From ca6a28f87e052570f3c3a2660ff6c77db0ad8745 Mon Sep 17 00:00:00 2001
From: zhang <zc857179121@qq.com>
Date: 星期一, 14 七月 2025 13:18:32 +0800
Subject: [PATCH] 1
---
src/main/java/com/zy/common/config/AdminInterceptor.java | 52 +++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/src/main/java/com/zy/common/config/AdminInterceptor.java b/src/main/java/com/zy/common/config/AdminInterceptor.java
index 04ca10f..2e28046 100644
--- a/src/main/java/com/zy/common/config/AdminInterceptor.java
+++ b/src/main/java/com/zy/common/config/AdminInterceptor.java
@@ -4,6 +4,10 @@
import com.core.annotations.ManagerAuth;
import com.core.common.BaseRes;
import com.core.common.Cools;
+import com.google.common.util.concurrent.RateLimiter;
+import com.zy.asrs.entity.ApiConfig;
+import com.zy.asrs.service.ApiConfigService;
+import com.zy.common.model.annotations.RateLimit;
import com.zy.common.utils.Http;
import com.zy.system.entity.Permission;
import com.zy.system.entity.RolePermission;
@@ -12,6 +16,7 @@
import com.zy.system.service.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
@@ -21,6 +26,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
+import java.util.concurrent.TimeUnit;
/**
* Created by vincent on 2019-06-13
@@ -28,6 +34,7 @@
@Component
public class AdminInterceptor extends HandlerInterceptorAdapter {
+ private final RateLimiter rateLimiter = RateLimiter.create(10);// 榛樿姣忕鏈�澶氬鐞� 10 涓姹�
@Value("${super.pwd}")
private String superPwd;
@Autowired
@@ -40,6 +47,8 @@
private PermissionService permissionService;
@Autowired
private RolePermissionService rolePermissionService;
+ @Autowired
+ private ApiConfigService apiConfigService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -47,14 +56,25 @@
if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) {
return true;
}
+ HandlerMethod handlerMethod = (HandlerMethod) handler;
+ Method method = handlerMethod.getMethod();
+ if (method.isAnnotationPresent(RateLimit.class)) {
+ RateLimit annotation = method.getAnnotation(RateLimit.class);
+ rateLimiter.setRate(annotation.value());
+ if (!rateLimiter.tryAcquire(annotation.value(), TimeUnit.SECONDS)) {
+ response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
+ return false;
+ }
+ }
+
// super璐﹀彿
String token = request.getHeader("token");
- if (token!=null) {
+ if (token != null) {
String deToken = Cools.deTokn(token, superPwd);
- if (deToken!=null){
+ if (deToken != null) {
long timestamp = Long.parseLong(deToken.substring(0, 13));
// 1澶╁悗杩囨湡
- if (System.currentTimeMillis() - timestamp > 86400000){
+ if (System.currentTimeMillis() - timestamp > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -66,14 +86,24 @@
}
// 璺ㄥ煙璁剧疆
// response.setHeader("Access-Control-Allow-Origin", "*");
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- Method method = handlerMethod.getMethod();
- if (method.isAnnotationPresent(ManagerAuth.class)){
+ if (method.isAnnotationPresent(ManagerAuth.class)) {
ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
- if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
+ if (annotation.value().equals(ManagerAuth.Auth.CHECK)) {
return check(request, response, annotation.memo());
}
}
+
+ //鍒ゆ柇璇锋眰璺緞鏄惁鍦ㄦ帴鍙i厤缃腑
+ String servletPath = request.getServletPath();
+ ApiConfig apiConfig = apiConfigService.selectByUrl(servletPath);
+ if (apiConfig != null) {
+ if (apiConfig.getStatus() == 1) {
+ //api琚鐢�
+ Http.response(response, BaseRes.LIMIT);
+ return false;
+ }
+ }
+
return true;
}
@@ -91,7 +121,7 @@
try {
String token = request.getHeader("token");
UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
- if (null == userLogin){
+ if (null == userLogin) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -99,7 +129,7 @@
String deToken = Cools.deTokn(token, user.getPassword());
long timestamp = Long.parseLong(deToken.substring(0, 13));
// 1澶╁悗杩囨湡
- if (System.currentTimeMillis() - timestamp > 86400000){
+ if (System.currentTimeMillis() - timestamp > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -118,7 +148,7 @@
request.setAttribute("userId", user.getId());
// request.setAttribute("operateLog", operateLog);
return true;
- } catch (Exception e){
+ } catch (Exception e) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -144,7 +174,7 @@
/**
* 璺ㄥ煙
*/
- private void cors(HttpServletResponse response){
+ private void cors(HttpServletResponse response) {
// 璺ㄥ煙璁剧疆
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
--
Gitblit v1.9.1