diff --git a/src/main/java/com/example/admin_server/filter/JwtAuthenticationFilter.java b/src/main/java/com/example/admin_server/filter/JwtAuthenticationFilter.java index 3379460..980059c 100644 --- a/src/main/java/com/example/admin_server/filter/JwtAuthenticationFilter.java +++ b/src/main/java/com/example/admin_server/filter/JwtAuthenticationFilter.java @@ -1,7 +1,10 @@ package com.example.admin_server.filter; +import com.example.admin_server.common.Result; import com.example.admin_server.constant.AuthConst; +import com.example.admin_server.enums.ResultCode; import com.example.admin_server.utils.JwtUtil; +import com.fasterxml.jackson.databind.ObjectMapper; import io.jsonwebtoken.Claims; import lombok.NonNull; import org.springframework.http.MediaType; @@ -22,7 +25,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtUtil jwtUtil; - // 白名单路径,登录接口一般放这里 private static final Set WHITELIST = new HashSet<>(); static { @@ -30,7 +32,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { WHITELIST.add("/api/client/login"); WHITELIST.add("/api/employee/login"); WHITELIST.add("/api/client/wx/login"); - // 也可以放其它公开接口 } public JwtAuthenticationFilter(JwtUtil jwtUtil) { @@ -42,45 +43,56 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { @NonNull HttpServletResponse response, @NonNull FilterChain filterChain) throws ServletException, IOException { + String method = request.getMethod(); String requestURI = request.getRequestURI(); - // 如果路径在白名单,放行 + + // ✅ 放行预检请求 OPTIONS,避免被拦截导致 CORS 失败 + if ("OPTIONS".equalsIgnoreCase(method)) { + response.setStatus(HttpServletResponse.SC_OK); + return; + } + + // ✅ 白名单路径放行 if (WHITELIST.contains(requestURI)) { filterChain.doFilter(request, response); return; } + + // 🔒 获取 token(根据路径区分前后台) String token = null; if (requestURI.startsWith("/api/admin/")) { token = request.getHeader(AuthConst.ADMIN_AUTHORIZATION_HEADER); } else if (requestURI.startsWith("/api/client/")) { token = request.getHeader(AuthConst.FRONT_AUTHORIZATION_HEADER); } else { - // 非需鉴权路径,放行 + // 非鉴权路径,放行 filterChain.doFilter(request, response); return; } if (!StringUtils.hasText(token)) { - writeResponse(response, 401, "{\"code\":400,\"msg\":\"未登录:缺少token\"}"); + writeJsonResponse(response, + Result.fail(ResultCode.NOT_LOGIN.getCode(), "未登录:缺少 token")); return; } Optional claimsOpt = jwtUtil.parseToken(token); if (!claimsOpt.isPresent() || jwtUtil.isTokenExpired(token)) { - writeResponse(response, 401, "{\"code\":401,\"msg\":\"未授权:token无效或过期\"}"); + writeJsonResponse(response, + Result.fail(ResultCode.UNAUTHORIZED.getCode(), "未授权:token 无效或过期")); return; } - // 可以把用户信息放到SecurityContextHolder或request里 -// SecurityContextHolder.getContext().setAuthentication(...) -// request.setAttribute("claims", claimsOpt.get()); + // TODO: 可以 setAttribute 或 SecurityContextHolder 存放用户信息 filterChain.doFilter(request, response); } - private void writeResponse(HttpServletResponse response, int status, String json) throws IOException { - response.setStatus(status); + private void writeJsonResponse(HttpServletResponse response, Result result) throws IOException { + response.setStatus(HttpServletResponse.SC_OK); response.setContentType(MediaType.APPLICATION_JSON_VALUE); response.setCharacterEncoding(StandardCharsets.UTF_8.name()); - response.getWriter().write(json); + ObjectMapper objectMapper = new ObjectMapper(); + response.getWriter().write(objectMapper.writeValueAsString(result)); } }