bugfix:网关鉴权BUG修复

.idea/compiler.xml

@@ -2,6 +2,7 @@
 <project version="4">
   <component name="CompilerConfiguration">
     <annotationProcessing>
+      <profile default="true" name="Default" enabled="true" />
       <profile name="Maven default annotation processors profile" enabled="true">
         <sourceOutputDir name="target/generated-sources/annotations" />
         <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />

sl-express-gateway/src/main/java/com/sl/gateway/filter/CourierTokenGatewayFilterFactory.java

@@ -3,6 +3,7 @@ package com.sl.gateway.filter;
 import com.itheima.auth.sdk.dto.AuthUserInfoDTO;
 import com.itheima.auth.sdk.service.TokenCheckService;
 import com.sl.gateway.config.MyConfig;
+import com.sl.transport.common.util.JwtUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;

sl-express-gateway/src/main/java/com/sl/gateway/filter/CustomerTokenGatewayFilterFactory.java

@@ -4,12 +4,14 @@ import com.itheima.auth.sdk.dto.AuthUserInfoDTO;
 import com.sl.gateway.config.MyConfig;
 import com.sl.gateway.properties.JwtProperties;
 import com.sl.transport.common.constant.Constants;
+import com.sl.transport.common.util.JwtUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
+import java.util.Map;
 
 /**
  * 用户端token拦截处理
@@ -32,8 +34,22 @@ public class CustomerTokenGatewayFilterFactory extends AbstractGatewayFilterFact
     @Override
     public AuthUserInfoDTO check(String token) {
         // 普通用户的token没有对接权限系统，需要自定实现
+        try {
+//        基于JwtUtils解析token获取Claims内容
+            Map<String, Object> claims = JwtUtils.checkToken(jwtProperties.getPublicKey(), token);
+
+//        在解析的内容中获取用户ID
+            Long userId = (Long) claims.get("userId");
+
+//        封装AuthUserInfoDTO对象返回
+            AuthUserInfoDTO authUserInfoDTO = new AuthUserInfoDTO();
+            authUserInfoDTO.setUserId(userId);
+            return authUserInfoDTO;
+        } catch (Exception e) {
+            log.error(">>>>>>>>>>>>>>>>>> 解析用户登录token失败 >>>>>>>>>>>>>>>>");
             return null;
         }
+    }
 
     @Override
     public Boolean auth(String token, AuthUserInfoDTO authUserInfoDTO, String path) {

sl-express-gateway/src/main/java/com/sl/gateway/filter/ManagerTokenGatewayFilterFactory.java

@@ -1,13 +1,20 @@
 package com.sl.gateway.filter;
 
+import cn.hutool.core.collection.CollUtil;
+import com.itheima.auth.factory.AuthTemplateFactory;
+import com.itheima.auth.sdk.AuthTemplate;
+import com.itheima.auth.sdk.common.Result;
 import com.itheima.auth.sdk.dto.AuthUserInfoDTO;
 import com.itheima.auth.sdk.service.TokenCheckService;
 import com.sl.gateway.config.MyConfig;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
+import java.util.Collection;
+import java.util.List;
 
 /**
  * 后台管理员token拦截处理
@@ -17,9 +24,13 @@ public class ManagerTokenGatewayFilterFactory extends AbstractGatewayFilterFacto
 
     @Resource
     private MyConfig myConfig;
+
     @Resource
     private TokenCheckService tokenCheckService;
 
+    @Value("${role.manager}")
+    private List<Long> managerRoleIds;
+
     @Override
     public GatewayFilter apply(Object config) {
         //由于实现了AuthFilter接口，所以可以传递this对象到TokenGatewayFilter中
@@ -34,6 +45,18 @@ public class ManagerTokenGatewayFilterFactory extends AbstractGatewayFilterFacto
 
     @Override
     public Boolean auth(String token, AuthUserInfoDTO authUserInfoDTO, String path) {
-        return true;
+//        获取AuthTemplate对象
+        AuthTemplate authTemplate = AuthTemplateFactory.get(token);
+
+//        查询登录用户对应的角色id
+        Result<List<Long>> roleByUserId = authTemplate.opsForRole().findRoleByUserId(authUserInfoDTO.getUserId());
+        List<Long> roleIds = roleByUserId.getData();
+
+//        和配置的访问角色 取交集
+        Collection<Long> intersection = CollUtil.intersection(roleIds, managerRoleIds);
+
+//        判断是否有交集即可判断出是否有权限
+        return CollUtil.isNotEmpty(intersection);
     }
+
 }

sl-express-gateway/src/test/java/com/sl/gateway/auth/AuthTemplateTest.java

@@ -34,7 +34,7 @@ public class AuthTemplateTest {
     public void testLogin() {
         //登录
         Result<LoginDTO> result = this.authTemplate.opsForLogin()
-                .token("zhangsan", "123456");
+                .token("sl001", "123456");
 
         String token = result.getData().getToken().getToken();
         System.out.println("token为：" + token);
@@ -51,7 +51,7 @@ public class AuthTemplateTest {
     @Test
     public void checkToken() {
         //上面方法中生成的token
-        String token = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxMDAyNjIxMzAwOTkwMDc2NzA1IiwiYWNjb3VudCI6InpoYW5nc2FuIiwibmFtZSI6IuW8oOS4iSIsIm9yZ2lkIjoxMDAyNjE5NTU4MzU3NDI1OTUzLCJzdGF0aW9uaWQiOjk4MTIyMzcwMzMzNTQxMDYyNSwiYWRtaW5pc3RyYXRvciI6ZmFsc2UsImV4cCI6MTY1OTEzNDA0MH0.WBZaeBvmuw202raw7JvvHnIMpST28d0gv6ufVDenL_iGQwdClucUfd3YPLg9BLoiosaP16SEuB1nM_-HWl8rUA";
+        String token = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxMDI1NDI4Njg3MzEyNjg0OTI5IiwiYWNjb3VudCI6InNsMDAxIiwibmFtZSI6IuW8oOaIkOmjniIsIm9yZ2lkIjoxMDI0NzA0ODQ0NDg2NzU2NjQxLCJzdGF0aW9uaWQiOjEwMjQ3MDU0ODk0MzY0OTQ3MjEsImFkbWluaXN0cmF0b3IiOmZhbHNlLCJleHAiOjE2OTYzNjMwNDF9.kOtK7uEGXOqCQIqFYV88ITie-_ppcooX3nrs4ojSYsCB0ir0JBx_eO1WWw5Mqw0K3sVSf6-Rfxu-Dpr-IhRTgA";
         AuthUserInfoDTO authUserInfo = this.tokenCheckService.parserToken(token);
         System.out.println(authUserInfo);