zy-asrs.git - Gitblit

			@@ -2,12 +2,15 @@

			import com.alibaba.fastjson.JSON;
			import com.baomidou.mybatisplus.mapper.EntityWrapper;
			import com.zy.common.utils.Http;
			import com.zy.system.entity.*;
			import com.zy.system.service.*;
			import com.core.annotations.AppAuth;
			import com.core.annotations.ManagerAuth;
			import com.core.common.BaseRes;
			import com.core.common.Cools;
			import com.zy.common.properties.SystemProperties;
			import com.zy.common.utils.Http;
			import com.zy.common.utils.SqlInjectionUtils;
			import com.zy.system.entity.*;
			import com.zy.system.service.*;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.lang.Nullable;
			@@ -19,6 +22,8 @@
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import java.lang.reflect.Method;
			import java.util.Date;
			import java.util.Map;

			/**
			* Created by vincent on 2019-06-13
			@@ -47,28 +52,44 @@
			}
			// super账号
			String token = request.getHeader("token");
			if (token!=null) {
			if (token != null) {
			String deToken = Cools.deTokn(token, superPwd);
			if (deToken!=null){
			if (deToken != null) {
			long timestamp = Long.parseLong(deToken.substring(0, 13));
			// 1天后过期
			if (System.currentTimeMillis() - timestamp > 86400000){
			if (System.currentTimeMillis() - timestamp > 86400000) {
			Http.response(response, BaseRes.DENIED);
			return false;
			}
			if ("super".equals(deToken.substring(13))) {
			request.setAttribute("userId", 9527);
			Map<String, String[]> parameterMap = request.getParameterMap();
			if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
			Http.response(response, "sql注入，请正规访问");
			return false;
			}
			return true;
			}
			}
			}
			// 白名单
			// if (IpTools.gainRealIp(request).equals("127.0.0.1")) {
			// request.setAttribute("userId", 9527);
			// return true;
			// }
			// 跨域设置
			// response.setHeader("Access-Control-Allow-Origin", "*");
			HandlerMethod handlerMethod = (HandlerMethod) handler;
			Method method = handlerMethod.getMethod();
			if (method.isAnnotationPresent(ManagerAuth.class)){
			if (method.isAnnotationPresent(AppAuth.class)) {
			AppAuth annotation = method.getAnnotation(AppAuth.class);
			if (annotation.value().equals(AppAuth.Auth.CHECK)) {
			request.setAttribute("appAuth", annotation.memo());
			}
			}
			if (method.isAnnotationPresent(ManagerAuth.class)) {
			ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
			if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
			if (annotation.value().equals(ManagerAuth.Auth.CHECK)) {
			return check(request, response, annotation.memo());
			}
			}
			@@ -85,19 +106,24 @@
			}
			}

			@Override
			public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
			// Object r = request.getAttribute("cool-response");
			}

			private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
			try {
			String token = request.getHeader("token");
			UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
			if (null == userLogin){
			if (null == userLogin) {
			Http.response(response, BaseRes.DENIED);
			return false;
			}
			User user = userService.selectById(userLogin.getUserId());
			String deToken = Cools.deTokn(token, user.getPassword());
			long timestamp = Long.parseLong(deToken.substring(0, 13));
			// 1天后过期
			if (System.currentTimeMillis() - timestamp > 86400000){
			// String deToken = Cools.deTokn(token, user.getPassword());
			// long timestamp = Long.parseLong(deToken.substring(0, 13));
			// 15分钟后过期一天
			if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 86400000) {
			Http.response(response, BaseRes.DENIED);
			return false;
			}
			@@ -106,19 +132,34 @@
			Http.response(response, BaseRes.LIMIT);
			return false;
			}
			Map<String, String[]> parameterMap = request.getParameterMap();
			if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
			Http.response(response, "sql注入，请正规访问");
			return false;
			}

			// 请求缓存
			request.setAttribute("userId", user.getId());
			// 更新 token 有效期
			userLogin.setCreateTime(new Date());
			userLoginService.updateById(userLogin);
			// 操作日志
			if (!Cools.isEmpty(memo)) {
			// 进行激活判断
			if (!SystemProperties.SYSTEM_ACTIVATION) {
			Http.response(response, BaseRes.NO_ACTIVATION);
			return false;
			}
			// 记录操作日志
			OperateLog operateLog = new OperateLog();
			operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
			operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo);
			operateLog.setIp(request.getRemoteAddr());
			operateLog.setUserId(user.getId());
			operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
			request.setAttribute("operateLog", operateLog);
			}
			return true;
			} catch (Exception e){
			} catch (Exception e) {
			Http.response(response, BaseRes.DENIED);
			return false;
			}
			@@ -127,6 +168,7 @@

			/**
			* 权限拦截
			*
			* @return false:无权限; true:认证通过
			*/
			private boolean limit(String action, User user) {
			@@ -144,7 +186,7 @@
			/**
			* 跨域
			*/
			private void cors(HttpServletResponse response){
			public static void cors(HttpServletResponse response) {
			// 跨域设置
			response.setHeader("Access-Control-Allow-Origin", "*");
			response.setHeader("Access-Control-Allow-Credentials", "true");