公司需求增加License功能,在网关层面统一校验放行
@Slf4j
@Component
@RequiredArgsConstructor
public class PreLicenseRequestFilter implements GlobalFilter, Ordered {
// 是否开启授权
private final Boolean Liscence = true;
private static final String[] IGNORE_PRAMS = new String[]{"lmcSysLicense"};
private final String LicenseKey = "LicenseKey";
@Autowired
private RedisService redisService;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
if (!StrUtil.containsAnyIgnoreCase(request.getURI().getPath(), IGNORE_PRAMS)) {
ServerHttpResponse response = exchange.getResponse();
if (!Liscence) {
return chain.filter(exchange);
}
// 判断是否有LicenseKey
Boolean b = redisService.hasKey(LicenseKey);
if (!b) {
return ResponseUtil.webFluxResponseWriter(response, CommonConstant.JSON_UTF8, HttpStatus.UNAUTHORIZED, "未授权不能操作,请联系客服!");
}
String json = redisService.get(LicenseKey).toString();
LmcLicenseVo lmcLicenseVo = JSONObject.parseObject(json, LmcLicenseVo.class);
try {
String license = getLicense(lmcLicenseVo.getLicenseStr(), lmcLicenseVo.getPrivateKey());
log.info("license----" , license);
// 判断授权是否到时间
LmcSysLicenseVo lmcSysLicenseVo = JSONObject.parseObject(license, LmcSysLicenseVo.class);
if (Objects.isNull(lmcSysLicenseVo)) {
return ResponseUtil.webFluxResponseWriter(response, CommonConstant.JSON_UTF8, HttpStatus.UNAUTHORIZED, "未授权不能操作,请联系客服!");
}
if (lmcSysLicenseVo.getEndTime().isBefore(LocalDate.now())) {
return ResponseUtil.webFluxResponseWriter(response, CommonConstant.JSON_UTF8, HttpStatus.UNAUTHORIZED, "授权已到期不能操作,请联系客服!");
}
} catch (Exception e) {
log.error("解析授权信息异常:"+e.getMessage());
return ResponseUtil.webFluxResponseWriter(response, CommonConstant.JSON_UTF8, HttpStatus.UNAUTHORIZED, "授权查询异常,请联系客服!");
}
}
return chain.filter(exchange);
}
@Override
public int getOrder() {
return Ordered.HIGHEST_PRECEDENCE;
}
// 解密工具
public static String getLicense(String licenseStr , String privateKey) {
RSA rsa = new RSA(privateKey, null);
byte[] decrypt = rsa.decrypt(HexUtil.decodeHex(licenseStr), KeyType.PrivateKey);
//非对称解密
String s = HexUtil.encodeHexStr(decrypt);
// 对称解密
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, CommonConstant.PASSWORD_SECURITY_KEY.getBytes());
return aes.decryptStr(s, CharsetUtil.CHARSET_UTF_8);
}
}