|
|
@@ -23,7 +23,9 @@ import org.springframework.stereotype.Component;
|
|
|
import org.springframework.web.server.ServerWebExchange;
|
|
|
import reactor.core.publisher.Flux;
|
|
|
import reactor.core.publisher.Mono;
|
|
|
+import shop.alien.entity.store.LifeUser;
|
|
|
import shop.alien.entity.store.StoreUser;
|
|
|
+import shop.alien.gateway.mapper.LifeUserMapper;
|
|
|
import shop.alien.gateway.mapper.StoreUserMapper;
|
|
|
import shop.alien.util.common.JwtUtil;
|
|
|
|
|
|
@@ -57,6 +59,9 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
@Autowired
|
|
|
private StoreUserMapper storeUserMapper;
|
|
|
|
|
|
+ @Autowired
|
|
|
+ private LifeUserMapper lifeUserMapper;
|
|
|
+
|
|
|
/**
|
|
|
* 过滤器
|
|
|
*
|
|
|
@@ -67,12 +72,10 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
@Override
|
|
|
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
|
|
String url = exchange.getRequest().getURI().getPath();
|
|
|
- log.info("====================>path: " + url);
|
|
|
-
|
|
|
+ log.info("JwtTokenFilter.filter?Path={}", url);
|
|
|
if (Objects.equals(exchange.getRequest().getMethod(), HttpMethod.OPTIONS)) {
|
|
|
return allowChain(exchange, chain);
|
|
|
}
|
|
|
-
|
|
|
//跳过不需要验证的路径
|
|
|
if (null != skipAuthUrls && Arrays.asList(skipAuthUrls).contains(url)) {
|
|
|
return allowChain(exchange, chain);
|
|
|
@@ -80,17 +83,14 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
if (url.startsWith("/alienStore/webjars") || url.startsWith("/alienSecond/webjars")) {
|
|
|
return allowChain(exchange, chain);
|
|
|
}
|
|
|
-
|
|
|
//获取token
|
|
|
String token = exchange.getRequest().getHeaders().getFirst("Authorization");
|
|
|
- log.info("====================>token值: " + token);
|
|
|
-
|
|
|
+ log.info("JwtTokenFilter.filter?Token={}", token);
|
|
|
JSONObject map = new JSONObject();
|
|
|
- int errorType = 0;
|
|
|
ServerHttpResponse resp = exchange.getResponse();
|
|
|
if (StringUtils.isBlank(token)) {
|
|
|
//没有token
|
|
|
- log.error("没有token");
|
|
|
+ log.error("JwtTokenFilter.filter ERROR 没有Token");
|
|
|
return authError(resp, "请登录");
|
|
|
} else {
|
|
|
//有token
|
|
|
@@ -111,18 +111,34 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
}
|
|
|
String redisVal = baseRedisService.getString(redisKey);
|
|
|
if (StringUtils.isEmpty(redisVal) || !token.equals(redisVal)) {
|
|
|
- //判断程序是否为用户禁用
|
|
|
- StoreUser storeUser = storeUserMapper.selectOne(new LambdaQueryWrapper<StoreUser>().eq(StoreUser::getPhone, phone));
|
|
|
- if (storeUser.getStatus() == 1) {
|
|
|
- map.put("msg", "你的账号已被禁用");
|
|
|
- //别问, 问就是约定俗成
|
|
|
- map.put("code", 777);
|
|
|
- } else {
|
|
|
- map.put("msg", "用户在别处登录");
|
|
|
- //别问, 问就是约定俗成
|
|
|
- map.put("code", 666);
|
|
|
+ if ("store".equals(deviceType)) {
|
|
|
+ //判断程序是否为用户禁用
|
|
|
+ StoreUser storeUser = storeUserMapper.selectOne(new LambdaQueryWrapper<StoreUser>().eq(StoreUser::getPhone, phone));
|
|
|
+ if (storeUser.getStatus() == 1) {
|
|
|
+ map.put("msg", "你的账号已被禁用");
|
|
|
+ //别问, 问就是约定俗成
|
|
|
+ map.put("code", 777);
|
|
|
+ }
|
|
|
+ if (!redisVal.equals(token)) {
|
|
|
+ map.put("msg", "账号在别处登录");
|
|
|
+ //别问, 问就是约定俗成
|
|
|
+ map.put("code", 666);
|
|
|
+ }
|
|
|
+ } else if ("user".equals(deviceType)) {
|
|
|
+ //判断程序是否为用户禁用
|
|
|
+ LifeUser lifeUser = lifeUserMapper.selectOne(new LambdaQueryWrapper<LifeUser>().eq(LifeUser::getUserPhone, phone));
|
|
|
+ //注销标记, 0:未注销, 1:已注销
|
|
|
+ if (null != lifeUser.getLogoutFlag() && lifeUser.getLogoutFlag() == 1) {
|
|
|
+ map.put("msg", "你的账号已注销");
|
|
|
+ //别问, 问就是约定俗成
|
|
|
+ map.put("code", 777);
|
|
|
+ }
|
|
|
+ if (!redisVal.equals(token)) {
|
|
|
+ map.put("msg", "账号在别处登录");
|
|
|
+ //别问, 问就是约定俗成
|
|
|
+ map.put("code", 666);
|
|
|
+ }
|
|
|
}
|
|
|
-
|
|
|
map.put("success", false);
|
|
|
exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON);
|
|
|
return exchange.getResponse()
|
|
|
@@ -133,14 +149,14 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
return allowChain(exchange, chain);
|
|
|
} catch (ExpiredJwtException e) {
|
|
|
if (e.getMessage().contains("Allowed clock skew")) {
|
|
|
- log.error("认证过期", e);
|
|
|
+ log.error("JwtTokenFilter.filter ERROR 认证过期");
|
|
|
return authError(resp, "认证过期");
|
|
|
} else {
|
|
|
- log.error("认证失败", e);
|
|
|
+ log.error("JwtTokenFilter.filter ERROR 认证失败");
|
|
|
return authError(resp, "认证失败");
|
|
|
}
|
|
|
} catch (Exception e) {
|
|
|
- log.error("认证失败", e);
|
|
|
+ log.error("JwtTokenFilter.filter ERROR 认证失败");
|
|
|
return authError(resp, "认证失败");
|
|
|
}
|
|
|
}
|
|
|
@@ -153,8 +169,7 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
.filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)
|
|
|
|| kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)
|
|
|
|| kv.getKey().equals(HttpHeaders.VARY)))
|
|
|
- .forEach(kv ->
|
|
|
- {
|
|
|
+ .forEach(kv -> {
|
|
|
// Vary只需要去重即可
|
|
|
if (kv.getKey().equals(HttpHeaders.VARY))
|
|
|
kv.setValue(kv.getValue().stream().distinct().collect(Collectors.toList()));
|
|
|
@@ -186,9 +201,7 @@ public class JwtTokenFilter implements GlobalFilter, Ordered {
|
|
|
json.put("code", HttpStatus.UNAUTHORIZED.value());
|
|
|
json.put("msg", message);
|
|
|
json.put("data", "");
|
|
|
-
|
|
|
log.error("认证错误响应: {}", json.toJSONString());
|
|
|
-
|
|
|
DataBuffer buffer = resp.bufferFactory().wrap(json.toString().getBytes(StandardCharsets.UTF_8));
|
|
|
return resp.writeWith(Flux.just(buffer));
|
|
|
}
|
wxd