|
|
@@ -5,6 +5,7 @@ import com.alibaba.fastjson.JSON;
|
|
|
import com.txz.cif.dto.UserDTO;
|
|
|
import com.txz.operating.dto.InterfacesDTO;
|
|
|
import com.txz.operating.result.Result;
|
|
|
+import com.txz.project.core.ResultGenerator;
|
|
|
import com.txz.project.dubbo.client.OperatingInterfacesDubboServiceClient;
|
|
|
import com.txz.project.dubbo.client.UserDubboServiceClient;
|
|
|
import com.txz.project.util.I18nUtil;
|
|
|
@@ -43,43 +44,45 @@ import java.util.List;
|
|
|
|
|
|
@Component
|
|
|
public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
-
|
|
|
+
|
|
|
private static Logger log = LoggerFactory.getLogger(AccessGlobalFilter.class);
|
|
|
-
|
|
|
+
|
|
|
// 自定义请求头名称,用于传递用户ID和操作者ID
|
|
|
private static final String X_CLIENT_TOKEN_USERID = "x-client-token-userId";
|
|
|
private static final String X_CLIENT_TOKEN_OPERATORID = "x-client-token-operatorId";
|
|
|
-
|
|
|
+
|
|
|
// Bearer token 前缀
|
|
|
private static final String BEARER = "Bearer ";
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* jwt token 密钥,主要用于token解析,签名验证
|
|
|
*/
|
|
|
@Value("${spring.security.oauth2.jwt.signingKey}")
|
|
|
private static String signingKey = "txz123456"; // 默认签名密钥,用于JWT token的解析和验证
|
|
|
-
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
@Value("${signature}")
|
|
|
private String signature; // 是否启用签名的配置
|
|
|
-
|
|
|
+
|
|
|
@Value("${pub.secret}")
|
|
|
private String pubSecret; // 公钥密钥,用于签名验证
|
|
|
-
|
|
|
+
|
|
|
@Value("${interfaces.switch}")
|
|
|
private String interfacesSwitch; // 接口开关配置,控制是否启用接口访问控制
|
|
|
-
|
|
|
+
|
|
|
@Resource
|
|
|
private UserDubboServiceClient userDubboServiceClient; // 用户服务客户端,用于调用用户相关服务
|
|
|
-
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
@Resource
|
|
|
private OperatingInterfacesDubboServiceClient operatingInterfacesDubboServiceClient; // 接口服务客户端,用于获取接口配置信息
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* 网关过滤器核心方法,处理每个进入网关的请求
|
|
|
+ *
|
|
|
* @param exchange 当前请求的上下文信息
|
|
|
- * @param chain 网关过滤器链
|
|
|
+ * @param chain 网关过滤器链
|
|
|
+ *
|
|
|
* @return 处理结果
|
|
|
*/
|
|
|
@Override
|
|
|
@@ -93,11 +96,11 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
|
|
|
try {
|
|
|
// 如果是Swagger文档请求,直接放行
|
|
|
- if (StrUtil.endWith(servicePath,"/v3/api-docs")){
|
|
|
+ if (StrUtil.endWith(servicePath, "/v3/api-docs")) {
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
// 如果接口开关关闭,直接放行
|
|
|
- if (StrUtil.equals("off",interfacesSwitch)){
|
|
|
+ if (StrUtil.equals("off", interfacesSwitch)) {
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
|
|
|
@@ -105,7 +108,7 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
Result<InterfacesDTO> interfacesDTOResult = operatingInterfacesDubboServiceClient.detailForGateway(servicePath);
|
|
|
if (!StringUtils.equals("200", interfacesDTOResult.getCode())) {
|
|
|
// 接口不存在,返回错误信息
|
|
|
- return writeErrorResponse(response, "{\"code\":\"512\",\"message\":\"gateway Access Filter - unknown interfaces :"+servicePath+"\"}");
|
|
|
+ return writeErrorResponse(response, "{\"code\":\"512\",\"message\":\"gateway Access Filter - unknown interfaces :" + servicePath + "\"}");
|
|
|
}
|
|
|
|
|
|
InterfacesDTO interfacesDTO = interfacesDTOResult.getData();
|
|
|
@@ -113,24 +116,39 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
if (interfacesDTO.getStatus() != 1) {
|
|
|
return writeErrorResponse(response, "{\"code\":\"513\",\"message\":\"gateway Access Filter - interfaces status is error\"}");
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
if (interfacesDTO.getAuthorizeType() == 1) {
|
|
|
// 登录拦截
|
|
|
- Triple<Boolean, String, String> tripleUser = getUserIdFromToken(token,request);
|
|
|
- if(tripleUser.getLeft() == false) {
|
|
|
+ Triple<Boolean, String, String> tripleUser = getUserIdFromToken(token, request);
|
|
|
+ if (tripleUser.getLeft() == false) {
|
|
|
log.warn("登录认证失败,请求接口:{},请求IP:{},请求token:{},请求参数:{}", request.getURI().getPath(),
|
|
|
getIpAddress(request), token, JSON.toJSONString(request.getQueryParams()));
|
|
|
