|
|
@@ -82,20 +82,32 @@ public class RequestLogHandlerInterceptor implements HandlerInterceptor {
|
|
|
token = parameters.get("token");
|
|
|
}
|
|
|
log.info("token: {}", token);
|
|
|
-// if (!StringUtils.hasText(token)) {
|
|
|
-// return forbidden(response);
|
|
|
-// }
|
|
|
+ if (!StringUtils.hasText(token)) {
|
|
|
+ return forbidden(response);
|
|
|
+ }
|
|
|
try {
|
|
|
String urlDecodeToken = URLDecoder.decode(token, StandardCharsets.UTF_8);
|
|
|
log.info("urlDecodeToken: {}", urlDecodeToken);
|
|
|
- String decodeToken = AESUtil.decrypt(urlDecodeToken);
|
|
|
- log.info("decodeToken: {}", decodeToken);
|
|
|
+ String decryptToken = AESUtil.decrypt(urlDecodeToken);
|
|
|
+ log.info("decryptToken: {}", decryptToken);
|
|
|
Gson gson = new Gson();
|
|
|
- Map<String, String> map = gson.fromJson(decodeToken, new TypeToken<Map<String, String>>() {
|
|
|
+ Map<String, String> map = gson.fromJson(decryptToken, new TypeToken<Map<String, String>>() {
|
|
|
}.getType());
|
|
|
-// if (!"FINANCE".equals(map.get("APP_ID")) || !StringUtils.hasText(map.get("LOGIN_ID"))) {
|
|
|
-// return forbidden(response);
|
|
|
-// }
|
|
|
+ if (!"FINANCE".equals(map.get("APP_ID"))
|
|
|
+ || !StringUtils.hasText(map.get("LOGIN_ID"))
|
|
|
+ || !StringUtils.hasText(map.get("TIME_STAMP"))
|
|
|
+ || !StringUtils.hasText(map.get("EXPIRE_TIME"))
|
|
|
+ ) {
|
|
|
+ return forbidden(response);
|
|
|
+ }
|
|
|
+ LocalDateTime timeStamp = LocalDateTime.parse(map.get("TIME_STAMP"),
|
|
|
+ DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"));
|
|
|
+ int expireTime = Integer.parseInt(map.get("EXPIRE_TIME"));
|
|
|
+ LocalDateTime expireTimeStamp = timeStamp.plusSeconds(expireTime);
|
|
|
+ // token过期
|
|
|
+ if (now.isAfter(expireTimeStamp)) {
|
|
|
+ return unauthorized(response);
|
|
|
+ }
|
|
|
Map<String, String> requestParameters = new HashMap<>();
|
|
|
requestParameters.put("request_parameters", gson.toJson(parameters));
|
|
|
requestParameters.put("request_body", body);
|
|
|
@@ -107,32 +119,31 @@ public class RequestLogHandlerInterceptor implements HandlerInterceptor {
|
|
|
requestLogPo.setRequestParameters(gson.toJson(requestParameters));
|
|
|
requestLogPo.setHeaders(gson.toJson(headers));
|
|
|
requestLogPo.setAppId(map.get("APP_ID"));
|
|
|
- setTimeStamp(map, requestLogPo);
|
|
|
requestLogPo.setToken(urlDecodeToken);
|
|
|
+ requestLogPo.setTimeStamp(timeStamp);
|
|
|
+ requestLogPo.setExpireTime(expireTime);
|
|
|
+ requestLogPo.setExpireTimeStamp(expireTimeStamp);
|
|
|
requestLogService.offer(requestLogPo);
|
|
|
} catch (Exception e) {
|
|
|
log.error("token解密失败: {} {}", token, e.getMessage(), e);
|
|
|
-// return forbidden(response);
|
|
|
+ return forbidden(response);
|
|
|
}
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
- private void setTimeStamp(Map<String, String> map, RequestLogPo requestLogPo) {
|
|
|
- String timeStamp = map.get("TIME_STAMP");
|
|
|
- if (StringUtils.hasText(timeStamp)) {
|
|
|
- try {
|
|
|
- requestLogPo.setTimeStamp(LocalDateTime.parse(map.get("TIME_STAMP"),
|
|
|
- DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")));
|
|
|
- } catch (Exception e) {
|
|
|
- log.warn("时间戳解析失败: {}", timeStamp);
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
@Override
|
|
|
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
|
|
|
@Nullable Exception ex) throws Exception {
|
|
|
- log.info("响应 {}", response.getStatus());
|
|
|
+ if (!MyDispatcherServlet.UN_WRAPPER.contains(request.getRequestURI())) {
|
|
|
+ MyHttpServletResponseWrapper wrapper = (MyHttpServletResponseWrapper) response;
|
|
|
+ String responseString = new String(wrapper.toByteArray());
|
|
|
+// log.info("响应 {}: {}", wrapper.getStatus(), responseString);
|
|
|
+ // 返回结果打印前500个字符
|
|
|
+ log.info("返回 {}: {}", wrapper.getStatus(),
|
|
|
+ org.apache.commons.lang3.StringUtils.substring(responseString, 0, 500));
|
|
|
+ } else {
|
|
|
+ log.info("响应 {}", response.getStatus());
|
|
|
+ }
|
|
|
StopWatch stopWatch = STOP_WATCH_THREAD_LOCAL.get();
|
|
|
stopWatch.stop();
|
|
|
log.info("耗时 {} ms", stopWatch.getTotalTimeMillis());
|
|
|
@@ -142,8 +153,28 @@ public class RequestLogHandlerInterceptor implements HandlerInterceptor {
|
|
|
private boolean forbidden(HttpServletResponse response) throws IOException {
|
|
|
response.setCharacterEncoding("UTF-8");
|
|
|
response.setContentType("application/json; charset=utf-8");
|
|
|
- byte[] bytes = new Gson().toJson(R.error(403, "没有权限访问")).getBytes();
|
|
|
+ String r = new Gson().toJson(R.error(403, "没有权限访问"));
|
|
|
+ byte[] bytes = r.getBytes();
|
|
|
response.getOutputStream().write(bytes);
|
|
|
+ StopWatch stopWatch = STOP_WATCH_THREAD_LOCAL.get();
|
|
|
+ stopWatch.stop();
|
|
|
+ log.warn("返回 {}: {}", response.getStatus(), r);
|
|
|
+ log.info("耗时 {} ms", stopWatch.getTotalTimeMillis());
|
|
|
+ STOP_WATCH_THREAD_LOCAL.remove();
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ private boolean unauthorized(HttpServletResponse response) throws IOException {
|
|
|
+ response.setCharacterEncoding("UTF-8");
|
|
|
+ response.setContentType("application/json; charset=utf-8");
|
|
|
+ String r = new Gson().toJson(R.error(401, "请刷新页面或重新登录"));
|
|
|
+ byte[] bytes = r.getBytes();
|
|
|
+ response.getOutputStream().write(bytes);
|
|
|
+ StopWatch stopWatch = STOP_WATCH_THREAD_LOCAL.get();
|
|
|
+ stopWatch.stop();
|
|
|
+ log.info("返回 {}: {}", response.getStatus(), r);
|
|
|
+ log.info("耗时 {} ms", stopWatch.getTotalTimeMillis());
|
|
|
+ STOP_WATCH_THREAD_LOCAL.remove();
|
|
|
return false;
|
|
|
}
|
|
|
}
|
weijianghai