package com.ruoyi.framework.interceptor;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.servlet.HandlerInterceptor;
|
import org.springframework.util.StringUtils;
|
|
import com.ruoyi.common.annotation.Anonymous;
|
import com.ruoyi.common.exception.ServiceException;
|
import com.ruoyi.system.service.ISysClientAppService;
|
|
/**
|
* 匿名访问拦截器
|
*/
|
@Component
|
public class AnonymousInterceptor implements HandlerInterceptor {
|
|
@Autowired
|
private ISysClientAppService clientAppService;
|
|
@Override
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
// 如果不是映射到方法,直接通过
|
if (!(handler instanceof HandlerMethod)) {
|
return true;
|
}
|
|
// 获取方法上的注解
|
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
Anonymous anonymous = handlerMethod.getMethodAnnotation(Anonymous.class);
|
|
// 如果方法上没有注解,则获取类上的注解
|
if (anonymous == null) {
|
anonymous = handlerMethod.getBeanType().getAnnotation(Anonymous.class);
|
}
|
|
// 如果没有注解,直接通过
|
if (anonymous == null) {
|
return true;
|
}
|
|
// 获取请求参数
|
String appId = request.getParameter("appId");
|
String sign = request.getParameter("sign");
|
String timestamp = request.getParameter("timestamp");
|
if(anonymous.needSign()){
|
if(appId == null || sign == null || timestamp == null){
|
throw new ServiceException("缺少必要参数");
|
|
}
|
}
|
// 验证必要参数
|
if (StringUtils.hasText(appId) && StringUtils.hasText(sign) && StringUtils.hasText(timestamp)) {
|
// 验证签名
|
if (clientAppService.validateSign(appId, sign, timestamp)) {
|
return true;
|
}
|
throw new ServiceException("签名验证失败");
|
}
|
|
// 如果没有验证参数,也允许通过(适用于不需要验证的匿名接口)
|
return true;
|
}
|
}
|
