feat: License由网关控制
This commit is contained in:
caiyuchao
@@ -88,6 +88,12 @@
|
||||
<version>${springdoc.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-license</artifactId>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
||||
@@ -18,18 +18,18 @@ import org.wfc.common.core.utils.JwtUtils;
|
||||
import org.wfc.common.core.utils.MessageUtils;
|
||||
import org.wfc.common.core.utils.ServletUtils;
|
||||
import org.wfc.common.core.utils.StringUtils;
|
||||
import org.wfc.common.license.LicenseVerify;
|
||||
import org.wfc.common.redis.service.RedisService;
|
||||
import org.wfc.gateway.config.properties.IgnoreWhiteProperties;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
* 网关鉴权
|
||||
*
|
||||
*
|
||||
* @author wfc
|
||||
*/
|
||||
@Component
|
||||
public class AuthFilter implements GlobalFilter, Ordered
|
||||
{
|
||||
public class AuthFilter implements GlobalFilter, Ordered {
|
||||
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
|
||||
|
||||
// 排除过滤的 uri 地址,nacos自行添加
|
||||
@@ -40,42 +40,44 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
private RedisService redisService;
|
||||
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
|
||||
{
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
||||
ServerHttpRequest request = exchange.getRequest();
|
||||
ServerHttpRequest.Builder mutate = request.mutate();
|
||||
|
||||
LicenseVerify licenseVerify = new LicenseVerify();
|
||||
|
||||
// 校验license证书是否有效
|
||||
boolean verifyResult = licenseVerify.verify();
|
||||
if (!verifyResult) {
|
||||
log.error("验证失败,证书无效");
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("Your License is invalid"));
|
||||
}
|
||||
|
||||
String url = request.getURI().getPath();
|
||||
// 跳过不需要验证的路径
|
||||
if (StringUtils.matches(url, ignoreWhite.getWhites()))
|
||||
{
|
||||
if (StringUtils.matches(url, ignoreWhite.getWhites())) {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
String token = getToken(request);
|
||||
if (StringUtils.isEmpty(token))
|
||||
{
|
||||
if (StringUtils.isEmpty(token)) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.not.blank"));
|
||||
}
|
||||
Claims claims = JwtUtils.parseToken(token);
|
||||
if (claims == null)
|
||||
{
|
||||
if (claims == null) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.expired"));
|
||||
}
|
||||
String userkey = JwtUtils.getUserKey(claims);
|
||||
boolean islogin = redisService.hasKey(getTokenKey(userkey));
|
||||
if (!islogin)
|
||||
{
|
||||
if (!islogin) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.status.expired"));
|
||||
}
|
||||
String userid = JwtUtils.getUserId(claims);
|
||||
String username = JwtUtils.getUserName(claims);
|
||||
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
|
||||
{
|
||||
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.error"));
|
||||
}
|
||||
String platform = JwtUtils.getUserPlatform(claims);
|
||||
if ("user".equals(platform) && StringUtils.startsWith(url,"/system"))
|
||||
{
|
||||
if ("user".equals(platform) && StringUtils.startsWith(url, "/system")) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.user.portal.forbidden"));
|
||||
}
|
||||
// 设置用户信息到请求
|
||||
@@ -88,10 +90,8 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
return chain.filter(exchange.mutate().request(mutate.build()).build());
|
||||
}
|
||||
|
||||
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)
|
||||
{
|
||||
if (value == null)
|
||||
{
|
||||
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
|
||||
if (value == null) {
|
||||
return;
|
||||
}
|
||||
String valueStr = value.toString();
|
||||
@@ -99,13 +99,11 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
mutate.header(name, valueEncode);
|
||||
}
|
||||
|
||||
private void removeHeader(ServerHttpRequest.Builder mutate, String name)
|
||||
{
|
||||
private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
|
||||
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
|
||||
}
|
||||
|
||||
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg)
|
||||
{
|
||||
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
|
||||
log.error("[Authentication exception handling]Request path:{}, error message:{}", exchange.getRequest().getPath(), msg);
|
||||
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
@@ -113,28 +111,24 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
/**
|
||||
* 获取缓存key
|
||||
*/
|
||||
private String getTokenKey(String token)
|
||||
{
|
||||
private String getTokenKey(String token) {
|
||||
return CacheConstants.LOGIN_TOKEN_KEY + token;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取请求token
|
||||
*/
|
||||
private String getToken(ServerHttpRequest request)
|
||||
{
|
||||
private String getToken(ServerHttpRequest request) {
|
||||
String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER);
|
||||
// 如果前端设置了令牌前缀,则裁剪掉前缀
|
||||
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
|
||||
{
|
||||
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
|
||||
token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getOrder()
|
||||
{
|
||||
public int getOrder() {
|
||||
return -200;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user