From 69a3c374ca3afb770e3b9ffcbdda07ce362cbf58 Mon Sep 17 00:00:00 2001
From: 1 <1@123>
Date: 星期五, 09 一月 2026 19:59:29 +0800
Subject: [PATCH] #

---
 rsf-open-api/src/main/java/com/vincent/rsf/openApi/security/filter/AppIdAuthenticationFilter.java |  121 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 121 insertions(+), 0 deletions(-)

diff --git a/rsf-open-api/src/main/java/com/vincent/rsf/openApi/security/filter/AppIdAuthenticationFilter.java b/rsf-open-api/src/main/java/com/vincent/rsf/openApi/security/filter/AppIdAuthenticationFilter.java
new file mode 100644
index 0000000..e8134e6
--- /dev/null
+++ b/rsf-open-api/src/main/java/com/vincent/rsf/openApi/security/filter/AppIdAuthenticationFilter.java
@@ -0,0 +1,121 @@
+package com.vincent.rsf.openApi.security.filter;
+
+import com.vincent.rsf.openApi.entity.constant.Constants;
+import com.vincent.rsf.openApi.security.service.AppAuthService;
+import com.vincent.rsf.openApi.security.utils.TokenUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.tika.utils.StringUtils;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.annotation.Resource;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * AppId鍜孉ppSecret璁よ瘉杩囨护鍣�
+ * 
+ * 鐢ㄤ簬楠岃瘉璇锋眰澶翠腑鐨凙ppId鍜孉ppSecret
+ * 
+ * @author vincent
+ * @since 2026-01-05
+ */
+@Slf4j
+@Component
+@Order(1)
+public class AppIdAuthenticationFilter extends OncePerRequestFilter {
+
+    @Resource
+    private AppAuthService appAuthService;
+
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) 
+            throws ServletException, IOException {
+
+        String requestURI = request.getRequestURI();
+        
+        // 妫�鏌ユ槸鍚︿负璁よ瘉璇锋眰锛堝鑾峰彇token锛�
+        if (isAuthRequest(requestURI)) {
+            // 瀵逛簬璁よ瘉璇锋眰锛屽厑璁搁�氳繃
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        String authHeader = request.getHeader(Constants.HEADER_AUTHORIZATION);
+        if (authHeader != null) {
+            String token = TokenUtils.extractTokenFromHeader(authHeader);
+            if (token != null && TokenUtils.validateTokenTime(token)) {
+                // Token鏃堕棿璁よ瘉鎴愬姛锛岃璇丄ppId鍜孉ppSecret
+                String tokenAppId = TokenUtils.getAppIdFromToken(token);
+                String tokenAppSecret = TokenUtils.getSecretFromToken(token);
+                if (StringUtils.isBlank(tokenAppId) || StringUtils.isBlank(tokenAppSecret)
+                        || !appAuthService.validateApp(tokenAppId, tokenAppSecret)) {
+                    log.warn("Token楠岃瘉澶辫触");
+                    sendErrorResponse(response, Integer.parseInt(Constants.UNAUTHENTICATED_CODE), "璁よ瘉澶辫触锛岃鎻愪緵鏈夋晥鐨凾oken");
+                    return;
+                } else {
+                    request.setAttribute(Constants.REQUEST_ATTR_APP_ID, tokenAppId);
+                }
+            } else {
+                log.warn("Token楠岃瘉澶辫触鎴栫己澶�");
+                sendErrorResponse(response, Integer.parseInt(Constants.UNAUTHENTICATED_CODE), "璁よ瘉澶辫触锛岃鎻愪緵鏈夋晥鐨凾oken");
+                return;
+            }
+        } else {
+            log.warn("缂哄皯Token璁よ瘉淇℃伅");
+            sendErrorResponse(response, Integer.parseInt(Constants.UNAUTHENTICATED_CODE), "璁よ瘉澶辫触锛岃鎻愪緵鏈夋晥鐨凾oken");
+            return;
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * 鍙戦�侀敊璇搷搴�
+     * 
+     * @param response HTTP鍝嶅簲
+     * @param code 閿欒鐮�
+     * @param message 閿欒娑堟伅
+     * @throws IOException
+     */
+    private void sendErrorResponse(HttpServletResponse response, int code, String message) throws IOException {
+        response.setStatus(code);
+        response.setContentType("application/json;charset=UTF-8");
+        PrintWriter writer = response.getWriter();
+        writer.write("{\"code\": \"" + code + "\", \"msg\": \"" + message + "\", \"data\": null}");
+        writer.flush();
+    }
+
+    /**
+     * 妫�鏌ユ槸鍚︿负璁よ瘉璇锋眰锛堜笉闇�瑕佽璇佺殑璇锋眰锛�
+     * 
+     * @param requestURI 璇锋眰URI
+     * @return 鏄惁涓鸿璇佽姹�
+     */
+    private boolean isAuthRequest(String requestURI) {
+        return requestURI.contains("/getToken");
+//               || requestURI.contains("/auth/validate") ||
+//               requestURI.contains("/auth/login");
+    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        String requestURI = request.getRequestURI();
+        
+        // 涓嶈繃婊よ璇佺浉鍏宠姹傚拰鍏紑鎺ュ彛
+        return requestURI.contains("/auth/") || 
+               requestURI.contains("/public/") ||
+               requestURI.contains("/doc.html") ||
+               requestURI.contains("/swagger") ||
+               requestURI.contains("/webjars") ||
+               requestURI.contains("/v2/api-docs") ||
+               requestURI.contains("/v3/api-docs");
+    }
+
+}
\ No newline at end of file

--
Gitblit v1.9.1