Merge branch 'feature' into 'release'

权限部分调整 See merge request !271

Merge branch 'feature' into 'release'
权限部分调整 See merge request !271
71c6842d · shenjunjie · 1e898f19 · 2823843b · 71c6842d · 71c6842d
Commit 71c6842d authored Mar 29, 2023 by shenjunjie
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 1 deletions

src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java
+22 -0

src/main/java/com/zhiwei/brandkbs2/controller/LoginController.java
+2 -1

No files found.
--- a/src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java
+++ b/src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java
@@ -2,12 +2,15 @@ package com.zhiwei.brandkbs2.auth;

 import com.alibaba.fastjson.JSON;
 import com.zhiwei.brandkbs2.common.GenericAttribute;
+import com.zhiwei.brandkbs2.enmus.RoleEnum;
 import com.zhiwei.brandkbs2.model.CommonCodeEnum;
 import com.zhiwei.brandkbs2.model.ResponseResult;
 import com.zhiwei.brandkbs2.pojo.UserInfo;
 import com.zhiwei.brandkbs2.service.UserService;
 import com.zhiwei.brandkbs2.util.Tools;
 import com.zhiwei.middleware.auth.util.JwtUtil;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.Signature;
 import org.aspectj.lang.annotation.Around;
@@ -36,6 +39,7 @@ import java.util.Map;
 @Aspect
 @Component
 public class AuthAspect {
+    public static final Logger log = LogManager.getLogger(AuthAspect.class);

    @Value("${jwt.key}")
    private String jwtKey;
@@ -52,18 +56,36 @@ public class AuthAspect {
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
        ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes());
        HttpServletRequest request = servletRequestAttributes.getRequest();
+        Signature signature = joinPoint.getSignature();
+        Method method = ((MethodSignature) signature).getMethod();
+        Class<?> classTarget = joinPoint.getTarget().getClass();
+        // 优先使用方法权限
+        Auth auth = method.getAnnotation(Auth.class);
+        if (null == auth) {
+            auth = classTarget.getAnnotation(Auth.class);
+        }
+        // 不需要验证权限
+        if (null == auth || RoleEnum.NO_AUTHORISE == auth.role()) {
+            return joinPoint.proceed();
+        }
        String token = request.getHeader(jwtKey);
        // 存在有效token
        if (null != token && !Tools.tokenEmpty(token)) {
            Object proceed;
            try {
                Map<String, Object> tokenInfo = JwtUtil.unsign(token, Map.class);
+                if (null == tokenInfo) {
+                    String uri = request.getRequestURI();
+                    String methodName = joinPoint.getSignature().getName();
+                    log.error("token解析异常,uri:{},methodName:{},token:{}", uri, methodName, token);
+                } else {
                    String uid = tokenInfo.get(GenericAttribute.USER_ID).toString();
                    UserInfo userInfo = UserService.queryUserInfo(uid, request.getHeader("pid"));
                    if (null == userInfo) {
                        userInfo = new UserInfo().setUserId(uid).setProjectId(request.getHeader("pid"));
                    }
                    UserThreadLocal.set(userInfo);
+                }
            } catch (Exception ignore) {
            } finally {
                proceed = joinPoint.proceed();

--- a/src/main/java/com/zhiwei/brandkbs2/controller/LoginController.java
+++ b/src/main/java/com/zhiwei/brandkbs2/controller/LoginController.java
@@ -26,6 +26,7 @@ import javax.annotation.Resource;
 */
 @RestController
 @Api(tags = "用户登录接口", description = "实现用户登录")
+@Auth(role = RoleEnum.CUSTOMER)
 public class LoginController extends BaseController {

    @Value("${jwt.key}")
@@ -51,7 +52,6 @@ public class LoginController extends BaseController {

    @ApiOperation("用户信息获取")
    @GetMapping("/user/getLoginInfo")
-    @Auth(role = RoleEnum.CUSTOMER)
    public ResponseResult getLoginInfo() {
        return ResponseResult.success(userService.getLoginInfo());
    }
@@ -115,6 +115,7 @@ public class LoginController extends BaseController {

    @ApiOperation("测试接口")
    @GetMapping("/test")
+    @Auth(role = RoleEnum.NO_AUTHORISE)
    public ResponseResult test() {
        return ResponseResult.success("brandkbs2-success 2023/1/6");
    }