diff --git a/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java b/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java index 36a9fbf3..db469e70 100644 --- a/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java +++ b/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java @@ -18,7 +18,7 @@ public class LikeRequestDTO { @NotBlank(message = "点赞的用户id不能为空") @FieldDesc(name = "点赞人id") - private String fromId; + private String userId; @NotBlank(message = "获赞的人id不能为空") @FieldDesc(name = "获赞人id") private String toId; diff --git a/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java b/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java index 5b8adc83..56167a86 100644 --- a/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java +++ b/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java @@ -10,6 +10,7 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import javax.annotation.Resource; @@ -27,6 +28,7 @@ @Aspect @Component @Slf4j +@Order(Integer.MIN_VALUE+2) public class AuthVerifyAspect { @Resource diff --git a/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java b/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java index 3ab9dd60..2360ee96 100644 --- a/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java +++ b/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java @@ -10,6 +10,7 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; +import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -28,6 +29,7 @@ @Slf4j @Component @Aspect +@Order(Integer.MIN_VALUE) public class LoginVerificationAspect { private final long EXPIRED = 100*1000; @@ -87,7 +89,7 @@ public Object checkToken(ProceedingJoinPoint joinPoint) throws Throwable { } if(accessTokenExpired <= EXPIRED){ - //如果token是持久化的或者已经超时失效也会进这里 + //如果token已经超时失效也会进这里 response.setHeader(ACCESS_TOKEN_NEED_REFRESH, "true"); } diff --git a/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java b/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java new file mode 100644 index 00000000..f5b9e1d3 --- /dev/null +++ b/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java @@ -0,0 +1,79 @@ +package com.achobeta.aop; + +import com.achobeta.domain.login.model.valobj.TokenVO; +import com.achobeta.types.enums.GlobalServiceStatusCode; +import com.achobeta.types.exception.AppException; +import lombok.extern.slf4j.Slf4j; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Pointcut; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.servlet.http.HttpServletRequest; + +/** + * @Author: 严豪哲 + * @Description: 访问个人私有资源权限拦截器 + * @Date: 2024/11/27 21:40 + * @Version: 1.0 + */ + +@Slf4j +@Component +@Aspect +@Order(Integer.MIN_VALUE+1) +public class SelfPermissionVerificationAspect { + + private final String TOKENINFO = "tokenInfo"; + + /** + * 拦截入口 + */ + @Pointcut("@annotation(com.achobeta.types.constraint.SelfPermissionVerification)") + public void pointCut(){ + } + + /** + * 拦截处理 + * @param joinPoint joinPoint 信息 + * @return result + * @throws Throwable if any + */ + @Around("pointCut()") + public Object checkToken(ProceedingJoinPoint joinPoint) throws Throwable { + + //获取当前请求信息 + ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); + HttpServletRequest request = attributes.getRequest(); + + //获取token信息 + TokenVO tokenVO = (TokenVO) request.getAttribute(TOKENINFO); + + //正常不会进到这 因为登陆校验在本校验之前 + if(tokenVO == null || tokenVO.getUserId() == null){ + log.info("登陆校验未通过,tokenInfo为空,无法获取userId"); + throw new AppException(String.valueOf(GlobalServiceStatusCode.LOGIN_UNKNOWN_ERROR.getCode()), GlobalServiceStatusCode.LOGIN_UNKNOWN_ERROR.getMessage()); + } + + //这里如果再从redis里面获取token信息,token可能过期失效,所以这里不获取用登录校验处传来的 + String tokenUserId = String.valueOf(tokenVO.getUserId()); + + // 获取用户ID + Object arg = joinPoint.getArgs()[0]; + String targetUserId = (String) arg.getClass().getMethod("getUserId").invoke(arg); + + // 校验用户ID是否相同 + if (tokenUserId.equals(targetUserId)) { + log.info("当前用户访问的是个人私有资源,用户id相同,可以放行,userId:{}",tokenUserId); + return joinPoint.proceed(); + } else { + log.info("当前用户访问的是个人私有资源,用户id不相同,不可以放行,userId:{}",tokenUserId); + throw new AppException(String.valueOf(GlobalServiceStatusCode.USER_NO_PERMISSION.getCode()), GlobalServiceStatusCode.USER_NO_PERMISSION.getMessage()); + } + + } +} diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java index b513b0e7..efb21b19 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java @@ -4,6 +4,7 @@ import com.achobeta.domain.announce.model.valobj.UserAnnounceVO; import