From b5a15a3f013d32bb80b7f12098af34d043bfde9a Mon Sep 17 00:00:00 2001 From: KilLze Date: Sun, 28 Dec 2025 02:04:25 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90jwt=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=E5=99=A8=E5=92=8C=E4=BB=8Etoken=E4=B8=AD=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E5=BD=93=E5=89=8D=E7=99=BB=E5=BD=95=E7=9A=84=E7=94=A8=E6=88=B7?= =?UTF-8?q?id=20=E7=9B=AE=E5=89=8D=E9=99=A4=E7=99=BB=E5=BD=95=E4=BB=A5?= =?UTF-8?q?=E5=A4=96=E7=9A=84=E6=89=80=E6=9C=89=E6=93=8D=E4=BD=9C=E9=83=BD?= =?UTF-8?q?=E4=BC=9A=E7=BB=8F=E8=BF=87=E6=8B=A6=E6=88=AA=E5=99=A8=EF=BC=8C?= =?UTF-8?q?=E5=8F=AF=E4=BB=A5=E5=9C=A8WebConfig=E4=B8=AD=E8=AE=BE=E7=BD=AE?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=E5=99=A8=E5=BF=BD=E7=95=A5=E7=9A=84=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=20=E8=8E=B7=E5=8F=96=E7=94=A8=E6=88=B7id=E4=B8=8D?= =?UTF-8?q?=E9=9C=80=E8=A6=81=E6=89=8B=E5=8A=A8=E8=BE=93=E5=85=A5=E4=BA=86?= =?UTF-8?q?=EF=BC=8C=E7=9B=B4=E6=8E=A5=E9=80=9A=E8=BF=87UserContext?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E5=BD=93=E5=89=8D=E7=99=BB=E5=BD=95=E7=9A=84?= =?UTF-8?q?=E7=94=A8=E6=88=B7id=20=E4=B8=BA=E5=8A=A8=E6=80=81=E5=88=A0?= =?UTF-8?q?=E9=99=A4=EF=BC=8C=E5=8A=A8=E6=80=81=E4=BF=AE=E6=94=B9=E7=AD=89?= =?UTF-8?q?=E6=88=91=E8=B4=9F=E8=B4=A3=E7=9A=84=E5=8A=9F=E8=83=BD=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E8=BA=AB=E4=BB=BD=E9=AA=8C=E8=AF=81=EF=BC=8C=E7=94=A8?= =?UTF-8?q?=E6=88=B7id=E4=B8=8D=E5=8C=B9=E9=85=8D=E5=88=99=E4=BC=9A?= =?UTF-8?q?=E8=B7=B3=E5=87=BA=E5=BC=82=E5=B8=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/bao/dating/config/WebConfig.java | 31 ++++++++ .../com/bao/dating/context/UserContext.java | 33 +++++++++ .../bao/dating/controller/PostController.java | 5 +- .../dating/interceptor/TokenInterceptor.java | 70 +++++++++++++++++++ .../com/bao/dating/service/PostService.java | 3 +- .../dating/service/impl/PostServiceImpl.java | 30 +++++++- .../dating/service/impl/UserServiceImpl.java | 6 +- 7 files changed, 165 insertions(+), 13 deletions(-) create mode 100644 src/main/java/com/bao/dating/config/WebConfig.java create mode 100644 src/main/java/com/bao/dating/context/UserContext.java create mode 100644 src/main/java/com/bao/dating/interceptor/TokenInterceptor.java diff --git a/src/main/java/com/bao/dating/config/WebConfig.java b/src/main/java/com/bao/dating/config/WebConfig.java new file mode 100644 index 0000000..a7ff5fd --- /dev/null +++ b/src/main/java/com/bao/dating/config/WebConfig.java @@ -0,0 +1,31 @@ +package com.bao.dating.config; + + +import com.bao.dating.interceptor.TokenInterceptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +@Configuration +public class WebConfig implements WebMvcConfigurer { + + @Autowired + private TokenInterceptor tokenInterceptor; + + /** + * 添加拦截器到Spring MVC配置中 + * @param registry 拦截器注册中心 + */ + @Override + public void addInterceptors(InterceptorRegistry registry) { + //注册自定义拦截器对象 + registry.addInterceptor(tokenInterceptor) + // 拦截所有请求 + .addPathPatterns("/**") + // 忽略的接口 + .excludePathPatterns( + "/user/login" + ); + } +} diff --git a/src/main/java/com/bao/dating/context/UserContext.java b/src/main/java/com/bao/dating/context/UserContext.java new file mode 100644 index 0000000..df2cfbd --- /dev/null +++ b/src/main/java/com/bao/dating/context/UserContext.java @@ -0,0 +1,33 @@ +package com.bao.dating.context; + +/** + * 用户上下文类 + * @author lenovo + */ +public class UserContext { + + private static final ThreadLocal userHolder = new ThreadLocal<>(); + + /** + * 设置当前线程的用户ID + * @param userId 