|
@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
|
|
|
import com.google.common.util.concurrent.ThreadFactoryBuilder;
|
|
import com.google.common.util.concurrent.ThreadFactoryBuilder;
|
|
|
import com.tzld.piaoquan.api.annotation.JwtIgnore;
|
|
import com.tzld.piaoquan.api.annotation.JwtIgnore;
|
|
|
import com.tzld.piaoquan.api.common.enums.ExceptionEnum;
|
|
import com.tzld.piaoquan.api.common.enums.ExceptionEnum;
|
|
|
|
|
+import com.tzld.piaoquan.api.common.enums.contentplatform.ContentPlatformAccountTypeEnum;
|
|
|
import com.tzld.piaoquan.api.common.exception.CommonException;
|
|
import com.tzld.piaoquan.api.common.exception.CommonException;
|
|
|
import com.tzld.piaoquan.api.model.config.LoginUserContext;
|
|
import com.tzld.piaoquan.api.model.config.LoginUserContext;
|
|
|
import com.tzld.piaoquan.api.model.po.contentplatform.ContentPlatformAccount;
|
|
import com.tzld.piaoquan.api.model.po.contentplatform.ContentPlatformAccount;
|
|
@@ -40,6 +41,11 @@ public class JwtInterceptor implements HandlerInterceptor {
|
|
|
private Set<String> excludePaths;
|
|
private Set<String> excludePaths;
|
|
|
private Set<String> excludeUris;
|
|
private Set<String> excludeUris;
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * 内部管理平台调用时携带的鉴权 Key,用于绕过 JWT 校验
|
|
|
|
|
+ */
|
|
|
|
|
+ private String internalKey;
|
|
|
|
|
+
|
|
|
@Autowired
|
|
@Autowired
|
|
|
private RedisUtils redisUtils;
|
|
private RedisUtils redisUtils;
|
|
|
|
|
|
|
@@ -77,6 +83,13 @@ public class JwtInterceptor implements HandlerInterceptor {
|
|
|
//放行excludePaths包含的目录路径和excludeUris包含的URI
|
|
//放行excludePaths包含的目录路径和excludeUris包含的URI
|
|
|
return true;
|
|
return true;
|
|
|
}
|
|
}
|
|
|
|
|
+ // 管理平台内部调用:通过 X-Internal-Key 鉴权,绕过 JWT 校验
|
|
|
|
|
+ if (StringUtils.isNotBlank(internalKey) && uri.startsWith("/contentPlatform/account/")) {
|
|
|
|
|
+ String requestInternalKey = request.getHeader("X-Internal-Key");
|
|
|
|
|
+ if (internalKey.equals(requestInternalKey)) {
|
|
|
|
|
+ return Boolean.TRUE;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
final String authHeader = request.getHeader("token");
|
|
final String authHeader = request.getHeader("token");
|
|
|
if (StringUtils.isBlank(authHeader)) {
|
|
if (StringUtils.isBlank(authHeader)) {
|
|
|
throw new CommonException(ExceptionEnum.Not_LOGIN);
|
|
throw new CommonException(ExceptionEnum.Not_LOGIN);
|
|
@@ -84,6 +97,14 @@ public class JwtInterceptor implements HandlerInterceptor {
|
|
|
|
|
|
|
|
validToken(authHeader);
|
|
validToken(authHeader);
|
|
|
|
|
|
|
|
|
|
+ // account 管理接口仅允许内部账号访问
|
|
|
|
|
+ if (uri.startsWith("/contentPlatform/account/")) {
|
|
|
|
|
+ ContentPlatformAccount loginUser = LoginUserContext.getUser();
|
|
|
|
|
+ if (loginUser == null || loginUser.getType() != ContentPlatformAccountTypeEnum.INTERNAL.getVal()) {
|
|
|
|
|
+ throw new CommonException(ExceptionEnum.Not_LOGIN);
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
return Boolean.TRUE;
|
|
return Boolean.TRUE;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -140,6 +161,14 @@ public class JwtInterceptor implements HandlerInterceptor {
|
|
|
this.excludeUris = excludeUris;
|
|
this.excludeUris = excludeUris;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ public String getInternalKey() {
|
|
|
|
|
+ return internalKey;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ public void setInternalKey(String internalKey) {
|
|
|
|
|
+ this.internalKey = internalKey;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
private void renewalToken(String token) {
|
|
private void renewalToken(String token) {
|
|
|
executor.execute(() -> {
|
|
executor.execute(() -> {
|
|
|
try {
|
|
try {
|