From 106ee2be900824cdaffb0abe2d9e4fc6d0bad202 Mon Sep 17 00:00:00 2001 From: suyiiyii Date: Sat, 24 Aug 2024 20:01:19 +0800 Subject: [PATCH] =?UTF-8?q?feat(auth):=20=E5=B0=86=E6=9D=83=E9=99=90?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=E4=BD=BF=E7=94=A8=E6=B3=A8=E8=A7=A3=E7=9A=84?= =?UTF-8?q?=E5=BD=A2=E5=BC=8F=E5=9B=BA=E5=AE=9A=E5=9C=A8=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E4=B8=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../top/suyiiyii/sims/common/AuthAccess.java | 1 + .../sims/common/InterceptorConfig.java | 2 - .../suyiiyii/sims/common/JwtInterceptor.java | 56 +++++++++++-------- .../sims/controller/HealthzController.java | 3 + .../sims/controller/HelloController.java | 10 +++- .../sims/controller/UserController.java | 4 +- 6 files changed, 49 insertions(+), 27 deletions(-) diff --git a/src/main/java/top/suyiiyii/sims/common/AuthAccess.java b/src/main/java/top/suyiiyii/sims/common/AuthAccess.java index 65ad38f..9ec5ccd 100644 --- a/src/main/java/top/suyiiyii/sims/common/AuthAccess.java +++ b/src/main/java/top/suyiiyii/sims/common/AuthAccess.java @@ -14,4 +14,5 @@ import java.lang.annotation.*; @Retention(RetentionPolicy.RUNTIME) @Documented public @interface AuthAccess { + String[] allowRoles() default {}; } diff --git a/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java b/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java index d57e47e..0332375 100644 --- a/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java +++ b/src/main/java/top/suyiiyii/sims/common/InterceptorConfig.java @@ -31,8 +31,6 @@ public class InterceptorConfig extends WebMvcConfigurationSupport { protected void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(jwtInterceptor) .addPathPatterns("/**") - .excludePathPatterns("/user/login") // 排除不需要验证的路径 - .excludePathPatterns("/user/register") .excludePathPatterns("/v3/api-docs/**"); // 注册AdminInterceptor,只拦截以admin/开头的路径 diff --git a/src/main/java/top/suyiiyii/sims/common/JwtInterceptor.java b/src/main/java/top/suyiiyii/sims/common/JwtInterceptor.java index ed198c6..4a93347 100644 --- a/src/main/java/top/suyiiyii/sims/common/JwtInterceptor.java +++ b/src/main/java/top/suyiiyii/sims/common/JwtInterceptor.java @@ -12,6 +12,8 @@ import top.suyiiyii.sims.exception.ServiceException; import top.suyiiyii.sims.mapper.MpUserMapper; import top.suyiiyii.sims.utils.JwtUtils; +import java.util.List; + /** * @Author tortoise * @Date 2024/8/12 11:33 @@ -26,8 +28,12 @@ public class JwtInterceptor implements HandlerInterceptor { @Autowired MpUserMapper userMapper; + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { + if ("/error".equals(request.getRequestURI())) { + return true; + } // 从 Authorization 头中获取 token String token = request.getHeader("Authorization"); if (token != null && token.startsWith("Bearer ")) { @@ -37,34 +43,40 @@ public class JwtInterceptor implements HandlerInterceptor { // 如果 Authorization 头中没有 token,则尝试从请求参数中获取 token = request.getParameter("token"); } + List allowRoles = null; // 如果不是映射到方法直接通过 if (handler instanceof HandlerMethod) { AuthAccess annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthAccess.class); if (annotation != null) { + allowRoles = List.of(annotation.allowRoles()); + } + } +// // 执行认证 +// if (StrUtil.isBlank(token)) { +// //权限错误 +// throw new ServiceException("401", "请登录"); +// } +// // 获取 token 中的 user id +// String userId = JwtUtils.extractUserId(token); +// if (userId == null) { +// throw new ServiceException("401", "请登录"); +// } +// +// User user = userMapper.selectById(Integer.parseInt(userId)); +// if (user == null) { +// throw new ServiceException("401", "请登录"); +// } +// // 验证 token 的有效性 +// if (!JwtUtils.verifyToken(token, user.getPassword())) { +// throw new