用户ID + */ + public static void setUserId(Long userId) { + userHolder.set(userId); + } + + /** + * 获取当前线程的用户ID + * @return 当前用户ID,如果未设置则返回null + */ + public static Long getUserId() { + return userHolder.get(); + } + + /** + * 清除当前线程的用户ID + */ + public static void clear() { + userHolder.remove(); + } +} diff --git a/src/main/java/com/bao/dating/controller/PostController.java b/src/main/java/com/bao/dating/controller/PostController.java index b7c284f..2541283 100644 --- a/src/main/java/com/bao/dating/controller/PostController.java +++ b/src/main/java/com/bao/dating/controller/PostController.java @@ -34,13 +34,12 @@ public class PostController { /** * 发布动态接口 - JSON格式请求 * @param postDTO 动态信息 - * @param userId 用户ID * @return 发布的动态对象 */ @PostMapping(consumes = "application/json") - public Result createPostJson(@RequestBody PostRequestDTO postDTO, @RequestParam Long userId) { + public Result createPostJson(@RequestBody PostRequestDTO postDTO) { // 调用 Service 层处理发布动态业务逻辑 - Post result = postService.createPost(userId, postDTO); + Post result = postService.createPost(postDTO); return Result.success(ResultCode.SUCCESS_REVIEW, "动态发布成功,等待审核。", result); } diff --git a/src/main/java/com/bao/dating/interceptor/TokenInterceptor.java b/src/main/java/com/bao/dating/interceptor/TokenInterceptor.java new file mode 100644 index 0000000..ed0102f --- /dev/null +++ b/src/main/java/com/bao/dating/interceptor/TokenInterceptor.java @@ -0,0 +1,70 @@ +package com.bao.dating.interceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.bao.dating.context.UserContext; +import com.bao.dating.util.JwtUtil; +import io.jsonwebtoken.Claims; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; +import org.springframework.web.method.HandlerMethod; +import org.springframework.web.servlet.HandlerInterceptor; + +/** + * HttpToken拦截器类 + * 用于拦截请求并验证JWT token的有效性,同时从token中解析用户信息 + */ +@Slf4j +@Component +public class TokenInterceptor implements HandlerInterceptor { + /** + * 在请求处理之前进行拦截 + * 从请求头或URL参数中获取token,验证其有效性,并将用户ID保存到ThreadLocal中 + * @param request HTTP请求对象 + * @param response HTTP响应对象 + * @param handler 处理器 + * @return 验证通过返回true,否则返回false + * @throws Exception 异常 + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + + //判断当前拦截到的是Controller的方法还是其他资源 + if (!(handler instanceof HandlerMethod)) { + //当前拦截到的不是动态方法,直接放行 + return true; + } + // 从 header 获取 token + String token = request.getHeader("token"); + + try { + log.info("jwt校验:{}", token); + // 解析 token + String userId = JwtUtil.getSubjectFromToken(token); + log.info("用户:{}", userId); + // 保存 userId 到 ThreadLocal + UserContext.setUserId(Long.valueOf(userId)); + return true; + } catch (Exception e) { + log.error("Token 校验失败: {}", e.getMessage()); + response.setStatus(401); + return false; + } + } + + /** + * 在请求完成之后执行清理工作 + * 清除保存在ThreadLocal中的用户ID,防止内存泄漏 + * @param request HTTP请求对象 + * @param response HTTP响应对象 + * @param handler 处理器 + * @param ex 异常对象 + * @throws Exception 异常 + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { + UserContext.clear(); + } + +} \ No newline at end of file diff --git a/src/main/java/com/bao/dating/service/PostService.java b/src/main/java/com/bao/dating/service/PostService.java index 6600836..c29c887 100644 --- a/src/main/java/com/bao/dating/service/PostService.java +++ b/src/main/java/com/bao/dating/service/PostService.java @@ -17,11 +17,10 @@ public interface PostService { /** * 创建动态 - * @param userId 用户ID * @param postRequestDTO 动态数据传输对象 * @return 创建的动态对象 */ - Post createPost(Long userId, PostRequestDTO postRequestDTO); + Post createPost(PostRequestDTO