vue前端img访问鉴权,后端进行拦截

vue前端img访问鉴权,后端进行拦截

此文章为了解决匿名可以访问图片问题,有的文章是重构了el-img组件,使用blob重新进行加载。该文章是换个思路,在图片访问地址后面追加token参数,后端进行拦截,判断token是否有效,无效则拦截。反之通过。同时会校验是否同一台电脑、同一浏览器、同一操作系统、同一登录地点

前端

image-preview组件:


<template>
  <el-image
    :src="`${realSrc}`"
    fit="cover"
    :style="`width:${realWidth};height:${realHeight};`"
    :preview-src-list="realSrcList"
    append-to-body="true"
  >
    <template #error>
      <div class="image-slot">
        <el-icon><picture-filled /></el-icon>
      </div>
    </template>
  </el-image>
</template>

<script setup>
import { isExternal } from "@/utils/validate";
import { getToken } from "@/utils/auth";
import {watch} from "vue";

const tokenInfo = ref(getToken())

const props = defineProps({
  src: {
    type: String,
    required: true
  },
  srcViewerList: {
    type: Array
  },
  width: {
    type: [Number, String],
    default: ""
  },
  height: {
    type: [Number, String],
    default: ""
  }
});

const realSrc = ***puted(() => {
  let real_src = props.src.split(",")[0];
  if (isExternal(real_src)) {
    return real_src;
  }
  return import.meta.env.VITE_APP_BASE_API + real_src + '?token=' + tokenInfo.value;
});

const realSrcList = ref([]);
watch(() => {
  props.srcViewerList.forEach(item => {
    realSrcList.value.push(item + '?token=' + tokenInfo.value)
  });
})

// const realSrcList = ***puted(() => {
//   let real_src_list = props.src.split(",");
//   let srcList = [];
//   real_src_list.forEach(item => {
//     if (isExternal(item)) {
//       return srcList.push(item);
//     }
//     return srcList.push(import.meta.env.VITE_APP_BASE_API + item + '?token=' + tokenInfo.value);
//   });
//   return srcList;
// });

const realWidth = ***puted(() =>
  typeof props.width == "string" ? props.width : `${props.width}px`
);

const realHeight = ***puted(() =>
  typeof props.height == "string" ? props.height : `${props.height}px`
);
</script>

<style lang="scss" scoped>
.el-image {
  border-radius: 5px;
  background-color: #ebeef5;
  box-shadow: 0 0 5px 1px #***c;
  :deep(.el-image__inner) {
    transition: all 0.3s;
    cursor: pointer;
    &:hover {
      transform: scale(1.2);
    }
  }
  :deep(.image-slot) {
    display: flex;
    justify-content: center;
    align-items: center;
    width: 100%;
    height: 100%;
    color: #909399;
    font-size: 30px;
  }
}
</style>

后端拦截器:

ProfileInterceptorConfig.java


package ***.fuel.framework.config;

import ***.fuel.framework.interceptor.ProfileInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMv***onfigurer;

/**
 * 通用配置
 * 
 * @author hhxx
 */
@Configuration
public class ProfileInterceptorConfig implements WebMv***onfigurer
{
    @Autowired
    private ProfileInterceptor profileInterceptor;

    /**
     * 自定义拦截规则
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry)
    {
        registry.addInterceptor(profileInterceptor)
                .addPathPatterns("/profile/**");
    }

}
ProfileInterceptor.java
package ***.fuel.framework.interceptor;

import ***.alibaba.fastjson2.JSON;
import ***.fuel.***mon.constant.HttpStatus;
import ***.fuel.***mon.core.domain.AjaxResult;
import ***.fuel.***mon.core.domain.model.LoginUser;
import ***.fuel.***mon.utils.ServletUtils;
import ***.fuel.***mon.utils.StringUtils;
import ***.fuel.***mon.utils.ip.AddressUtils;
import ***.fuel.***mon.utils.ip.IpUtils;
import ***.fuel.***mon.utils.spring.SpringUtils;
import ***.fuel.framework.security.handle.AuthenticationEntryPointImpl;
import ***.fuel.framework.web.service.TokenService;
import eu.bitwalker.useragentutils.UserAgent;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.***ponent;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;

