| | |
|---|
| | | package com.zy.common.config; |
|---|
| | | |
|---|
| | | import com.alibaba.fastjson.JSON; |
|---|
| | | import com.baomidou.mybatisplus.mapper.EntityWrapper; |
|---|
| | | import com.core.annotations.AppAuth; |
|---|
| | | import com.core.annotations.ManagerAuth; |
|---|
| | |
|---|
| | | } |
|---|
| | | // super账号 |
|---|
| | | String token = request.getHeader("token"); |
|---|
| | | if (token!=null) { |
|---|
| | | if (token != null) { |
|---|
| | | String deToken = Cools.deTokn(token, superPwd); |
|---|
| | | if (deToken!=null){ |
|---|
| | | if (deToken != null) { |
|---|
| | | long timestamp = Long.parseLong(deToken.substring(0, 13)); |
|---|
| | | // 1天后过期 |
|---|
| | | if (System.currentTimeMillis() - timestamp > loadingConfigTimer.getTokenExpire()){ |
|---|
| | | if (System.currentTimeMillis() - timestamp > loadingConfigTimer.getTokenExpire()) { |
|---|
| | | Http.response(response, BaseRes.DENIED); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | |
|---|
| | | // response.setHeader("Access-Control-Allow-Origin", "*"); |
|---|
| | | HandlerMethod handlerMethod = (HandlerMethod) handler; |
|---|
| | | Method method = handlerMethod.getMethod(); |
|---|
| | | if (method.isAnnotationPresent(AppAuth.class)){ |
|---|
| | | if (method.isAnnotationPresent(AppAuth.class)) { |
|---|
| | | AppAuth annotation = method.getAnnotation(AppAuth.class); |
|---|
| | | if (annotation.value().equals(AppAuth.Auth.CHECK)){ |
|---|
| | | if (annotation.value().equals(AppAuth.Auth.CHECK)) { |
|---|
| | | request.setAttribute("appAuth", annotation.memo()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if (method.isAnnotationPresent(ManagerAuth.class)){ |
|---|
| | | if (method.isAnnotationPresent(ManagerAuth.class)) { |
|---|
| | | ManagerAuth annotation = method.getAnnotation(ManagerAuth.class); |
|---|
| | | if (annotation.value().equals(ManagerAuth.Auth.CHECK)){ |
|---|
| | | if (annotation.value().equals(ManagerAuth.Auth.CHECK)) { |
|---|
| | | return check(request, response, annotation.memo()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | try { |
|---|
| | | String token = new String(); |
|---|
| | | token = request.getHeader("token"); |
|---|
| | | if (Cools.isEmpty(token)){ |
|---|
| | | if (Cools.isEmpty(token)) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token)); |
|---|
| | | if (null == userLogin){ |
|---|
| | | if (null == userLogin) { |
|---|
| | | Http.response(response, BaseRes.DENIED); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | |
|---|
| | | // String deToken = Cools.deTokn(token, user.getPassword()); |
|---|
| | | // long timestamp = Long.parseLong(deToken.substring(0, 13)); |
|---|
| | | // 15分钟后过期 |
|---|
| | | if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 900000){ |
|---|
| | | if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 900000) { |
|---|
| | | Http.response(response, BaseRes.DENIED); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | |
|---|
| | | // request.setAttribute("operateLog", operateLog); |
|---|
| | | } |
|---|
| | | return true; |
|---|
| | | } catch (Exception e){ |
|---|
| | | } catch (Exception e) { |
|---|
| | | Http.response(response, BaseRes.DENIED); |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 权限拦截 |
|---|
| | | * |
|---|
| | | * @return false:无权限; true:认证通过 |
|---|
| | | */ |
|---|
| | | private boolean limit(String action, User user) { |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 跨域 |
|---|
| | | */ |
|---|
| | | public static void cors(HttpServletResponse response){ |
|---|
| | | public static void cors(HttpServletResponse response) { |
|---|
| | | // 跨域设置 |
|---|
| | | response.setHeader("Access-Control-Allow-Origin", "*"); |
|---|
| | | response.setHeader("Access-Control-Allow-Credentials", "true"); |
|---|
