From 2a43e8f33c6b82e2eef940e784fccae976c34de2 Mon Sep 17 00:00:00 2001
From: chenhaojie <hjchencq@isoftstone.com>
Date: Mon, 22 Jul 2024 10:04:18 +0800
Subject: [PATCH] =?UTF-8?q?das=E6=8E=A5=E5=8F=A3=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../DecryptingOncePerRequestFilter.java       | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java
index 2b9c21fa..b462eac3 100644
--- a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java
+++ b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java
@@ -1,6 +1,9 @@
 package com.das.common.interceptor;
 
 
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.exception.NotPermissionException;
+import cn.dev33.satoken.exception.NotRoleException;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.io.IoUtil;
 import cn.hutool.core.util.StrUtil;
@@ -44,6 +47,18 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter {
             //如果获取到token，则进行解密
             if (StrUtil.isNotBlank(token)) {
                 token = AESUtil.decrypt(aesKey, token, iv);
+                try {
+                    // 检查Token
+                    StpUtil.checkLogin();
+                } catch (NotLoginException e) {
+                    // 处理未登录异常
+                    response.sendError(401, "未登录");
+                    return;
+                } catch (NotRoleException | NotPermissionException e) {
+                    // 处理权限异常
+                    response.sendError(403, "无权限访问");
+                    return;
+                }
             }
             //如果读取到requestBody，则进行解密
             String bodyData = readRequestBody(request);
@@ -59,6 +74,18 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter {
             //如果获取到token，则进行解密
             if (StrUtil.isNotBlank(token)) {
                 token = AESUtil.decrypt(aesKey, token, iv);
+                try {
+                    // 检查Token
+                    StpUtil.checkLogin();
+                } catch (NotLoginException e) {
+                    // 处理未登录异常
+                    response.sendError(401, "未登录");
+                    return;
+                } catch (NotRoleException | NotPermissionException e) {
+                    // 处理权限异常
+                    response.sendError(403, "无权限访问");
+                    return;
+                }
             }
             String id = request.getParameter("id");
             if (StrUtil.isNotBlank(id)) {