当前位置:首页 » 《我的小黑屋》 » 正文

vue前端img访问鉴权,后端进行拦截

23 人参与  2024年04月26日 15:55  分类 : 《我的小黑屋》  评论

点击全文阅读


此文章为了解决匿名可以访问图片问题,有的文章是重构了el-img组件,使用blob重新进行加载。该文章是换个思路,在图片访问地址后面追加token参数,后端进行拦截,判断token是否有效,无效则拦截。反之通过。同时会校验是否同一台电脑、同一浏览器、同一操作系统、同一登录地点

前端:

image-preview组件:

<template>  <el-image    :src="`${realSrc}`"    fit="cover"    :style="`width:${realWidth};height:${realHeight};`"    :preview-src-list="realSrcList"    append-to-body="true"  >    <template #error>      <div class="image-slot">        <el-icon><picture-filled /></el-icon>      </div>    </template>  </el-image></template><script setup>import { isExternal } from "@/utils/validate";import { getToken } from "@/utils/auth";import {watch} from "vue";const tokenInfo = ref(getToken())const props = defineProps({  src: {    type: String,    required: true  },  srcViewerList: {    type: Array  },  width: {    type: [Number, String],    default: ""  },  height: {    type: [Number, String],    default: ""  }});const realSrc = computed(() => {  let real_src = props.src.split(",")[0];  if (isExternal(real_src)) {    return real_src;  }  return import.meta.env.VITE_APP_BASE_API + real_src + '?token=' + tokenInfo.value;});const realSrcList = ref([]);watch(() => {  props.srcViewerList.forEach(item => {    realSrcList.value.push(item + '?token=' + tokenInfo.value)  });})// const realSrcList = computed(() => {//   let real_src_list = props.src.split(",");//   let srcList = [];//   real_src_list.forEach(item => {//     if (isExternal(item)) {//       return srcList.push(item);//     }//     return srcList.push(import.meta.env.VITE_APP_BASE_API + item + '?token=' + tokenInfo.value);//   });//   return srcList;// });const realWidth = computed(() =>  typeof props.width == "string" ? props.width : `${props.width}px`);const realHeight = computed(() =>  typeof props.height == "string" ? props.height : `${props.height}px`);</script><style lang="scss" scoped>.el-image {  border-radius: 5px;  background-color: #ebeef5;  box-shadow: 0 0 5px 1px #ccc;  :deep(.el-image__inner) {    transition: all 0.3s;    cursor: pointer;    &:hover {      transform: scale(1.2);    }  }  :deep(.image-slot) {    display: flex;    justify-content: center;    align-items: center;    width: 100%;    height: 100%;    color: #909399;    font-size: 30px;  }}</style>

后端拦截器:

ProfileInterceptorConfig.java

package com.fuel.framework.config;import com.fuel.framework.interceptor.ProfileInterceptor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;/** * 通用配置 *  * @author hhxx */@Configurationpublic class ProfileInterceptorConfig implements WebMvcConfigurer{    @Autowired    private ProfileInterceptor profileInterceptor;    /**     * 自定义拦截规则     */    @Override    public void addInterceptors(InterceptorRegistry registry)    {        registry.addInterceptor(profileInterceptor)                .addPathPatterns("/profile/**");    }}
ProfileInterceptor.java
package com.fuel.framework.interceptor;import com.alibaba.fastjson2.JSON;import com.fuel.common.constant.HttpStatus;import com.fuel.common.core.domain.AjaxResult;import com.fuel.common.core.domain.model.LoginUser;import com.fuel.common.utils.ServletUtils;import com.fuel.common.utils.StringUtils;import com.fuel.common.utils.ip.AddressUtils;import com.fuel.common.utils.ip.IpUtils;import com.fuel.common.utils.spring.SpringUtils;import com.fuel.framework.security.handle.AuthenticationEntryPointImpl;import com.fuel.framework.web.service.TokenService;import eu.bitwalker.useragentutils.UserAgent;import org.springframework.beans.factory.annotation.Value;import org.springframework.stereotype.Component;import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.util.Map;@Componentpublic class ProfileInterceptor implements HandlerInterceptor {    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception    {        //获取token        String token = request.getParameter("token");        // 获取用户代理        UserAgent userAgent = UserAgent.parseUserAgentString(ServletUtils.getRequest().getHeader("User-Agent"));        // 获取ip        String ipaddr = IpUtils.getIpAddr(ServletUtils.getRequest());        // 获取登录地点        String loginLocation = AddressUtils.getRealAddressByIP(ipaddr);        // 获取浏览器        String browser = userAgent.getBrowser().getName();        // 获取操作系统        String os = userAgent.getOperatingSystem().getName();        TokenService bean = SpringUtils.getBean(TokenService.class);        AuthenticationEntryPointImpl authenticationEntryPointImpl = SpringUtils.getBean(AuthenticationEntryPointImpl.class);        // 校验token是否有效        Map<String, Object> stringObjectMap = bean.verifyToken(token);        boolean bl = false;        if (stringObjectMap.size() > 0) {            // 获取登录信息            LoginUser user = (LoginUser) stringObjectMap.get("user");            // 判断是否同一台电脑、同一浏览器、同一操作系统、同一登录地点            if (user != null && ipaddr.equals(user.getIpaddr()) && loginLocation.equals(user.getLoginLocation()) && browser.equals(user.getBrowser()) && os.equals(user.getOs())) {                bl = true;            }        }        if(!bl){            // 校验不通过时返回错误信息--复用Spring Security框架的信息            authenticationEntryPointImpl.commence(request, response, null);        }        return bl;    }}
TokenService.java
package com.fuel.framework.web.service;import java.util.HashMap;import java.util.Map;import java.util.concurrent.TimeUnit;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.alibaba.fastjson2.JSONArray;import com.alibaba.fastjson2.JSONObject;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Value;import org.springframework.stereotype.Component;import com.auth0.jwt.exceptions.JWTVerificationException;import com.auth0.jwt.exceptions.TokenExpiredException;import com.fuel.common.constant.Constants;import com.fuel.common.core.domain.AjaxResult;import com.fuel.common.core.domain.model.LoginUser;import com.fuel.common.core.redis.RedisCache;import com.fuel.common.utils.MessageUtils;import com.fuel.common.utils.ServletUtils;import com.fuel.common.utils.StringUtils;import com.fuel.common.utils.http.HttpUtils;import com.fuel.common.utils.ip.AddressUtils;import com.fuel.common.utils.ip.IpUtils;import com.fuel.common.utils.uuid.IdUtils;import eu.bitwalker.useragentutils.UserAgent;import io.jsonwebtoken.Claims;import io.jsonwebtoken.ExpiredJwtException;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;/** * token验证处理 * * @author hhxx */@Componentpublic class TokenService{    // 令牌自定义标识    @Value("${token.header}")    private String header;    // 令牌秘钥    @Value("${token.secret}")    private String secret;    // 令牌有效期(默认30分钟)    @Value("${token.expireTime}")    private int expireTime;    protected static final long MILLIS_SECOND = 1000;    protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;    private static final Long MILLIS_MINUTE_TEN = 20 * 60 * 1000L;    @Autowired    private RedisCache redisCache;        /***     * 验证令牌     * @param token     * @return     */    public Map<String,Object> verifyToken(String token) {        Map<String,Object> resultMap = new HashMap<>();    boolean bl = true;    try {    Claims claims = parseToken(token);    // 解析对应的权限以及用户信息            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);            String userKey = getTokenKey(uuid);            LoginUser user = JSONObject.parseObject(redisCache.getCacheObject(userKey),LoginUser.class);            if(user != null) {            bl = true;            resultMap.put("bl", bl);            }else {            bl = false;            resultMap.put("bl", bl);            resultMap.put("msg", "token已过期");            }    }catch (ExpiredJwtException  eje) {            bl = false;            resultMap.put("bl", bl);        resultMap.put("msg", "token已过期");    }    catch(Exception ex) {    bl = false;    resultMap.put("bl", bl);        resultMap.put("msg", "token验证异常");    }        return resultMap;    }    }


点击全文阅读


本文链接:http://zhangshiyu.com/post/100785.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

关于我们 | 我要投稿 | 免责申明

Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1