[add] 项目id校验拦截器

2025-07-08 09:27:48 +08:00
parent 0f9e37b1a8
commit 67ff23e048
2 changed files with 52 additions and 3 deletions
--- a/xinnengyuan/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/common/config/WebMvcConfig.java
+++ b/xinnengyuan/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/common/config/WebMvcConfig.java
@ -0,0 +1,37 @@
+package org.dromara.common.config;
+
+import jakarta.annotation.Resource;
+import lombok.Data;
+import org.dromara.common.interceptor.ValidProjectInterceptor;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+/**
+ * @author lcj
+ * @date 2025/7/8 9:06
+ */
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "security")
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    @Resource
+    private ValidProjectInterceptor validProjectInterceptor;
+
+    /**
+     * 排除路径
+     */
+    private List<String> excludes;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(validProjectInterceptor)
+            .addPathPatterns("/**")
+            .excludePathPatterns(excludes)
+            .excludePathPatterns("/resource/sse/**", "/auth/**", "/system/user/**", "/project/projectRelevancy/login/list", "/system/menu/getRouters");
+    }
+}
--- a/xinnengyuan/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/common/interceptor/ValidProjectInterceptor.java
+++ b/xinnengyuan/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/common/interceptor/ValidProjectInterceptor.java
@ -1,9 +1,14 @@
 package org.dromara.common.interceptor;

+import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
-import org.aspectj.lang.annotation.Aspect;
+import org.dromara.common.core.constant.HttpStatus;
+import org.dromara.common.core.exception.ServiceException;
+import org.dromara.common.core.utils.StringUtils;
+import org.dromara.common.satoken.utils.LoginHelper;
+import org.dromara.project.service.IBusProjectService;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;

@ -12,14 +17,21 @@ import org.springframework.web.servlet.HandlerInterceptor;
 * @date 2025/7/7 19:57
 */
@Slf4j
-@Aspect
@Component
 public class ValidProjectInterceptor implements HandlerInterceptor {

+    @Resource
+    private IBusProjectService projectService;
+
    // 请求前执行
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        System.out.println("请求拦截器 preHandle：URI = " + request.getRequestURI());
+        String projectId = request.getHeader("projectId");
+        Long userId = LoginHelper.getUserId();
+        if (StringUtils.isBlank(projectId) || userId == null) {
+            throw new ServiceException("无访问权限", HttpStatus.FORBIDDEN);
+        }
+        projectService.validAuth(Long.valueOf(projectId), userId);
        // 返回 true 表示继续执行；false 则请求被终止
        return true;
    }