diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/filter/AuthFilter.java b/framework/gateway/src/main/java/io/metersphere/gateway/filter/AuthFilter.java new file mode 100644 index 0000000000..a4950aba00 --- /dev/null +++ b/framework/gateway/src/main/java/io/metersphere/gateway/filter/AuthFilter.java @@ -0,0 +1,50 @@ +package io.metersphere.gateway.filter; + +import io.metersphere.commons.constants.SessionConstants; +import io.metersphere.commons.utils.JSON; +import io.metersphere.commons.utils.RsaKey; +import io.metersphere.commons.utils.RsaUtil; +import io.metersphere.controller.handler.ResultHolder; +import org.springframework.core.io.buffer.DataBuffer; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.stereotype.Component; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; + +import java.nio.charset.StandardCharsets; +import java.security.NoSuchAlgorithmException; + +@Component +public class AuthFilter implements WebFilter { + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + // 放行不是 /is-login 的接口 + if (!exchange.getRequest().getURI().getRawPath().equals("/is-login")) { + return chain.filter(exchange); + } + + RsaKey rsaKey = null; + try { + rsaKey = RsaUtil.getRsaKey(); + } catch (NoSuchAlgorithmException e) { + } + // 从请求头中获取Auth Token + String authToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.HEADER_TOKEN); + String csrfToken = exchange.getRequest().getHeaders().getFirst(SessionConstants.CSRF_TOKEN); + if (authToken == null || csrfToken == null) { + // 将错误信息转换为JSON格式 + byte[] body = JSON.toJSONString(ResultHolder.error(rsaKey.getPublicKey())).getBytes(StandardCharsets.UTF_8); + // 设置响应体和响应类型 + exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON); + exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED); + DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(body); + return exchange.getResponse().writeWith(Mono.just(buffer)); + } else { + return chain.filter(exchange); + } + } +} diff --git a/framework/sdk-parent/frontend/src/plugins/request.js b/framework/sdk-parent/frontend/src/plugins/request.js index 744b7e59f4..81e4aabcca 100644 --- a/framework/sdk-parent/frontend/src/plugins/request.js +++ b/framework/sdk-parent/frontend/src/plugins/request.js @@ -83,7 +83,7 @@ const checkAuth = response => { clearLocalStorage(); return; } - if (response.headers["authentication-status"] === "invalid" || response.status === 401) { + if (response.headers["authentication-status"] === "invalid") { clearLocalStorage(); } } @@ -110,6 +110,13 @@ instance.interceptors.response.use(response => { }, error => { let msg; if (error.response && error.response.headers) { + // 仅处理 /is-login + if (error.response.status === 401 + && error.response.data.success === false + && error.response.request.responseURL.endsWith("/is-login")) { + return Promise.reject(error.response.data); + } + // 判断错误标记 if (error.response.status === 402) { if (error.response.headers['redirect']) { diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java index 3019330f15..77d51e705d 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/LoginController.java @@ -52,7 +52,7 @@ public class LoginController { @GetMapping(value = "/is-login") - public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId) throws Exception { + public ResultHolder isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId, HttpServletResponse response) throws Exception { RsaKey rsaKey = RsaUtil.getRsaKey(); Object user = redisIndexedSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user"); if (user != null) { @@ -69,6 +69,8 @@ public class LoginController { } return ResultHolder.success(sessionUser); } + // 没登录状态码返回401 + response.setStatus(401); return ResultHolder.error(rsaKey.getPublicKey()); }