SpringGateway 过滤器中鉴权及添加参数

SpringGateway中对请求头中的Token进行验证,并获取到相应的账号信息,通过添加参数的方式传递到后续的服务中

package cn.lixuelong.gateway.config;

import java.net.URI;
import java.nio.charset.StandardCharsets;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.support.ServerWebExchangeUtils;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriComponentsBuilder;

import com.alibaba.fastjson2.JSONObject;

import cn.lixuelong.gateway.util.JwtUtils;
import reactor.core.publisher.Mono;

/**
 * xToken验证,并将xToken转化为对应的用户ID添加到请求参数中,便于后续的服务直接获取到当前用户
 */
@Component
public class LoginStatusConvertFilter implements GlobalFilter, Ordered{

    Logger logger = LoggerFactory.getLogger(LoginStatusConvertFilter.class);

    private final String TOKEN_NAME = "xToken";

    String[] passUrls = {"/login"};

    @Override
    public int getOrder() {
        //必须是高优先级,否则添加的参数无法传递到后续服务
        return Ordered.HIGHEST_PRECEDENCE;
    }

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        String path = exchange.getRequest().getURI().getPath();
        for (String pass : passUrls) {
            if(pass.startsWith(path)){
                return chain.filter(exchange);
            }
        }

        String jwtToken = exchange.getRequest().getHeaders().getFirst(TOKEN_NAME);
        if(!StringUtils.hasLength(jwtToken)){
            ServerHttpResponse response = exchange.getResponse();
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            JSONObject error = new JSONObject();
            error.put("error", "未登录");
            DataBuffer buffer = response.bufferFactory().wrap(error.toString().getBytes(StandardCharsets.UTF_8));
            return response.writeWith(Mono.just(buffer));
        }
        // jwt验证,并取到用户ID
        String userId = JwtUtils.verifyToken(jwtToken);
        
        // 实现方式参考于AddRequestParameterGatewayFilterFactory
        URI uri = exchange.getRequest().getURI();
        StringBuilder query = new StringBuilder();
        String originalQuery = uri.getRawQuery();

        // 添加参数
        if (StringUtils.hasText(originalQuery)) {
            query.append(originalQuery);
            if (originalQuery.charAt(originalQuery.length() - 1) != '&') {
                query.append('&');
            }
        }
        String value = ServerWebExchangeUtils.expand(exchange, userId);
        query.append("baseAccount");
        query.append('=');
        query.append(value);
        try {
            // 构建一个新的request
            URI newUri = UriComponentsBuilder.fromUri(uri).replaceQuery(query.toString()).build(true).toUri();
            ServerHttpRequest request = exchange.getRequest().mutate().uri(newUri).build();
            return chain.filter(exchange.mutate().request(request).build());
        }
        catch (RuntimeException ex) {
            throw new IllegalStateException("Invalid URI query: \"" + query.toString() + "\"");
        }
        
    }
    
}
posted @ 2023-06-30 13:48  lixuelong  阅读(313)  评论(0编辑  收藏  举报