com.achobeta.domain.announce.service.IAnnounceService; import com.achobeta.types.Response; +import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -32,6 +33,7 @@ public class AnnounceController implements com.achobeta.api.IAnnounceService { * @return */ @GetMapping("/getUserAnnounce") + @LoginVerification @Override public Response getUserAnnounce(@Valid GetUserAnnounceRequestDTO getUserAnnounceRequestDTO) { try { @@ -55,6 +57,7 @@ public Response getUserAnnounce(@Valid GetUserAnnoun } @Override + @LoginVerification @PostMapping("/readUserAnnounce") public Response readAnnounce(@Valid @RequestBody ReadAnnounceRequestDTO readAnnounceRequestDTO) { try { @@ -76,6 +79,7 @@ public Response readAnnounce(@Valid @RequestBody ReadAnnounceRequestDTO readAnno } @Override + @LoginVerification @GetMapping("/getAnnounceCount") public Response getUserAnnounceCount(@Valid GetUserAnnounceCountRequestDTO getUserAnnounceCountRequestDTO) { try { @@ -94,6 +98,7 @@ public Response getUserAnnounceCount(@Valid Get } @Override + @LoginVerification @PostMapping("/readAllAnnounce") public Response readAllAnnounce(@Valid @RequestBody ReadAllAnnounceRequestDTO readAllAnnounceRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java index 2d001475..a4334c8b 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java @@ -3,6 +3,7 @@ import com.achobeta.api.dto.AuthRequestDTO; import com.achobeta.types.Response; import com.achobeta.types.annotation.AuthVerify; +import com.achobeta.types.constraint.LoginVerification; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.validation.annotation.Validated; @@ -32,6 +33,7 @@ public class AuthController { * @return */ @GetMapping("test") + @LoginVerification @AuthVerify("TEAM_DELETE") public Response test(@Valid AuthRequestDTO authRequestDTO) { log.info("进入鉴权测试接口,参数:{}", authRequestDTO); diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java index e116cbac..3b7f0bbd 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java @@ -5,6 +5,8 @@ import com.achobeta.domain.device.model.valobj.UserCommonDevicesVO; import com.achobeta.domain.device.service.IDeviceService; import com.achobeta.types.Response; +import com.achobeta.types.constraint.LoginVerification; +import com.achobeta.types.constraint.SelfPermissionVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -32,6 +34,8 @@ public class DeviceController implements com.achobeta.api.IDeviceService { * @return */ @GetMapping("/getDevices") + @LoginVerification + @SelfPermissionVerification @Override public Response getDevices(@Valid GetUserDeviceRequestDTO getUserDeviceRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java index 0abf6766..3947bc4b 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java @@ -3,6 +3,8 @@ import com.achobeta.api.dto.like.LikeRequestDTO; import com.achobeta.domain.like.service.ILikeService; import com.achobeta.types.Response; +import com.achobeta.types.constraint.LoginVerification; +import com.achobeta.types.constraint.SelfPermissionVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -26,23 +28,25 @@ public class LikeController implements com.achobeta.api.ILikeService { private final ILikeService service; @Override + @LoginVerification + @SelfPermissionVerification @PostMapping("/like") public Response like(@Valid @RequestBody LikeRequestDTO likeRequestDTO) { try { log.info("点赞系统开始,fromId:{} toId:{} liked:{}", - likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); - service.Like(likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + service.Like(likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); log.info("点赞系统结束,fromId:{} toId:{} liked:{}", - likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); return Response.SYSTEM_SUCCESS(); } catch (AppException e){ log.error("fromId:{} toId:{} liked:{} 已知异常e:{}", - likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e.getMessage(), e); + likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e.getMessage(), e); return Response.CUSTOMIZE_ERROR(GlobalServiceStatusCode.REQUEST_NOT_VALID); } catch (Exception e) { log.error("fromId:{} toId:{} liked:{}", - likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e); + likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e); return Response.SERVICE_ERROR(e.getMessage()); } } diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java index 56e47da0..9d1e5064 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java @@ -13,6 +13,7 @@ import javax.validation.constraints.Min; import com.achobeta.types.constraint.LoginVerification; +import