zy-wcs-master.git

			@@ -1,30 +1,39 @@
			package com.zy.common.config;

			import com.alibaba.fastjson.JSON;
			import com.baomidou.mybatisplus.mapper.EntityWrapper;
			import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
			import com.core.annotations.ManagerAuth;
			import com.core.common.BaseRes;
			import com.core.common.Cools;
			import com.zy.common.utils.Http;
			import com.zy.system.entity.*;
			import com.zy.system.service.*;
			import lombok.extern.slf4j.Slf4j;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.lang.Nullable;
			import org.springframework.stereotype.Component;
			import org.springframework.web.method.HandlerMethod;
			import org.springframework.web.servlet.HandlerInterceptor;
			import org.springframework.web.servlet.ModelAndView;
			import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import jakarta.servlet.http.HttpServletRequest;
			import jakarta.servlet.http.HttpServletResponse;
			import java.lang.reflect.Method;
			import java.util.Date;
			import java.util.LinkedHashMap;
			import java.util.Map;

			/**
			* Created by vincent on 2019-06-13
			*/
			@Component
			public class AdminInterceptor extends HandlerInterceptorAdapter {
			@Slf4j
			public class AdminInterceptor implements HandlerInterceptor {

			private static final String ATTR_USER_ID = "userId";
			private static final String ATTR_OPERATE_LOG = "operateLog";
			private static final Long SUPER_USER_ID = 9527L;

			@Value("${super.pwd}")
			private String superPwd;
			@@ -45,6 +54,8 @@
			if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
			return true;
			}
			ManagerAuth annotation = resolveManagerAuth(handler);
			boolean requiresCheck = annotation != null && annotation.value().equals(ManagerAuth.Auth.CHECK);
			// super账号
			String token = request.getHeader("token");
			if (token!=null) {
			@@ -57,43 +68,54 @@
			return false;
			}
			if ("super".equals(deToken.substring(13))) {
			request.setAttribute("userId", 9527);
			request.setAttribute(ATTR_USER_ID, SUPER_USER_ID);
			if (requiresCheck) {
			cacheOperateLog(request, annotation.memo(), SUPER_USER_ID);
			}
			return true;
			}
			}
			}
			// 跨域设置
			// response.setHeader("Access-Control-Allow-Origin", "*");
			HandlerMethod handlerMethod = (HandlerMethod) handler;
			Method method = handlerMethod.getMethod();
			if (method.isAnnotationPresent(ManagerAuth.class)){
			ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
			if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
			return check(request, response, annotation.memo());
			}
			if (!(handler instanceof HandlerMethod)) {
			return true;
			}
			if (requiresCheck){
			return check(request, response, annotation.memo());
			}
			return true;
			}

			@Override
			public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) {
			// Object obj = request.getAttribute("operateLog");
			// if (obj instanceof OperateLog) {
			// OperateLog operate = (OperateLog) obj;
			// operate.setResponse(String.valueOf(response.getStatus()));
			// operateLogService.insert(operate);
			// }
			}

			@Override
			public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
			@Nullable Exception ex) {
			Object obj = request.getAttribute(ATTR_OPERATE_LOG);
			if (!(obj instanceof OperateLog)) {
			return;
			}
			OperateLog operateLog = (OperateLog) obj;
			operateLog.setResponse(buildResponseContent(response, ex));
			try {
			operateLogService.save(operateLog);
			} catch (Exception saveEx) {
			log.warn("保存操作日志失败, uri={}", request.getRequestURI(), saveEx);
			}
			}

			private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
			try {
			String token = request.getHeader("token");
			UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token).eq("system_type", "WCS"));
			UserLogin userLogin = userLoginService.getOne(new QueryWrapper<UserLogin>().eq("token", token).eq("system_type", "WCS"));
			if (null == userLogin){
			Http.response(response, BaseRes.DENIED);
			return false;
			}
			User user = userService.selectById(userLogin.getUserId());
			User user = userService.getById(userLogin.getUserId());
			String deToken = Cools.deTokn(token, user.getPassword());
			long timestamp = Long.parseLong(deToken.substring(0, 13));
			// 1天后过期
			@@ -106,17 +128,9 @@
			Http.response(response, BaseRes.LIMIT);
			return false;
			}
			// 操作日志
			OperateLog operateLog = new OperateLog();
			operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
			operateLog.setIp(request.getRemoteAddr());
			operateLog.setUserId(user.getId());
			operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
			operateLog.setResponse(JSON.toJSONString(request.getRequestURI()));
			operateLogService.insert(operateLog);
			// 请求缓存
			request.setAttribute("userId", user.getId());
			// request.setAttribute("operateLog", operateLog);
			request.setAttribute(ATTR_USER_ID, user.getId());
			cacheOperateLog(request, memo, user.getId());
			return true;
			} catch (Exception e){
			Http.response(response, BaseRes.DENIED);
			@@ -133,9 +147,9 @@
			Permission permission = new Permission();
			permission.setAction(action);
			permission.setStatus((short) 1);
			Permission one = permissionService.selectOne(new EntityWrapper<>(permission));
			Permission one = permissionService.getOne(new QueryWrapper<>(permission));
			if (!Cools.isEmpty(one)) {
			RolePermission rolePermission = rolePermissionService.selectOne(new EntityWrapper<>(new RolePermission(user.getRoleId(), permission.getId())));
			RolePermission rolePermission = rolePermissionService.getOne(new QueryWrapper<>(new RolePermission(user.getRoleId(), permission.getId())));
			return !Cools.isEmpty(rolePermission);
			}
			return true;
			@@ -149,9 +163,44 @@
			response.setHeader("Access-Control-Allow-Origin", "*");
			response.setHeader("Access-Control-Allow-Credentials", "true");
			response.setHeader("Access-Control-Allow-Methods", "*");
			response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token");
			response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token,token,X-Lang,Accept-Language");
			response.setHeader("Access-Control-Expose-Headers", "*");

			}

			private ManagerAuth resolveManagerAuth(Object handler) {
			if (!(handler instanceof HandlerMethod)) {
			return null;
			}
			HandlerMethod handlerMethod = (HandlerMethod) handler;
			Method method = handlerMethod.getMethod();
			if (!method.isAnnotationPresent(ManagerAuth.class)) {
			return null;
			}
			return method.getAnnotation(ManagerAuth.class);
			}

			private void cacheOperateLog(HttpServletRequest request, String memo, Long userId) {
			if (userId == null \|\| request.getAttribute(ATTR_OPERATE_LOG) != null) {
			return;
			}
			OperateLog operateLog = new OperateLog();
			operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo);
			operateLog.setIp(request.getRemoteAddr());
			operateLog.setUserId(userId);
			operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
			operateLog.setCreateTime(new Date());
			request.setAttribute(ATTR_OPERATE_LOG, operateLog);
			}

			private String buildResponseContent(HttpServletResponse response, Exception ex) {
			Map<String, Object> result = new LinkedHashMap<>();
			result.put("status", response.getStatus());
			if (ex != null) {
			result.put("error", ex.getClass().getName());
			result.put("message", ex.getMessage());
			}
			return JSON.toJSONString(result);
			}

			}