| | |
|---|
| | | package com.moon.server.interceptor; |
|---|
| | | |
|---|
| | | import com.moon.server.entity.all.ResAuthEntity; |
|---|
| | | import com.alibaba.fastjson.JSON; |
|---|
| | | import com.moon.server.entity.all.HttpStatus; |
|---|
| | | import com.moon.server.entity.all.ResponseMsg; |
|---|
| | | import com.moon.server.entity.all.StaticData; |
|---|
| | | import com.moon.server.entity.sys.ResLogEntity; |
|---|
| | | import com.moon.server.entity.sys.TokenEntity; |
|---|
| | | import com.moon.server.entity.sys.UserEntity; |
|---|
| | | import com.moon.server.helper.StringHelper; |
|---|
| | |
|---|
| | | |
|---|
| | | private final static int LEN = "/proxy/".length(); |
|---|
| | | |
|---|
| | | public static final String ILLEGAL_RESOURCE = JSON.toJSONString(new ResponseMsg<String>(HttpStatus.UNAUTHORIZED, "没有资源访问权限")); |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public void init(FilterConfig filterConfig) { |
|---|
| | | } |
|---|
| | |
|---|
| | | HttpServletRequest req = (HttpServletRequest) request; |
|---|
| | | HttpServletResponse res = (HttpServletResponse) response; |
|---|
| | | |
|---|
| | | // 2.获取令牌 |
|---|
| | | String token = getToken(req); |
|---|
| | | if (!check(req, res, token)) { |
|---|
| | | |
|---|
| | | // 3.获取用户 |
|---|
| | | UserEntity ue = getUser(res, token); |
|---|
| | | if (null == ue) { |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | String uri = req.getRequestURI(); |
|---|
| | | int resId = getResId(uri, LEN + token.length() + 1); |
|---|
| | | int resId = getResId(req.getRequestURI(), LEN + token.length() + 1); |
|---|
| | | if (!check(req, res, ue, token, resId)) { |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // |
|---|
| | | insertLog(req, res); |
|---|
| | | insertLog(req, ue, resId); |
|---|
| | | } |
|---|
| | | |
|---|
| | | @Override |
|---|
| | |
|---|
| | | */ |
|---|
| | | private String getToken(HttpServletRequest req) { |
|---|
| | | return req.getRequestURI().substring(LEN, req.getRequestURI().indexOf("/", LEN)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取用户 |
|---|
| | | */ |
|---|
| | | private UserEntity getUser(HttpServletResponse res, String token) { |
|---|
| | | UserEntity ue = sysService.tokenService.getUserByToken(token); |
|---|
| | | if (ue == null) { |
|---|
| | | WebHelper.writeStr2Page(res, AuthInterceptor.NO_LOGIN); |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return ue; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 检查 |
|---|
| | | */ |
|---|
| | | private boolean check(HttpServletRequest req, HttpServletResponse res, String token) { |
|---|
| | | // 3.获取用户 |
|---|
| | | UserEntity ue = sysService.tokenService.getUserByToken(token); |
|---|
| | | if (ue == null) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.NO_LOGIN); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private boolean check(HttpServletRequest req, HttpServletResponse res, UserEntity ue, String token, int resId) { |
|---|
| | | // 4.获取IP |
|---|
| | | String ip = WebHelper.getIpAddress(req); |
|---|
| | | if (StringHelper.isEmpty(ip)) { |
|---|
| | |
|---|
| | | // 5.检查黑名单 |
|---|
| | | if (!checkBlackList(ip, req)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.BLACK_LIST); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 9.检查资源权限 |
|---|
| | | if (!checkResPerms(ue, resId)) { |
|---|
| | | return WebHelper.writeStr2Page(res, ILLEGAL_RESOURCE); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 6.admin跳过权限检测 |
|---|
| | |
|---|
| | | return te.getIp().equals(ip); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private boolean checkPerms(UserEntity ue, int resId){ |
|---|
| | | /** |
|---|
| | | * 检查资源权限 |
|---|
| | | */ |
|---|
| | | private boolean checkResPerms(UserEntity ue, int resId) { |
|---|
| | | String uid = StaticData.ADMIN.equals(ue.getUid()) ? null : ue.getUid(); |
|---|
| | | List<ResAuthEntity> rs = permsService.selectRes(uid); |
|---|
| | | List<Integer> rs = permsService.selectResList(uid); |
|---|
| | | if (null == rs || rs.isEmpty()) { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return true; |
|---|
| | | return rs.contains(resId); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 插入日志 |
|---|
| | | */ |
|---|
| | | private void insertLog(HttpServletRequest req, HttpServletResponse res) { |
|---|
| | | private void insertLog(HttpServletRequest req, UserEntity ue, int resId) { |
|---|
| | | String ip = WebHelper.getIpAddress(req); |
|---|
| | | //log.info("uriOri={} rAddr={} rHost={} token={}", uriOri, addr, host, token); |
|---|
| | | |
|---|
| | | ResLogEntity entity = new ResLogEntity(); |
|---|
| | | entity.setResid(resId); |
|---|
| | | entity.setType(getRequestType(req.getMethod())); |
|---|
| | | entity.setIp(ip); |
|---|
| | | entity.setUrl(req.getRequestURL().toString()); |
|---|
| | | entity.setCreateUser(ue.getId()); |
|---|
| | | |
|---|
| | | resLogService.insert(entity); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取请求类别 |
|---|
| | | */ |
|---|
| | | private int getRequestType(String method) { |
|---|
| | | // 请求类:1-GET,2-POST,3-PUT,4-DELETE,5-TRACE,6-HEAD,7-OPTIONS,8-CONNECT'; |
|---|
| | | switch (method) { |
|---|
| | | case "GET": |
|---|
| | | return 1; |
|---|
| | | case "POST": |
|---|
| | | return 2; |
|---|
| | | case "PUT": |
|---|
| | | return 3; |
|---|
| | | case "DELETE": |
|---|
| | | return 4; |
|---|
| | | case "TRACE": |
|---|
| | | return 5; |
|---|
| | | case "HEAD": |
|---|
| | | return 6; |
|---|
| | | case "OPTIONS": |
|---|
| | | return 7; |
|---|
| | | case "CONNECT": |
|---|
| | | return 8; |
|---|
| | | default: |
|---|
| | | return -1; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
