| | |
|---|
| | | import io.jsonwebtoken.Claims; |
|---|
| | | import reactor.core.publisher.Mono; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 网关鉴权 |
|---|
| | | * |
|---|
| | | * @author admin |
|---|
| | | */ |
|---|
| | | @Component |
|---|
| | | public class AuthFilter implements GlobalFilter, Ordered |
|---|
| | | { |
|---|
| | | public class AuthFilter implements GlobalFilter, Ordered { |
|---|
| | | private static final Logger log = LoggerFactory.getLogger(AuthFilter.class); |
|---|
| | | |
|---|
| | | // 排除过滤的 uri 地址,nacos自行添加 |
|---|
| | |
|---|
| | | |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) |
|---|
| | | { |
|---|
| | | public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { |
|---|
| | | ServerHttpRequest request = exchange.getRequest(); |
|---|
| | | ServerHttpRequest.Builder mutate = request.mutate(); |
|---|
| | | |
|---|
| | | String url = request.getURI().getPath(); |
|---|
| | | // 跳过不需要验证的路径 |
|---|
| | | if (StringUtils.matches(url, ignoreWhite.getWhites())) |
|---|
| | | { |
|---|
| | | if (StringUtils.matches(url, ignoreWhite.getWhites())) { |
|---|
| | | return chain.filter(exchange); |
|---|
| | | } |
|---|
| | | String token = getToken(request); |
|---|
| | | if (StringUtils.isEmpty(token)) |
|---|
| | | { |
|---|
| | | if (StringUtils.isEmpty(token)) { |
|---|
| | | return unauthorizedResponse(exchange, "令牌不能为空"); |
|---|
| | | } |
|---|
| | | Claims claims = JwtUtils.parseToken(token); |
|---|
| | | if (claims == null) |
|---|
| | | { |
|---|
| | | if (claims == null) { |
|---|
| | | return unauthorizedResponse(exchange, "令牌已过期或验证不正确!"); |
|---|
| | | } |
|---|
| | | String userkey = JwtUtils.getUserKey(claims); |
|---|
| | | boolean islogin = redisService.hasKey(getTokenKey(userkey)); |
|---|
| | | if (!islogin) |
|---|
| | | { |
|---|
| | | if (!islogin) { |
|---|
| | | return unauthorizedResponse(exchange, "登录状态已过期"); |
|---|
| | | } |
|---|
| | | String userid = JwtUtils.getUserId(claims); |
|---|
| | | String username = JwtUtils.getUserName(claims); |
|---|
| | | if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) |
|---|
| | | { |
|---|
| | | if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) { |
|---|
| | | return unauthorizedResponse(exchange, "令牌验证失败"); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | return chain.filter(exchange.mutate().request(mutate.build()).build()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) |
|---|
| | | { |
|---|
| | | if (value == null) |
|---|
| | | { |
|---|
| | | private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) { |
|---|
| | | if (value == null) { |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | String valueStr = value.toString(); |
|---|
| | |
|---|
| | | mutate.header(name, valueEncode); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private void removeHeader(ServerHttpRequest.Builder mutate, String name) |
|---|
| | | { |
|---|
| | | private void removeHeader(ServerHttpRequest.Builder mutate, String name) { |
|---|
| | | mutate.headers(httpHeaders -> httpHeaders.remove(name)).build(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) |
|---|
| | | { |
|---|
| | | private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) { |
|---|
| | | log.error("[鉴权异常处理]请求路径:{}", exchange.getRequest().getPath()); |
|---|
| | | return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED); |
|---|
| | | } |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 获取缓存key |
|---|
| | | */ |
|---|
| | | private String getTokenKey(String token) |
|---|
| | | { |
|---|
| | | private String getTokenKey(String token) { |
|---|
| | | return CacheConstants.LOGIN_TOKEN_KEY + token; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取请求token |
|---|
| | | */ |
|---|
| | | private String getToken(ServerHttpRequest request) |
|---|
| | | { |
|---|
| | | String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION); |
|---|
| | | private String getToken(ServerHttpRequest req) { |
|---|
| | | HttpServletRequest request = (HttpServletRequest) req; |
|---|
| | | // 从header获取token标识 |
|---|
| | | String token = request.getHeader(TokenConstants.AUTHENTICATION); |
|---|
| | | |
|---|
| | | // 从url获取token标识 |
|---|
| | | if (StringUtils.isEmpty(token)) { |
|---|
| | | token = request.getParameter(TokenConstants.ACCESS_TOKEN); |
|---|
| | | } |
|---|
| | | if (StringUtils.isEmpty(token)) { |
|---|
| | | token = request.getParameter(TokenConstants.TOKEN); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 如果前端设置了令牌前缀,则裁剪掉前缀 |
|---|
| | | if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) { |
|---|
| | | token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY); |
|---|
| | | } |
|---|
| | | return token; |
|---|
| | | } |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public int getOrder() |
|---|
| | | { |
|---|
| | | public int getOrder() { |
|---|
| | | return -200; |
|---|
| | | } |
|---|
| | | } |
|---|
