From a59dae44b4259d4441cbf47a2dd5a480f3ef13eab2235defa71bcdd0a01d0d89 Mon Sep 17 00:00:00 2001 From: yanglei Date: Tue, 10 Feb 2026 16:39:59 +0800 Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=B7=AF=E5=BE=84=E6=8B=A6?= =?UTF-8?q?=E6=88=AA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../gateway/component/AuthProperties.java | 23 ++++++++ .../cdzy/gateway/config/SaTokenConfigure.java | 53 +++++++++++++------ .../src/main/resources/application-dev.yml | 7 +++ .../src/main/resources/application-prod.yml | 7 +++ 4 files changed, 75 insertions(+), 15 deletions(-) create mode 100644 ebike-gateway/src/main/java/com/cdzy/gateway/component/AuthProperties.java diff --git a/ebike-gateway/src/main/java/com/cdzy/gateway/component/AuthProperties.java b/ebike-gateway/src/main/java/com/cdzy/gateway/component/AuthProperties.java new file mode 100644 index 0000000..cf64470 --- /dev/null +++ b/ebike-gateway/src/main/java/com/cdzy/gateway/component/AuthProperties.java @@ -0,0 +1,23 @@ +package com.cdzy.gateway.component; + +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +import java.util.ArrayList; +import java.util.List; + +/** + * user模块接口拦截列表(从配置文件获取) + * + * @author yanglei + * @since 2026-02-10 15:50 + */ + +@Data +@Component +@ConfigurationProperties(prefix = "user.auth") +public class AuthProperties { + + private List requiredPaths = new ArrayList<>(); +} \ No newline at end of file diff --git a/ebike-gateway/src/main/java/com/cdzy/gateway/config/SaTokenConfigure.java b/ebike-gateway/src/main/java/com/cdzy/gateway/config/SaTokenConfigure.java index b1af954..affe807 100644 --- a/ebike-gateway/src/main/java/com/cdzy/gateway/config/SaTokenConfigure.java +++ b/ebike-gateway/src/main/java/com/cdzy/gateway/config/SaTokenConfigure.java @@ -3,10 +3,14 @@ package com.cdzy.gateway.config; import cn.dev33.satoken.reactor.filter.SaReactorFilter; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; +import com.cdzy.gateway.component.AuthProperties; +import jakarta.annotation.Resource; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import java.util.List; + /** * @author attiya * @since 2025-03-18 @@ -17,25 +21,44 @@ public class SaTokenConfigure { @Value("${sa-token.is-check}") private Boolean isCheck; - // 注册 Sa-Token全局过滤器 + @Resource + private AuthProperties authProperties; + @Bean public SaReactorFilter getSaReactorFilter() { return new SaReactorFilter() - // 拦截地址 - .addInclude("/**") /* 拦截全部path */ - // 开放地址 - .addExclude("/user/**") - //支付放开(限开发模式) - .addExclude("/payment/ebikeOrder/api/**") - .addExclude("/payment/wxPayment/api/**") - .addExclude("/operations/ebikeBikeInfo/api/**") - // 鉴权方法:每次访问进入 + // 拦截所有请求 + .addInclude("/**") .setAuth(obj -> { - if (isCheck) { - // 登录校验 -- 拦截所有路由,并排除/user/doLogin 用于开放登录 - SaRouter.match("/**", "/staff/ebikeOperatorStaff/login", r -> StpUtil.checkLogin()); + if (!Boolean.TRUE.equals(isCheck)) { + return; // 如果不开启校验,直接跳过 } + + // 1. 放行不需要鉴权的路径 + SaRouter.match("/user/doLogin").free(r -> {}); + SaRouter.match("/staff/ebikeOperatorStaff/login").free(r -> {}); + SaRouter.match("/payment/ebikeOrder/api/**").free(r -> {}); + SaRouter.match("/payment/wxPayment/api/**").free(r -> {}); + SaRouter.match("/operations/ebikeBikeInfo/api/**").free(r -> {}); + + // 2. 对 配置文件中需要鉴权的特定路径进行校验 + List requiredPaths = authProperties.getRequiredPaths(); + if (requiredPaths != null && !requiredPaths.isEmpty()) { + for (String path : requiredPaths) { + SaRouter.match(path).check(r -> StpUtil.checkLogin()); + } + } + + // 3. 其他所有路径统一鉴权 (必须放在最后,避免覆盖前面的规则) + SaRouter.match("/**") + .notMatch("/user/doLogin") + .notMatch("/staff/ebikeOperatorStaff/login") + .notMatch("/payment/ebikeOrder/api/**") + .notMatch("/payment/wxPayment/api/**") + .notMatch("/operations/ebikeBikeInfo/api/**") + // 排除所有 user 下的路径,只有 requiredPaths 才鉴权 + .notMatch("/user/**") + .check(r -> StpUtil.checkLogin()); }); } -} - +} \ No newline at end of file diff --git a/ebike-gateway/src/main/resources/application-dev.yml b/ebike-gateway/src/main/resources/application-dev.yml index f97ed3d..5482641 100644 --- a/ebike-gateway/src/main/resources/application-dev.yml +++ b/ebike-gateway/src/main/resources/application-dev.yml @@ -99,6 +99,13 @@ sa-token: # 开启检查的登陆状态的开关 is-check: true +# 需要被拦截的接口列表 +user: + auth: + # 需要 token 校验的路径列表 + required-paths: + - /user/ebikeOrder/api/updateOrderAmount + # 自定义加解密配置 cdzy: gateway: diff --git a/ebike-gateway/src/main/resources/application-prod.yml b/ebike-gateway/src/main/resources/application-prod.yml index d943a88..b5258fd 100644 --- a/ebike-gateway/src/main/resources/application-prod.yml +++ b/ebike-gateway/src/main/resources/application-prod.yml @@ -99,6 +99,13 @@ sa-token: # 开启检查的登陆状态的开关 is-check: true +# 需要被拦截的接口列表 +user: + auth: + # 需要 token 校验的路径列表 + required-paths: + - /user/ebikeOrder/api/updateOrderAmount + # 自定义加解密配置 cdzy: gateway: