认证相关

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/auth/DataFilterYml.java

+package com.mmc.iuav.user.auth;
+
+import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.core.io.ClassPathResource;
+
+import java.util.Objects;
+
+/**
+ * Author: geDuo
+ * Date: 2022/6/2 17:26
+ */
+@Configuration
+public class DataFilterYml {
+
+    @Bean
+    public static PropertySourcesPlaceholderConfigurer loadYml(){
+        PropertySourcesPlaceholderConfigurer configurer=new PropertySourcesPlaceholderConfigurer();
+        YamlPropertiesFactoryBean yaml=new YamlPropertiesFactoryBean();
+        yaml.setResources(new ClassPathResource("not-check.yml"));
+        configurer.setProperties(Objects.requireNonNull(yaml.getObject()));
+        return configurer;
+    }
+}

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/auth/MvcConfiguration.java

+package com.mmc.iuav.user.auth;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @author: zj
+ * @Date: 2023/5/28 10:52
+ */
+@Configuration
+public class MvcConfiguration implements WebMvcConfigurer {
+
+    @Autowired
+    private TokenCheckHandleInterceptor tokenCheckHandleInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(tokenCheckHandleInterceptor);
+        WebMvcConfigurer.super.addInterceptors(registry);
+    }
+}

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/auth/NotCheckUriConfig.java

+package com.mmc.iuav.user.auth;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+
+import java.util.List;
+
+/**
+ * @author: zj
+ * @Date: 2023/5/28 13:54
+ */
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "data-filter", ignoreUnknownFields = false)
+@PropertySource("classpath:not-check.yml")
+public class NotCheckUriConfig {
+    // 不需要验证token的请求地址
+    private List<String> notAuthPath;
+    // 不需要验证token的请求地址;// 不需要验证token的请求地址
+    private List<String> uploadPath;
+}

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/auth/TokenCheckHandleInterceptor.java

+package com.mmc.iuav.user.auth;
+
+import com.alibaba.fastjson2.JSONObject;
+import com.mmc.iuav.response.ResultBody;
+import com.mmc.iuav.response.ResultEnum;
+import com.mmc.iuav.user.model.dto.LoginSuccessDTO;
+import com.mmc.iuav.user.util.PathUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+
+/**
+ * @author: zj
+ * @Date: 2023/5/28 10:46
+ */
+@Component
+public class TokenCheckHandleInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+    @Autowired
+    private NotCheckUriConfig notCheckUriConfig;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String requestURI = request.getRequestURI();
+        //根据uri确认是否要拦截
+        if (!shouldFilter(requestURI)){
+            return true;
+        }
+        String token = request.getHeader("token");
+        String tokenJson = stringRedisTemplate.opsForValue().get(token);
+
+        if (StringUtils.isBlank(tokenJson)){
+            exceptionProcess(response);
+            return false;
+        }
+        LoginSuccessDTO loginSuccessDTO = JSONObject.parseObject(tokenJson, LoginSuccessDTO.class);
+        if (loginSuccessDTO != null){
+            request.setAttribute("userAccountId", loginSuccessDTO.getUserAccountId());
+        }
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+    }
+
+    public void exceptionProcess(HttpServletResponse response) throws Exception{
+        response.setContentType("application/json;charset=utf-8");
+        PrintWriter writer=response.getWriter();
+        writer.write(ResultBody.error(ResultEnum.LOGIN_ACCOUNT_STATUS_ERROR).toString());
+        writer.close();
+    }
+
+    private boolean shouldFilter(String path) {
+        // 路径与配置的相匹配，则执行过滤
+        for (String pathPattern : notCheckUriConfig.getNotAuthPath()) {
+            if (PathUtil.isPathMatch(pathPattern, path)) {
+                // 如果匹配
+                return false;
+            }
+        }
+        return true;
+    }
+}

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/controller/AuthController.java

@@ -11,6 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletRequest;
+
 /**
  * @author: zj
  * @Date: 2023/5/15 15:50

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/controller/BackUserAccountController.java

@@ -5,6 +5,7 @@ import com.mmc.iuav.group.Update;
 import com.mmc.iuav.group.UpdatePassword;
 import com.mmc.iuav.response.ResultBody;
 import com.mmc.iuav.user.model.dto.BaseAccountDTO;
+import com.mmc.iuav.user.model.dto.LoginSuccessDTO;
 import com.mmc.iuav.user.model.dto.UserAccountSimpleDTO;
 import com.mmc.iuav.user.model.qo.BUserAccountQO;
 import com.mmc.iuav.user.model.vo.BUserAccountVO;
@@ -17,6 +18,7 @@ import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.security.NoSuchAlgorithmException;
 import java.util.List;
 