postRequestDTO); /** * 批量删除动态 diff --git a/src/main/java/com/bao/dating/service/impl/PostServiceImpl.java b/src/main/java/com/bao/dating/service/impl/PostServiceImpl.java index 4381790..f83db47 100644 --- a/src/main/java/com/bao/dating/service/impl/PostServiceImpl.java +++ b/src/main/java/com/bao/dating/service/impl/PostServiceImpl.java @@ -2,6 +2,7 @@ package com.bao.dating.service.impl; import com.bao.dating.common.aliyun.GreenImageScan; import com.bao.dating.common.aliyun.GreenTextScan; +import com.bao.dating.context.UserContext; import com.bao.dating.mapper.PostMapper; import com.bao.dating.pojo.dto.PostRequestDTO; import com.bao.dating.pojo.entity.Post; @@ -85,15 +86,15 @@ public class PostServiceImpl implements PostService { /** * 创建动态 * - * @param userId 用户ID * @param postRequestDTO 动态数据传输对象 * @return 创建的动态对象 */ @Override - public Post createPost(Long userId, PostRequestDTO postRequestDTO) { + public Post createPost(PostRequestDTO postRequestDTO) { // 创建动态对象 Post post = new Post(); + Long userId = UserContext.getUserId(); post.setUserId(userId); post.setContent(postRequestDTO.getContent()); post.setTags(postRequestDTO.getTags()); @@ -165,6 +166,20 @@ public class PostServiceImpl implements PostService { @Override @Transactional(rollbackFor = Exception.class) public int deletePostById(List postIds) { + // 判断用户权限 + Long userId = UserContext.getUserId(); + + // 遍历所有要删除的帖子ID,验证权限 + for (Long postId : postIds) { + Post post = postMapper.selectById(postId); + if (post == null) { + throw new RuntimeException("动态不存在"); + } + // 验证用户权限 + if (post.getUserId() == null || !post.getUserId().equals(userId)) { + throw new RuntimeException("无权限删除此动态"); + } + } // 批量删除动态 return postMapper.deletePostByIds(postIds); } @@ -177,11 +192,15 @@ public class PostServiceImpl implements PostService { */ @Override public PostEditVO getPostForEdit(Long postId) { - Post post = postMapper.selectById(postId); if (post == null) { throw new RuntimeException("动态不存在"); } + // 判断用户权限 + Long userId = UserContext.getUserId(); + if (post.getUserId() == null || !post.getUserId().equals(userId)){ + throw new RuntimeException("无权限查看此动态"); + } PostEditVO postEditVO = new PostEditVO(); BeanUtils.copyProperties(post, postEditVO); return postEditVO; @@ -200,6 +219,11 @@ public class PostServiceImpl implements PostService { if (post == null) { throw new RuntimeException("动态不存在"); } + // 判断用户权限 + Long userId = UserContext.getUserId(); + if (post.getUserId() == null || !post.getUserId().equals(userId)){ + throw new RuntimeException("无权限修改此动态"); + } post.setContent(postRequestDTO.getContent()); if (postRequestDTO.getMediaOssKeys() != null && !postRequestDTO.getMediaOssKeys().isEmpty()) { post.setMediaOssKeys(postRequestDTO.getMediaOssKeys()); diff --git a/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java b/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java index 0d922df..59f77d6 100644 --- a/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java +++ b/src/main/java/com/bao/dating/service/impl/UserServiceImpl.java @@ -10,9 +10,6 @@ import com.bao.dating.util.MD5Util; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.HashMap; -import java.util.Map; - @Service public class UserServiceImpl implements UserService { @@ -30,13 +27,12 @@ public class UserServiceImpl implements UserService { if (user == null){ throw new RuntimeException("用户不存在"); } - // 密码加密 + // 密码校验 boolean match = MD5Util.verifyWithSalt( userLoginDTO.getPassword(), user.getSalt(), user.getPasswordHash() ); - // 密码校验 if (!match){ throw new RuntimeException("密码错误"); }