added: 管理员锁定的拦截

2025-12-23 19:19:32 +08:00 · 2023-02-17 14:15:50 +08:00
parent bd5cf234f1
commit aed4c60296
5 changed files with 35 additions and 5 deletions
--- a/src/main/java/xyz/playedu/api/middleware/AdminAuthMiddleware.java
+++ b/src/main/java/xyz/playedu/api/middleware/AdminAuthMiddleware.java
@@ -10,6 +10,8 @@ import org.springframework.web.servlet.HandlerInterceptor;
 import xyz.playedu.api.PlayEduThreadLocal;
 import xyz.playedu.api.bus.BackendBus;
 import xyz.playedu.api.constant.SystemConstant;
+import xyz.playedu.api.domain.AdminUser;
+import xyz.playedu.api.service.AdminUserService;
 import xyz.playedu.api.service.JWTService;
 import xyz.playedu.api.types.JWTPayload;
 import xyz.playedu.api.types.JsonResponse;
@@ -24,6 +26,9 @@ public class AdminAuthMiddleware implements HandlerInterceptor {
    @Autowired
    private JWTService jwtService;

+    @Autowired
+    private AdminUserService adminUserService;
+
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (BackendBus.inUnAuthWhitelist(request.getRequestURI())) {
@@ -32,15 +37,22 @@ public class AdminAuthMiddleware implements HandlerInterceptor {

        String token = RequestUtil.token();
        if (token.length() == 0) {
-            responseTransform(response, 401, "请登录");
-            return false;
+            return responseTransform(response, 401, "请登录");
        }

        try {
            JWTPayload payload = jwtService.parse(token, SystemConstant.JWT_PRV_ADMIN_USER);

-            // 用户信息写入context
+            AdminUser adminUser = adminUserService.findById(payload.getSub());
+            if (adminUser == null) {
+                return responseTransform(response, 404, "管理员不存在");
+            }
+            if (adminUser.getIsBanLogin() == 1) {
+                return responseTransform(response, 403, "当前管理员禁止登录");
+            }
+
            PlayEduThreadLocal.setAdminUserId(payload.getSub());
+            PlayEduThreadLocal.setAdminUser(adminUser);

            return HandlerInterceptor.super.preHandle(request, response, handler);
        } catch (Exception e) {
@@ -49,10 +61,11 @@ public class AdminAuthMiddleware implements HandlerInterceptor {
        }
    }

-    private void responseTransform(HttpServletResponse response, int code, String msg) throws IOException {
+    private boolean responseTransform(HttpServletResponse response, int code, String msg) throws IOException {
        response.setStatus(code);
        response.setContentType("application/json;charset=utf-8");
        response.getWriter().print(JSON.toJSONString(JsonResponse.error(msg)));
+        return false;
    }

    @Override