1

13693261870

2024-11-11 fee67ca8a0760315047a52fc4101a8f4f80b7a7f

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package com.moon.server.interceptor;
 
import com.alibaba.fastjson.JSON;
import com.moon.server.entity.all.HttpStatus;
import com.moon.server.entity.all.ResponseMsg;
import com.moon.server.entity.sys.TokenEntity;
import com.moon.server.entity.sys.UserEntity;
import com.moon.server.helper.StringHelper;
import com.moon.server.helper.WebHelper;
import com.moon.server.service.all.SysService;
import com.moon.server.entity.all.StaticData;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
 
@SuppressWarnings("ALL")
@Configuration
public class AuthInterceptor implements HandlerInterceptor {
    private final SysService sysService;
 
    private static final Log log = LogFactory.getLog(AuthInterceptor.class);
 
    public static final String NO_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.TOKEN_ERROR, "找不到令牌"));
 
    public static final String NO_LOGIN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_LOGIN_ERROR, "用户未登录"));
 
    public static final String USER_LOCK = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.USER_LOCK_ERROR, "用户ID已禁用"));
 
    public static final String NO_AUTH = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.NO_AUTH_ERROR, "无权限访问"));
 
    public static final String IP_NULL = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "IP地址为空"));
 
    public static final String BLACK_LIST = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "IP列入黑名单"));
 
    public static final String ILLEGAL_TOKEN = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "令牌来源非法"));
 
    public AuthInterceptor(SysService sysService) {
        this.sysService = sysService;
    }
 
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        // noinspection AlibabaRemoveCommentedCode
        try {
            if (!(handler instanceof HandlerMethod) || noNeedAuth(request)) {
                return true;
            }
 
            String token = WebHelper.getToken(request);
            if (StringHelper.isNull(token)) {
                return WebHelper.writeStr2Page(response, NO_TOKEN);
            }
 
            UserEntity ue = sysService.tokenService.getUserByToken(token);
            if (ue == null) {
                return WebHelper.writeStr2Page(response, NO_LOGIN);
            }
 
            String ip = WebHelper.getIpAddress(request);
            if (StringHelper.isEmpty(ip)) {
                return WebHelper.writeStr2Page(response, IP_NULL);
            }
 
            if (!checkBlackList(ip, request)) {
                return WebHelper.writeStr2Page(response, BLACK_LIST);
            }
 
            if (StaticData.ADMIN.equals(ue.getUid())) {
                return true;
            }
 
            if (!checkWhiteList(ip, request)) {
                if (!checkIpSource(ip, token)) {
                    return WebHelper.writeStr2Page(response, ILLEGAL_TOKEN);
                }
            }
 
            if (sysService.tokenService.isUidDisable(ue)) {
                return WebHelper.writeStr2Page(response, USER_LOCK);
            }
 
            if (!checkPerms(ue, request)) {
                System.out.println("无权限访问：" + request.getRequestURI().toLowerCase());
                return WebHelper.writeStr2Page(response, NO_AUTH);
            }
 
            return true;
        } catch (Exception ex) {
            log.error(ex.getMessage(), ex);
            return false;
        }
    }
 
    private static boolean noNeedAuth(HttpServletRequest request) {
        String uri = request.getRequestURI().toLowerCase();
        for (String page : StaticData.EXCLUDE_PATH) {
            if (uri.contains(page)) {
                return true;
            }
        }
 
        return false;
    }
 
    private boolean checkPerms(UserEntity ue, HttpServletRequest request) {
        List<String> list = sysService.permsService.selectPerms(ue.getUid());
        if (list == null || list.size() == 0) {
            return false;
        }
 
        String url = request.getRequestURI();
        for (String perm : list) {
            if (url.contains(perm)) {
                return true;
            }
        }
 
        return false;
    }
 
    private boolean checkBlackList(String ip, HttpServletRequest request) {
        List<String> blackList = sysService.blacklistService.selectIpList(1);
        if (blackList == null || blackList.isEmpty()) {
            return true;
        }
        if (blackList.contains(ip)) {
            return false;
        }
 
        return true;
    }
 
    private boolean checkWhiteList(String ip, HttpServletRequest request) {
        List<String> whiteList = sysService.blacklistService.selectIpList(2);
        if (whiteList == null || whiteList.isEmpty()) {
            return false;
        }
 
        return whiteList.contains(ip);
    }
 
    private boolean checkIpSource(String ip, String token) {
        TokenEntity te = sysService.tokenService.getEntityByToken(token);
 
        return StaticData.I1 == te.getType() || te.getIp().equals(ip);
    }
}