From a3d61686e644b53301f19805dec082d0d1394690 Mon Sep 17 00:00:00 2001
From: Gary <chghe@telenavsoftware.com>
Date: Mon, 15 Jan 2024 16:12:26 +0800
Subject: [PATCH] 1.add user login pre condition in GlobalInterceptor

---
 .../user/annotation/GlobalInterceptor.java    |   2 +
 .../com/luoo/user/aspect/OperationAspect.java | 189 ++++++++++++------
 .../luoo/user/controller/AdminController.java |   2 +-
 3 files changed, 126 insertions(+), 67 deletions(-)

diff --git a/luoo_user/src/main/java/com/luoo/user/annotation/GlobalInterceptor.java b/luoo_user/src/main/java/com/luoo/user/annotation/GlobalInterceptor.java
index d7850a6..1a28577 100644
--- a/luoo_user/src/main/java/com/luoo/user/annotation/GlobalInterceptor.java
+++ b/luoo_user/src/main/java/com/luoo/user/annotation/GlobalInterceptor.java
@@ -8,5 +8,7 @@ import java.lang.annotation.Target;
 @Target(ElementType.METHOD)
 @Retention(RetentionPolicy.RUNTIME)
 public @interface GlobalInterceptor {
+	boolean checkLogin() default false;
+	boolean checkAdminLogin() default false;
     boolean checkParam() default true;
 }
diff --git a/luoo_user/src/main/java/com/luoo/user/aspect/OperationAspect.java b/luoo_user/src/main/java/com/luoo/user/aspect/OperationAspect.java
index 349ad34..ad30847 100644
--- a/luoo_user/src/main/java/com/luoo/user/aspect/OperationAspect.java
+++ b/luoo_user/src/main/java/com/luoo/user/aspect/OperationAspect.java
@@ -1,10 +1,11 @@
 package com.luoo.user.aspect;
 
-
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.lang.reflect.Parameter;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.lang3.ArrayUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@@ -12,82 +13,138 @@ import org.aspectj.lang.annotation.Before;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.luoo.user.annotation.GlobalInterceptor;
 import com.luoo.user.annotation.VerifyParam;
+import com.luoo.user.constants.Constants;
 import com.luoo.user.util.VerifyUtils;
 
 import api.StatusCode;
+import dto.UserLoginDto;
 import exception.BizException;
+import util.JwtUtil;
 import util.StringTools;
 
