diff --git a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java index 91c0a8ff..b5ab841f 100644 --- a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java +++ b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java @@ -18,6 +18,8 @@ import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; +import java.util.Collections; +import java.util.Enumeration; import java.util.Optional; public class DecryptingOncePerRequestFilter extends OncePerRequestFilter { @@ -40,13 +42,20 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter { if ("POST".equals(method) && StringUtils.isNotBlank(contentType) && contentType.contains("application/json")) { // 读取加密的请求体数据 String encryptedData = readRequestBody(request); + // token解密 + String token = request.getHeader("token"); + if (StringUtils.isNotBlank(token)) { + token = AESUtil.decrypt(aeskey, token, iv); + } else { + throw new RuntimeException("token不能为空"); + } if (StringUtils.isNotBlank(encryptedData)) { encryptedData = AESUtil.decrypt(aeskey, encryptedData, iv); // 使用自定义的请求包装器替换原始请求 - filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData), response); + filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData, token), response); } else { - filterChain.doFilter(request, response); + filterChain.doFilter(new TokenUpdatingHttpServletRequestWrapper(request, token), response); } } else { filterChain.doFilter(request, response); @@ -69,12 +78,15 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter { // 自定义的请求包装器 static class DecryptingHttpServletRequestWrapper extends HttpServletRequestWrapper { private final String decryptedData; + private final String newTokenValue; - public DecryptingHttpServletRequestWrapper(HttpServletRequest request, String decryptedData) { + public DecryptingHttpServletRequestWrapper(HttpServletRequest request, String decryptedData, String newTokenValue) { super(request); this.decryptedData = decryptedData; + this.newTokenValue = newTokenValue; } + @Override public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream bais = new ByteArrayInputStream(decryptedData.getBytes("UTF-8")); @@ -105,6 +117,22 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter { public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(getInputStream())); } + + @Override + public String getHeader(String name) { + if ("token".equalsIgnoreCase(name)) { + return newTokenValue; // 返回新的token值 + } + return super.getHeader(name); // 对于其他header,委托给父类处理 + } + + @Override + public Enumeration getHeaders(String name) { + if ("token".equalsIgnoreCase(name)) { + return Collections.enumeration(Collections.singletonList(newTokenValue)); // 返回包含新token值的枚举 + } + return super.getHeaders(name); // 对于其他header,委托给父类处理 + } } } diff --git a/das/src/main/java/com/das/common/interceptor/FilterConfig.java b/das/src/main/java/com/das/common/interceptor/FilterConfig.java index d00273f0..2aefa960 100644 --- a/das/src/main/java/com/das/common/interceptor/FilterConfig.java +++ b/das/src/main/java/com/das/common/interceptor/FilterConfig.java @@ -28,7 +28,7 @@ public class FilterConfig { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); //注册过滤器 registrationBean.setFilter(new DecryptingOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate)); - registrationBean.addUrlPatterns("/api/auth/login"); // 设置过滤器应用的URL模式 + registrationBean.addUrlPatterns("/api/auth/*"); // 设置过滤器应用的URL模式 registrationBean.setOrder(2); // 设置过滤器的顺序 return registrationBean; } diff --git a/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java b/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java deleted file mode 100644 index 3a20b724..00000000 --- a/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java +++ /dev/null @@ -1,52 +0,0 @@ -package com.das.common.interceptor; - - -import com.das.common.utils.AESUtil; -import com.das.common.utils.AdminRedisTemplate; -import io.micrometer.common.util.StringUtils; -import jakarta.servlet.FilterChain; -import jakarta.servlet.ReadListener; -import jakarta.servlet.ServletException; -import jakarta.servlet.ServletInputStream; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletRequestWrapper; -import jakarta.servlet.http.HttpServletResponse; -import org.springframework.web.filter.OncePerRequestFilter; - -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStreamReader; - -public class TokenOncePerRequestFilter extends OncePerRequestFilter { - private String aeskey; - - private AdminRedisTemplate adminRedisTemplate; - public TokenOncePerRequestFilter(String aeskey, AdminRedisTemplate adminRedisTemplate) { - this.aeskey = aeskey; - this.adminRedisTemplate = adminRedisTemplate; - } - - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws ServletException, IOException { - - String iv = request.getHeader("v"); - // token解密 - String token = request.getHeader("token"); - if (StringUtils.isNotBlank(token)) { - token = AESUtil.decrypt(aeskey, token, iv); - if (adminRedisTemplate.exists(token)) { - filterChain.doFilter(new TokenUpdatingHttpServletRequestWrapper(request, token), response); - } else { - throw new RuntimeException("token已失效"); - } - } else { - throw new RuntimeException("token为空"); - } - } - -} - - diff --git a/das/src/main/java/com/das/common/interceptor/WebFilterConfig.java b/das/src/main/java/com/das/common/interceptor/WebFilterConfig.java deleted file mode 100644 index 1dcbf24b..00000000 --- a/das/src/main/java/com/das/common/interceptor/WebFilterConfig.java +++ /dev/null @@ -1,33 +0,0 @@ -package com.das.common.interceptor; - - -import com.das.common.config.AesProperties; -import com.das.common.utils.AdminRedisTemplate; -import jakarta.annotation.Resource; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -/** - * @author - * @Description token过滤器配置 - */ -@Configuration -public class WebFilterConfig { - - @Resource - private AesProperties aesProperties; - - @Resource - private AdminRedisTemplate adminRedisTemplate; - - @Bean - public FilterRegistrationBean tokenFilterRegistration() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean(); - //注册过滤器 - registrationBean.setFilter(new TokenOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate)); - registrationBean.addUrlPatterns("/api/auth/logout"); // 设置过滤器应用的URL模式 - registrationBean.setOrder(1); // 设置过滤器的顺序 - return registrationBean; - } -}