@***ponent
public class ProfileInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception
    {
        //获取token
        String token = request.getParameter("token");
        // 获取用户代理
        UserAgent userAgent = UserAgent.parseUserAgentString(ServletUtils.getRequest().getHeader("User-Agent"));
        // 获取ip
        String ipaddr = IpUtils.getIpAddr(ServletUtils.getRequest());
        // 获取登录地点
        String loginLocation = AddressUtils.getRealAddressByIP(ipaddr);
        // 获取浏览器
        String browser = userAgent.getBrowser().getName();
        // 获取操作系统
        String os = userAgent.getOperatingSystem().getName();
        TokenService bean = SpringUtils.getBean(TokenService.class);
        AuthenticationEntryPointImpl authenticationEntryPointImpl = SpringUtils.getBean(AuthenticationEntryPointImpl.class);
        // 校验token是否有效
        Map<String, Object> stringObjectMap = bean.verifyToken(token);
        boolean bl = false;
        if (stringObjectMap.size() > 0) {
            // 获取登录信息
            LoginUser user = (LoginUser) stringObjectMap.get("user");
            // 判断是否同一台电脑、同一浏览器、同一操作系统、同一登录地点
            if (user != null && ipaddr.equals(user.getIpaddr()) && loginLocation.equals(user.getLoginLocation()) && browser.equals(user.getBrowser()) && os.equals(user.getOs())) {
                bl = true;
            }
        }
        if(!bl){
            // 校验不通过时返回错误信息--复用Spring Security框架的信息
            authenticationEntryPointImpl.***mence(request, response, null);
        }
        return bl;
    }
}

TokenService.java
package ***.fuel.framework.web.service;

import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import ***.alibaba.fastjson2.JSONArray;
import ***.alibaba.fastjson2.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.***ponent;

import ***.auth0.jwt.exceptions.JWTVerificationException;
import ***.auth0.jwt.exceptions.TokenExpiredException;
import ***.fuel.***mon.constant.Constants;
import ***.fuel.***mon.core.domain.AjaxResult;
import ***.fuel.***mon.core.domain.model.LoginUser;
import ***.fuel.***mon.core.redis.RedisCache;
import ***.fuel.***mon.utils.MessageUtils;
import ***.fuel.***mon.utils.ServletUtils;
import ***.fuel.***mon.utils.StringUtils;
import ***.fuel.***mon.utils.http.HttpUtils;
import ***.fuel.***mon.utils.ip.AddressUtils;
import ***.fuel.***mon.utils.ip.IpUtils;
import ***.fuel.***mon.utils.uuid.IdUtils;

import eu.bitwalker.useragentutils.UserAgent;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

/**
 * token验证处理
 *
 * @author hhxx
 */
@***ponent
public class TokenService
{
    // 令牌自定义标识
    @Value("${token.header}")
    private String header;

    // 令牌秘钥
    @Value("${token.secret}")
    private String secret;

    // 令牌有效期(默认30分钟)
    @Value("${token.expireTime}")
    private int expireTime;

    protected static final long MILLIS_SECOND = 1000;

    protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;

    private static final Long MILLIS_MINUTE_TEN = 20 * 60 * 1000L;

    @Autowired
    private RedisCache redisCache;
    
    /***
     * 验证令牌
     * @param token
     * @return
     */
    public Map<String,Object> verifyToken(String token) {
    	
    	Map<String,Object> resultMap = new HashMap<>();
    	boolean bl = true;
    	try {
    		Claims claims = parseToken(token);
    		// 解析对应的权限以及用户信息
            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
            String userKey = getTokenKey(uuid);
            LoginUser user = JSONObject.parseObject(redisCache.getCacheObject(userKey),LoginUser.class);
            if(user != null) {
            	bl = true;
            	resultMap.put("bl", bl);
            }else {
            	bl = false;
            	resultMap.put("bl", bl);
            	resultMap.put("msg", "token已过期");
            }
    	}catch (ExpiredJwtException  eje) {
            bl = false;
            resultMap.put("bl", bl);
        	resultMap.put("msg", "token已过期");
    	}
    	catch(Exception ex) {
    		bl = false;
    		resultMap.put("bl", bl);
        	resultMap.put("msg", "token验证异常");
    	}
    	
    	return resultMap;
    }
    
}

转载请说明出处内容投诉
CSS教程_站长资源网 » vue前端img访问鉴权,后端进行拦截

发表评论

欢迎 访客 发表评论

一个令你着迷的主题!

查看演示 官网购买