perf：请求时将通过getCurrentUserName()方法返回的对象检验用户是否非法

2024-08-07 14:09:28 +08:00
parent bb38428708
commit 1ee4b4af30
27 changed files with 295 additions and 314 deletions
--- a/springboot-login/src/main/java/com/tiesheng/login/config/TokenWebMvcConfigurer.java
+++ b/springboot-login/src/main/java/com/tiesheng/login/config/TokenWebMvcConfigurer.java
@@ -3,7 +3,10 @@ package com.tiesheng.login.config;
 import cn.hutool.core.util.ObjUtil;
 import cn.hutool.core.util.StrUtil;
 import com.tiesheng.annotation.token.TokenIgnore;
+import com.tiesheng.login.pojos.RequestUserInfo;
+import com.tiesheng.login.service.TsLoginConfigurer;
 import com.tiesheng.util.config.TsTokenConfig;
+import com.tiesheng.util.exception.ApiException;
 import com.tiesheng.util.pojos.TokenBean;
 import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController;
 import org.springframework.context.annotation.Configuration;
@@ -29,6 +32,8 @@ public class TokenWebMvcConfigurer implements WebMvcConfigurer {

    @Resource
    TsTokenConfig tsTokenConfig;
+    @Resource
+    TsLoginConfigurer tsLoginConfigurer;

    @Override
    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
@@ -96,8 +101,14 @@ public class TokenWebMvcConfigurer implements WebMvcConfigurer {
                    return true;
                }

-                // token验证
-                tsTokenConfig.validToken(request, true);
+                // 验证TOKEN是否存在
+                TokenBean tokenBean = tsTokenConfig.validToken(request, true);
+
+                // 验证用户是否存在
+                RequestUserInfo cachedUserInfo = tsLoginConfigurer.getCachedUserInfo(tokenBean);
+                if (cachedUserInfo == null) {
+                    throw new ApiException("非法TOKEN，请重新登录");
+                }

                return true;
            }