package com.bigbug.bus.card.api.config;
import com.bigbug.bus.card.api.component.AuthTokenCacheVerify;
import com.bigbug.bus.card.api.model.Permission;
import com.bigbug.bus.card.api.model.SysUser;
import com.bigbug.bus.card.api.service.SysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@Component()
public class AuthFilter {
private AuthTokenCacheVerify authTokenCacheVerify;
private SysUserService sysUserService;
private SysUser sysUser; // 当前用户
private List sysUserPermissions = new ArrayList<>(); //当前用户的所有权限
public Map
@Autowired
public AuthFilter(AuthTokenCacheVerify authTokenCacheVerify, SysUserService sysUserService) {
this.authTokenCacheVerify = authTokenCacheVerify;
this.sysUserService = sysUserService;
init();
}
private List getPattern(String… pattern) {
List patterns = new ArrayList<>();
for (String s : pattern) {
patterns.add(Pattern.compile(s));
}
return patterns;
}
private boolean isInclude(String url, List patterns) {
if (patterns != null) {
for (Pattern pattern : patterns) {
Matcher matcher = pattern.matcher(url);
if (matcher.matches()) {
return true;
}
}
}
return false;
}
private void getSysUserPermission(String token) {
String loginSysUserId = authTokenCacheVerify.getSysUserId(token);
Optional sysUserOptional = sysUserService.findById(loginSysUserId);
sysUser = sysUserOptional.get();
Set permissions = sysUser.getRole().getPermissions();
if (permissions != null || permissions.size() > 0) {
for (Permission permission : permissions) {
sysUserPermissions.add(permission.getId());
}
}
}
public void init(){
map.put(getPattern(".custumer/."), PermissionEnum.YHGL.getId());
map.put(getPattern(".device/."), PermissionEnum.SBGL.getId());
map.put(getPattern(".withdrawal/approval/."), PermissionEnum.TXSP.getId());
map.put(getPattern(".*custumer/detail",".*order/cardReader"), PermissionEnum.ZHGL.getId());
map.put(getPattern(".order/."), PermissionEnum.ZHXQ.getId());
map.put(getPattern(".log/."), PermissionEnum.RZSP.getId());
map.put(getPattern(".sys-user/."), PermissionEnum.YGGL.getId());
map.put(getPattern(".role/."), PermissionEnum.QXGL.getId());
map.put(getPattern(".setting/."), PermissionEnum.XTSZ.getId());
map.put(getPattern(".statistics/."),PermissionEnum.SY.getId());
map.put(getPattern(".statistics/."),PermissionEnum.TJ.getId());
map.put(getPattern(".*sys-user/updatePassword"),PermissionEnum.MMXG.getId());
map.put(getPattern(".statistics/."),PermissionEnum.YSTJ.getId());
map.put(getPattern(".statistics/."),PermissionEnum.SZTJ.getId());
}
public boolean verfyAuth(HttpServletRequest request){
System.out.println(“开始验证权限”);
String requestURI = request.getRequestURI();
if (requestURI.startsWith("/") && requestURI.length() > 1) {
requestURI = requestURI.substring(1);
}
String token = request.getHeader(“token”);
// 或取当前用户的权限
getSysUserPermission(token);
Set lists = map.keySet();
// 当前请求所对象的权限
for (List list : lists) {
if (isInclude(requestURI, list)) {
String per = map.get(list);
// 当前用户有权限:放行;否则提示无权限
if (sysUserPermissions.contains(per)) {
System.out.println(“权限验证通过–请求继续”);
return true;
} else {
System.out.println(“权限验证—不具有对应权限”);
return false;
}
}
}
System.out.println(“权限验证—不具有对应权限”);
return false;
}
}
}
