From 0fc768b6e31f65a52c779f39b0051c67f5859f2c Mon Sep 17 00:00:00 2001 From: wangshuai <670727821@qq.com> Date: Tue, 11 May 2021 17:40:05 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9E=84=E9=80=A0=E6=96=B9?= =?UTF-8?q?=E6=B3=95=E4=BB=A5=E5=8F=8A=E9=93=BE=E5=BC=8F=E6=9E=84=E9=80=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/CustomAuthorizationInterceptor.java | 131 ++++++++++++++++++ .../magicapi/model/RequestEntity.java | 126 +++++++++++++++-- 2 files changed, 242 insertions(+), 15 deletions(-) create mode 100644 src/main/java/org/ssssssss/magicapi/auth/CustomAuthorizationInterceptor.java diff --git a/src/main/java/org/ssssssss/magicapi/auth/CustomAuthorizationInterceptor.java b/src/main/java/org/ssssssss/magicapi/auth/CustomAuthorizationInterceptor.java new file mode 100644 index 00000000..be0c9dae --- /dev/null +++ b/src/main/java/org/ssssssss/magicapi/auth/CustomAuthorizationInterceptor.java @@ -0,0 +1,131 @@ +package org.ssssssss.magicapi.auth; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; +import org.ssssssss.magicapi.exception.MagicLoginException; +import org.ssssssss.magicapi.interceptor.Authorization; +import org.ssssssss.magicapi.interceptor.AuthorizationInterceptor; +import org.ssssssss.magicapi.interceptor.MagicUser; + +import javax.servlet.http.HttpServletRequest; +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +/** + * 自定义多用户名密码登录,以及权限控制 + * #magic-api.ext.auth.enable=true + * #magic-api.ext.auth.users.zhangsan=123456 + * #magic-api.ext.auth.denyOptions.zhangsan=DELETE + * #magic-api.ext.auth.users.wangwu=123456 + * #magic-api.ext.auth.denyOptions.wangwu=DELETE + * @author 冰点 + * @date 2021-5-11 17:17:52 + */ + +@Configuration +@ConditionalOnProperty(prefix = "magic-api.ext.auth", name = "enable", havingValue = "true", matchIfMissing = false) +@ConfigurationProperties(prefix = "magic-api.ext.auth") +public class CustomAuthorizationInterceptor implements AuthorizationInterceptor { + private static final Logger log = LoggerFactory.getLogger(CustomAuthorizationInterceptor.class); + /** + * 加密因子 + */ + @Value("${magic-api.ext.auth.encryIndex:1}") + private int encryIndex; + /** + * 用户信息 + */ + private Map users; + /** + * 用户权限 + */ + private Map denyOptions; + + + public CustomAuthorizationInterceptor() { + log.info("已启用多用户登录扩展,如需关闭请magic-api.ext.auth.enable=false"); + } + + /** + * 配置是否需要登录 + */ + @Override + public boolean requireLogin() { + return true; + } + + /** + * 根据Token获取User + */ + @Override + public MagicUser getUserByToken(String token) throws MagicLoginException { + String[] userInfo = getUserInfoByToken(token); + MagicUser magicUser = new MagicUser(userInfo[0], userInfo[0], getToken(userInfo[0], userInfo[1])); + if (users.containsKey(magicUser.getUsername()) && users.get(magicUser.getUsername()).equals(userInfo[1])) { + return magicUser; + } + throw new MagicLoginException("token无效"); + } + + @Override + public MagicUser login(String username, String password) throws MagicLoginException { + // 根据实际情况进行修改。。 + if (users.containsKey(username) && users.get(username).equals(password)) { + return new MagicUser(username, username, getToken(username, password)); + } + throw new MagicLoginException("用户名或密码不正确"); + } + + /** + * 验证是否有权限访问功能 + */ + @Override + public boolean allowVisit(MagicUser magicUser, HttpServletRequest request, Authorization authorization) { + String[] denyOption = denyOptions.get(magicUser.getUsername()).split(","); + List list = Arrays.asList(denyOption); + return !list.contains(authorization.name()); + } + + public String getToken(String username, String password) throws MagicLoginException { + String token = null; + try { + byte[] b = (username + ";" + password).getBytes("utf-8"); + for (int i = 0; i < b.length; i++) { + b[i] += encryIndex; + } + token = new String(b); + log.debug("本次登录token:[{}]", token); + } catch (UnsupportedEncodingException e) { + log.info("生成token失败,可能字符集不合法。