From 613dd76a3aded439f1002d904d85d8332ddb03d1 Mon Sep 17 00:00:00 2001
From: kaiyu <404897439@qq.com>
Date: Thu, 17 Sep 2020 15:22:29 +0800
Subject: [PATCH] 登陆获取信息分离，webToken添加redis

---
 src/main/java/com/moral/common/interceptor/WebInterceptor.java |   15 +++++++++++----
 1 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/moral/common/interceptor/WebInterceptor.java b/src/main/java/com/moral/common/interceptor/WebInterceptor.java
index 9ed4c8a..1b7be06 100644
--- a/src/main/java/com/moral/common/interceptor/WebInterceptor.java
+++ b/src/main/java/com/moral/common/interceptor/WebInterceptor.java
@@ -7,6 +7,8 @@
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.Claim;
 import com.moral.common.exception.WebAuthException;
+import com.moral.common.util.RedisHashUtil;
+import com.moral.common.util.WebTokenUtils;
 import com.moral.common.webAnno.PassToken;
 import com.moral.common.webAnno.UserLoginToken;
 import com.moral.entity.Account;
@@ -35,13 +37,15 @@
     @Resource
     AccountService accountService;
 
+    @Resource
+    RedisHashUtil redisHashUtil;
+
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Headers", "Content-Type,Content-Length, Authorization, Accept,X-Requested-With");
         response.setHeader("Access-Control-Allow-Methods","PUT,POST,GET,DELETE,OPTIONS");
         String token = request.getHeader("token");
-        Enumeration<String> headerNames = request.getHeaderNames();
         //������������������������������������������
         if(!(o instanceof HandlerMethod)){
             return true;
@@ -68,9 +72,7 @@
                 //������ID
                 String id = "";
                 try {
-                    Map<String, Claim> claims = JWT.decode(token).getClaims();
-                    Claim accountId = claims.get("aid");
-                    id = accountId.asString();
+                    id = WebTokenUtils.getIdBytoken(token);
                 }catch (JWTDecodeException e){
                     throw new WebAuthException("401,token������");
                 }
@@ -90,6 +92,11 @@
                     throw new WebAuthException("401,token������������������");
                 }
 
+                //������token������������������������
+                String redisToken = (String)redisHashUtil.getMapVal("webToken",id);
+                if(token.equals(redisToken))
+                    throw new WebAuthException("401,token������");
+
                 return true;
             }
         }

--
Gitblit v1.8.0