package com.zy.common.config; import com.baomidou.mybatisplus.mapper.EntityWrapper; import com.core.annotations.ManagerAuth; import com.core.common.BaseRes; import com.core.common.Cools; import com.google.common.util.concurrent.RateLimiter; import com.zy.asrs.entity.ApiConfig; import com.zy.asrs.service.ApiConfigService; import com.zy.common.model.annotations.RateLimit; import com.zy.common.utils.Http; import com.zy.system.entity.Permission; import com.zy.system.entity.RolePermission; import com.zy.system.entity.User; import com.zy.system.entity.UserLogin; import com.zy.system.service.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpStatus; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; import java.util.concurrent.TimeUnit; /** * Created by vincent on 2019-06-13 */ @Component public class AdminInterceptor extends HandlerInterceptorAdapter { private final RateLimiter rateLimiter = RateLimiter.create(10);// 默认每秒最多处理 10 个请求 @Value("${super.pwd}") private String superPwd; @Autowired private UserService userService; @Autowired private UserLoginService userLoginService; @Autowired private OperateLogService operateLogService; @Autowired private PermissionService permissionService; @Autowired private RolePermissionService rolePermissionService; @Autowired private ApiConfigService apiConfigService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { cors(response); if (handler instanceof org.springframework.web.servlet.resource.ResourceHttpRequestHandler) { return true; } HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod(); if (method.isAnnotationPresent(RateLimit.class)) { RateLimit annotation = method.getAnnotation(RateLimit.class); rateLimiter.setRate(annotation.value()); if (!rateLimiter.tryAcquire(annotation.value(), TimeUnit.SECONDS)) { response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value()); return false; } } // super账号 String token = request.getHeader("token"); if (token != null) { String deToken = Cools.deTokn(token, superPwd); if (deToken != null) { long timestamp = Long.parseLong(deToken.substring(0, 13)); // 1天后过期 if (System.currentTimeMillis() - timestamp > 86400000) { Http.response(response, BaseRes.DENIED); return false; } if ("super".equals(deToken.substring(13))) { request.setAttribute("userId", 9527); return true; } } } // 跨域设置 // response.setHeader("Access-Control-Allow-Origin", "*"); if (method.isAnnotationPresent(ManagerAuth.class)) { ManagerAuth annotation = method.getAnnotation(ManagerAuth.class); if (annotation.value().equals(ManagerAuth.Auth.CHECK)) { return check(request, response, annotation.memo()); } } //判断请求路径是否在接口配置中 String servletPath = request.getServletPath(); ApiConfig apiConfig = apiConfigService.selectByUrl(servletPath); if (apiConfig != null) { if (apiConfig.getStatus() == 1) { //api被禁用 Http.response(response, BaseRes.LIMIT); return false; } } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) { // Object obj = request.getAttribute("operateLog"); // if (obj instanceof OperateLog) { // OperateLog operate = (OperateLog) obj; // operate.setResponse(String.valueOf(response.getStatus())); // operateLogService.insert(operate); // } } private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) { try { String token = request.getHeader("token"); UserLogin userLogin = userLoginService.selectOne(new EntityWrapper().eq("token", token)); if (null == userLogin) { Http.response(response, BaseRes.DENIED); return false; } User user = userService.selectById(userLogin.getUserId()); String deToken = Cools.deTokn(token, user.getPassword()); long timestamp = Long.parseLong(deToken.substring(0, 13)); // 1天后过期 if (System.currentTimeMillis() - timestamp > 86400000) { Http.response(response, BaseRes.DENIED); return false; } // 权限校验 if (!limit(request.getRequestURI(), user)) { Http.response(response, BaseRes.LIMIT); return false; } // 操作日志 // OperateLog operateLog = new OperateLog(); // operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo); // operateLog.setIp(request.getRemoteAddr()); // operateLog.setUserId(user.getId()); // operateLog.setRequest(JSON.toJSONString(request.getParameterMap())); // 请求缓存 request.setAttribute("userId", user.getId()); // request.setAttribute("operateLog", operateLog); return true; } catch (Exception e) { Http.response(response, BaseRes.DENIED); return false; } } /** * 权限拦截 * @return false:无权限; true:认证通过 */ private boolean limit(String action, User user) { Permission permission = new Permission(); permission.setAction(action); permission.setStatus((short) 1); Permission one = permissionService.selectOne(new EntityWrapper<>(permission)); if (!Cools.isEmpty(one)) { RolePermission rolePermission = rolePermissionService.selectOne(new EntityWrapper<>(new RolePermission(user.getRoleId(), permission.getId()))); return !Cools.isEmpty(rolePermission); } return true; } /** * 跨域 */ private void cors(HttpServletResponse response) { // 跨域设置 response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token"); response.setHeader("Access-Control-Expose-Headers", "*"); } }