网关验证码过滤器添加放行校验

5 years ago · 57723b9ca1
4 changed files with 26 additions and 41 deletions
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
@ -8,6 +8,11 @@ package com.ruoyi.common.core.constant;
 public class SecurityConstants
 {
    /**
     * 令牌类型
     */
    public static final String BEARER_TOKEN_TYPE = "Bearer";
    /**
     * 授权token url
     */
    public static final String AUTH_TOKEN = "/oauth/token";
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java
@ -1,10 +1,12 @@
 package com.ruoyi.common.security.feign;
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
 import org.springframework.stereotype.Component;
 import com.ruoyi.common.core.constant.SecurityConstants;
 import feign.RequestInterceptor;
 import feign.RequestTemplate;
@ -16,10 +18,6 @@ import feign.RequestTemplate;
@Component
 public class OAuth2FeignRequestInterceptor implements RequestInterceptor
 {
    private final String AUTHORIZATION_HEADER = "Authorization";
    private final String BEARER_TOKEN_TYPE = "Bearer";
    @Override
    public void apply(RequestTemplate requestTemplate)
    {
@ -28,8 +26,8 @@ public class OAuth2FeignRequestInterceptor implements RequestInterceptor
        if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails)
        {
            OAuth2AuthenticationDetails dateils = (OAuth2AuthenticationDetails) authentication.getDetails();
-            requestTemplate.header(AUTHORIZATION_HEADER,
+            requestTemplate.header(HttpHeaders.AUTHORIZATION,
-                    String.format("%s %s", BEARER_TOKEN_TYPE, dateils.getTokenValue()));
+                    String.format("%s %s", SecurityConstants.BEARER_TOKEN_TYPE, dateils.getTokenValue()));
        }
    }
 }
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java
@ -1,33 +0,0 @@
 package com.ruoyi.gateway.config.properties;
 import java.util.ArrayList;
 import java.util.List;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.context.annotation.Configuration;
 /**
 * 放行终端配置
 * 
 * @author ruoyi
 */
@Configuration
@RefreshScope
@ConfigurationProperties(prefix = "ignore")
 public class IgnoreClientProperties
 {
    /**
     * 放行终端配置，网关不校验此处的终端
     */
    private List<String> clients = new ArrayList<>();
    public List<String> getClients()
    {
        return clients;
    }
    public void setClients(List<String> clients)
    {
        this.clients = clients;
    }
 }
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java
@ -3,6 +3,7 @@ package com.ruoyi.gateway.filter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
@ -25,6 +26,12 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory<Object>
    @Autowired
    private ValidateCodeService validateCodeService;
    private static final String BASIC_ = "Basic ";
    private static final String CODE = "code";
    private static final String UUID = "uuid";
    @Override
    public GatewayFilter apply(Object config)
    {
@ -36,10 +43,18 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory<Object>
            {
                return chain.filter(exchange);
            }
            // 消息头存在内容，且不存在验证码参数，不处理
            String header = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
            if (StringUtils.isNotEmpty(header) && StringUtils.startsWith(header, BASIC_)
                    && !request.getQueryParams().containsKey(CODE) && !request.getQueryParams().containsKey(UUID))
            {
                return chain.filter(exchange);
            }
            try
            {
-                validateCodeService.checkCapcha(request.getQueryParams().getFirst("code"),
+                validateCodeService.checkCapcha(request.getQueryParams().getFirst(CODE),
-                        request.getQueryParams().getFirst("uuid"));
+                        request.getQueryParams().getFirst(UUID));
            }
            catch (Exception e)
            {