24.用户认证与网关整合
# 思路
所有请求都会经过服务网关,服务网关对外暴露服务,在网关进行统一用户认证
既然要在网关进行用户认证,网关得知道对哪些url进行认证,所以对ur制定规则
Api接口异步请求的,采取url规则匹配,如:/api/**/auth/**,如凡是满足该规则的都必须用户认证
# 修改service-gateway
# 添加filter
创建并添加 com.stt.yygh.filter.AuthGlobalFilter 类
在网关中如何获取用户信息
- 统一从header头信息中获取
如何判断用户信息合法
- 登录时返回用户token,在服务网关中获取到token后,到redis中去查看用户id,如何用户id存在,则token合法,否则不合法
package com.stt.yygh.filter;
import com.alibaba.fastjson.JSONObject;
import com.stt.yygh.common.helper.JwtHelper;
import com.stt.yygh.common.result.Result;
import com.stt.yygh.common.result.ResultCodeEnum;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.nio.charset.StandardCharsets;
import java.util.List;
/**
* 全局Filter,统一处理会员登录与外部不允许访问的服务
*/
@Component
public class AuthGlobalFilter implements GlobalFilter, Ordered {
private AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override
public int getOrder() {
return 0;
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
String path = request.getURI().getPath();
System.out.println("===" + path);
//内部服务接口,不允许外部访问
if (antPathMatcher.match("/**/inner/**", path)) {
return out(exchange.getResponse(), ResultCodeEnum.PERMISSION);
}
//api接口,异步请求,校验用户必须登录
if (antPathMatcher.match("/api/**/auth/**", path)) {
if (StringUtils.isEmpty(this.getUserId(request))) {
return out(exchange.getResponse(), ResultCodeEnum.LOGIN_AUTH);
}
}
return chain.filter(exchange);
}
/**
* api接口鉴权失败返回数据
*
* @param response
* @return
*/
private Mono<Void> out(ServerHttpResponse response, ResultCodeEnum resultCodeEnum) {
Result result = Result.build(null, resultCodeEnum);
byte[] bits = JSONObject.toJSONString(result).getBytes(StandardCharsets.UTF_8);
DataBuffer buffer = response.bufferFactory().wrap(bits);
//指定编码,否则在浏览器中会中文乱码
response.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
return response.writeWith(Mono.just(buffer));
}
/**
* 获取当前登录用户id
*
* @param request
* @return
*/
private Long getUserId(ServerHttpRequest request) {
List<String> tokenList = request.getHeaders().get("token");
if (CollectionUtils.isEmpty(tokenList)) {
return null;
}
if (StringUtils.isEmpty(tokenList.get(0))) {
return null;
}
return JwtHelper.getUserId(tokenList.get(0));
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# 修改yygh-site前端
请求服务器端接口时默认带上token,需要登录的接口如果token没有或者token过期,服务器端会返回208状态,然后发送登录事件打开登录弹出层登录
修改utils/request.js文件
import axios from 'axios'
import { Message } from 'element-ui'
import cookie from 'js-cookie'
// 创建axios实例
const service = axios.create({
baseURL: 'http://localhost:8080',
timeout: 15000 // 请求超时时间
})
// http request 拦截器
service.interceptors.request.use(
config => {
// token 先不处理,后续使用时在完善
//判断cookie是否有token值
if (cookie.get('token')) {
//token值放到cookie里面
config.headers['token'] = cookie.get('token')
}
return config
},
err => {
return Promise.reject(err)
})
// http response 拦截器
service.interceptors.response.use(
response => {
//状态码是208
if (response.data.code === 208) {
//弹出登录输入框
loginEvent.$emit('loginDialogEvent')
return
}
if (response.data.code !== 200) {
Message({
message: response.data.message,
type: 'error',
duration: 5 * 1000
})
return Promise.reject(response.data)
}
return response.data
},
error => {
return Promise.reject(error.response)
})
export default service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Last Updated: 2022/01/16, 11:29:51