From 7ebfa2e67f3c69a6973aa2cbf46a9c493c311010 Mon Sep 17 00:00:00 2001
From: liyj <1003249715@qq.com>
Date: Sat, 17 Aug 2024 16:00:37 +0800
Subject: [PATCH] 1、get忽略target文件夹 2、jwt优化
---
dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java | 75 ++++++++++++++++---------------------
1 files changed, 32 insertions(+), 43 deletions(-)
diff --git a/dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java b/dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java
index f4829ee..bf68357 100644
--- a/dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java
+++ b/dyh-gateway/src/main/java/cn/huge/gateway/filter/AuthFilter.java
@@ -46,16 +46,14 @@
@Value("${jwt.secret-key}")
private String secretKey;
+ @Value("${jwt.iss_user.format}")
+ private String issUser;
+
@Value("${jwt.auth-skip-urls}")
private String[] skipAuthUrls;
@Value("${jwt.blacklist-key.format}")
private String jwtBlacklistKeyFormat;
-
- /**
- * jwt用户
- */
- private static String ISSUSER = "HUGEINFO";
@Override
public int getOrder() {
@@ -89,52 +87,43 @@
if (status) {
return chain.filter(exchange);
} else {
- // todo 运营中心暂时写死token
- if (url.indexOf("dyh-oper") != -1) {
- String userId = "10001";
- ServerHttpRequest mutableReq = null;
- exchange.getRequest().mutate().header("Authorization-userId", userId).build();
- ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
- return chain.filter(mutableExchange);
+ //从请求头中取出token
+ String token = exchange.getRequest().getHeaders().getFirst("Authorization");
+ //未携带token或token在黑名单内
+ if (StringUtils.isEmpty(token) || isBlackToken(token)) {
+ ServerHttpResponse originalResponse = exchange.getResponse();
+ originalResponse.setStatusCode(HttpStatus.OK);
+ originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
+ byte[] response = "{\"code\": \"401\",\"msg\": \"用户未登录,请进行登录!\"}"
+ .getBytes(StandardCharsets.UTF_8);
+ DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
+ return originalResponse.writeWith(Flux.just(buffer));
} else {
- //从请求头中取出token
- String token = exchange.getRequest().getHeaders().getFirst("Authorization");
- //未携带token或token在黑名单内
- if (StringUtils.isEmpty(token) || isBlackToken(token)) {
+ //取出token包含的身份
+ Map<String, Object> result = verifyJWT(token);
+ int code = (int) result.get("code");
+ if (code != 0) {
ServerHttpResponse originalResponse = exchange.getResponse();
originalResponse.setStatusCode(HttpStatus.OK);
originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
- byte[] response = "{\"code\": \"401\",\"msg\": \"用户未登录,请进行登录!\"}"
- .getBytes(StandardCharsets.UTF_8);
+ String responseResult = "{\"code\": \"" + code + "\", \"msg\": \"" + result.get("msg") + "\"}";
+ byte[] response = responseResult.getBytes(StandardCharsets.UTF_8);
DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
return originalResponse.writeWith(Flux.just(buffer));
} else {
- //取出token包含的身份
- Map<String, Object> result = verifyJWT(token);
- int code = (int) result.get("code");
- if (code != 0) {
- ServerHttpResponse originalResponse = exchange.getResponse();
- originalResponse.setStatusCode(HttpStatus.OK);
- originalResponse.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
- String responseResult = "{\"code\": \"" + code + "\", \"msg\": \"" + result.get("msg") + "\"}";
- byte[] response = responseResult.getBytes(StandardCharsets.UTF_8);
- DataBuffer buffer = originalResponse.bufferFactory().wrap(response);
- return originalResponse.writeWith(Flux.just(buffer));
+ //将现在的request,添加当前身份
+ String userId = (String) result.get("userId");
+ ServerHttpRequest mutableReq = null;
+ String custId = (String) result.get("custId");
+ if (StringUtils.isNotEmpty(custId)) {
+ URI uri = exchange.getRequest().getURI();
+ URI newUri = assembleUri(uri, custId);
+ exchange.getRequest().mutate().uri(newUri).header("Authorization-userId", userId).header("Authorization-custId", custId).build();
} else {
- //将现在的request,添加当前身份
- String userId = (String) result.get("userId");
- ServerHttpRequest mutableReq = null;
- String custId = (String) result.get("custId");
- if (StringUtils.isNotEmpty(custId)) {
- URI uri = exchange.getRequest().getURI();
- URI newUri = assembleUri(uri, custId);
- exchange.getRequest().mutate().uri(newUri).header("Authorization-userId", userId).header("Authorization-custId", custId).build();
- } else {
- exchange.getRequest().mutate().header("Authorization-userId", userId).build();
- }
- ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
- return chain.filter(mutableExchange);
+ exchange.getRequest().mutate().header("Authorization-userId", userId).build();
}
+ ServerWebExchange mutableExchange = exchange.mutate().request(mutableReq).build();
+ return chain.filter(mutableExchange);
}
}
}
@@ -151,7 +140,7 @@
try {
Algorithm algorithm = Algorithm.HMAC256(secretKey);
JWTVerifier verifier = JWT.require(algorithm)
- .withIssuer(ISSUSER)
+ .withIssuer(issUser)
.build();
DecodedJWT jwt = verifier.verify(token);
String userId = jwt.getClaim("userId").asString();
--
Gitblit v1.8.0