app 用户登录用户注册

新增登录过滤器仅对app作用
2024-03-28 10:59:15 +08:00
parent 57dc6be120
commit 09e29ca20b
10 changed files with 451 additions and 119 deletions
--- a/src/main/java/com/chaozhanggui/system/cashierservice/auth/LoginFilter.java
+++ b/src/main/java/com/chaozhanggui/system/cashierservice/auth/LoginFilter.java
@@ -0,0 +1,127 @@
+package com.chaozhanggui.system.cashierservice.auth;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.chaozhanggui.system.cashierservice.redis.RedisCst;
+import com.chaozhanggui.system.cashierservice.redis.RedisUtil;
+import com.chaozhanggui.system.cashierservice.sign.CodeEnum;
+import com.chaozhanggui.system.cashierservice.sign.Result;
+import com.chaozhanggui.system.cashierservice.util.TokenUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 登录的拦截器
+ * 目前仅限APP使用
+ */
+@Slf4j
+@Component
+@WebFilter(filterName = "LoginFilter", urlPatterns = "/*")
+public class LoginFilter implements Filter {
+
+    /**
+     * 不登录就可以访问的接口
+     */
+    private static final List<String> NOT_LOGIN_URL = Arrays.asList(
+            // 忽略静态资源
+            "css/**",
+            "js/**",
+            "cashierService/phoneValidateCode",//验证码
+            "cashierService/login/**"//登录部分接口不校验
+    );
+
+    @Autowired
+    private RedisUtil redisUtil;
+
+    /**
+     * 登陆过滤器具体实现
+     */
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) resp;
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json; charset=utf-8");
+        // OPTIONS请求类型不做校验
+        if (request.getMethod().equalsIgnoreCase("OPTIONS")) {
+            chain.doFilter(req, resp);
+            return;
+        }
+        // 获取请求地址
+        String url = request.getRequestURI();
+        // 不需要授权的接口直接访问的地址
+        if (containsUrl(NOT_LOGIN_URL, url)) {
+            chain.doFilter(req, resp);
+            return;
+        }
+        String environment = request.getHeader("environment");
+        //token校验目前只对app生效
+        if(!environment.equals("app")){
+            chain.doFilter(req, resp);
+            return;
+        }
+        // 判断用户TOKEN是否存在
+        String token = request.getHeader("token");
+        if (StringUtils.isBlank(token)) {
+            Result result  = new Result(CodeEnum.TOKEN_EXEIST);
+            String jsonString = JSONObject.toJSONString(result);
+            JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
+            response.getWriter().print(jsonObject);
+            response.getWriter().flush();//流里边的缓存刷出
+            return;
+        }
+        //获取当前登录人的用户id
+        String loginName = TokenUtil.parseParamFromToken(token, "userId").toString();
+        //获取redis中的token
+        String message = redisUtil.getMessage(RedisCst.ONLINE_APP_USER.concat(loginName));
+        if(StringUtils.isBlank(message)){
+            Result result  = new Result(CodeEnum.TOKEN_EXPIRED);
+            String jsonString = JSONObject.toJSONString(result);
+            JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
+            response.getWriter().print(jsonObject);
+            response.getWriter().flush();//流里边的缓存刷出
+            return;
+        }
+        String redisToken = JSON.parseObject(message).getString("token");
+        if (!token.equals(redisToken)) {
+            Result result  = new Result(CodeEnum.TOKEN_EXPIRED);
+            String jsonString = JSONObject.toJSONString(result);
+            JSONObject jsonObject = JSONObject.parseObject(jsonString, JSONObject.class);
+            response.getWriter().print(jsonObject);
+            response.getWriter().flush();//流里边的缓存刷出
+            return;
+        }
+        chain.doFilter(req, resp);
+    }
+
+    /**
+     * 判断url请求是否配置在urls列表中
+     */
+    private boolean containsUrl(List<String> urls, String url) {
+        if (urls == null || urls.isEmpty()) {
+            return false;
+        }
+        for (String s : urls) {
+            if (s.endsWith("**")) {
+                if (url.startsWith("/" + s.substring(0, s.length() - 2))) {
+                    return true;
+                }
+            } else {
+                if (url.equals("/" + s)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+}