package com.zy.common.config; import com.alibaba.fastjson.JSON; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.core.annotations.ManagerAuth; import com.core.common.BaseRes; import com.core.common.Cools; import com.zy.common.utils.Http; import com.zy.system.entity.*; import com.zy.system.service.*; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.lang.reflect.Method; import java.util.Date; import java.util.LinkedHashMap; import java.util.Map; /** * Created by vincent on 2019-06-13 */ @Component @Slf4j public class AdminInterceptor implements HandlerInterceptor { private static final String ATTR_USER_ID = "userId"; private static final String ATTR_OPERATE_LOG = "operateLog"; private static final Long SUPER_USER_ID = 9527L; @Value("${super.pwd}") private String superPwd; @Autowired private UserService userService; @Autowired private UserLoginService userLoginService; @Autowired private OperateLogService operateLogService; @Autowired private PermissionService permissionService; @Autowired private RolePermissionService rolePermissionService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { cors(response); if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) { return true; } ManagerAuth annotation = resolveManagerAuth(handler); boolean requiresCheck = annotation != null && annotation.value().equals(ManagerAuth.Auth.CHECK); // super账号 String token = request.getHeader("token"); if (token!=null) { String deToken = Cools.deTokn(token, superPwd); if (deToken!=null){ long timestamp = Long.parseLong(deToken.substring(0, 13)); // 1天后过期 if (System.currentTimeMillis() - timestamp > 86400000){ Http.response(response, BaseRes.DENIED); return false; } if ("super".equals(deToken.substring(13))) { request.setAttribute(ATTR_USER_ID, SUPER_USER_ID); if (requiresCheck) { cacheOperateLog(request, annotation.memo(), SUPER_USER_ID); } return true; } } } // 跨域设置 // response.setHeader("Access-Control-Allow-Origin", "*"); if (!(handler instanceof HandlerMethod)) { return true; } if (requiresCheck){ return check(request, response, annotation.memo()); } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) { Object obj = request.getAttribute(ATTR_OPERATE_LOG); if (!(obj instanceof OperateLog)) { return; } OperateLog operateLog = (OperateLog) obj; operateLog.setResponse(buildResponseContent(response, ex)); try { operateLogService.save(operateLog); } catch (Exception saveEx) { log.warn("保存操作日志失败, uri={}", request.getRequestURI(), saveEx); } } private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) { try { String token = request.getHeader("token"); UserLogin userLogin = userLoginService.getOne(new QueryWrapper().eq("token", token).eq("system_type", "WCS")); if (null == userLogin){ Http.response(response, BaseRes.DENIED); return false; } User user = userService.getById(userLogin.getUserId()); String deToken = Cools.deTokn(token, user.getPassword()); long timestamp = Long.parseLong(deToken.substring(0, 13)); // 1天后过期 if (System.currentTimeMillis() - timestamp > 86400000){ Http.response(response, BaseRes.DENIED); return false; } // 权限校验 if (!limit(request.getRequestURI(), user)) { Http.response(response, BaseRes.LIMIT); return false; } // 请求缓存 request.setAttribute(ATTR_USER_ID, user.getId()); cacheOperateLog(request, memo, user.getId()); return true; } catch (Exception e){ Http.response(response, BaseRes.DENIED); return false; } } /** * 权限拦截 * @return false:无权限; true:认证通过 */ private boolean limit(String action, User user) { Permission permission = new Permission(); permission.setAction(action); permission.setStatus((short) 1); Permission one = permissionService.getOne(new QueryWrapper<>(permission)); if (!Cools.isEmpty(one)) { RolePermission rolePermission = rolePermissionService.getOne(new QueryWrapper<>(new RolePermission(user.getRoleId(), permission.getId()))); return !Cools.isEmpty(rolePermission); } return true; } /** * 跨域 */ private void cors(HttpServletResponse response){ // 跨域设置 response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token,token,X-Lang,Accept-Language"); response.setHeader("Access-Control-Expose-Headers", "*"); } private ManagerAuth resolveManagerAuth(Object handler) { if (!(handler instanceof HandlerMethod)) { return null; } HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod(); if (!method.isAnnotationPresent(ManagerAuth.class)) { return null; } return method.getAnnotation(ManagerAuth.class); } private void cacheOperateLog(HttpServletRequest request, String memo, Long userId) { if (userId == null || request.getAttribute(ATTR_OPERATE_LOG) != null) { return; } OperateLog operateLog = new OperateLog(); operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo); operateLog.setIp(request.getRemoteAddr()); operateLog.setUserId(userId); operateLog.setRequest(JSON.toJSONString(request.getParameterMap())); operateLog.setCreateTime(new Date()); request.setAttribute(ATTR_OPERATE_LOG, operateLog); } private String buildResponseContent(HttpServletResponse response, Exception ex) { Map result = new LinkedHashMap<>(); result.put("status", response.getStatus()); if (ex != null) { result.put("error", ex.getClass().getName()); result.put("message", ex.getMessage()); } return JSON.toJSONString(result); } }