!7 refactor(sk-module-data): 重构认证逻辑，使用拦截器��

Merge pull request !7 from haoran1009/auto-9270061-master-b94092a6-1

sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/AuthInterceptor.java

@@ -0,0 +1,72 @@
+package org.sk.module.data.config;
+
+import org.sk.module.data.dal.mapper.auth.AuthClientMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 认证拦截器
+ * @author haoran
+ */
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    @Autowired
+    private AuthClientMapper authClientMapper;
+
+    /**
+     * 预处理HTTP请求，检查是否需要认证，并根据认证结果决定是否放行请求。
+     *
+     * @param request  HTTP请求对象，包含请求的详细信息
+     * @param response HTTP响应对象，用于设置响应状态和内容
+     * @param handler  处理请求的处理器对象，可能是HandlerMethod或其他类型
+     * @return 如果请求可以继续处理，返回true；如果请求被拦截，返回false
+     * @throws Exception 如果处理过程中发生异常
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        if (!(handler instanceof HandlerMethod)) {
+            // 不是处理方法（如资源处理器），直接放行
+            return true;
+        }
+
+        HandlerMethod handlerMethod = (HandlerMethod) handler;
+
+        // 检查方法或类上的@RequiresAuth注解
+        RequiresAuth methodAnnotation = handlerMethod.getMethodAnnotation(RequiresAuth.class);
+        RequiresAuth classAnnotation = handlerMethod.getBeanType().getAnnotation(RequiresAuth.class);
+
+        if (methodAnnotation == null && classAnnotation == null) {
+            // 无需认证，放行
+            return true;
+        }
+
+        // 执行认证逻辑
+        String id = request.getHeader("X-Id");
+        String secretKey = request.getHeader("X-Secret-Key");
+
+        if (isValid(id, secretKey)) {
+            return true;
+        } else {
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            response.setContentType("application/json");
+            response.getWriter().write("{\"error\": \"Invalid ID or Secret Key\"}");
+            return false;
+        }
+    }
+
+    /**
+     * 验证ID和SecretKey
+     * @param id
+     * @param secretKey
+     * @return
+     */
+    private boolean isValid(String id, String secretKey) {
+        return authClientMapper.selectClientByIdAndSecret(id, secretKey) == 1;
+    }
+}

sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/RequiresAuth.java

@@ -0,0 +1,15 @@
+package org.sk.module.data.config;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 是否需要判断 Id 和 秘钥的权限认证的注解
+ * @author haoran
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface RequiresAuth {
+}

sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/config/WebConfig.java

@@ -0,0 +1,22 @@
+package org.sk.module.data.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ *
+ */
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    @Autowired
+    private AuthInterceptor authInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/**"); // 拦截所有路径，由拦截器内部决定是否处理
+    }
+}

sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/controller/admin/finance/FinanceController.java

@@ -3,16 +3,15 @@ package org.sk.module.data.controller.admin.finance;
 
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
-import cn.iocoder.yudao.framework.common.util.object.ObjectUtils;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import org.sk.module.data.config.RequiresAuth;
 import org.sk.module.data.dal.bo.finance.FinanceBO;
 import org.sk.module.data.dal.param.finance.FinanceParam;
 import org.sk.module.data.dal.param.finance.IncomeAndTaxParam;
 import org.sk.module.data.dal.vo.FinanceVO;
 import org.sk.module.data.service.finance.FinanceService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.security.PermitAll;
@@ -51,6 +50,7 @@ public class FinanceController {
     @Operation(summary = "根据拼接的统一社会信用编码以及年份获取数据")
     @PostMapping("/getIncomeAndTax")
     @PermitAll
+    @RequiresAuth
     public CommonResult<List<FinanceVO>> getIncomeAndTax(@Valid @RequestBody IncomeAndTaxParam param) {
         return CommonResult.success(financeService.getIncomeAndTax(param));
     }

sk-module-data/sk-module-data-biz/src/main/java/org/sk/module/data/filter/AuthFilter.java

@@ -1,59 +0,0 @@
-package org.sk.module.data.filter;
-
-import org.sk.module.data.dal.mapper.auth.AuthClientMapper;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Component;
-import org.springframework.web.method.HandlerMethod;
-import org.springframework.web.servlet.HandlerExecutionChain;
-import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.lang.reflect.Method;
-
-@Component
-public class AuthFilter implements Filter {
-
-    @Autowired
-    @Qualifier("requestMappingHandlerMapping") // 或 "controllerEndpointHandlerMapping"
-    private RequestMappingHandlerMapping handlerMapping;
-
-    @Autowired
-    private AuthClientMapper authClientMapper;
-
-    public AuthFilter( RequestMappingHandlerMapping requestMappingHandlerMapping) {
-        this.handlerMapping = requestMappingHandlerMapping;
-    }
-
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-            throws IOException, ServletException {
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-        // 获取请求头中的密钥和 ID
-        String id = httpRequest.getHeader("X-Id");
-        String secretKey = httpRequest.getHeader("X-Secret-Key");
-
-        // 校验 ID 和密钥是否匹配
-        if (isValid(id, secretKey)) {
-            chain.doFilter(request, response);
-        } else {
-            httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403 Forbidden
-            httpResponse.setContentType("application/json");
-            httpResponse.getWriter().write("{\"error\": \"Invalid ID or Secret Key\"}");
-        }
-    }
-
-
-    /**
-     * 校验 ID 和密钥是否匹配
-     */
-    private boolean isValid(String id, String secretKey) {
-        // 示例逻辑：从数据库中查询 ID 和密钥是否匹配
-        return authClientMapper.selectClientByIdAndSecret(id,secretKey) == 1;
-    }
-}