同步接口添加鉴权

project-framework/src/main/java/com/project/framework/config/ResourcesConfig.java

@@ -2,6 +2,7 @@ package com.project.framework.config;
 
 import com.project.common.config.ProjectConfig;
 import com.project.common.constant.Constants;
+import com.project.framework.interceptor.AuthInterceptor;
 import com.project.framework.interceptor.RepeatSubmitInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -22,6 +23,8 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 public class ResourcesConfig implements WebMvcConfigurer {
     @Autowired
     private RepeatSubmitInterceptor repeatSubmitInterceptor;
+    @Autowired
+    private AuthInterceptor authInterceptor;
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
@@ -39,7 +42,11 @@ public class ResourcesConfig implements WebMvcConfigurer {
      */
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
+        // 重复提交拦截
         registry.addInterceptor(repeatSubmitInterceptor).addPathPatterns("/**");
+
+        // api同步接口拦截器
+        registry.addInterceptor(authInterceptor).addPathPatterns("/synchronize/**");
     }
 
     /**

project-framework/src/main/java/com/project/framework/config/SecurityConfig.java

@@ -112,14 +112,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .authorizeRequests()
 
                 // 授权大屏地址
-                //.antMatchers("/large/**").anonymous()
+                .antMatchers("/synchronize/**").anonymous()
                 //.antMatchers("/xxl-job-admin/**").anonymous()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
                 .antMatchers("/login", "/register", "/captchaImage").anonymous()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                 //.antMatchers( "/sxgw/**","/sxgw/**/**","/sxgw/**/**/**","/basics/**", "/basics/**/**", "/build/**", "/build/**/**","/employee/**", "/employee/**/**","/health/**", "/health/**/**","/post/**", "/post/**/**","/property/**", "/property/**/**","/smart/**", "/smart/**/**","/video/**", "/video/**/**").permitAll()
-                .antMatchers( "/webjars/**", "/*/api-docs", "/druid/**", "/large/**").permitAll()
+                .antMatchers( "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 .and()

project-framework/src/main/java/com/project/framework/interceptor/AuthInterceptor.java

@@ -0,0 +1,50 @@
+package com.project.framework.interceptor;
+
+import com.alibaba.fastjson2.JSON;
+import com.project.common.core.domain.AjaxResult;
+import com.project.common.utils.AESUtil;
+import com.project.common.utils.ServletUtils;
+import com.project.common.utils.StringUtils;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @Description
+ * @Author bqyang
+ * @Date 2025/3/6 13:59
+ * @Version 1.0
+ */
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+
+    private static final String TOKEN_KEY = "X-Access-Token";
+
+    private static final String SECRET_KEY = "M2p5yEL67eZct7gtvT";
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // 获取请求头中的token
+        String token = request.getHeader(TOKEN_KEY);
+        System.out.println(token);
+        // 简单的token验证逻辑
+        if (StringUtils.isBlank(token)) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            AjaxResult ajaxResult = AjaxResult.error("token传参异常！");
+            ServletUtils.renderString(response, JSON.toJSONString(ajaxResult));
+            return false;
+        }
+
+        String encrToken = AESUtil.decrypt(token);
+        System.out.println(encrToken);
+        if ( !SECRET_KEY.equals(encrToken)) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            AjaxResult ajaxResult = AjaxResult.error("token传参异常！");
+            ServletUtils.renderString(response, JSON.toJSONString(ajaxResult));
+            return false;
+        }
+        return true;
+    }
+}

project-zcustom/src/main/java/com/project/zcustom/controller/synchronization/PlatSynchronizeController.java

@@ -9,7 +9,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@RequestMapping("/large/synchronize")
+@RequestMapping("/synchronize")
 public class PlatSynchronizeController {
 
     @Autowired