package com.xxx.vulnweb.filter;

import com.xxx.vulnweb.model.ResponseModel;
import com.xxx.vulnweb.model.user.UserModel;
import com.xxx.vulnweb.util.JsonParseImpl;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import java.io.IOException;
import java.util.Objects;


@Component
@Order(1)
public class LoginFilter implements Filter {
    @Autowired
    ResponseModel responseModel;
    @Autowired
    JsonParseImpl jsonParse;
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        // 类型转换成HTTP的
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        // 登陆接口不鉴权
        if (Objects.equals(request.getRequestURI(), "/login")) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            // 获取session并返回给UserModel
            UserModel user = (UserModel) request.getSession().getAttribute("info");
            // 如果能返回对象,则说明有权限的
            if (user != null) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {    // 无权限的
                servletResponse.setContentType("application/json");
                responseModel.setCode(401);
                responseModel.setMsg("Unauthorized");
                responseModel.setData(null);
                servletResponse.getOutputStream().write(jsonParse.dumps(responseModel).getBytes());
            }
        }

    }
}
Copyright © d4m1ts 2023 all right reserved,powered by Gitbook该文章修订时间: 2024-01-16 15:32:12

results matching ""

    No results matching ""