fix: 优化过滤，时间格式

1 year ago · 930d8060df
parent 1951d1170d
commit 930d8060df
7 changed files with 55 additions and 35 deletions
--- a/xymanager_admin/src/main/resources/application-test.yml
+++ b/xymanager_admin/src/main/resources/application-test.yml
@ -1,5 +1,8 @@
 # Spring配置
 spring:
+  jackson:
+    date-format: yyyy-MM-dd HH:mm:ss
+    time-zone: GMT+8
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://192.168.1.190:3306/xymp?allowMultiQueries=true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
--- a/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java
+++ b/xymanager_common/src/main/java/com/shxy/xymanager_common/config/SecurityConfig.java
@ -32,7 +32,7 @@ public class SecurityConfig {
    /**
     * 是否开启权限认证
     */
-    private Boolean urlEnable = true;
+    private Boolean enable = true;
    /**
     * 系统用户默认密码
     */
--- a/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java
+++ b/xymanager_common/src/main/java/com/shxy/xymanager_common/util/TokenUtil.java
@ -3,7 +3,6 @@ package com.shxy.xymanager_common.util;
 import com.shxy.xymanager_common.config.SecurityConfig;
 import com.shxy.xymanager_common.constant.UuidUtils;
 import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.beans.factory.annotation.Autowired;
@ -30,7 +29,8 @@ public class TokenUtil {
                .compact();
        return jws;
    }
-    public  String getUserId(String token) throws JwtException{
+
+    public String getUserId(String token) {
        SecretKey key = Keys.hmacShaKeyFor(config.getJwtPwd().getBytes(StandardCharsets.UTF_8));
        token = token.replace(config.getJwtPrefix() + " ", "");
        Claims claims = Jwts.parserBuilder()
@ -40,6 +40,5 @@ public class TokenUtil {
                .getBody();
        String userId = claims.getSubject();
        return userId;
-
    }
 }
--- a/xymanager_framework/pom.xml
+++ b/xymanager_framework/pom.xml
@ -40,10 +40,6 @@
                    <groupId>ch.qos.logback</groupId>
                    <artifactId>logback-classic</artifactId>
                </exclusion>
-                <exclusion>
-                    <groupId>org.springframework.boot</groupId>
-                    <artifactId>spring-boot-starter-tomcat</artifactId>
-                </exclusion>
            </exclusions>
        </dependency>
        <!-- SpringBoot 拦截器 -->
--- a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java
+++ b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UrlAuthFilter.java
@ -37,7 +37,7 @@ public class UrlAuthFilter extends AbstractAuthorizationFilter {
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

-        if (!config.getUrlEnable()) {
+        if (!config.getEnable()) {
            filterChain.doFilter(request, response);
            return;
        }
--- a/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java
+++ b/xymanager_framework/src/main/java/com/shxy/xymanager_framework/filter/UserInfoFilter.java
@ -2,7 +2,6 @@ package com.shxy.xymanager_framework.filter;

 import com.shxy.xymanager_common.bean.SysUser;
 import com.shxy.xymanager_common.config.SecurityConfig;
-import com.shxy.xymanager_common.exception.CustomException;
 import com.shxy.xymanager_common.threadlocal.UserContextHolder;
 import com.shxy.xymanager_common.util.TokenUtil;
 import com.shxy.xymanager_service.service.SysUserService;
@ -12,12 +11,15 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;

 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;

@Order(1)
@Slf4j
@ -34,33 +36,47 @@ public class UserInfoFilter extends AbstractAuthorizationFilter {
        this.userService = userService;
    }

+    PathMatcher pathMatcher = new AntPathMatcher();
+
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        boolean valid = false;
-        try {
-            valid = initContextHolders(request);
-        } catch (CustomException ex) {
-            writeException(request, response, ex);
+        if (!config.getEnable()) {
+            filterChain.doFilter(request, response);
+            return;
        }
-        if (valid) {
+        String path = request.getRequestURI();
+        int suffixIdx = path.lastIndexOf(".");
+        if (suffixIdx > -1 && Arrays.stream(config.getResourceSuffix().toArray())
+                .anyMatch(a -> a.equals(path.substring(suffixIdx)))) {
            filterChain.doFilter(request, response);
+            return;
        }
+        for (String white : config.getUrlWhiteList()) {
+            if (pathMatcher.match(white, path)) {
+                filterChain.doFilter(request, response);
+                return;
+            }
+        }
+
+        try {
+            initContextHolders(request);
+            filterChain.doFilter(request, response);
+        } catch (JwtException ex) {
+            log.error("token error", ex);
+            writeException(request, response, new Exception("用户未登录或用户登录已过期"));
+        } finally {
            UserContextHolder.reset();
        }
+    }

-    private boolean initContextHolders(HttpServletRequest request) throws CustomException {
+    private boolean initContextHolders(HttpServletRequest request) {
        String token = request.getHeader(config.getJwtHeader());
        if (!StringUtils.isBlank(token)) {
-            try {
            String userId = tokenUtil.getUserId(token);
            if (!StringUtils.isBlank(userId)) {
                SysUser user = userService.selectUserById(Integer.parseInt(userId));
                UserContextHolder.setCurrentUserInfo(user);
            }
-            } catch (JwtException ex) {
-                log.error(ex.getMessage(), ex);
-                throw new CustomException("用户未登录或用户登录已过期");
-            }
        }
        return true;
    }
--- a/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java
+++ b/xymanager_service/src/main/java/com/shxy/xymanager_service/impl/RoleServiceImpl.java
@ -58,11 +58,17 @@ public class RoleServiceImpl implements RoleService {

    @Override
    public void update(TbRole item) throws Exception {
+        if (item.getId() == SUPER_ADMIN) {
+            throw new Exception("不能修改超级管理员");
+        }
        roleMapper.updateByPrimaryKey(item);
    }

    @Override
    public void delete(Integer id) throws Exception {
+        if (id == SUPER_ADMIN) {
+            throw new Exception("不能删除超级管理员");
+        }
        roleMapper.deleteByPrimaryKey(id);
    }