Merge remote-tracking branch 'origin/main'
This commit is contained in:
commit
cf600c2094
@ -0,0 +1,23 @@
|
||||
package com.cdzy.gateway.component;
|
||||
|
||||
import lombok.Data;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* user模块接口拦截列表(从配置文件获取)
|
||||
*
|
||||
* @author yanglei
|
||||
* @since 2026-02-10 15:50
|
||||
*/
|
||||
|
||||
@Data
|
||||
@Component
|
||||
@ConfigurationProperties(prefix = "user.auth")
|
||||
public class AuthProperties {
|
||||
|
||||
private List<String> requiredPaths = new ArrayList<>();
|
||||
}
|
||||
@ -3,10 +3,14 @@ package com.cdzy.gateway.config;
|
||||
import cn.dev33.satoken.reactor.filter.SaReactorFilter;
|
||||
import cn.dev33.satoken.router.SaRouter;
|
||||
import cn.dev33.satoken.stp.StpUtil;
|
||||
import com.cdzy.gateway.component.AuthProperties;
|
||||
import jakarta.annotation.Resource;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author attiya
|
||||
* @since 2025-03-18
|
||||
@ -17,25 +21,44 @@ public class SaTokenConfigure {
|
||||
@Value("${sa-token.is-check}")
|
||||
private Boolean isCheck;
|
||||
|
||||
// 注册 Sa-Token全局过滤器
|
||||
@Resource
|
||||
private AuthProperties authProperties;
|
||||
|
||||
@Bean
|
||||
public SaReactorFilter getSaReactorFilter() {
|
||||
return new SaReactorFilter()
|
||||
// 拦截地址
|
||||
.addInclude("/**") /* 拦截全部path */
|
||||
// 开放地址
|
||||
.addExclude("/user/**")
|
||||
//支付放开(限开发模式)
|
||||
.addExclude("/payment/ebikeOrder/api/**")
|
||||
.addExclude("/payment/wxPayment/api/**")
|
||||
.addExclude("/operations/ebikeBikeInfo/api/**")
|
||||
// 鉴权方法:每次访问进入
|
||||
// 拦截所有请求
|
||||
.addInclude("/**")
|
||||
.setAuth(obj -> {
|
||||
if (isCheck) {
|
||||
// 登录校验 -- 拦截所有路由,并排除/user/doLogin 用于开放登录
|
||||
SaRouter.match("/**", "/staff/ebikeOperatorStaff/login", r -> StpUtil.checkLogin());
|
||||
if (!Boolean.TRUE.equals(isCheck)) {
|
||||
return; // 如果不开启校验,直接跳过
|
||||
}
|
||||
|
||||
// 1. 放行不需要鉴权的路径
|
||||
SaRouter.match("/user/doLogin").free(r -> {});
|
||||
SaRouter.match("/staff/ebikeOperatorStaff/login").free(r -> {});
|
||||
SaRouter.match("/payment/ebikeOrder/api/**").free(r -> {});
|
||||
SaRouter.match("/payment/wxPayment/api/**").free(r -> {});
|
||||
SaRouter.match("/operations/ebikeBikeInfo/api/**").free(r -> {});
|
||||
|
||||
// 2. 对 配置文件中需要鉴权的特定路径进行校验
|
||||
List<String> requiredPaths = authProperties.getRequiredPaths();
|
||||
if (requiredPaths != null && !requiredPaths.isEmpty()) {
|
||||
for (String path : requiredPaths) {
|
||||
SaRouter.match(path).check(r -> StpUtil.checkLogin());
|
||||
}
|
||||
}
|
||||
|
||||
// 3. 其他所有路径统一鉴权 (必须放在最后,避免覆盖前面的规则)
|
||||
SaRouter.match("/**")
|
||||
.notMatch("/user/doLogin")
|
||||
.notMatch("/staff/ebikeOperatorStaff/login")
|
||||
.notMatch("/payment/ebikeOrder/api/**")
|
||||
.notMatch("/payment/wxPayment/api/**")
|
||||
.notMatch("/operations/ebikeBikeInfo/api/**")
|
||||
// 排除所有 user 下的路径,只有 requiredPaths 才鉴权
|
||||
.notMatch("/user/**")
|
||||
.check(r -> StpUtil.checkLogin());
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -99,6 +99,13 @@ sa-token:
|
||||
# 开启检查的登陆状态的开关
|
||||
is-check: true
|
||||
|
||||
# 需要被拦截的接口列表
|
||||
user:
|
||||
auth:
|
||||
# 需要 token 校验的路径列表
|
||||
required-paths:
|
||||
- /user/ebikeOrder/api/updateOrderAmount
|
||||
|
||||
# 自定义加解密配置
|
||||
cdzy:
|
||||
gateway:
|
||||
|
||||
@ -99,6 +99,13 @@ sa-token:
|
||||
# 开启检查的登陆状态的开关
|
||||
is-check: true
|
||||
|
||||
# 需要被拦截的接口列表
|
||||
user:
|
||||
auth:
|
||||
# 需要 token 校验的路径列表
|
||||
required-paths:
|
||||
- /user/ebikeOrder/api/updateOrderAmount
|
||||
|
||||
# 自定义加解密配置
|
||||
cdzy:
|
||||
gateway:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user