旗开得胜
This commit is contained in:
@ -1,77 +0,0 @@
|
||||
package com.greenorange.promotion.aop;
|
||||
|
||||
|
||||
import com.greenorange.promotion.annotation.AuthCheck;
|
||||
import com.greenorange.promotion.common.ErrorCode;
|
||||
import com.greenorange.promotion.constant.UserConstant;
|
||||
import com.greenorange.promotion.exception.BusinessException;
|
||||
import com.greenorange.promotion.model.entity.User;
|
||||
import com.greenorange.promotion.model.enums.UserRoleEnum;
|
||||
import com.greenorange.promotion.service.user.UserService;
|
||||
import jakarta.annotation.Resource;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
import org.aspectj.lang.annotation.Around;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
/**
|
||||
* 权限校验AOP
|
||||
*/
|
||||
@Aspect
|
||||
@Component
|
||||
public class AuthInterceptor {
|
||||
|
||||
@Resource
|
||||
private UserService userService;
|
||||
|
||||
/**
|
||||
* 执行拦截
|
||||
*/
|
||||
@Around("@annotation(authCheck)")
|
||||
public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
|
||||
// 接口的权限
|
||||
String mustRole = authCheck.mustRole();
|
||||
RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
|
||||
HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
|
||||
//当前登录用户
|
||||
User loginUser = userService.getLoginUser(request);
|
||||
//必须有该权限才通过
|
||||
if (StringUtils.isNotBlank(mustRole)) {
|
||||
//mustUserRoleEnum是接口权限
|
||||
UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
|
||||
if(mustUserRoleEnum == null) {
|
||||
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
|
||||
}
|
||||
//用户权限
|
||||
String userRole = loginUser.getUserRole();
|
||||
//根据用户角色获取封装后的枚举类对象
|
||||
UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
|
||||
|
||||
//如果被封号,直接拒绝
|
||||
if (UserRoleEnum.BAN.equals(userRoleEnum)) {
|
||||
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
|
||||
}
|
||||
|
||||
//如果接口需要Boss权限,则需要判断用户是否是boss管理员
|
||||
if (UserRoleEnum.BOSS.equals(mustUserRoleEnum)) {
|
||||
if (!mustRole.equals(userRole)) {
|
||||
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
|
||||
}
|
||||
}
|
||||
//如果接口需要管理员权限,则需要判断用户是否是boss或者admin管理员
|
||||
if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum)) {
|
||||
if (!mustRole.equals(userRole) && !userRole.equals(UserConstant.BOSS_ROLE)) {
|
||||
throw new BusinessException(ErrorCode.NO_AUTH_ERROR);
|
||||
}
|
||||
}
|
||||
}
|
||||
//通过权限校验,放行
|
||||
return joinPoint.proceed();
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,34 +1,25 @@
|
||||
package com.greenorange.promotion.aop;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
|
||||
import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.exceptions.JWTDecodeException;
|
||||
|
||||
import com.baomidou.mybatisplus.annotation.InterceptorIgnore;
|
||||
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
|
||||
import com.greenorange.promotion.annotation.RequiresPermission;
|
||||
import com.greenorange.promotion.model.entity.User;
|
||||
import com.greenorange.promotion.service.user.UserService;
|
||||
import com.wechat.pay.java.core.exception.ServiceException;
|
||||
import com.greenorange.promotion.common.ErrorCode;
|
||||
import com.greenorange.promotion.exception.ThrowUtils;
|
||||
import com.greenorange.promotion.model.entity.UserInfo;
|
||||
import com.greenorange.promotion.model.enums.UserRoleEnum;
|
||||
import com.greenorange.promotion.service.user.UserInfoService;
|
||||
import jakarta.annotation.Resource;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
import org.aspectj.lang.Signature;
|
||||
import org.aspectj.lang.annotation.Around;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
|
||||
/**
|
||||
@ -42,91 +33,44 @@ public class PermissionCheck {
|
||||
|
||||
|
||||
@Resource
|
||||
private UserService userService;
|
||||
|
||||
private UserInfoService userInfoService;
|
||||
|
||||
|
||||
|
||||
/***
|
||||
* @MethodName: permissionCheckPointCut
|
||||
* @description: 定义一个切点
|
||||
* @Author: LiuTao
|
||||
* @UpdateTime: 2023/6/20 19:34
|
||||
* 执行拦截
|
||||
**/
|
||||
@Pointcut("@annotation(com.greenorange.promotion.annotation.RequiresPermission)")
|
||||
public void permissionCheckPointCut() {
|
||||
|
||||
}
|
||||
|
||||
/***
|
||||
* @MethodName: check
|
||||
* @description: 环绕通知
|
||||
* @Author: LiuTao
