bmmx
/
OperationSystem


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							package com.om.interceptor;


import com.alibaba.fastjson.JSON;
import com.om.constant.RedisConstant;
import com.om.exception.CustomerAuthenticationException;
import com.om.utils.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * jwt令牌校验的拦截器
 */
@Component
@Slf4j
public class JwtTokenUserInterceptor implements HandlerInterceptor {

    @Resource
    private JwtUtils jwtUtils;

    @Resource
    private RedisTemplate redisTemplate;

    /**
     * 校验jwt
     *
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //判断当前拦截到的是Controller的方法还是其他资源
        if (!(handler instanceof HandlerMethod)) {
            //当前拦截到的不是动态方法，直接放行
            return true;
        }

        //2、校验令牌
        try {
             this.validateToken(request);
        } catch (CustomerAuthenticationException ex) {

            response.setContentType("application/json;charset=UTF-8");  // 设置字符集为 UTF-8
            String message = ex.getMessage();
            response.setStatus(ResultCode.NO_AUTH);
            response.getWriter().write(JSON.toJSONString(Result.error().message(message).result(ResultCode.NO_AUTH)));
            return false;
        }

        return true;
    }


    /**
     * 验证token信息
     */
    private void validateToken(HttpServletRequest request) {

        //从headers头部获取token信息
        String token = request.getHeader("token");

        //如果请求头部中没有携带token  则从请求的参数中中获取token
        if (StringUtils.isEmpty(token)) {
            token = request.getParameter("token");        //从参数中获取

        }

        //如果请求参数中也没有携带token信息  则抛出异常
        if (StringUtils.isEmpty(token)) {
            throw new CustomerAuthenticationException("token不存在");
        }

        //从token中获取用户id
        Integer uId = jwtUtils.getUserIdFromToken(token);
        //判断 用户id 是否为空
        if (StringUtils.isEmpty(uId)) {
            throw new CustomerAuthenticationException("token解析失败");
        }

        //判断redis中是否存在token信息
        String tokenKey = RedisConstant.USER_TOKEN_PREFIX + uId;
        String redisToken = (String) redisTemplate.opsForValue().get(tokenKey);

        //判断redis中是否存在token信息  如果为空 则表示token已经失效、
        if (StringUtils.isEmpty(redisToken)) {
            throw new CustomerAuthenticationException("token已过期");

        }

        //如果token和redis中的token不一致 则验证失败
        if (!token.equals(redisToken)) {
            throw new CustomerAuthenticationException("token验证失败");
        }
        //设置 用户id
        UserContext.setUserId(uId);
    }
}