package com.moon.server.interceptor; import com.moon.server.entity.all.ResAuthEntity; import com.moon.server.entity.all.StaticData; import com.moon.server.entity.sys.TokenEntity; import com.moon.server.entity.sys.UserEntity; import com.moon.server.helper.StringHelper; import com.moon.server.helper.WebHelper; import com.moon.server.service.all.PermsService; import com.moon.server.service.all.SysService; import com.moon.server.service.sys.ResLogService; import javax.annotation.Resource; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.List; /** * 代理过滤器 * @author WWW * @date 2023-07-04 */ @WebFilter(urlPatterns = {"/proxy/*"}) public class ProxyFilter implements Filter { @Resource private SysService sysService; @Resource private PermsService permsService; @Resource private ResLogService resLogService; private final static int LEN = "/proxy/".length(); @Override public void init(FilterConfig filterConfig) { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String token = getToken(req); if (!check(req, res, token)) { return; } String uri = req.getRequestURI(); int resId = getResId(uri, LEN + token.length() + 1); // insertLog(req, res); } @Override public void destroy() { } /** * 获取令牌 */ private String getToken(HttpServletRequest req) { return req.getRequestURI().substring(LEN, req.getRequestURI().indexOf("/", LEN)); } /** * 获取资源ID */ private int getResId(String uri, int start) { int end = uri.indexOf("/", start); String str = -1 == end ? uri.substring(start) : uri.substring(start, end); return Integer.parseInt(str); } /** * 检查 */ private boolean check(HttpServletRequest req, HttpServletResponse res, String token) { // 3.获取用户 UserEntity ue = sysService.tokenService.getUserByToken(token); if (ue == null) { return WebHelper.writeStr2Page(res, AuthInterceptor.NO_LOGIN); } // 4.获取IP String ip = WebHelper.getIpAddress(req); if (StringHelper.isEmpty(ip)) { return WebHelper.writeStr2Page(res, AuthInterceptor.IP_NULL); } // 5.检查黑名单 if (!checkBlackList(ip, req)) { return WebHelper.writeStr2Page(res, AuthInterceptor.BLACK_LIST); } // 6.admin跳过权限检测 if (StaticData.ADMIN.equals(ue.getUid())) { return true; } // 7.检查白名单 if (!checkWhiteList(ip, req)) { // 检查IP一致性 if (!checkIpSource(ip, token)) { return WebHelper.writeStr2Page(res, AuthInterceptor.ILLEGAL_TOKEN); } } // 8.检查用户ID是否禁用 if (sysService.tokenService.isUidDisable(ue)) { return WebHelper.writeStr2Page(res, AuthInterceptor.USER_LOCK); } return true; } /** * 检查黑名单 */ private boolean checkBlackList(String ip, HttpServletRequest request) { List blackList = sysService.blacklistService.selectIpList(1); if (blackList == null || blackList.isEmpty()) { return true; } if (blackList.contains(ip)) { return false; } return true; } /** * 检查白名单 */ private boolean checkWhiteList(String ip, HttpServletRequest request) { List whiteList = sysService.blacklistService.selectIpList(2); if (whiteList == null || whiteList.isEmpty()) { return false; } return whiteList.contains(ip); } /** * 检查IP一致性 */ private boolean checkIpSource(String ip, String token) { TokenEntity te = sysService.tokenService.getEntityByToken(token); return te.getIp().equals(ip); } private boolean checkPerms(UserEntity ue, int resId){ String uid = StaticData.ADMIN.equals(ue.getUid()) ? null : ue.getUid(); List rs = permsService.selectRes(uid); return true; } /** * 插入日志 */ private void insertLog(HttpServletRequest req, HttpServletResponse res) { String ip = WebHelper.getIpAddress(req); //log.info("uriOri={} rAddr={} rHost={} token={}", uriOri, addr, host, token); } }