feat: websocket token认证

6bff29c0 · shangtx · a0ddf406 · 6bff29c0
Commit 6bff29c0 authored Jul 22, 2022 by shangtx
Show whitespace changes
Inline Side-by-side

Showing with 28 additions and 2 deletions

SocketInterceptor.java ...va/com/onsiteservice/common/socket/SocketInterceptor.java +28 -2

No files found.
--- a/common/src/main/java/com/onsiteservice/common/socket/SocketInterceptor.java
+++ b/common/src/main/java/com/onsiteservice/common/socket/SocketInterceptor.java
 package com.onsiteservice.common.socket;


+import com.alibaba.fastjson.JSON;
 import com.onsiteservice.constant.constant.Constants;
+import com.onsiteservice.core.exception.ServiceException;
+import com.onsiteservice.core.result.ResultCodeEnum;
+import com.onsiteservice.core.security.jwt.JwtManager;
+import com.onsiteservice.core.security.jwt.JwtPathProperties;
+import io.jsonwebtoken.Claims;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
 import org.springframework.http.server.ServletServerHttpRequest;
@@ -11,6 +18,7 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.socket.WebSocketHandler;
 import org.springframework.web.socket.server.HandshakeInterceptor;

+import javax.servlet.http.HttpServletRequest;
 import java.util.Map;

 /**
@@ -22,6 +30,9 @@ import java.util.Map;
 @Slf4j
 public class SocketInterceptor implements HandshakeInterceptor {

+    @Value("${project.jwt.enabled:false}")
+    private Boolean jwtEnabled;
+
    /**
     * 握手之前执行该方法, 继续握手返回true, 中断握手返回false. 通过attributes参数设置WebSocketSession的属性
     */
@@ -31,8 +42,23 @@ public class SocketInterceptor implements HandshakeInterceptor {
        // log.info("Http协议转换WebSocket协议进行前, 握手前" + request.getURI());
        // http协议转换WebSocket协议进行前，这里可通过token信息判断用户是否合法
        if (request instanceof ServletServerHttpRequest) {
-            // HttpServletRequest servletRequest = ((ServletServerHttpRequest) request).getServletRequest();
-            String userId = request.getURI().toString().split("userId=")[1];
+            HttpServletRequest servletRequest = ((ServletServerHttpRequest) request).getServletRequest();
+            System.out.println(servletRequest.getParameter("userId"));
+            String userId;
+            if (jwtEnabled) {
+                String token = servletRequest.getParameter("token");
+                if (token == null) {
+                    throw new ServiceException(ResultCodeEnum.UNAUTHORIZED.getCode(), "认证信息为空");
+                }
+                Claims claims = JwtManager.parseToken(token.replaceAll(JwtManager.BEARER, ""));
+                if(claims == null) {
+                    throw new ServiceException(ResultCodeEnum.UNAUTHORIZED.getCode(), "认证错误");
+                }
+                userId = JSON.parseObject(claims.getSubject()).getString(JwtManager.USER_ID);
+            } else {
+                userId = servletRequest.getParameter("userId");
+            }
+
            if (StringUtils.isBlank(userId)) {
                log.error("Websocket的握手请求拦截器: 用户id空 无效请求!");
                return false;