From 5c590b3f5267815a7f00c08f46f856760c4250cc Mon Sep 17 00:00:00 2001
From: TS-QD1 <tskj_pc1@163.com>
Date: Tue, 30 Jul 2024 19:01:46 +0800
Subject: [PATCH] =?UTF-8?q?=E5=89=8D=E7=AB=AF=E9=A1=B5=E9=9D=A2=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E7=99=BB=E5=BD=95=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../client/auth/filter/UserTokenFilter.java       | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java
index cc34793e..74f960f5 100644
--- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java
+++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java
@@ -7,12 +7,14 @@ import ink.wgink.login.oauth2.client.auth.manager.UserToken;
 import ink.wgink.pojo.bos.UserInfoBO;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
@@ -27,10 +29,23 @@ import java.io.IOException;
 @WebFilter(filterName = "ContentCachingFilter", urlPatterns = "/*")
 public class UserTokenFilter extends OncePerRequestFilter {
 
+    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
+
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         String userId = request.getHeader("X-USER-ID");
+        String source = request.getHeader("X-SOURCE");
         if (StringUtils.isBlank(userId)) {
+            Object springSecurityContext = request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+            if(!StringUtils.equals(source, "page")) {
+                filterChain.doFilter(request, response);
+                return;
+            }
+            String requestUri = request.getRequestURI().replaceFirst(request.getContextPath(), "");
+            if (springSecurityContext == null && ANT_PATH_MATCHER.match("/api/**", requestUri)) {
+                response.setStatus(HttpStatus.UNAUTHORIZED.value());
+                return;
+            }
             filterChain.doFilter(request, response);
             return;
         }