@@ -49,7 +51,7 @@ public class BackUserAccountController extends BaseController{
     @ApiOperation(value = "账号-删除")
     @ApiResponses({@ApiResponse(code = 200, message = "OK", response = ResultBody.class)})
     @PostMapping("removeBAccount")
-    public ResultBody removeBAccount(@RequestParam Integer userAccountId) {
+    public ResultBody removeBAccount(@RequestParam Integer userAccountId, HttpServletRequest request) {
         return userAccountService.removeBAccount(userAccountId);
     }
 
@@ -88,6 +90,6 @@ public class BackUserAccountController extends BaseController{
     @ApiResponses({@ApiResponse(code = 200, message = "OK", response = ResultBody.class)})
     @PostMapping("listTest")
     public ResultBody listTest(HttpServletRequest request) {
-        return ResultBody.success(this.getUserLoginInfo(request));
+        return ResultBody.success();
     }
 }

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/controller/BaseController.java

 package com.mmc.iuav.user.controller;
 
+import com.alibaba.fastjson2.JSONObject;
 import com.mmc.iuav.auth.JwtConstant;
 import com.mmc.iuav.auth.JwtUtil;
 import com.mmc.iuav.http.BizException;
+import com.mmc.iuav.response.ResultEnum;
 import com.mmc.iuav.user.model.dto.BaseAccountDTO;
+import com.mmc.iuav.user.model.dto.LoginSuccessDTO;
 import io.jsonwebtoken.Claims;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -14,21 +20,39 @@ import javax.servlet.http.HttpServletRequest;
  */
 public abstract class BaseController {
 
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
     /**
      * 解析token，获取用户信息
      * @param request
      * @return
      */
-    public BaseAccountDTO getUserLoginInfo(HttpServletRequest request) {
+//    public BaseAccountDTO getUserLoginInfo(HttpServletRequest request) {
+//        String token = request.getHeader("token");
+//        try {
+//            Claims claims = JwtUtil.parseJwt(token);
+//            String userId = claims.get(JwtConstant.USER_ACCOUNT_ID).toString();
+////        String roleId = claims.get("").toString();
+//            String tokenType = claims.get(JwtConstant.TOKEN_TYPE).toString();
+//            return BaseAccountDTO.builder().id(Integer.parseInt(userId)).tokenPort(tokenType).build();
+//        }catch (Exception e){
+//            throw new BizException("Invalid token");
+//        }
+//    }
+
+    /**
+     * 使用token从redis获取用户信息
+     * @param request
+     * @return
+     */
+    public LoginSuccessDTO getUserLoginInfoFromRedis(HttpServletRequest request) {
         String token = request.getHeader("token");
-        try {
-            Claims claims = JwtUtil.parseJwt(token);
-            String userId = claims.get(JwtConstant.USER_ACCOUNT_ID).toString();
-//        String roleId = claims.get("").toString();
-            String tokenType = claims.get(JwtConstant.TOKEN_TYPE).toString();
-            return BaseAccountDTO.builder().id(Integer.parseInt(userId)).tokenPort(tokenType).build();
-        }catch (Exception e){
-            throw new BizException("Invalid token");
+        String json = stringRedisTemplate.opsForValue().get(token);
+        if (StringUtils.isBlank(json)){
+            throw new BizException(ResultEnum.LOGIN_ACCOUNT_STATUS_ERROR);
         }
+        LoginSuccessDTO loginSuccessDTO = JSONObject.parseObject(json, LoginSuccessDTO.class);
+        return loginSuccessDTO;
     }
 }

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/controller/UserAccountController.java

@@ -29,7 +29,7 @@ public class UserAccountController extends BaseController{
     @ApiResponses({ @ApiResponse(code = 200, message = "OK", response = UserAccountVO.class) })
     @GetMapping("info")
     public ResultBody info(HttpServletRequest request) {
-        return ResultBody.success(userAccountService.getUserAccountById(this.getUserLoginInfo(request).getId()));
+        return ResultBody.success(userAccountService.getUserAccountById(this.getUserLoginInfoFromRedis(request).getUserAccountId()));
     }
 
     @ApiOperation(value = "修改用户信息")
@@ -58,7 +58,7 @@ public class UserAccountController extends BaseController{
     @GetMapping("getUserPhoneNumber")
     public ResultBody getUserPhoneNumber(HttpServletRequest request,
             @ApiParam(value = "授权手机号code", required = true) @RequestParam String code) {
-        return userAccountService.getUserPhoneNumber(this.getUserLoginInfo(request).getId(), code);
+        return userAccountService.getUserPhoneNumber(this.getUserLoginInfoFromRedis(request).getUserAccountId(), code);
     }
 
 }

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/controller/WxController.java

