package com.terra.proxy.util;
|
|
import cn.hutool.core.codec.Base64;
|
import com.alibaba.fastjson.JSON;
|
import com.alibaba.fastjson.JSONObject;
|
import com.terra.proxy.bean.CustomerToken;
|
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.ExpiredJwtException;
|
import io.jsonwebtoken.Jwts;
|
import org.apache.commons.lang3.StringUtils;
|
import org.apache.http.HttpStatus;
|
|
import java.util.Date;
|
import java.util.Map;
|
|
public class TokenUtils {
|
// token密钥
|
private static String secret = "f4e2e52034348f86b67cde581c0f9eb5[lanbase]";
|
|
public static CustomerToken decToken(String token) throws Exception {
|
// 校验token
|
if (StringUtils.isBlank(token)) {
|
throw new Exception("未传入token");
|
}
|
|
Claims claims;
|
try {
|
claims = getClaimByToken(token);
|
} catch (ExpiredJwtException e) {
|
throw new Exception("token已过期");
|
} catch (Exception e) {
|
// e.printStackTrace();
|
throw new Exception("token无效");
|
}
|
if (claims == null) {
|
|
throw new Exception("无效的token");
|
}
|
if (isTokenExpired(claims.getExpiration())) {
|
throw new Exception("token已失效");
|
}
|
String msg = claims.getSubject();
|
|
CustomerToken cutToken = CustomerToken.fromString(msg);
|
return cutToken;
|
}
|
|
public static Result validate(CustomerToken cutToken, String clientIp,
|
String refererUrl) {
|
Result r;
|
if (cutToken.getIsPubzy()) {
|
r = Result.ok(cutToken.getSubzyids());
|
} else {
|
String appId = cutToken.getAppId();
|
// 无appId属通过浏览器直接访问的情况:校验 clientIp 与 Token里面的IP地址是否匹配,
|
if (StringUtils.isBlank(appId) || StringUtils.equals("0", appId)) {
|
// TODO
|
} else {
|
if (!clientIp.equalsIgnoreCase((String) cutToken.getClientIp())) {
|
if (StringUtils.isBlank(refererUrl)
|
|| !refererUrl
|
.startsWith((String) cutToken.getAppUrl())) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的应用系统");
|
}
|
}
|
}
|
}
|
|
r = Result.ok(cutToken.getSubzyids());
|
return r;
|
}
|
|
/**
|
* 验证token
|
*
|
* @param token
|
* @param requestUrl
|
* @param clientIp
|
* @param refererUrl
|
* @return
|
*/
|
public static Result tokenValidate(String token, String requestUrl,
|
String clientIp, String refererUrl) {
|
if (StringUtils.isBlank(token)) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "未传入token");
|
}
|
Claims claims;
|
try {
|
claims = getClaimByToken(token);
|
} catch (ExpiredJwtException e) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "token已过期");
|
} catch (Exception e) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "token无效");
|
}
|
if (claims == null) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "无效的token");
|
}
|
if (isTokenExpired(claims.getExpiration())) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "token已失效");
|
}
|
String msg = claims.getSubject();
|
Map<String, Object> map = JSON.parseObject(msg);
|
if (StringUtils.isNotBlank(clientIp)) {
|
if (!clientIp.equalsIgnoreCase((String) map.get("clientIp"))) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的客户端");
|
}
|
if (StringUtils.isBlank(requestUrl)
|
|| !requestUrl.startsWith((String) map.get("resourceUrl"))) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "无权限访问请求的资源");
|
}
|
} else {
|
if (StringUtils.isBlank(refererUrl)
|
|| !refererUrl.startsWith((String) map.get("appUrl"))) {
|
return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的应用系统");
|
}
|
}
|
|
Result r = Result.ok(msg);
|
return r;
|
}
|
|
/**
|
* token是否过期
|
*
|
* @param expiration
|
* @return
|
*/
|
public static boolean isTokenExpired(Date expiration) {
|
return expiration.before(new Date());
|
}
|
|
/**
|
* 解析token
|
*
|
* @param token
|
* @return
|
*/
|
public static Claims getClaimByToken(String token) {
|
try {
|
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
|
} catch (Exception e) {
|
return null;
|
}
|
}
|
|
/**
|
* 解析token
|
*
|
* @param token
|
* @return
|
*/
|
public static CustomerToken getTokenInfo(String token) {
|
try {
|
String[] array = token.split("\\.");
|
String t = Base64.decodeStr(array[1]);
|
JSONObject jobj = JSONObject.parseObject(t, JSONObject.class);
|
CustomerToken cutToken = CustomerToken.fromString(jobj.getString("sub"));
|
return cutToken;
|
|
} catch (Exception e) {
|
return null;
|
}
|
}
|
|
public static void main(String[] args) {
|
CustomerToken tokenInfo1 = getTokenInfo("eyJ0eXBlIjoiSldUIiwiYWxnIjoiSFM1MTIifQ.eyJzdWIiOiJzZXJ2ZGwiLCJpYXQiOjE2MTU1MzE4NTksImV4cCI6MTY0NjYzNTg1OX0.eSGL-W5p76mjs9rvecxvXqE-BSy1MFcUyIcAFjwTw4ZMV70COlNwf-p-I3HmeVAG6IFZuwwKGdDv6H7NtMTBWw");
|
System.out.println(tokenInfo1);
|
|
}
|
}
|
