| | |
|---|
| | | import com.moon.server.entity.all.HttpStatus; |
|---|
| | | import com.moon.server.entity.all.ResponseMsg; |
|---|
| | | import com.moon.server.entity.all.StaticData; |
|---|
| | | import com.moon.server.entity.sys.ResEntity; |
|---|
| | | import com.moon.server.entity.sys.ResLogEntity; |
|---|
| | | import com.moon.server.entity.sys.TokenEntity; |
|---|
| | | import com.moon.server.entity.sys.UserEntity; |
|---|
| | | import com.moon.server.helper.AsyncHelper; |
|---|
| | | import com.moon.server.helper.HttpHelper; |
|---|
| | | import com.moon.server.helper.StringHelper; |
|---|
| | | import com.moon.server.helper.WebHelper; |
|---|
| | | import com.moon.server.service.all.PermsService; |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | int resId = getResId(req.getRequestURI(), LEN + token.length() + 1); |
|---|
| | | if (!check(req, res, ue, token, resId)) { |
|---|
| | | if (!check(req, res, ue, token)) { |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 9.获取资源实体 |
|---|
| | | ResEntity entity = getResEntity(ue, resId); |
|---|
| | | if (null == entity) { |
|---|
| | | WebHelper.writeStr2Page(res, ILLEGAL_RESOURCE); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | insertLog(req, ue, resId); |
|---|
| | | String url = getSourceUrl(req, entity); |
|---|
| | | proxy(req, res, url); |
|---|
| | | } catch (Exception ex) { |
|---|
| | | log.error(ex.getMessage(), ex); |
|---|
| | | } |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 检查 |
|---|
| | | */ |
|---|
| | | private boolean check(HttpServletRequest req, HttpServletResponse res, UserEntity ue, String token, int resId) { |
|---|
| | | private boolean check(HttpServletRequest req, HttpServletResponse res, UserEntity ue, String token) { |
|---|
| | | // 4.获取IP |
|---|
| | | String ip = WebHelper.getIpAddress(req); |
|---|
| | | if (StringHelper.isEmpty(ip)) { |
|---|
| | |
|---|
| | | // 5.检查黑名单 |
|---|
| | | if (!checkBlackList(ip, req)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.BLACK_LIST); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 9.检查资源权限 |
|---|
| | | if (!checkResPerms(ue, resId)) { |
|---|
| | | return WebHelper.writeStr2Page(res, ILLEGAL_RESOURCE); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 6.admin跳过权限检测 |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 检查资源权限 |
|---|
| | | */ |
|---|
| | | private boolean checkResPerms(UserEntity ue, int resId) { |
|---|
| | | private ResEntity getResEntity(UserEntity ue, int resId) { |
|---|
| | | String uid = StaticData.ADMIN.equals(ue.getUid()) ? null : ue.getUid(); |
|---|
| | | List<Integer> rs = permsService.selectResList(uid); |
|---|
| | | List<ResEntity> rs = permsService.selectResList(uid); |
|---|
| | | if (null == rs || rs.isEmpty()) { |
|---|
| | | return false; |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return rs.contains(resId); |
|---|
| | | // List<ResEntity> list = rs.stream().filter(resEntity -> resEntity.getId() == resId).collect(Collectors.toList()); |
|---|
| | | for (ResEntity entity : rs) { |
|---|
| | | if (resId == entity.getId()) { |
|---|
| | | return entity; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | return -1; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取原始Url |
|---|
| | | */ |
|---|
| | | private String getSourceUrl(HttpServletRequest req, ResEntity entity) { |
|---|
| | | |
|---|
| | | return ""; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 代理服务 |
|---|
| | | */ |
|---|
| | | private void proxy(HttpServletRequest request, HttpServletResponse response, String url) throws Exception { |
|---|
| | | HttpHelper httpHelper = new HttpHelper(); |
|---|
| | | httpHelper.service(request, response, url, null); |
|---|
| | | } |
|---|
| | | } |
|---|
