diff --git a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/AuthInterceptor.java b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/AuthInterceptor.java new file mode 100644 index 000000000..38a99122d --- /dev/null +++ b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/AuthInterceptor.java @@ -0,0 +1,72 @@ +package org.sk.module.data.config; + +import org.sk.module.data.dal.mapper.auth.AuthClientMapper; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.springframework.web.method.HandlerMethod; +import org.springframework.web.servlet.HandlerInterceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * 认证拦截器 + * @author haoran + */ +@Component +public class AuthInterceptor implements HandlerInterceptor { + + @Autowired + private AuthClientMapper authClientMapper; + + /** + * 预处理HTTP请求,检查是否需要认证,并根据认证结果决定是否放行请求。 + * + * @param request HTTP请求对象,包含请求的详细信息 + * @param response HTTP响应对象,用于设置响应状态和内容 + * @param handler 处理请求的处理器对象,可能是HandlerMethod或其他类型 + * @return 如果请求可以继续处理,返回true;如果请求被拦截,返回false + * @throws Exception 如果处理过程中发生异常 + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + if (!(handler instanceof HandlerMethod)) { + // 不是处理方法(如资源处理器),直接放行 + return true; + } + + HandlerMethod handlerMethod = (HandlerMethod) handler; + + // 检查方法或类上的@RequiresAuth注解 + RequiresAuth methodAnnotation = handlerMethod.getMethodAnnotation(RequiresAuth.class); + RequiresAuth classAnnotation = handlerMethod.getBeanType().getAnnotation(RequiresAuth.class); + + if (methodAnnotation == null && classAnnotation == null) { + // 无需认证,放行 + return true; + } + + // 执行认证逻辑 + String id = request.getHeader("X-Id"); + String secretKey = request.getHeader("X-Secret-Key"); + + if (isValid(id, secretKey)) { + return true; + } else { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + response.setContentType("application/json"); + response.getWriter().write("{\"error\": \"Invalid ID or Secret Key\"}"); + return false; + } + } + + /** + * 验证ID和SecretKey + * @param id + * @param secretKey + * @return + */ + private boolean isValid(String id, String secretKey) { + return authClientMapper.selectClientByIdAndSecret(id, secretKey) == 1; + } +} diff --git a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/RequiresAuth.java b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/RequiresAuth.java new file mode 100644 index 000000000..d71fce2e3 --- /dev/null +++ b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/RequiresAuth.java @@ -0,0 +1,15 @@ +package org.sk.module.data.config; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * 是否需要判断 Id 和 秘钥的权限认证的注解 + * @author haoran + */ +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +public @interface RequiresAuth { +} \ No newline at end of file diff --git a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/WebConfig.java b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/WebConfig.java new file mode 100644 index 000000000..29b680129 --- /dev/null +++ b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/WebConfig.java @@ -0,0 +1,22 @@ +package org.sk.module.data.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +/** + * + */ +@Configuration +public class WebConfig implements WebMvcConfigurer { + + @Autowired + private AuthInterceptor authInterceptor; + + @Override + public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(authInterceptor) + .addPathPatterns("/**"); // 拦截所有路径,由拦截器内部决定是否处理 + } +} \ No newline at end of file diff --git a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/controller/admin/finance/FinanceController.java b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/controller/admin/finance/FinanceController.java index 1ad8da7da..46660ab24 100644 --- a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/controller/admin/finance/FinanceController.java +++ b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/controller/admin/finance/FinanceController.java @@ -3,16 +3,15 @@ package org.sk.module.data.controller.admin.finance; import cn.iocoder.yudao.framework.common.pojo.CommonResult; import cn.iocoder.yudao.framework.common.util.object.BeanUtils; -import cn.iocoder.yudao.framework.common.util.object.ObjectUtils; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import org.sk.module.data.config.RequiresAuth; import org.sk.module.data.dal.bo.finance.FinanceBO; import org.sk.module.data.dal.param.finance.FinanceParam; import org.sk.module.data.dal.param.finance.IncomeAndTaxParam; import org.sk.module.data.dal.vo.FinanceVO; import org.sk.module.data.service.finance.FinanceService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import javax.annotation.security.PermitAll; @@ -51,6 +50,7 @@ public class FinanceController { @Operation(summary = "根据拼接的统一社会信用编码以及年份获取数据") @PostMapping("/getIncomeAndTax") @PermitAll + @RequiresAuth public CommonResult> getIncomeAndTax(@Valid @RequestBody IncomeAndTaxParam param) { return CommonResult.success(financeService.getIncomeAndTax(param)); } diff --git a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/filter/AuthFilter.java b/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/filter/AuthFilter.java deleted file mode 100644 index f56e9f220..000000000 --- a/sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/filter/AuthFilter.java +++ /dev/null @@ -1,59 +0,0 @@ -package org.sk.module.data.filter; - -import org.sk.module.data.dal.mapper.auth.AuthClientMapper; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Component; -import org.springframework.web.method.HandlerMethod; -import org.springframework.web.servlet.HandlerExecutionChain; -import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; - -import javax.servlet.*; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.lang.reflect.Method; - -@Component -public class AuthFilter implements Filter { - - @Autowired - @Qualifier("requestMappingHandlerMapping") // 或 "controllerEndpointHandlerMapping" - private RequestMappingHandlerMapping handlerMapping; - - @Autowired - private AuthClientMapper authClientMapper; - - public AuthFilter( RequestMappingHandlerMapping requestMappingHandlerMapping) { - this.handlerMapping = requestMappingHandlerMapping; - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpServletResponse httpResponse = (HttpServletResponse) response; - - // 获取请求头中的密钥和 ID - String id = httpRequest.getHeader("X-Id"); - String secretKey = httpRequest.getHeader("X-Secret-Key"); - - // 校验 ID 和密钥是否匹配 - if (isValid(id, secretKey)) { - chain.doFilter(request, response); - } else { - httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403 Forbidden - httpResponse.setContentType("application/json"); - httpResponse.getWriter().write("{\"error\": \"Invalid ID or Secret Key\"}"); - } - } - - - /** - * 校验 ID 和密钥是否匹配 - */ - private boolean isValid(String id, String secretKey) { - // 示例逻辑:从数据库中查询 ID 和密钥是否匹配 - return authClientMapper.selectClientByIdAndSecret(id,secretKey) == 1; - } -}