From ca6a28f87e052570f3c3a2660ff6c77db0ad8745 Mon Sep 17 00:00:00 2001
From: zhang <zc857179121@qq.com>
Date: 星期一, 14 七月 2025 13:18:32 +0800
Subject: [PATCH] 1
---
src/main/java/com/zy/common/config/AdminInterceptor.java | 82 ++++++++++++++++++++++++++++------------
1 files changed, 57 insertions(+), 25 deletions(-)
diff --git a/src/main/java/com/zy/common/config/AdminInterceptor.java b/src/main/java/com/zy/common/config/AdminInterceptor.java
index 5830527..2e28046 100644
--- a/src/main/java/com/zy/common/config/AdminInterceptor.java
+++ b/src/main/java/com/zy/common/config/AdminInterceptor.java
@@ -1,15 +1,22 @@
package com.zy.common.config;
-import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.core.annotations.ManagerAuth;
import com.core.common.BaseRes;
import com.core.common.Cools;
+import com.google.common.util.concurrent.RateLimiter;
+import com.zy.asrs.entity.ApiConfig;
+import com.zy.asrs.service.ApiConfigService;
+import com.zy.common.model.annotations.RateLimit;
import com.zy.common.utils.Http;
-import com.zy.system.entity.*;
+import com.zy.system.entity.Permission;
+import com.zy.system.entity.RolePermission;
+import com.zy.system.entity.User;
+import com.zy.system.entity.UserLogin;
import com.zy.system.service.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
@@ -19,6 +26,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
+import java.util.concurrent.TimeUnit;
/**
* Created by vincent on 2019-06-13
@@ -26,6 +34,7 @@
@Component
public class AdminInterceptor extends HandlerInterceptorAdapter {
+ private final RateLimiter rateLimiter = RateLimiter.create(10);// 榛樿姣忕鏈�澶氬鐞� 10 涓姹�
@Value("${super.pwd}")
private String superPwd;
@Autowired
@@ -38,6 +47,8 @@
private PermissionService permissionService;
@Autowired
private RolePermissionService rolePermissionService;
+ @Autowired
+ private ApiConfigService apiConfigService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -45,14 +56,25 @@
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
return true;
}
+ HandlerMethod handlerMethod = (HandlerMethod) handler;
+ Method method = handlerMethod.getMethod();
+ if (method.isAnnotationPresent(RateLimit.class)) {
+ RateLimit annotation = method.getAnnotation(RateLimit.class);
+ rateLimiter.setRate(annotation.value());
+ if (!rateLimiter.tryAcquire(annotation.value(), TimeUnit.SECONDS)) {
+ response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
+ return false;
+ }
+ }
+
// super璐﹀彿
String token = request.getHeader("token");
- if (token!=null) {
+ if (token != null) {
String deToken = Cools.deTokn(token, superPwd);
- if (deToken!=null){
+ if (deToken != null) {
long timestamp = Long.parseLong(deToken.substring(0, 13));
// 1澶╁悗杩囨湡
- if (System.currentTimeMillis() - timestamp > 86400000){
+ if (System.currentTimeMillis() - timestamp > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -64,32 +86,42 @@
}
// 璺ㄥ煙璁剧疆
// response.setHeader("Access-Control-Allow-Origin", "*");
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- Method method = handlerMethod.getMethod();
- if (method.isAnnotationPresent(ManagerAuth.class)){
+ if (method.isAnnotationPresent(ManagerAuth.class)) {
ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
- if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
+ if (annotation.value().equals(ManagerAuth.Auth.CHECK)) {
return check(request, response, annotation.memo());
}
}
+
+ //鍒ゆ柇璇锋眰璺緞鏄惁鍦ㄦ帴鍙i厤缃腑
+ String servletPath = request.getServletPath();
+ ApiConfig apiConfig = apiConfigService.selectByUrl(servletPath);
+ if (apiConfig != null) {
+ if (apiConfig.getStatus() == 1) {
+ //api琚鐢�
+ Http.response(response, BaseRes.LIMIT);
+ return false;
+ }
+ }
+
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) {
- Object obj = request.getAttribute("operateLog");
- if (obj instanceof OperateLog) {
- OperateLog operate = (OperateLog) obj;
- operate.setResponse(String.valueOf(response.getStatus()));
- operateLogService.insert(operate);
- }
+// Object obj = request.getAttribute("operateLog");
+// if (obj instanceof OperateLog) {
+// OperateLog operate = (OperateLog) obj;
+// operate.setResponse(String.valueOf(response.getStatus()));
+// operateLogService.insert(operate);
+// }
}
private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
try {
String token = request.getHeader("token");
UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
- if (null == userLogin){
+ if (null == userLogin) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -97,7 +129,7 @@
String deToken = Cools.deTokn(token, user.getPassword());
long timestamp = Long.parseLong(deToken.substring(0, 13));
// 1澶╁悗杩囨湡
- if (System.currentTimeMillis() - timestamp > 86400000){
+ if (System.currentTimeMillis() - timestamp > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -107,16 +139,16 @@
return false;
}
// 鎿嶄綔鏃ュ織
- OperateLog operateLog = new OperateLog();
- operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
- operateLog.setIp(request.getRemoteAddr());
- operateLog.setUserId(user.getId());
- operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
+// OperateLog operateLog = new OperateLog();
+// operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
+// operateLog.setIp(request.getRemoteAddr());
+// operateLog.setUserId(user.getId());
+// operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
// 璇锋眰缂撳瓨
request.setAttribute("userId", user.getId());
- request.setAttribute("operateLog", operateLog);
+// request.setAttribute("operateLog", operateLog);
return true;
- } catch (Exception e){
+ } catch (Exception e) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -142,7 +174,7 @@
/**
* 璺ㄥ煙
*/
- private void cors(HttpServletResponse response){
+ private void cors(HttpServletResponse response) {
// 璺ㄥ煙璁剧疆
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
--
Gitblit v1.9.1