[{}={}]",username,password); + throw new MagicLoginException("用户名或密码配置不合法"); + } + return token; + } + + public String[] getUserInfoByToken(String token) throws MagicLoginException { + try { + byte[] b = token.getBytes(); + for (int i = 0; i < b.length; i++) { + b[i] -= encryIndex; + } + return new String(b).split(";"); + } catch (Exception e) { + log.error("根据token:[{}]获取用户信息失败", token, e); + throw new MagicLoginException("用户名或密码不正确"); + } + } + + public void setUsers(Map users) { + this.users = users; + } + + public void setDenyOptions(Map denyOptions) { + this.denyOptions = denyOptions; + } +} \ No newline at end of file diff --git a/src/main/java/org/ssssssss/magicapi/model/RequestEntity.java b/src/main/java/org/ssssssss/magicapi/model/RequestEntity.java index 93b15178..de18a07a 100644 --- a/src/main/java/org/ssssssss/magicapi/model/RequestEntity.java +++ b/src/main/java/org/ssssssss/magicapi/model/RequestEntity.java @@ -6,31 +6,24 @@ import org.ssssssss.script.MagicScriptContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Map; - public class RequestEntity { - private final ApiInfo apiInfo; + private ApiInfo apiInfo; - private final HttpServletRequest request; + private HttpServletRequest request; - private final HttpServletResponse response; + private HttpServletResponse response; - private final boolean requestedFromTest; + private boolean requestedFromTest; - private final Map parameters; + private Map parameters; - private final Map pathVariables; - private final Long requestTime = System.currentTimeMillis(); + private Map pathVariables; + private Long requestTime = System.currentTimeMillis(); private MagicScriptContext magicScriptContext; private Map headers; - private RequestEntity() { - this.request = null; - this.response = null; - this.requestedFromTest = false; - this.parameters = null; - this.pathVariables = null; - this.apiInfo = null; + } public RequestEntity(HttpServletRequest request, HttpServletResponse response, boolean requestedFromTest, Map parameters, Map pathVariables) { @@ -43,10 +36,35 @@ public class RequestEntity { this.apiInfo = info != null ? info.copy() : null; } + public RequestEntity(ApiInfo apiInfo, HttpServletRequest request, HttpServletResponse response, boolean requestedFromTest, Map parameters, Map pathVariables) { + this.apiInfo = apiInfo; + this.request = request; + this.response = response; + this.requestedFromTest = requestedFromTest; + this.parameters = parameters; + this.pathVariables = pathVariables; + } + + public RequestEntity(HttpServletRequest request, HttpServletResponse response, boolean requestedFromTest, Map parameters, Map pathVariables, MagicScriptContext magicScriptContext, Map headers) { + ApiInfo info = MappingHandlerMapping.getMappingApiInfo(request); + this.apiInfo = info != null ? info.copy() : null; + this.request = request; + this.response = response; + this.requestedFromTest = requestedFromTest; + this.parameters = parameters; + this.pathVariables = pathVariables; + this.magicScriptContext = magicScriptContext; + this.headers = headers; + } + public static RequestEntity empty() { return new RequestEntity(); } + public static RequestEntityBuilder builder() { + return new RequestEntityBuilder(); + } + public ApiInfo getApiInfo() { return apiInfo; } @@ -90,4 +108,82 @@ public class RequestEntity { public void setHeaders(Map headers) { this.headers = headers; } + + public void setApiInfo(ApiInfo apiInfo) { + this.apiInfo = apiInfo; + } + + public void setRequest(HttpServletRequest request) { + this.request = request; + } + + public void setResponse(HttpServletResponse response) { + this.response = response; + } + + public void setRequestedFromTest(boolean requestedFromTest) { + this.requestedFromTest = requestedFromTest; + } + + public void setParameters(Map parameters) { + this.parameters = parameters; + } + + public void setPathVariables(Map pathVariables) { + this.pathVariables = pathVariables; + } + + + public static class RequestEntityBuilder { + private HttpServletRequest request; + private HttpServletResponse response; + private boolean requestedFromTest; + private Map parameters; + private Map pathVariables; + private MagicScriptContext magicScriptContext; + private Map headers; + + RequestEntityBuilder() { + } + + public RequestEntityBuilder request(HttpServletRequest request) { + this.request = request; + return this; + } + + public RequestEntityBuilder response(HttpServletResponse response) { + this.response = response; + return this; + } + + public RequestEntityBuilder requestedFromTest(boolean requestedFromTest) { + this.requestedFromTest = requestedFromTest; + return this; + } + + public RequestEntityBuilder parameters(Map parameters) { + this.parameters = parameters; + return this; + } + + public RequestEntityBuilder pathVariables(Map pathVariables) { + this.pathVariables = pathVariables; + return this; + } + + public RequestEntityBuilder magicScriptContext(MagicScriptContext magicScriptContext) { + this.magicScriptContext = magicScriptContext; + return this; + } + + public RequestEntityBuilder headers(Map headers) { + this.headers = headers; + return this; + } + + public RequestEntity build() { + return new RequestEntity(request,response,requestedFromTest,parameters,pathVariables,magicScriptContext,headers); + } + + } }