提取方法

src/main/java/com/scbfkj/uni/utils/Util.java

@@ -0,0 +1,121 @@
+package com.scbfkj.uni.utils;
+
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.scbfkj.uni.library.DataFormatUtil;
+import com.scbfkj.uni.library.RequestUtil;
+import com.scbfkj.uni.process.DataBase;
+import com.scbfkj.uni.service.SecurityService;
+import com.scbfkj.uni.system.Config;
+import jakarta.annotation.Resource;
+import org.springframework.stereotype.Component;
+
+import java.util.*;
+
+@Component
+public class Util {
+    @Resource
+    private SecurityService securityService;
+
+    private static final DataBase DATA_BASE = new DataBase();
+
+
+    public  void addFilter(Map<String, Object> body, Optional<String> serviceid,String uri,boolean checkToken) throws Exception {
+
+
+        List<Map<String, Object>> permission = (List<Map<String, Object>>) securityService.permission().get("returnData");
+
+
+        if(checkToken) {
+            checkToken(uri);
+        }
+        if (Objects.nonNull(body) && uri.startsWith("/openApi")) {
+
+            Map<String, Object> userInfo = RequestUtil.getUserInfo();
+
+            if (Objects.nonNull(userInfo)) {
+                Object usergroupid = userInfo.get("usergroupid");
+
+//                超级管理员
+                if (Objects.nonNull(usergroupid) && Objects.equals("0", usergroupid.toString())) {
+                    body.put("filterColumns", Collections.singletonList("*"));
+                } else {
+                    if (Objects.nonNull(permission)) {
+                        Optional finalServiceid = serviceid;
+                        Optional<Map<String, Object>> any = permission.stream().filter(it -> Objects.equals(it.get("serviceid"), finalServiceid.get())).filter(it -> Objects.nonNull(it.get("filterset"))).findAny();
+                        if (any.isPresent()) {
+                            Map<String, Object> data = any.get();
+                            Object filterset = data.get("filterset");
+                            if (Objects.nonNull(filterset) && !filterset.toString().trim().isEmpty()) {
+                                try {
+                                    List list = DataFormatUtil.getObjectMapper().readValue(filterset.toString(), List.class);
+                                    body.put("filterLines", list);
+                                } catch (JsonProcessingException e) {
+                                    if (Config.isDebug()) {
+                                        e.printStackTrace();
+                                        throw e;
+                                    }
+                                }
+                            } else {
+                                body.put("filterLines", new ArrayList<>());
+                            }
+                        }
+                        List<String> columns = DATA_BASE.query(Config.getSecurityConnectionStr(), "select pagecode from pageconfiguration where pagetype='column' and pageconfiguration.pageconfigurationid  in (select userpermissions.pageconfigurationid from userpermissions where serviceid = ? and userid =?)", serviceid.get(), RequestUtil.getUserId()).stream().map(it -> it.get("pagecode").toString()).toList();
+                        if (!columns.isEmpty()) {
+                            body.put("filterColumns", columns);
+                        }
+                    }
+                }
+            }
+//                    不需要登录也没有设置权限的默认添加一个所有列权限
+
+            if (!Config.isSecurityEnable() && body != null && !body.containsKey("filterColumns")) {
+                body.put("filterColumns", Collections.singletonList("*"));
+            }
+
+        }
+    }
+
+    public  void checkToken(String uri) throws Exception {
+        if (Config.isSecurityEnable()) {
+            List<Map<String, Object>> apiInfos = DATA_BASE.query(Config.getSecurityConnectionStr(), "select * from apiinfo");
+
+
+            Optional<Map<String, Object>> requestpath = apiInfos.stream().filter(it -> {
+                Object o = it.get("requestpath");
+                return Objects.equals(o, uri);
+            }).findAny();
+            if (requestpath.isPresent()) {
+                Map<String, Object> stringObjectMap = requestpath.get();
+                Object o = stringObjectMap.get("securitykey");
+                if (Objects.nonNull(o)) {
+                    String[] securityCheck = o.toString().split(",");
+                    for (String s : securityCheck) {
+                        if (Objects.equals(s, "token")) {
+                            String appToken = RequestUtil.getAppToken();
+                            if (Objects.isNull(appToken)) {
+                                throw new RuntimeException("没有找到token");
+                            }
+                            try {
+//                                    校验apptoken 成功表示验证通过
+                                RequestUtil.getApplication();
+                            } catch (Exception e) {
+                                throw new RuntimeException("token验证失败");
+                            }
+                        }
+                        if (Objects.equals("usertoken", s)) {
+                            String userToken = RequestUtil.getUserToken();
+                            if (Objects.isNull(userToken)) {
+                                throw new RuntimeException("没有找到 usertoken");
+                            }
+                            Map<String, Object> checkResult = securityService.checkUserToken(userToken);
+                            if (!checkResult.get("code").equals("0")) {
+                                throw new RuntimeException(checkResult.getOrDefault("message", "").toString());
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}