完善移动端登录拦截器

2024-12-22 23:39:26 +08:00 · 2024-12-22 23:39:26 +08:00 · 696916b194
commit 696916b194
parent cd5e139043
6 changed files with 133 additions and 1 deletions
--- a/src/main/java/com/dd/admin/business/api/AuthApi.java
+++ b/src/main/java/com/dd/admin/business/api/AuthApi.java
@ -0,0 +1,57 @@
+package com.dd.admin.business.api;
+
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.dd.admin.business.note.domain.NoteDto;
+import com.dd.admin.business.note.domain.NoteVo;
+import com.dd.admin.common.aop.operationLog.aop.OperLog;
+import com.dd.admin.common.aop.operationLog.aop.OperType;
+import com.dd.admin.common.exception.ApiException;
+import com.dd.admin.common.model.result.ResultBean;
+import com.dd.admin.common.utils.RedisUtil;
+import com.dd.admin.common.utils.StringUtil;
+import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class AuthApi {
+
+    @Autowired
+    RedisUtil redisUtil;
+
+    @ApiOperation(value = "获取验证码")
+    @ApiOperationSupport(order = 1)
+    @GetMapping("/api/auth/getCode")
+    @OperLog(operModule = "获取验证码",operType = OperType.QUERY,operDesc = "获取验证码")
+    public ResultBean<String> page(String phoneNumber) {
+        String code = sendSmsCode(phoneNumber);
+        return ResultBean.success(code);
+    }
+
+
+
+    public String sendSmsCode(String phoneNumber) {
+        String redisKey = "SMS_CODE" + phoneNumber;
+        String smsCode = String.valueOf(redisUtil.get(redisKey));
+        if(StringUtil.isNotEmpty(smsCode)){
+            throw new ApiException("验证码已发送，请稍后再试" + smsCode);
+        }
+        String code = StringUtil.createCode(4);
+        //设置有效时间
+//        String json = JavaSmsApi.tplSingleSend(phoneNumber,CODE_TPL_ID, BeanUtil.beanToMap(new SmsCode(code)));
+
+//        Map dataMap = (Map) JSON.parse(json);
+//        if(dataMap.get("msg").equals("发送成功")){
+        if(true){
+            System.out.println(code);
+            redisUtil.set(redisKey,code,120);
+            return code;
+        }else{
+            throw new ApiException("发送失败");
+//            throw new ApiException("发送失败,"+dataMap.get("msg"));
+        }
+    }
+
+}
--- a/src/main/java/com/dd/admin/common/security/interceptor/ApiInterceptor.java
+++ b/src/main/java/com/dd/admin/common/security/interceptor/ApiInterceptor.java
@ -0,0 +1,62 @@
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+public class ApiInterceptor implements HandlerInterceptor {
+
+    private final JwtUserDetailsService jwtUserDetailsService;
+
+    public ApiInterceptor(JwtUserDetailsService jwtUserDetailsService) {
+        this.jwtUserDetailsService = jwtUserDetailsService;
+    }
+
+    @Override
+    public boolean preIntercept(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // 获取请求路径，判断是否是以/api开头
+        String requestUri = request.getRequestURI();
+        if (requestUri.startsWith("/api")) {
+            // 在这里编写验证手机号和验证码的逻辑，比如从请求参数或者请求头中获取相关信息进行验证
+            // 假设从请求参数中获取手机号和验证码，示例代码如下（实际情况可能需要根据具体业务从合适的地方获取）
+            String phone = request.getParameter("phone");
+            String verificationCode = request.getParameter("verificationCode");
+            if (isPhoneValid(phone) && isVerificationCodeValid(verificationCode)) {
+                // 根据验证通过的手机号等信息获取对应的用户详情（这里假设你的用户详情是通过JwtUserDetailsService来获取，实际可能需要根据具体业务调整）
+                UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(phone);
+                // 创建认证对象，将用户详情放入其中，这里假设认证方式是基于用户名密码形式（可根据实际调整）
+                Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+                // 将认证对象放入SecurityContextHolder中，模拟用户已认证的状态
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+                return true; // 验证通过，放行请求
+            } else {
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 设置未授权状态码
+                return false; // 验证不通过，拦截请求
+            }
+        }
+        return true; // 如果不是/api开头的请求，直接放行
+    }
+
+    private boolean isPhoneValid(String phone) {
+        // 这里编写手机号验证的具体逻辑，比如正则表达式验证手机号格式是否正确等
+        return true; // 示例先返回true，实际需完善逻辑
+    }
+
+    private boolean isVerificationCodeValid(String verificationCode) {
+        // 这里编写验证码验证的具体逻辑，比如和后台存储的验证码进行比对等
+        return true; // 示例先返回true，实际需完善逻辑
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
+    }
+}
--- a/src/main/java/com/dd/admin/common/security/jwt/config/SecurityConfig.java
+++ b/src/main/java/com/dd/admin/common/security/jwt/config/SecurityConfig.java
@ -16,6 +16,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.firewall.DefaultHttpFirewall;
 import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

 /**
 * SecurityConfig 配置类
@ -84,4 +85,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        // 忽略 所有方法
        ignoreConfig.getPattern().forEach(url -> and.ignoring().antMatchers(url));
    }
+
+
+    // 注册拦截器的方法
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(new ApiInterceptor())
+                .addPathPatterns("/api/**"); // 拦截/api下所有请求路径
+    }
 }
--- a/src/main/java/com/dd/admin/common/utils/RedisUtil.java
+++ b/src/main/java/com/dd/admin/common/utils/RedisUtil.java
--- a/src/main/resources/application-online.yml
+++ b/src/main/resources/application-online.yml
@ -7,7 +7,7 @@ spring:

  datasource:
    driver-class-name: com.p6spy.engine.spy.P6SpyDriver
-    url: jdbc:p6spy:mysql://127.0.0.1:3306/ddxhs?useSSL=false&autoReconnect=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=GMT%2B8
+    url: jdbc:p6spy:mysql://8.146.211.120:3306/ddxhs?useSSL=false&autoReconnect=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=GMT%2B8
    username: root
    password: wxlwxl12

--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -38,6 +38,7 @@ jwt:
      - "/api/**"
      - "/appUpload/**"
      - "/upload/**"
+      - "/appUpload/**"
      - "/doc.html"
      - "/swagger-resources/**"
      - "/v2/api-docs/**"
@ -52,3 +53,5 @@ mybatis-plus:
 #    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
 #================================================= mybatis-plus end ===================================================

+server:
+  port: 8080