return writeErrorResponse(response, "{\"code\":\"598\",\"message\":\"gateway Access Filter - login validate is false\"}");
|
|
|
}
|
|
|
|
|
|
UserDTO user = userDubboServiceClient.getUser(Long.parseLong(tripleUser.getMiddle()));
|
|
|
- if (user == null){
|
|
|
+ if (user == null) {
|
|
|
return writeErrorResponse(response, "{\"code\":\"597\",\"message\":\"gateway Access Filter - user is null\"}");
|
|
|
}
|
|
|
- if (user.getStatus() != 1){
|
|
|
+ if (user.getStatus() != 1) {
|
|
|
return writeErrorResponse(response, "{\"code\":\"596\",\"message\":\"gateway Access Filter - user status is error\"}");
|
|
|
}
|
|
|
|
|
|
+ // 禁止登录
|
|
|
+ if (user.getHasLogin() != 1) {
|
|
|
+ return writeErrorResponse(response, "{\"code\":\"1062\",\"data\":null,\"message\":\"用户状态异常,请联系管理员\"}");
|
|
|
+ }
|
|
|
+
|
|
|
+ // 禁止下单
|
|
|
+ if (servicePath.equals("/mall/app/order/add") && user.getHasOrder() != 1) {
|
|
|
+ return writeErrorResponse(response, "{\"code\":\"1062\",\"data\":null,\"message\":\"用户状态异常,请联系管理员\"}");
|
|
|
+ }
|
|
|
+
|
|
|
+ // 禁止提现
|
|
|
+ if (servicePath.equals("/cif/api/withdraw/record/add") && user.getHasWithdraw() != 1) {
|
|
|
+ return writeErrorResponse(response, "{\"code\":\"1062\",\"data\":null,\"message\":\"用户状态异常,请联系管理员\"}");
|
|
|
+ }
|
|
|
+
|
|
|
// 添加请求头
|
|
|
ServerHttpRequest mutateRequest = request.mutate()
|
|
|
.header(X_CLIENT_TOKEN_USERID, tripleUser.getMiddle())
|
|
|
@@ -138,10 +156,10 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
.build();
|
|
|
ServerWebExchange mutateExchange = exchange.mutate().request(mutateRequest).build();
|
|
|
|
|
|
- try{
|
|
|
+ try {
|
|
|
userDubboServiceClient.updateLastTime(Long.parseLong(tripleUser.getMiddle()));
|
|
|
- }catch (Exception e){
|
|
|
- log.error("更新最后请求时间异常",e);
|
|
|
+ } catch (Exception e) {
|
|
|
+ log.error("更新最后请求时间异常", e);
|
|
|
}
|
|
|
|
|
|
if (interfacesDTO.getReturnCodeTranslate() != null) {
|
|
|
@@ -152,7 +170,7 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
|
|
|
return chain.filter(mutateExchange);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
// 设置返回码转换属性
|
|
|
if (interfacesDTO.getReturnCodeTranslate() != null) {
|
|
|
exchange.getAttributes().put("returnCodeTranslate", interfacesDTO.getReturnCodeTranslate());
|
|
|
@@ -167,12 +185,12 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
@Override
|
|
|
public int getOrder() {
|
|
|
return 0;
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
private Mono<Void> writeErrorResponse(ServerHttpResponse response, String errorMessage) {
|
|
|
response.setStatusCode(HttpStatus.OK);
|
|
|
response.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
|
|
|
@@ -180,12 +198,13 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
DataBuffer buffer = response.bufferFactory().wrap(datas);
|
|
|
return response.writeWith(Mono.just(buffer));
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* 从token中获取用户信息
|
|
|
*
|
|
|
* @param token
|
|
|
* @param request
|
|
|
+ *
|
|
|
* @return
|
|
|
*/
|
|
|
private Triple<Boolean, String, String> getUserIdFromToken(String token, ServerHttpRequest request) {
|
|
|
@@ -196,8 +215,8 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
if (token.startsWith(BEARER)) {
|
|
|
token = token.substring(6);
|
|
|
}
|
|
|
- Claims claims = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token).getBody();
|
|
|
- String userId = (String) claims.get("userId");
|
|
|
+ Claims claims = Jwts.parser().setSigningKey(signingKey.getBytes()).parseClaimsJws(token).getBody();
|
|
|
+ String userId = String.valueOf(claims.get("userId"));
|
|
|
String operatorId = (String) claims.get("operatorId");
|
|
|
return new ImmutableTriple<>(true, userId, operatorId);
|
|
|
} catch (ExpiredJwtException eje) {
|
|
|
@@ -208,10 +227,12 @@ public class AccessGlobalFilter implements GlobalFilter, Ordered {
|
|
|
return new ImmutableTriple<>(false, "", "");
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
/**
|
|
|
* 获取Ip地址
|
|
|
+ *
|
|
|
* @param request
|
|
|
+ *
|
|
|
* @return
|
|
|
*/
|
|
|
private String getIpAddress(ServerHttpRequest request) {
|