com.achobeta.types.constraint.SelfPermissionVerification; import lombok.extern.slf4j.Slf4j; import org.springframework.http.ResponseEntity; import org.springframework.validation.annotation.Validated; @@ -43,6 +44,7 @@ public class ReadController implements IReadService { */ @PostMapping("render") @LoginVerification + @SelfPermissionVerification @Override public Response render(@Valid @RequestBody RenderRequestDTO renderRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java index e4ab081c..820bb843 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java @@ -11,6 +11,7 @@ import com.achobeta.types.Response; import com.achobeta.types.annotation.AuthVerify; import com.achobeta.types.common.Constants; +import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -47,6 +48,7 @@ public class TeamController implements ITeamService { */ @Override @DeleteMapping("member") + @LoginVerification @AuthVerify("MEMBER:MEMBER_DELETE") public Response deleteMember(@Valid DeleteMemberRequestDTO requestDTO) { try { @@ -83,6 +85,7 @@ public Response deleteMember(@Valid DeleteMemberRequest */ @Override @PostMapping("member") + @LoginVerification @AuthVerify("MEMBER:MEMBER_ADD") public Response addMember(@Valid @RequestBody AddMemberRequestDTO requestDTO) { try { @@ -133,6 +136,7 @@ public Response addMember(@Valid @RequestBody AddMemberReq */ @Override @PutMapping("member/detail") + @LoginVerification @AuthVerify("MEMBER:MEMBER_MODIFY") public Response modifyMemberInfo(@Valid @RequestBody ModifyMemberInfoRequestDTO requestDTO) { String teamId = requestDTO.getTeamId(); @@ -161,6 +165,7 @@ public Response modifyMemberInfo(@Valid @RequestBod * 查看团队成员信息详情接口 */ @GetMapping("/member/detail") + @LoginVerification @Override public Response queryMemberInfo(@Valid QueryMemberInfoRequestDTO requestDTO) { try { @@ -206,6 +211,7 @@ public Response queryMemberInfo(@Valid QueryMemberIn */ @PutMapping("structure") @Override + @LoginVerification @AuthVerify("STRUCTURE:STRUCTURE_MODIFY") public Response modifyStructure(@Valid @RequestBody ModifyStructureRequestDTO modifyStructureRequestDTO) { try { @@ -261,6 +267,7 @@ public Response modifyStructure(@Valid @RequestBody * @return */ @Override + @LoginVerification @GetMapping("/member/list") public Response queryMemberList(@Valid RequestMemberListDTO requestMemberListDTO) { try { @@ -298,6 +305,7 @@ public Response queryMemberList(@Valid RequestMemberListD */ @GetMapping("structure") @Override + @LoginVerification @AuthVerify("STRUCTURE:STRUCTURE_VIEW") public Response queryStructure(@Valid QueryStructureRequestDTO querystructureRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java index b4538527..6a85d04a 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java @@ -12,6 +12,7 @@ import com.achobeta.types.Response; import com.achobeta.types.common.Constants; +import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -44,6 +45,7 @@ public class UserController implements IUserService { * @date 2024/11/9 */ @PutMapping("info") + @LoginVerification @Override public Response modifyUserInfo(@Valid @RequestBody ModifyUserInfoRequestDTO modifyUserInfoRequestDTO) { try { @@ -85,6 +87,7 @@ public Response modifyUserInfo(@Valid @RequestBody Mo * @date 2024/11/6 */ @GetMapping("info") + @LoginVerification @Override public Response queryUserCenterInfo(@Valid QueryUserInfoRequestDTO queryUserInfoRequestDTO) { try { diff --git a/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java b/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java index 916d8146..994cd4d4 100644 --- a/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java +++ b/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java @@ -5,6 +5,12 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; +/** + * @Author: 严豪哲 + * @Description: 登录验证注解 + * @Date: 2024/11/18 10:27 + * @Version: 1.0 + */ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface LoginVerification { diff --git a/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java b/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java new file mode 100644 index 00000000..3944ff55 --- /dev/null +++ b/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java @@ -0,0 +1,17 @@ +package com.achobeta.types.constraint; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * @Author: 严豪哲 + * @Description: 访问个人私有资源权限注解 + * @Date: 2024/11/27 21:40 + * @Version: 1.0 + */ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +public @interface SelfPermissionVerification { +}