用户路径拦截
This commit is contained in:
yanglei
parent
58b10af0ce
commit
a59dae44b4
@ -0,0 +1,23 @@
|
|||||||
|
package com.cdzy.gateway.component;
|
||||||
|
|
||||||
|
import lombok.Data;
|
||||||
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* user模块接口拦截列表(从配置文件获取)
|
||||||
|
*
|
||||||
|
* @author yanglei
|
||||||
|
* @since 2026-02-10 15:50
|
||||||
|
*/
|
||||||
|
|
||||||
|
@Data
|
||||||
|
@Component
|
||||||
|
@ConfigurationProperties(prefix = "user.auth")
|
||||||
|
public class AuthProperties {
|
||||||
|
|
||||||
|
private List<String> requiredPaths = new ArrayList<>();
|
||||||
|
}
|
||||||
@ -3,10 +3,14 @@ package com.cdzy.gateway.config;
|
|||||||
import cn.dev33.satoken.reactor.filter.SaReactorFilter;
|
import cn.dev33.satoken.reactor.filter.SaReactorFilter;
|
||||||
import cn.dev33.satoken.router.SaRouter;
|
import cn.dev33.satoken.router.SaRouter;
|
||||||
import cn.dev33.satoken.stp.StpUtil;
|
import cn.dev33.satoken.stp.StpUtil;
|
||||||
|
import com.cdzy.gateway.component.AuthProperties;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author attiya
|
* @author attiya
|
||||||
* @since 2025-03-18
|
* @since 2025-03-18
|
||||||
@ -17,25 +21,44 @@ public class SaTokenConfigure {
|
|||||||
@Value("${sa-token.is-check}")
|
@Value("${sa-token.is-check}")
|
||||||
private Boolean isCheck;
|
private Boolean isCheck;
|
||||||
|
|
||||||
// 注册 Sa-Token全局过滤器
|
@Resource
|
||||||
|
private AuthProperties authProperties;
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SaReactorFilter getSaReactorFilter() {
|
public SaReactorFilter getSaReactorFilter() {
|
||||||
return new SaReactorFilter()
|
return new SaReactorFilter()
|
||||||
// 拦截地址
|
// 拦截所有请求
|
||||||
.addInclude("/**") /* 拦截全部path */
|
.addInclude("/**")
|
||||||
// 开放地址
|
|
||||||
.addExclude("/user/**")
|
|
||||||
//支付放开(限开发模式)
|
|
||||||
.addExclude("/payment/ebikeOrder/api/**")
|
|
||||||
.addExclude("/payment/wxPayment/api/**")
|
|
||||||
.addExclude("/operations/ebikeBikeInfo/api/**")
|
|
||||||
// 鉴权方法:每次访问进入
|
|
||||||
.setAuth(obj -> {
|
.setAuth(obj -> {
|
||||||
if (isCheck) {
|
if (!Boolean.TRUE.equals(isCheck)) {
|
||||||
// 登录校验 -- 拦截所有路由,并排除/user/doLogin 用于开放登录
|
return; // 如果不开启校验,直接跳过
|
||||||
SaRouter.match("/**", "/staff/ebikeOperatorStaff/login", r -> StpUtil.checkLogin());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 1. 放行不需要鉴权的路径
|
||||||
|
SaRouter.match("/user/doLogin").free(r -> {});
|
||||||
|
SaRouter.match("/staff/ebikeOperatorStaff/login").free(r -> {});
|
||||||
|
SaRouter.match("/payment/ebikeOrder/api/**").free(r -> {});
|
||||||
|
SaRouter.match("/payment/wxPayment/api/**").free(r -> {});
|
||||||
|
SaRouter.match("/operations/ebikeBikeInfo/api/**").free(r -> {});
|
||||||
|
|
||||||
|
// 2. 对 配置文件中需要鉴权的特定路径进行校验
|
||||||
|
List<String> requiredPaths = authProperties.getRequiredPaths();
|
||||||
|
if (requiredPaths != null && !requiredPaths.isEmpty()) {
|
||||||
|
for (String path : requiredPaths) {
|
||||||
|
SaRouter.match(path).check(r -> StpUtil.checkLogin());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 3. 其他所有路径统一鉴权 (必须放在最后,避免覆盖前面的规则)
|
||||||
|
SaRouter.match("/**")
|
||||||
|
.notMatch("/user/doLogin")
|
||||||
|
.notMatch("/staff/ebikeOperatorStaff/login")
|
||||||
|
.notMatch("/payment/ebikeOrder/api/**")
|
||||||
|
.notMatch("/payment/wxPayment/api/**")
|
||||||
|
.notMatch("/operations/ebikeBikeInfo/api/**")
|
||||||
|
// 排除所有 user 下的路径,只有 requiredPaths 才鉴权
|
||||||
|
.notMatch("/user/**")
|
||||||
|
.check(r -> StpUtil.checkLogin());
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -99,6 +99,13 @@ sa-token:
|
|||||||
# 开启检查的登陆状态的开关
|
# 开启检查的登陆状态的开关
|
||||||
is-check: true
|
is-check: true
|
||||||
|
|
||||||
|
# 需要被拦截的接口列表
|
||||||
|
user:
|
||||||
|
auth:
|
||||||
|
# 需要 token 校验的路径列表
|
||||||
|
required-paths:
|
||||||
|
- /user/ebikeOrder/api/updateOrderAmount
|
||||||
|
|
||||||
# 自定义加解密配置
|
# 自定义加解密配置
|
||||||
cdzy:
|
cdzy:
|
||||||
gateway:
|
gateway:
|
||||||
|
|||||||
@ -99,6 +99,13 @@ sa-token:
|
|||||||
# 开启检查的登陆状态的开关
|
# 开启检查的登陆状态的开关
|
||||||
is-check: true
|
is-check: true
|
||||||
|
|
||||||
|
# 需要被拦截的接口列表
|
||||||
|
user:
|
||||||
|
auth:
|
||||||
|
# 需要 token 校验的路径列表
|
||||||
|
required-paths:
|
||||||
|
- /user/ebikeOrder/api/updateOrderAmount
|
||||||
|
|
||||||
# 自定义加解密配置
|
# 自定义加解密配置
|
||||||
cdzy:
|
cdzy:
|
||||||
gateway:
|
gateway:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user