修改bug

Fixiaobai

2023-09-07 e29f147aab5b0b0b794d611b522b67b94423e3cf

 sys/src/main/java/com/yuanchu/limslaboratory/aop/AuthRequestAspect.java

@@ -1,30 +1,28 @@
package com.yuanchu.limslaboratory.aop;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.yuanchu.limslaboratory.annotation.RequestInfo;
import com.yuanchu.limslaboratory.annotation.AuthHandler;
import com.yuanchu.limslaboratory.exception.AuthException;
import com.yuanchu.limslaboratory.pojo.User;
import com.yuanchu.limslaboratory.service.RoleManagerService;
import com.yuanchu.limslaboratory.service.UserService;
import com.yuanchu.limslaboratory.utils.ServletUtils;
import com.yuanchu.limslaboratory.vo.Result;
import io.swagger.annotations.ApiOperation;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.Objects;

/**
 * @Author 张宾
@@ -35,35 +33,76 @@
@Aspect
public class AuthRequestAspect {

    @Pointcut("@annotation(com.yuanchu.limslaboratory.annotation.RequestInfo)")
    @Pointcut("@annotation(com.yuanchu.limslaboratory.annotation.AuthHandler)")
    public void pointCut() {
    }

    //private ThreadLocal<ConcurrentHashMap<String, Map>> threadLocal;
    private final static String ADMIN = "c3284d0f94606de1fd2af172aba15bf3";


    @Resource
    private UserService userService;


    @Resource
    private RoleManagerService roleService;

    @SneakyThrows
    @Before("pointCut()")
    public void before(JoinPoint joinPoint) {
        HttpServletRequest request = ServletUtils.getRequest();
        log.info("拦截=====》"+request.getServletPath());
        Class<?> clazz = joinPoint.getTarget().getClass();
        String clazzName = joinPoint.getTarget().getClass().getName();
        // 获取访问的方法名
        String methodName = joinPoint.getSignature().getName();
        // 获取方法所有参数及其类型
        Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes();
        // 获取访问的方法对象
        Method method = clazz.getDeclaredMethod(methodName, argClz);
        // 判断当前访问的方法是否存在指定注解
        if (method.isAnnotationPresent(RequestInfo.class)) {
            RequestInfo annotation = method.getAnnotation(RequestInfo.class);
            System.out.println(annotation.name());
            System.out.println(annotation.type());
        Map<String, Object> userInfo = userService.getUserInfo(request.getHeader("X-Token"));
        if (Objects.nonNull(userInfo)) {
            if (Objects.equals(userInfo.get("sessionLayerId"), ADMIN)) {
                log.info("超级管理员，无需拦截！");
                return;
            }
            Class<?> clazz = joinPoint.getTarget().getClass();
            String clazzName = joinPoint.getTarget().getClass().getName();
            // 获取访问的方法名
            String methodName = joinPoint.getSignature().getName();
            // 获取方法所有参数及其类型
            Class[] argClz = ((MethodSignature) joinPoint.getSignature()).getParameterTypes();
            // 获取访问的方法对象
            Method method = clazz.getDeclaredMethod(methodName, argClz);
            //获取类上请求地址
            RequestMapping annotation = clazz.getAnnotation(RequestMapping.class);
            StringBuilder builder = new StringBuilder();
            String apiInfo = null;
            builder.append(annotation.value()[0]);
            //获取方法上注解
            if (method.isAnnotationPresent(PostMapping.class)) {
                PostMapping post = method.getAnnotation(PostMapping.class);
                builder.append(post.value()[0]);
            }
            if (method.isAnnotationPresent(GetMapping.class)) {
                GetMapping get = method.getAnnotation(GetMapping.class);
                builder.append(get.value()[0]);
            }
            if (method.isAnnotationPresent(DeleteMapping.class)) {
                DeleteMapping delete = method.getAnnotation(DeleteMapping.class);
                builder.append(delete.value()[0]);
            }
            if (method.isAnnotationPresent(PutMapping.class)) {
                PutMapping put = method.getAnnotation(PutMapping.class);
                builder.append(put.value()[0]);
            }
            if (method.isAnnotationPresent(ApiOperation.class)) {
                ApiOperation api = method.getAnnotation(ApiOperation.class);
                apiInfo = api.value();
            }
            String roleId = String.valueOf(userInfo.get("roleId"));
            Map<String, Object> urlType = roleService.getUrlType(builder.toString());
            log.info("拦截请求----------------》" + builder);
            boolean b = roleService.hasUrl(String.valueOf(urlType.get("type")), String.valueOf(urlType.get("menuId")), roleId);
            if (!b) {
                log.warn("用户/id：" + userInfo.get("name") + "/" + userInfo.get("id") + "---------权限不足，已拦截！");
                throw new AuthException("400","无权限");
            }
        } else {
            throw new AuthException("401", "登陆过期!");
        }
        //throw new AuthException("400","无权限");
    }




}