package com.farriver.bwf.web.initializer.interceptor; import com.alibaba.fastjson2.JSON; import com.farriver.bwf.common.model.ApiData; import com.farriver.bwf.data.transferobject.viewmodel.security.AccountMasterViewModel; import com.farriver.bwf.service.security.SecurityService; import com.farriver.bwf.web.initializer.config.JwtConfig; import com.fasterxml.jackson.databind.ObjectMapper; import io.jsonwebtoken.Claims; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.jetbrains.annotations.NotNull; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.HandlerInterceptor; import java.io.IOException; import java.io.PrintWriter; @Component public class TokenInterceptor implements HandlerInterceptor { private static final Logger logger = LoggerFactory.getLogger(TokenInterceptor.class); @Resource private JwtConfig jwtConfig; @Resource SecurityService securityService; public boolean preHandle(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull Object handler) throws Exception { logger.debug("TokenInterceptor.preHandle is executed."); try { String uri = request.getRequestURI(); if (!uri.contains("/api")) { logger.debug("Ignored access."); return true; } if (!jwtConfig.getTokenSwitch()) { return true; } if (jwtConfig.isIgnoredUri(uri)) { return true; } String token = request.getHeader(jwtConfig.getHeader()); if (token == null || token.isEmpty()) { token = request.getParameter(jwtConfig.getHeader()); } if (token == null || token.isEmpty()) { EndBadRequest(401, response, ApiData.unauthorized("Access is denied!")); return false; } Claims claims = jwtConfig.getTokenClaim(token); if (claims == null || jwtConfig.isTokenExpired(claims.getExpiration())) { EndBadRequest(401, response, ApiData.unauthorized("Session out, please re-login!")); return false; } String userId = claims.getSubject(); request.setAttribute("identityId", userId); AccountMasterViewModel account = null; ApiData apiData = securityService.GetAccountWithRolesAndPermissions(userId); if (apiData.getData() != null) { account = JSON.parseObject(JSON.toJSONString(apiData.getData()), AccountMasterViewModel.class); } if (account == null) { EndBadRequest(500, response, ApiData.unauthorized("Invalid user, please get access permission firstly!")); return false; } ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); requestAttributes.getRequest().getSession().setAttribute("account", account); return true; } catch (Exception exception) { EndBadRequest(500, response, ApiData.unauthorized("System Error!")); return false; } } private void EndBadRequest(int statusCode, HttpServletResponse response, ApiData respBean) throws IOException { response.setStatus(statusCode); response.setContentType("application/json;charset=utf-8"); response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT,PATCH"); response.setHeader("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, Accept, X-Requested-With, Access-Control"); response.setHeader("Allow", "POST, GET"); response.setHeader("Access-Control-Allow-Credentials", "true"); PrintWriter out = response.getWriter(); out.write(new ObjectMapper().writeValueAsString(respBean)); out.flush(); out.close(); } }