 @Aspect
 @Component("operationAspect")
 public class OperationAspect {
-    static Logger logger= LoggerFactory.getLogger(OperationAspect.class);
-    private static final String[] BASE_TYPE_ARRAY=new String[] {"java.lang.String","java.lang.Integer","java.lang.Long"};
-    @Before("@annotation(com.luoo.user.annotation.GlobalInterceptor)")
-    public void interceptorDo(JoinPoint point) {
-        Object[]  arguments=point.getArgs();
-        Method method=((MethodSignature)point.getSignature()).getMethod();
-        GlobalInterceptor interceptor=method.getAnnotation(GlobalInterceptor.class);
-        if(null==interceptor) {
-            return;
-        }
-        if(interceptor.checkParam()) {
-            validateParams(method,arguments);
-        }
-    }
-    private void validateParams(Method method, Object[] arguments) {
-        Parameter[] parameters=method.getParameters();
-        for(int i=0;i<parameters.length;i++) {
-            Parameter parameter=parameters[i];
-            Object value=arguments[i];
-            VerifyParam verifyParam=parameter.getAnnotation(VerifyParam.class);
-            if(null==verifyParam) {
-                continue;
-            }
-            String paramTypeName=parameter.getParameterizedType().getTypeName();
-            if(ArrayUtils.contains(BASE_TYPE_ARRAY, paramTypeName)) {
-                checkValue(value,verifyParam);
-            }else {
-                checkObjValue(parameter,value);
-            }
-        }
-    }
-    private void checkObjValue(Parameter parameter,Object value) {
-        try {
-            String typeName=parameter.getParameterizedType().getTypeName();
-            Class<?> clazz=Class.forName(typeName);
-            Field[] fields= clazz.getDeclaredFields();
-            for(Field field:fields) {
-                VerifyParam fieldVerifyParam=field.getAnnotation(VerifyParam.class);
-                if(null==fieldVerifyParam) {
-                    continue;
-                }
-                field.setAccessible(true);
-                Object resultValue=field.get(value);
-                checkValue(resultValue,fieldVerifyParam);
-            }
-            
-        }catch(Exception e) {
-            logger.error(StatusCode.VALIDATE_FAILED.getMessage(),e.getMessage());
-            throw new BizException(StatusCode.VALIDATE_FAILED);
-        }
-    }
-
-    private void checkValue(Object value, VerifyParam verifyParam) {
-        boolean isEmpty= null==value||StringTools.isEmpty(value.toString());
-        int length= null==value?0:value.toString().length();
-        if(isEmpty&&verifyParam.required()) {
-            throw new BizException(StatusCode.VALIDATE_FAILED);
-        }
-        if(!isEmpty&&(-1!=verifyParam.max()&&verifyParam.max()<length||-1!=verifyParam.min()&&verifyParam.min()>length)) {
-            throw new BizException(StatusCode.VALIDATE_FAILED);
-        }
-        if(!isEmpty&&!StringTools.isEmpty(verifyParam.regex().getRegex())&&!VerifyUtils.verify(verifyParam.regex(), String.valueOf(value))) {
-            throw new BizException(StatusCode.VALIDATE_FAILED);
-        }
-    }
+	static Logger logger = LoggerFactory.getLogger(OperationAspect.class);
+	private static final String[] BASE_TYPE_ARRAY = new String[] { "java.lang.String", "java.lang.Integer",
+			"java.lang.Long" };
+
+	@Autowired
+	private JwtUtil jwtUtil;
+
+	@Before("@annotation(com.luoo.user.annotation.GlobalInterceptor)")
+	public void interceptorDo(JoinPoint point) {
+		Object[] arguments = point.getArgs();
+		Method method = ((MethodSignature) point.getSignature()).getMethod();
+		GlobalInterceptor interceptor = method.getAnnotation(GlobalInterceptor.class);
+		if (null == interceptor) {
+			return;
+		}
+		/**
+		 * 登录校验
+		 */
+		if (interceptor.checkLogin()) {
+			checkLogin();
+		}
+
+		/**
+		 * 管理用户登录校验
+		 */
+		if (interceptor.checkAdminLogin()) {
+			checkAdminLogin();
+		}
+
+		/**
+		 * 校验参数
+		 */
+		if (interceptor.checkParam()) {
+			validateParams(method, arguments);
+		}
+	}
+
+	private void checkAdminLogin() {
+		UserLoginDto userLoginDto = getUserLoginDtoFromToken();
+		if (userLoginDto == null) {
+			throw new BizException(StatusCode.UNAUTHORIZED);
+		}
+		if (!Constants.TOKEN_ROLE_ADMIN_USER.equals(userLoginDto.getRoles())) {
+			throw new BizException(StatusCode.FORBIDDEN);
+		}
+	}
+
+	private void checkLogin() {
+		UserLoginDto userLoginDto = getUserLoginDtoFromToken();
+		if (userLoginDto == null) {
+			throw new BizException(StatusCode.UNAUTHORIZED);
+		}
+	}
+
+	private UserLoginDto getUserLoginDtoFromToken() {
+		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
+				.getRequest();
+		String token = request.getHeader("token");
+		return jwtUtil.getUserLoginDto(token);
+	}
+
+	private void validateParams(Method method, Object[] arguments) {
+		Parameter[] parameters = method.getParameters();
+		for (int i = 0; i < parameters.length; i++) {
+			Parameter parameter = parameters[i];
+			Object value = arguments[i];
+			VerifyParam verifyParam = parameter.getAnnotation(VerifyParam.class);
+			if (null == verifyParam) {
+				continue;
+			}
+			String paramTypeName = parameter.getParameterizedType().getTypeName();
+			if (ArrayUtils.contains(BASE_TYPE_ARRAY, paramTypeName)) {
+				checkValue(value, verifyParam);
+			} else {
+				checkObjValue(parameter, value);
+			}
+		}
+	}
+
+	private void checkObjValue(Parameter parameter, Object value) {
+		try {
+			String typeName = parameter.getParameterizedType().getTypeName();
+			Class<?> clazz = Class.forName(typeName);
+			Field[] fields = clazz.getDeclaredFields();
+			for (Field field : fields) {
+				VerifyParam fieldVerifyParam = field.getAnnotation(VerifyParam.class);
+				if (null == fieldVerifyParam) {
+					continue;
+				}
+				field.setAccessible(true);
+				Object resultValue = field.get(value);
+				checkValue(resultValue, fieldVerifyParam);
+			}
+
+		} catch (Exception e) {
+			logger.error(StatusCode.VALIDATE_FAILED.getMessage(), e.getMessage());
+			throw new BizException(StatusCode.VALIDATE_FAILED);
+		}
+	}
+
+	private void checkValue(Object value, VerifyParam verifyParam) {
+		boolean isEmpty = null == value || StringTools.isEmpty(value.toString());
+		int length = null == value ? 0 : value.toString().length();
+		if (isEmpty && verifyParam.required()) {
+			throw new BizException(StatusCode.VALIDATE_FAILED);
+		}
+		if (!isEmpty && (-1 != verifyParam.max() && verifyParam.max() < length
+				|| -1 != verifyParam.min() && verifyParam.min() > length)) {
+			throw new BizException(StatusCode.VALIDATE_FAILED);
+		}
+		if (!isEmpty && !StringTools.isEmpty(verifyParam.regex().getRegex())
+				&& !VerifyUtils.verify(verifyParam.regex(), String.valueOf(value))) {
+			throw new BizException(StatusCode.VALIDATE_FAILED);
+		}
+	}
 }
diff --git a/luoo_user/src/main/java/com/luoo/user/controller/AdminController.java b/luoo_user/src/main/java/com/luoo/user/controller/AdminController.java
index 2d4069a..6a5907a 100644
--- a/luoo_user/src/main/java/com/luoo/user/controller/AdminController.java
+++ b/luoo_user/src/main/java/com/luoo/user/controller/AdminController.java
@@ -98,7 +98,7 @@ public class AdminController {
 	@ApiImplicitParams({
 		@ApiImplicitParam(name = "ids", value = "多个id以','分隔", required = true) })
 	@GetMapping("/ids/{id}")
-	@GlobalInterceptor
+	@GlobalInterceptor(checkAdminLogin=true)
 	public Result<List<Admin>> findAllById(@PathVariable @VerifyParam(required=true) String ids){
 		List<String> idList=Arrays.stream(ids.split(",")).map(String::trim).collect(Collectors.toList());
 		return Result.success(adminService.findAllById(idList));