ServiceException("401", "请登录"); +// } + // 验证token后,如果一切正常,将token存储到request的属性中 + request.setAttribute("token", token); + if (allowRoles != null && !allowRoles.isEmpty()) { + if (allowRoles.contains("guest")) { return true; } } - // 执行认证 - if (StrUtil.isBlank(token)) { - //权限错误 - throw new ServiceException("401", "请登录"); - } - // 获取 token 中的 user id - String userId= JwtUtils.extractUserId(token); - if (userId == null) { - throw new ServiceException("401", "请登录"); - } - - User user = userMapper.selectById(Integer.parseInt(userId)); - if (user == null) { - throw new ServiceException("401", "请登录"); - } - // 验证 token 的有效性 - if (!JwtUtils.verifyToken(token, user.getPassword())) { - throw new ServiceException("401", "请登录"); - } - // 验证token后,如果一切正常,将token存储到request的属性中 - request.setAttribute("token", token); - return true; + throw new ServiceException("403", "权限不足"); } } diff --git a/src/main/java/top/suyiiyii/sims/controller/HealthzController.java b/src/main/java/top/suyiiyii/sims/controller/HealthzController.java index e3724b2..34010a3 100644 --- a/src/main/java/top/suyiiyii/sims/controller/HealthzController.java +++ b/src/main/java/top/suyiiyii/sims/controller/HealthzController.java @@ -5,14 +5,17 @@ import lombok.Data; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; +import top.suyiiyii.sims.common.AuthAccess; @RestController public class HealthzController { + @AuthAccess(allowRoles = {"guest"}) @GetMapping("/healthz") public String healthz() { return "ok"; } + @AuthAccess(allowRoles = {"guest"}) @PostMapping("/healthz") public HealthzResponse healthzPost() { return new HealthzResponse("health"); diff --git a/src/main/java/top/suyiiyii/sims/controller/HelloController.java b/src/main/java/top/suyiiyii/sims/controller/HelloController.java index 9962cad..7d64513 100644 --- a/src/main/java/top/suyiiyii/sims/controller/HelloController.java +++ b/src/main/java/top/suyiiyii/sims/controller/HelloController.java @@ -3,6 +3,7 @@ package top.suyiiyii.sims.controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; +import top.suyiiyii.sims.common.AuthAccess; import top.suyiiyii.sims.common.Result; import java.util.List; @@ -10,15 +11,20 @@ import java.util.List; @RestController public class HelloController { + @AuthAccess(allowRoles = {"guest"}) @GetMapping("/hello") public String hello(String username) { return "Hello " + username; } + + @AuthAccess(allowRoles = {"guest"}) @PostMapping("/hello") - public List helloPost(String username , Integer age) { - List list = List.of(username,age.toString()); + public List helloPost(String username, Integer age) { + List list = List.of(username, age.toString()); return list; } + + @AuthAccess(allowRoles = {"guest"}) @GetMapping("/helloResult") public Result healthz() { return Result.success("Hello World"); diff --git a/src/main/java/top/suyiiyii/sims/controller/UserController.java b/src/main/java/top/suyiiyii/sims/controller/UserController.java index c9e0362..3f1a50d 100644 --- a/src/main/java/top/suyiiyii/sims/controller/UserController.java +++ b/src/main/java/top/suyiiyii/sims/controller/UserController.java @@ -38,7 +38,7 @@ public class UserController { RoleService roleService; - @AuthAccess + @AuthAccess(allowRoles = {"guest"}) @GetMapping("/") public Result hello() { @@ -46,6 +46,7 @@ public class UserController { } + @AuthAccess(allowRoles = {"guest"}) @PostMapping("/user/login") public Result login(@RequestBody LoginRequest request, HttpServletRequest httpServletRequest) { log.info("login request:{}", request); @@ -63,6 +64,7 @@ public class UserController { return Result.success(response); } + @AuthAccess(allowRoles = {"guest"}) @PostMapping("/user/register") public Result register(@RequestBody RegisterRequest request) { log.info("register request:{}", request);