@@ -27,7 +27,7 @@ public class WxController extends BaseController {
     @ApiResponses({ @ApiResponse(code = 200, message = "OK", response = String.class) })
     @PostMapping("getAppletRcdCode")
     public ResultBody getAppletRcdCode(HttpServletRequest request, @ApiParam(value = "小程序路径",example = "pages/welcome/index") @RequestParam String page) {
-        return wxService.getUnLimitedQRCode(page, "currentUserAccountId=" + this.getUserLoginInfo(request).getId());
+        return wxService.getUnLimitedQRCode(page, "currentUserAccountId=" + this.getUserLoginInfoFromRedis(request).getUserAccountId());
     }
 
     @ApiOperation(value = "小程序-测试专用")

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/service/impl/AuthServiceImpl.java

@@ -22,11 +22,13 @@ import com.mmc.iuav.user.service.WxService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 
 /**
  * @author: zj
@@ -42,6 +44,9 @@ public class AuthServiceImpl implements AuthService {
     @Autowired
     private UserAccountService userAccountService;
 
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
     @Override
     public ResultBody appletLogin(WxLoginVO wxLoginVO) {
         String unionId;
@@ -99,6 +104,13 @@ public class AuthServiceImpl implements AuthService {
         map.put(JwtConstant.TOKEN_TYPE, JwtConstant.IUAV_TOKEN);
         String token = JwtUtil.createJwt(map);
 
+
+        LoginSuccessDTO loginSuccessDTO = LoginSuccessDTO.builder().token(token).userAccountId(userAccountVO.getId()).accountNo(userAccountVO.getAccountNo()).build();
+
+        stringRedisTemplate.opsForValue().set(
+                token, JSONObject.toJSONString(loginSuccessDTO),
+                JwtConstant.EXPIRATION, TimeUnit.MILLISECONDS);
+
         return ResultBody.success(AppUserSucVO.builder().token(token).uid(userAccountVO.getUid()).phoneNum(userAccountVO.getPhoneNum())
                 .nickName(userAccountVO.getNickName()).userAccountId(userAccountVO.getId()).sessionKey(sessionKey).build());
     }
@@ -129,6 +141,12 @@ public class AuthServiceImpl implements AuthService {
         map.put(JwtConstant.TOKEN_TYPE, JwtConstant.M_TOKEN);
         String token = JwtUtil.createJwt(map);
 
+        LoginSuccessDTO loginSuccessDTO = LoginSuccessDTO.builder().token(token).userAccountId(user.getId()).accountNo(user.getAccountNo()).build();
+
+        stringRedisTemplate.opsForValue().set(
+                token, JSONObject.toJSONString(loginSuccessDTO),
+                JwtConstant.EXPIRATION, TimeUnit.MILLISECONDS);
+
         return ResultBody.success(LoginSuccessDTO.builder().token(token).userAccountId(user.getId()).accountNo(user.getAccountNo()).build());
     }
 
@@ -141,6 +159,11 @@ public class AuthServiceImpl implements AuthService {
             map.put(JwtConstant.TOKEN_TYPE, JwtConstant.IUAV_TOKEN);
             String token = JwtUtil.createJwt(map);
 
+            LoginSuccessDTO loginSuccessDTO = LoginSuccessDTO.builder().token(token).userAccountId(userAccountVO.getId()).accountNo(userAccountVO.getAccountNo()).build();
+            stringRedisTemplate.opsForValue().set(
+                    token, JSONObject.toJSONString(loginSuccessDTO),
+                    JwtConstant.EXPIRATION, TimeUnit.MILLISECONDS);
+
             return ResultBody.success(AppUserSucVO.builder().token(token).uid(userAccountVO.getUid()).phoneNum(userAccountVO.getPhoneNum())
                     .nickName(userAccountVO.getNickName()).userAccountId(userAccountVO.getId()).build());
         }

csm-service/cms-service-user/src/main/java/com/mmc/iuav/user/util/PathUtil.java

+package com.mmc.iuav.user.util;
+
+import org.springframework.util.AntPathMatcher;
+
+/**
+ * @author 作者 geDuo
+ * @version 创建时间：2021年8月31日 下午3:29:28
+ * @explain 解析地址类
+ */
+public class PathUtil {
+	private static AntPathMatcher matcher = new AntPathMatcher();
+
+	public static boolean isPathMatch(String pattern, String path) {
+		return matcher.match(pattern, path);
+	}
+}

csm-service/cms-service-user/src/main/resources/not-check.yml

+data-filter:
+  uploadPath: #不需要解析的body参数的地址
+    - /xxx/x
+  not-auth-path:
+    - /userapp/v2/**
+    - /userapp/doc.html
+    - /userapp/swagger-resources/**
+    - /userapp/webjars/**
+    - /userapp/auth/testAppletLogin
+    - /userapp/auth/backEndLogin
+    - /userapp/auth/testAppletLogin
+    - /userapp/cooperation/listTag