|
||||
* @Param: [pjp]
|
||||
* @UpdateTime: 2023/6/20 19:34
|
||||
* @Return: java.lang.Object
|
||||
* @Throw: Throwable
|
||||
**/
|
||||
@Around("permissionCheckPointCut()")
|
||||
public Object check(ProceedingJoinPoint pjp) throws Throwable {
|
||||
@Around("@annotation(requiresPermission)")
|
||||
public Object check(ProceedingJoinPoint joinPoint, RequiresPermission requiresPermission) throws Throwable {
|
||||
// 获取请求对象
|
||||
HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
|
||||
// 记录日志
|
||||
log.info("===============系统操作日志===============");
|
||||
Signature signature = pjp.getSignature();
|
||||
// 请求的类
|
||||
String className = pjp.getTarget().getClass().getName();
|
||||
String methodName = signature.getName();
|
||||
log.info("请求类:{}", className);
|
||||
log.info("请求方法:{}", methodName);
|
||||
log.info("请求方式:{}", request.getMethod());
|
||||
log.info("请求ip:{}", request.getRemoteAddr());
|
||||
log.info("请求类方法:{}", signature);
|
||||
log.info("请求参数:{}", Arrays.toString(pjp.getArgs()));
|
||||
// 权限注解校验
|
||||
MethodSignature handlerMethod = (MethodSignature) signature;
|
||||
Method method = handlerMethod.getMethod();
|
||||
System.out.println("method:" + method);
|
||||
System.out.println("-------------------------------------------");
|
||||
// 判断当前方法上有没有注解
|
||||
System.out.println(method.isAnnotationPresent(RequiresPermission.class));
|
||||
System.out.println("-------------------------------------------");
|
||||
|
||||
if (method.isAnnotationPresent(RequiresPermission.class)) {
|
||||
RequiresPermission auth = method.getAnnotation(RequiresPermission.class);
|
||||
System.out.println("++++++++++++++++++++++++++++auth:" + auth);
|
||||
String roles = auth.roles();
|
||||
String permissions = auth.permissions();
|
||||
|
||||
String token = request.getHeader("token");
|
||||
// 认证
|
||||
if (StrUtil.isBlank(token)) {
|
||||
// throw new ServiceException(Constants.CODE_401, "请登录!!!");
|
||||
}
|
||||
String id = null;
|
||||
// try {
|
||||
// id = JWT.decode(token).getAudience().get(0);
|
||||
// } catch (JWTDecodeException jwtDecodeException) {
|
||||
//// throw new ServiceException(Constants.CODE_401, "token验证失败,请重新登录");
|
||||
// }
|
||||
// User user = userService.getById(id);
|
||||
// 校验角色
|
||||
// if (StrUtil.isNotBlank(roles)) {
|
||||
// if (!Arrays.asList(roles.split(",")).contains(user.getRole())) {
|
||||
//// throw new ServiceException(Constants.CODE_403, "当前角色权限不足");
|
||||
// }
|
||||
// }
|
||||
// 校验权限
|
||||
// if (StrUtil.isNotBlank(permissions)) {
|
||||
// List<String> userPermissions = menuUtil
|
||||
// .getPermissions(user.getRole())
|
||||
// .stream()
|
||||
// .map(BtnVo::getPermission)
|
||||
// .collect(Collectors.toList());
|
||||
// if (!new HashSet<>(userPermissions).containsAll(Arrays.asList(permissions.split(",")))) {
|
||||
// throw new ServiceException(Constants.CODE_401, "无权限访问资源");
|
||||
// }
|
||||
// }
|
||||
// 接口的权限
|
||||
String mustRole = requiresPermission.mustRole();
|
||||
// 获取接口权限的枚举类
|
||||
UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValues(mustRole);
|
||||
ThrowUtils.throwIf(mustUserRoleEnum == null, ErrorCode.NO_AUTH_ERROR);
|
||||
// 获取用户权限
|
||||
String token = request.getHeader("token");
|
||||
ThrowUtils.throwIf(StringUtils.isBlank(token), ErrorCode.NOT_LOGIN_ERROR);
|
||||
String id = null;
|
||||
try {
|
||||
id = JWT.decode(token).getAudience().get(0);
|
||||
} catch (JWTDecodeException jwtDecodeException) {
|
||||
log.info("JWT已失效");
|
||||
}
|
||||
return pjp.proceed();
|
||||
UserInfo userInfo = userInfoService.getById(id);
|
||||
ThrowUtils.throwIf(userInfo == null, ErrorCode.OPERATION_ERROR);
|
||||
// 获取用户权限的枚举类
|
||||
String userRole = userInfo.getUserRole();
|
||||
UserRoleEnum userRoleEnum = UserRoleEnum.getEnumByValues(userRole);
|
||||
|
||||
// 接口权限只能是 ADMIN 或者 BOSS,用户权限是 ADMIN 或者 BOSS,USER,BAN
|
||||
// 校验角色
|
||||
ThrowUtils.throwIf(UserRoleEnum.USER.equals(userRoleEnum), ErrorCode.NO_AUTH_ERROR);
|
||||
ThrowUtils.throwIf(UserRoleEnum.BAN.equals(userRoleEnum), ErrorCode.NO_AUTH_ERROR, "用户已被封禁");
|
||||
ThrowUtils.throwIf(UserRoleEnum.ADMIN.equals(userRoleEnum) && UserRoleEnum.BOSS.equals(mustUserRoleEnum), ErrorCode.NO_AUTH_ERROR);
|
||||
|
||||
return joinPoint.proceed();
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user