一、网关搭建
(1)如果是登录请求则放行/login
(2)其它请求则获取token判断是否存在、是否过期
(3)token不存在或者过期则返回未授权结果。未过期则从token中获取用户信息存入header然后放行
package com.heima.admin.gateway.filter; import com.heima.admin.gateway.util.AppJwtUtil; import io.jsonwebtoken.Claims; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.core.Ordered; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.stereotype.Component; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; @Component @Slf4j public class AuthorizeFilter implements GlobalFilter, Ordered { @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { //1、获取request和response对象 ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); //2、判断是否是登录 if(request.getURI().getPath().contains("/login")){ //放行 return chain.filter(exchange); } //3、获取token String token = request.getHeaders().getFirst("token"); //4、判断token是否存在 if(StringUtils.isBlank(token)){ response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } //5、判断token是否有效 try { Claims claimsBody = AppJwtUtil.getClaimsBody(token); //是否过期 int result = AppJwtUtil.verifyToken(claimsBody); if(result == 1 || result == 2){ response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } //获取用户信息 Object userId = claimsBody.get("id"); //存入header ServerHttpRequest serverHttpRequest = request.mutate().headers(httpHeaders -> { httpHeaders.add("userId", userId + ""); }).build(); //重置请求 exchange.mutate().request(serverHttpRequest); }catch (Exception e){ //解析失败 e.printStackTrace(); response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } //6、放行 return chain.filter(exchange); } @Override public int getOrder() { return 0; } }
二、登录
(1)参数验证
(2)通过name查询用户
(3)用户存在,则将用户的salt与提交的password组合成密码与查询到的用户的密码比对:相等就放行,不等则返回error提示信息
package com.heima.admin.service.impl; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.heima.admin.mapper.AdUserMapper; import com.heima.admin.service.AdUserService; import com.heima.model.admin.dtos.AdUserDto; import com.heima.model.admin.pojos.AdUser; import com.heima.model.common.dtos.ResponseResult; import com.heima.model.common.enums.AppHttpCodeEnum; import com.heima.utils.common.AppJwtUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; import org.springframework.util.DigestUtils; import sun.security.provider.MD5; import java.util.HashMap; import java.util.Map; @Service public class AdUserServiceImpl extends ServiceImpl<AdUserMapper, AdUser> implements AdUserService { /** * admin管理员登录 * * @param dto * @return */ @Override public ResponseResult login(AdUserDto dto) { //参数验证 if(dto == null || StringUtils.isBlank(dto.getName()) || StringUtils.isBlank(dto.getPassword())){ return ResponseResult.errorResult(AppHttpCodeEnum.PARAM_INVALID); } //通过name查询用户 AdUser adUser = getOne(Wrappers.<AdUser>lambdaQuery().eq(AdUser::getName, dto.getName())); if(adUser == null){ return ResponseResult.errorResult(AppHttpCodeEnum.DATA_NOT_EXIST, "用户名或密码有误"); } String salt = adUser.getSalt(); String pswd = dto.getPassword(); pswd = DigestUtils.md5DigestAsHex((pswd + salt).getBytes()); if(!pswd.equals(adUser.getPassword())){ //密码不正确 return ResponseResult.errorResult(AppHttpCodeEnum.LOGIN_PASSWORD_ERROR); }else{ //密码正确,返回数据token和user String token = AppJwtUtil.getToken(adUser.getId().longValue()); Map<String, Object> map = new HashMap<>(); map.put("token", token); adUser.setSalt(""); adUser.setPassword(""); map.put("user", adUser); return ResponseResult.okResult(map); } } }