package com.zy.common.config;
|
|
import com.alibaba.fastjson.JSON;
|
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
import com.core.annotations.ManagerAuth;
|
import com.core.common.BaseRes;
|
import com.core.common.Cools;
|
import com.zy.common.utils.Http;
|
import com.zy.system.entity.*;
|
import com.zy.system.service.*;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.lang.Nullable;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.servlet.HandlerInterceptor;
|
import org.springframework.web.servlet.ModelAndView;
|
|
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletResponse;
|
import java.lang.reflect.Method;
|
import java.util.Date;
|
import java.util.LinkedHashMap;
|
import java.util.Map;
|
|
/**
|
* Created by vincent on 2019-06-13
|
*/
|
@Component
|
@Slf4j
|
public class AdminInterceptor implements HandlerInterceptor {
|
|
private static final String ATTR_USER_ID = "userId";
|
private static final String ATTR_OPERATE_LOG = "operateLog";
|
private static final Long SUPER_USER_ID = 9527L;
|
|
@Value("${super.pwd}")
|
private String superPwd;
|
@Autowired
|
private UserService userService;
|
@Autowired
|
private UserLoginService userLoginService;
|
@Autowired
|
private OperateLogService operateLogService;
|
@Autowired
|
private PermissionService permissionService;
|
@Autowired
|
private RolePermissionService rolePermissionService;
|
|
@Override
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
cors(response);
|
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
|
return true;
|
}
|
ManagerAuth annotation = resolveManagerAuth(handler);
|
boolean requiresCheck = annotation != null && annotation.value().equals(ManagerAuth.Auth.CHECK);
|
// super账号
|
String token = request.getHeader("token");
|
if (token!=null) {
|
String deToken = Cools.deTokn(token, superPwd);
|
if (deToken!=null){
|
long timestamp = Long.parseLong(deToken.substring(0, 13));
|
// 1天后过期
|
if (System.currentTimeMillis() - timestamp > 86400000){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
if ("super".equals(deToken.substring(13))) {
|
request.setAttribute(ATTR_USER_ID, SUPER_USER_ID);
|
if (requiresCheck) {
|
cacheOperateLog(request, annotation.memo(), SUPER_USER_ID);
|
}
|
return true;
|
}
|
}
|
}
|
// 跨域设置
|
// response.setHeader("Access-Control-Allow-Origin", "*");
|
if (!(handler instanceof HandlerMethod)) {
|
return true;
|
}
|
if (requiresCheck){
|
return check(request, response, annotation.memo());
|
}
|
return true;
|
}
|
|
@Override
|
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) {
|
}
|
|
@Override
|
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
|
@Nullable Exception ex) {
|
Object obj = request.getAttribute(ATTR_OPERATE_LOG);
|
if (!(obj instanceof OperateLog)) {
|
return;
|
}
|
OperateLog operateLog = (OperateLog) obj;
|
operateLog.setResponse(buildResponseContent(response, ex));
|
try {
|
operateLogService.save(operateLog);
|
} catch (Exception saveEx) {
|
log.warn("保存操作日志失败, uri={}", request.getRequestURI(), saveEx);
|
}
|
}
|
|
private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
|
try {
|
String token = request.getHeader("token");
|
UserLogin userLogin = userLoginService.getOne(new QueryWrapper<UserLogin>().eq("token", token).eq("system_type", "WCS"));
|
if (null == userLogin){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
User user = userService.getById(userLogin.getUserId());
|
String deToken = Cools.deTokn(token, user.getPassword());
|
long timestamp = Long.parseLong(deToken.substring(0, 13));
|
// 1天后过期
|
if (System.currentTimeMillis() - timestamp > 86400000){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
// 权限校验
|
if (!limit(request.getRequestURI(), user)) {
|
Http.response(response, BaseRes.LIMIT);
|
return false;
|
}
|
// 请求缓存
|
request.setAttribute(ATTR_USER_ID, user.getId());
|
cacheOperateLog(request, memo, user.getId());
|
return true;
|
} catch (Exception e){
|
Http.response(response, BaseRes.DENIED);
|
return false;
|
}
|
|
}
|
|
/**
|
* 权限拦截
|
* @return false:无权限; true:认证通过
|
*/
|
private boolean limit(String action, User user) {
|
Permission permission = new Permission();
|
permission.setAction(action);
|
permission.setStatus((short) 1);
|
Permission one = permissionService.getOne(new QueryWrapper<>(permission));
|
if (!Cools.isEmpty(one)) {
|
RolePermission rolePermission = rolePermissionService.getOne(new QueryWrapper<>(new RolePermission(user.getRoleId(), permission.getId())));
|
return !Cools.isEmpty(rolePermission);
|
}
|
return true;
|
}
|
|
/**
|
* 跨域
|
*/
|
private void cors(HttpServletResponse response){
|
// 跨域设置
|
response.setHeader("Access-Control-Allow-Origin", "*");
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
response.setHeader("Access-Control-Allow-Methods", "*");
|
response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token,token,X-Lang,Accept-Language");
|
response.setHeader("Access-Control-Expose-Headers", "*");
|
|
}
|
|
private ManagerAuth resolveManagerAuth(Object handler) {
|
if (!(handler instanceof HandlerMethod)) {
|
return null;
|
}
|
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
Method method = handlerMethod.getMethod();
|
if (!method.isAnnotationPresent(ManagerAuth.class)) {
|
return null;
|
}
|
return method.getAnnotation(ManagerAuth.class);
|
}
|
|
private void cacheOperateLog(HttpServletRequest request, String memo, Long userId) {
|
if (userId == null || request.getAttribute(ATTR_OPERATE_LOG) != null) {
|
return;
|
}
|
OperateLog operateLog = new OperateLog();
|
operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo);
|
operateLog.setIp(request.getRemoteAddr());
|
operateLog.setUserId(userId);
|
operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
|
operateLog.setCreateTime(new Date());
|
request.setAttribute(ATTR_OPERATE_LOG, operateLog);
|
}
|
|
private String buildResponseContent(HttpServletResponse response, Exception ex) {
|
Map<String, Object> result = new LinkedHashMap<>();
|
result.put("status", response.getStatus());
|
if (ex != null) {
|
result.put("error", ex.getClass().getName());
|
result.put("message", ex.getMessage());
|
}
|
return JSON.toJSONString(result);
|
}
|
|
}
|
