完善移动端登录拦截器

2024-12-22 23:39:26 +08:00 · 2024-12-22 23:39:26 +08:00 · 696916b194
commit 696916b194
parent cd5e139043
6 changed files with 133 additions and 1 deletions
--- a/src/main/java/com/dd/admin/business/api/AuthApi.java
+++ b/src/main/java/com/dd/admin/business/api/AuthApi.java
@ -0,0 +1,57 @@
 package com.dd.admin.business.api;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.dd.admin.business.note.domain.NoteDto;
 import com.dd.admin.business.note.domain.NoteVo;
 import com.dd.admin.common.aop.operationLog.aop.OperLog;
 import com.dd.admin.common.aop.operationLog.aop.OperType;
 import com.dd.admin.common.exception.ApiException;
 import com.dd.admin.common.model.result.ResultBean;
 import com.dd.admin.common.utils.RedisUtil;
 import com.dd.admin.common.utils.StringUtil;
 import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
@RestController
 public class AuthApi {
    @Autowired
    RedisUtil redisUtil;
    @ApiOperation(value = "获取验证码")
    @ApiOperationSupport(order = 1)
    @GetMapping("/api/auth/getCode")
    @OperLog(operModule = "获取验证码",operType = OperType.QUERY,operDesc = "获取验证码")
    public ResultBean<String> page(String phoneNumber) {
        String code = sendSmsCode(phoneNumber);
        return ResultBean.success(code);
    }
    public String sendSmsCode(String phoneNumber) {
        String redisKey = "SMS_CODE" + phoneNumber;
        String smsCode = String.valueOf(redisUtil.get(redisKey));
        if(StringUtil.isNotEmpty(smsCode)){
            throw new ApiException("验证码已发送，请稍后再试" + smsCode);
        }
        String code = StringUtil.createCode(4);
        //设置有效时间
 //        String json = JavaSmsApi.tplSingleSend(phoneNumber,CODE_TPL_ID, BeanUtil.beanToMap(new SmsCode(code)));
 //        Map dataMap = (Map) JSON.parse(json);
 //        if(dataMap.get("msg").equals("发送成功")){
        if(true){
            System.out.println(code);
            redisUtil.set(redisKey,code,120);
            return code;
        }else{
            throw new ApiException("发送失败");
 //            throw new ApiException("发送失败,"+dataMap.get("msg"));
        }
    }
 }
--- a/src/main/java/com/dd/admin/common/security/interceptor/ApiInterceptor.java
+++ b/src/main/java/com/dd/admin/common/security/interceptor/ApiInterceptor.java
@ -0,0 +1,62 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 public class ApiInterceptor implements HandlerInterceptor {
    private final JwtUserDetailsService jwtUserDetailsService;
    public ApiInterceptor(JwtUserDetailsService jwtUserDetailsService) {
        this.jwtUserDetailsService = jwtUserDetailsService;
    }
    @Override
    public boolean preIntercept(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 获取请求路径，判断是否是以/api开头
        String requestUri = request.getRequestURI();
        if (requestUri.startsWith("/api")) {
            // 在这里编写验证手机号和验证码的逻辑，比如从请求参数或者请求头中获取相关信息进行验证
            // 假设从请求参数中获取手机号和验证码，示例代码如下（实际情况可能需要根据具体业务从合适的地方获取）
            String phone = request.getParameter("phone");
            String verificationCode = request.getParameter("verificationCode");
            if (isPhoneValid(phone) && isVerificationCodeValid(verificationCode)) {
                // 根据验证通过的手机号等信息获取对应的用户详情（这里假设你的用户详情是通过JwtUserDetailsService来获取，实际可能需要根据具体业务调整）
                UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(phone);
                // 创建认证对象，将用户详情放入其中，这里假设认证方式是基于用户名密码形式（可根据实际调整）
                Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                // 将认证对象放入SecurityContextHolder中，模拟用户已认证的状态
                SecurityContextHolder.getContext().setAuthentication(authentication);
                return true; // 验证通过，放行请求
            } else {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 设置未授权状态码
                return false; // 验证不通过，拦截请求
            }
        }
        return true; // 如果不是/api开头的请求，直接放行
    }
    private boolean isPhoneValid(String phone) {
        // 这里编写手机号验证的具体逻辑，比如正则表达式验证手机号格式是否正确等
        return true; // 示例先返回true，实际需完善逻辑
    }
    private boolean isVerificationCodeValid(String verificationCode) {
        // 这里编写验证码验证的具体逻辑，比如和后台存储的验证码进行比对等
        return true; // 示例先返回true，实际需完善逻辑
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
    }
 }
--- a/src/main/java/com/dd/admin/common/security/jwt/config/SecurityConfig.java
+++ b/src/main/java/com/dd/admin/common/security/jwt/config/SecurityConfig.java
@ -16,6 +16,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.firewall.DefaultHttpFirewall;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 /**
 * SecurityConfig 配置类
@ -84,4 +85,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        // 忽略 所有方法
        ignoreConfig.getPattern().forEach(url -> and.ignoring().antMatchers(url));
    }
    // 注册拦截器的方法
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new ApiInterceptor())
                .addPathPatterns("/api/**"); // 拦截/api下所有请求路径
    }
 }
--- a/src/main/java/com/dd/admin/common/utils/RedisUtil.java
+++ b/src/main/java/com/dd/admin/common/utils/RedisUtil.java
--- a/src/main/resources/application-online.yml
+++ b/src/main/resources/application-online.yml
@ -7,7 +7,7 @@ spring:
  datasource:
    driver-class-name: com.p6spy.engine.spy.P6SpyDriver
-    url: jdbc:p6spy:mysql://127.0.0.1:3306/ddxhs?useSSL=false&autoReconnect=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=GMT%2B8
+    url: jdbc:p6spy:mysql://8.146.211.120:3306/ddxhs?useSSL=false&autoReconnect=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=GMT%2B8
    username: root
    password: wxlwxl12
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -38,6 +38,7 @@ jwt:
      - "/api/**"
      - "/appUpload/**"
      - "/upload/**"
      - "/appUpload/**"
      - "/doc.html"
      - "/swagger-resources/**"
      - "/v2/api-docs/**"
@ -52,3 +53,5 @@ mybatis-plus:
 #    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
 #================================================= mybatis-plus end ===================================================
 server:
  port: 8080