microservice / rider-service · Files

AuthInterceptor.java 3.3 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 
package com.diligrp.rider.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.diligrp.rider.common.exception.BizException;
import com.diligrp.rider.common.result.Result;
import com.diligrp.rider.entity.Substation;
import com.diligrp.rider.mapper.SubstationMapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;

@Component
@RequiredArgsConstructor
public class AuthInterceptor implements HandlerInterceptor {

    private final JwtUtil jwtUtil;
    private final ObjectMapper objectMapper;
    private final SubstationMapper substationMapper;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String token = request.getHeader("Authorization");
        if (!StringUtils.hasText(token)) {
            token = request.getParameter("token");
        }
        if (!StringUtils.hasText(token)) {
            writeError(response, 700, "请先登录");
            return false;
        }
        if (token.startsWith("Bearer ")) {
            token = token.substring(7);
        }

        String path = request.getRequestURI();

        try {
            io.jsonwebtoken.Claims claims = jwtUtil.getAdminClaims(token);

            if (claims.get("adminId") != null) {
                // 管理员 token
                Long adminId = ((Number) claims.get("adminId")).longValue();
                String role = (String) claims.get("role");

                // /api/platform/** 仅超级管理员可访问
                if (path.startsWith("/api/platform/") && !"admin".equals(role)) {
                    writeError(response, 403, "权限不足,需要超级管理员权限");
                    return false;
                }

                request.setAttribute("adminId", adminId);
                request.setAttribute("role", role);

                // 分站管理员:注入 cityId 供 Service 层做城市隔离
                if ("substation".equals(role)) {
                    Substation sub = substationMapper.selectById(adminId);
                    if (sub != null) {
                        request.setAttribute("cityId", sub.getCityId());
                    }
                }

            } else if (claims.get("riderId") != null) {
                // 骑手 token
                request.setAttribute("riderId", ((Number) claims.get("riderId")).longValue());
                if (claims.get("cityId") != null) {
                    request.setAttribute("cityId", ((Number) claims.get("cityId")).longValue());
                }
            } else {
                writeError(response, 700, "登录状态失效,请重新登录");
                return false;
            }
        } catch (BizException e) {
            writeError(response, e.getCode(), e.getMessage());
            return false;
        }
        return true;
    }

    private void writeError(HttpServletResponse response, int code, String msg) throws Exception {
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(objectMapper.writeValueAsString(Result.error(code, msg)));
    }
}