package com.moon.server.interceptor;
|
|
import com.alibaba.fastjson.JSON;
|
import com.moon.server.entity.all.HttpStatus;
|
import com.moon.server.entity.all.ResAuthEntity;
|
import com.moon.server.entity.all.ResponseMsg;
|
import com.moon.server.entity.all.StaticData;
|
import com.moon.server.entity.sys.TokenEntity;
|
import com.moon.server.entity.sys.UserEntity;
|
import com.moon.server.helper.StringHelper;
|
import com.moon.server.helper.WebHelper;
|
import com.moon.server.service.all.PermsService;
|
import com.moon.server.service.all.SysService;
|
import com.moon.server.service.sys.ResLogService;
|
|
import javax.annotation.Resource;
|
import javax.servlet.*;
|
import javax.servlet.annotation.WebFilter;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.util.List;
|
|
/**
|
* 代理过滤器
|
* @author WWW
|
* @date 2023-07-04
|
*/
|
@WebFilter(urlPatterns = {"/proxy/*"})
|
public class ProxyFilter implements Filter {
|
@Resource
|
private SysService sysService;
|
|
@Resource
|
private PermsService permsService;
|
|
@Resource
|
private ResLogService resLogService;
|
|
private final static int LEN = "/proxy/".length();
|
|
public static final String ILLEGAL_RESOURCE = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "没有资源访问权限"));
|
|
@Override
|
public void init(FilterConfig filterConfig) {
|
}
|
|
@Override
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
|
HttpServletRequest req = (HttpServletRequest) request;
|
HttpServletResponse res = (HttpServletResponse) response;
|
|
// 2.获取令牌
|
String token = getToken(req);
|
int resId = getResId(req.getRequestURI(), LEN + token.length() + 1);
|
if (!check(req, res, token, resId)) {
|
return;
|
}
|
|
insertLog(req, res);
|
}
|
|
@Override
|
public void destroy() {
|
}
|
|
/**
|
* 获取令牌
|
*/
|
private String getToken(HttpServletRequest req) {
|
return req.getRequestURI().substring(LEN, req.getRequestURI().indexOf("/", LEN));
|
}
|
|
/**
|
* 获取资源ID
|
*/
|
private int getResId(String uri, int start) {
|
int end = uri.indexOf("/", start);
|
String str = -1 == end ? uri.substring(start) : uri.substring(start, end);
|
|
return Integer.parseInt(str);
|
}
|
|
/**
|
* 检查
|
*/
|
private boolean check(HttpServletRequest req, HttpServletResponse res, String token, int resId) {
|
// 3.获取用户
|
UserEntity ue = sysService.tokenService.getUserByToken(token);
|
if (ue == null) {
|
return WebHelper.writeStr2Page(res, AuthInterceptor.NO_LOGIN);
|
}
|
|
// 4.获取IP
|
String ip = WebHelper.getIpAddress(req);
|
if (StringHelper.isEmpty(ip)) {
|
return WebHelper.writeStr2Page(res, AuthInterceptor.IP_NULL);
|
}
|
|
// 5.检查黑名单
|
if (!checkBlackList(ip, req)) {
|
return WebHelper.writeStr2Page(res, AuthInterceptor.BLACK_LIST);
|
}
|
|
// 9.检查资源权限
|
if (!checkResPerms(ue, resId)) {
|
return WebHelper.writeStr2Page(res, ILLEGAL_RESOURCE);
|
}
|
|
// 6.admin跳过权限检测
|
if (StaticData.ADMIN.equals(ue.getUid())) {
|
return true;
|
}
|
|
// 7.检查白名单
|
if (!checkWhiteList(ip, req)) {
|
// 检查IP一致性
|
if (!checkIpSource(ip, token)) {
|
return WebHelper.writeStr2Page(res, AuthInterceptor.ILLEGAL_TOKEN);
|
}
|
}
|
|
// 8.检查用户ID是否禁用
|
if (sysService.tokenService.isUidDisable(ue)) {
|
return WebHelper.writeStr2Page(res, AuthInterceptor.USER_LOCK);
|
}
|
|
return true;
|
}
|
|
/**
|
* 检查黑名单
|
*/
|
private boolean checkBlackList(String ip, HttpServletRequest request) {
|
List<String> blackList = sysService.blacklistService.selectIpList(1);
|
if (blackList == null || blackList.isEmpty()) {
|
return true;
|
}
|
if (blackList.contains(ip)) {
|
return false;
|
}
|
|
return true;
|
}
|
|
/**
|
* 检查白名单
|
*/
|
private boolean checkWhiteList(String ip, HttpServletRequest request) {
|
List<String> whiteList = sysService.blacklistService.selectIpList(2);
|
if (whiteList == null || whiteList.isEmpty()) {
|
return false;
|
}
|
|
return whiteList.contains(ip);
|
}
|
|
/**
|
* 检查IP一致性
|
*/
|
private boolean checkIpSource(String ip, String token) {
|
TokenEntity te = sysService.tokenService.getEntityByToken(token);
|
|
return te.getIp().equals(ip);
|
}
|
|
/**
|
* 检查资源权限
|
*/
|
private boolean checkResPerms(UserEntity ue, int resId) {
|
String uid = StaticData.ADMIN.equals(ue.getUid()) ? null : ue.getUid();
|
List<Integer> rs = permsService.selectResList(uid);
|
if (null == rs || rs.isEmpty()) {
|
return false;
|
}
|
|
return rs.contains(resId);
|
}
|
|
/**
|
* 插入日志
|
*/
|
private void insertLog(HttpServletRequest req, HttpServletResponse res) {
|
String ip = WebHelper.getIpAddress(req);
|
//log.info("uriOri={} rAddr={} rHost={} token={}", uriOri, addr, host, token);
|
}
|
}
|
