创建heima-leadnews-app-gateway模块
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>com.heima</groupId>
<artifactId>heima-leadnews-common</artifactId>
</dependency>
</dependencies>
### application.yml
server:
port: 51601
spring:
application:
name: leadnews-app-gateway
cloud:
nacos:
discovery:
server-addr: 192.168.137.136:8848
gateway:
globalcors:
cors-configurations:
'[/**]': # 匹配所有请求
allowedOrigins: "*" #跨域处理 允许所有的域
allowedHeaders: "*"
allowedMethods: # 支持的方法
- GET
- POST
- PUT
- DELETE
- OPTIONS
routes:
#文章微服务
- id: leadnews-article
uri: lb:
predicates:
- Path=/article/**
filters:
- StripPrefix= 1
- id: leadnews-user
uri: lb:
predicates:
- Path=/user/**
filters:
- StripPrefix= 1
- id: leadnews-behavior
uri: lb:
predicates:
- Path=/behavior/**
filters:
- StripPrefix= 1
- id: leadnews-comment
uri: lb:
predicates:
- Path=/comment/**
filters:
- StripPrefix= 1
- id: leadnews-search
uri: lb:
predicates:
- Path=/search/**
filters:
- StripPrefix= 1
创建启动类
package com.heima.app.gateway;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@SpringBootApplication
@EnableDiscoveryClient
public class AppGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(AppGatewayApplication.class,args);
}
}
创建全局过滤器
package com.heima.app.gateway.filter;
import com.heima.common.dtos.Payload;
import com.heima.common.util.JwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@Slf4j
@Component
public class AuthFilter implements GlobalFilter, Ordered {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
String path = request.getURI().getPath();
if(path.contains("/api/v1/login/login_auth")){
return chain.filter(exchange);
}
String token = request.getHeaders().getFirst("token");
if(StringUtils.isBlank(token)){
log.error("当前请求没有token,path={}",path);
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
try{
Payload payload = JwtUtils.getInfoFromToken(token);
Integer userId = payload.getUserId();
ServerHttpRequest httpRequest = request.mutate().headers(httpHeaders -> {
httpHeaders.set("userId", userId.toString());
}).build();
exchange.mutate().request(httpRequest);
return chain.filter(exchange);
}catch(Exception e){
log.error("当前请求token解析错误,path={}",path);
e.printStackTrace();
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
}
@Override
public int getOrder() {
return 0;
}
}
## app用户登录创建全局过滤器
### 需求
- 用户点击**开始使用**
登录后的用户权限较大,可以查看,也可以操作(点赞,关注,评论)
- 用户点击**不登录,先看看**
游客只有查看的权限
### 分析
用户登录的业务,我们需要在user服务完成
需要使用手机号和密码查询ap_user表进行验证,如果验证通过返回用户信息和token
验证用户密码的时候需要使用Bcrypt来验证前端传递的密码和数据库中加密后密码是否一致
### user服务创建AppUserLoginController
package com.heima.user.controller;
import com.heima.common.dtos.ResponseResult;
import com.heima.model.user.dtos.AppLoginDto;
import com.heima.user.service.ApUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.Map;
@RestController
public class AppUserLoginController {
@Autowired
private ApUserService apUserService;
@PostMapping("/api/v1/login/login_auth")
public ResponseResult<Map<String,Object>> login(@RequestBody AppLoginDto dto){
return ResponseResult.ok(apUserService.login(dto));
}
}
package com.heima.user.service.impl;
在ApUserServiceImpl添加方法处理登录
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.heima.common.enums.AppHttpCodeEnum;
import com.heima.common.exception.LeadException;
import com.heima.common.util.BeanHelper;
import com.heima.common.util.JwtUtils;
import com.heima.model.user.dtos.AppLoginDto;
import com.heima.model.user.dtos.UserInfoDto;
import com.heima.user.entity.ApUser;
import com.heima.user.mapper.ApUserMapper;
import com.heima.user.service.ApUserService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Map;
@Service
public class ApUserServiceImpl extends ServiceImpl<ApUserMapper, ApUser> implements ApUserService {
@Autowired
private BCryptPasswordEncoder encoder;
@Override
public Map<String, Object> login(AppLoginDto dto) {
Map<String,Object> map = new HashMap<>(); return map
int userId = 0; ----先申明useid
if(StringUtils.isNotBlank(dto.getPhone()) &&
StringUtils.isNotBlank(dto.getPassword())){
QueryWrapper<ApUser> queryWrapper = new QueryWrapper<>();
queryWrapper.lambda().eq(ApUser::getPhone,dto.getPhone());
ApUser apUser = getOne(queryWrapper);
if(apUser==null){
throw new LeadException(AppHttpCodeEnum.AP_USER_DATA_NOT_EXIST);
}
boolean b = encoder.matches(dto.getPassword(), apUser.getPassword());
if(!b){
throw new LeadException(AppHttpCodeEnum.LOGIN_PASSWORD_ERROR);
}
map.put("user", BeanHelper.copyProperties(apUser, UserInfoDto.class));
userId = apUser.getId();
apuser没密码UserInfoDto也没密码
}else{
if(StringUtils.isBlank(dto.getEquipmentId())){
throw new LeadException(AppHttpCodeEnum.PARAM_INVALID);
}
}
String token = JwtUtils.generateTokenExpireInMinutes(userId, 60);
map.put("token",token);
return result;
}
}
