// super账号
|
String token = request.getHeader("token");
|
if (token!=null) {
|
String deToken = Cools.deTokn(token, superPwd);
|
if (deToken!=null){
|
long timestamp = Long.parseLong(deToken.substring(0, 13));
|
// 1天后过期
|
if (System.currentTimeMillis() - timestamp > 86400000){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
if ("super".equals(deToken.substring(13))) {
|
request.setAttribute("userId", 9527);
|
return true;
|
}
|
}
|
}
|
// 白名单
|
// if (IpTools.gainRealIp(request).equals("127.0.0.1")) {
|
// request.setAttribute("userId", 9527);
|
// return true;
|
// }
|
// 跨域设置
|
// response.setHeader("Access-Control-Allow-Origin", "*");
|
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
Method method = handlerMethod.getMethod();
|
if (method.isAnnotationPresent(AppAuth.class)){
|
AppAuth annotation = method.getAnnotation(AppAuth.class);
|
if (annotation.value().equals(AppAuth.Auth.CHECK)){
|
request.setAttribute("appAuth", annotation.memo());
|
}
|
}
|
if (method.isAnnotationPresent(ManagerAuth.class)){
|
ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
|
if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
|
return check(request, response, annotation.memo());
|
}
|
}
|
return true;
|
}
|
|
@Override
|
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) {
|
Object obj = request.getAttribute("operateLog");
|
if (obj instanceof OperateLog) {
|
OperateLog operate = (OperateLog) obj;
|
operate.setResponse(String.valueOf(response.getStatus()));
|
operateLogService.insert(operate);
|
}
|
}
|
|
@Override
|
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
|
// Object r = request.getAttribute("cool-response");
|
}
|
|
private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
|
try {
|
String token = new String();
|
token = request.getHeader("token");
|
if (Cools.isEmpty(token)){
|
return true;
|
}
|
UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
|
if (null == userLogin){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
User user = userService.selectById(userLogin.getUserId());
|
// String deToken = Cools.deTokn(token, user.getPassword());
|
// long timestamp = Long.parseLong(deToken.substring(0, 13));
|
// 15分钟后过期
|
if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 900000){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
// 权限校验
|
if (!limit(request.getRequestURI(), user)) {
|
Http.response(response, BaseRes.LIMIT);
|
return false;
|
}
|
// 请求缓存
|
request.setAttribute("userId", user.getId());
|
// 更新 token 有效期
|
userLogin.setCreateTime(new Date());
|
userLoginService.updateById(userLogin);
|
// 操作日志
|
if (!Cools.isEmpty(memo)) {
|
// 进行激活判断
|
if (!SystemProperties.SYSTEM_ACTIVATION) {
|
Http.response(response, BaseRes.NO_ACTIVATION);
|
return false;
|
}
|
// // 记录操作日志
|
// OperateLog operateLog = new OperateLog();
|
// operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
|
// operateLog.setIp(request.getRemoteAddr());
|
// operateLog.setUserId(user.getId());
|
// operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
|
// request.setAttribute("operateLog", operateLog);
|
}
|
return true;
|
} catch (Exception e){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
|
}
|
|
/**
|
* 权限拦截
|
* @return false:无权限; true:认证通过
|
*/
|
private boolean limit(String action, User user) {
|
Permission permission = new Permission();
|
permission.setAction(action);
|
permission.setStatus((short) 1);
|
Permission one = permissionService.selectOne(new EntityWrapper<>(permission));
|
if (!Cools.isEmpty(one)) {
|
RolePermission rolePermission = rolePermissionService.selectOne(new EntityWrapper<>(new RolePermission(user.getRoleId(), permission.getId())));
|
return !Cools.isEmpty(rolePermission);
|
}
|
return true;
|
}
|
|
/**
|
* 跨域
|
*/
|
public static void cors(HttpServletResponse response){
|
// 跨域设置
|
response.setHeader("Access-Control-Allow-Origin", "*");
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
response.setHeader("Access-Control-Allow-Methods", "*");
|
response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token");
|
response.setHeader("Access-Control-Expose-Headers", "*");
|
|
}
|
|
}
|
