package com.genersoft.iot.vmp.conf;
|
|
import com.genersoft.iot.vmp.common.ApiSaveConstant;
|
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
|
import com.genersoft.iot.vmp.service.ILogService;
|
import com.genersoft.iot.vmp.storager.dao.dto.LogDto;
|
import com.genersoft.iot.vmp.utils.DateUtil;
|
import org.apache.commons.lang3.StringUtils;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.http.HttpStatus;
|
import org.springframework.util.ObjectUtils;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
|
import javax.servlet.*;
|
import javax.servlet.annotation.WebFilter;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* @author lin
|
*/
|
@WebFilter(filterName = "ApiAccessFilter", urlPatterns = "/api/*", asyncSupported=true)
|
public class ApiAccessFilter extends OncePerRequestFilter {
|
|
private final static Logger logger = LoggerFactory.getLogger(ApiAccessFilter.class);
|
|
|
@Autowired
|
private UserSetting userSetting;
|
|
@Autowired
|
private ILogService logService;
|
|
|
@Override
|
protected void doFilterInternal(HttpServletRequest servletRequest, HttpServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
|
String username = null;
|
if (SecurityUtils.getUserInfo() == null) {
|
username = servletRequest.getParameter("username");
|
}else {
|
username = SecurityUtils.getUserInfo().getUsername();
|
}
|
long start = System.currentTimeMillis(); // 请求进入时间
|
String uriName = ApiSaveConstant.getVal(servletRequest.getRequestURI());
|
|
filterChain.doFilter(servletRequest, servletResponse);
|
|
if (uriName != null && userSetting.getLogInDatebase()) {
|
|
LogDto logDto = new LogDto();
|
logDto.setName(uriName);
|
if (ObjectUtils.isEmpty(username)) {
|
username = "";
|
}
|
logDto.setUsername(username);
|
logDto.setAddress(servletRequest.getRemoteAddr());
|
logDto.setResult(HttpStatus.valueOf(servletResponse.getStatus()).toString());
|
logDto.setTiming(System.currentTimeMillis() - start);
|
logDto.setType(servletRequest.getMethod());
|
logDto.setUri(servletRequest.getRequestURI());
|
logDto.setCreateTime(DateUtil.getNow());
|
logService.add(logDto);
|
// logger.warn("[Api Access] [{}] [{}] [{}] [{}] [{}] {}ms",
|
// uriName, servletRequest.getMethod(), servletRequest.getRequestURI(), servletRequest.getRemoteAddr(), HttpStatus.valueOf(servletResponse.getStatus()),
|
// System.currentTimeMillis() - start);
|
|
}
|
}
|
|
/**
|
* 获取IP地址
|
*
|
* @param request 请求
|
* @return request发起客户端的IP地址
|
*/
|
private String getIP(HttpServletRequest request) {
|
if (request == null) {
|
return "0.0.0.0";
|
}
|
|
String Xip = request.getHeader("X-Real-IP");
|
String XFor = request.getHeader("X-Forwarded-For");
|
|
String UNKNOWN_IP = "unknown";
|
if (StringUtils.isNotEmpty(XFor) && !UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
//多次反向代理后会有多个ip值,第一个ip才是真实ip
|
int index = XFor.indexOf(",");
|
if (index != -1) {
|
return XFor.substring(0, index);
|
} else {
|
return XFor;
|
}
|
}
|
|
XFor = Xip;
|
if (StringUtils.isNotEmpty(XFor) && !UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
return XFor;
|
}
|
|
if (StringUtils.isBlank(XFor) || UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
XFor = request.getHeader("Proxy-Client-IP");
|
}
|
if (StringUtils.isBlank(XFor) || UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
XFor = request.getHeader("WL-Proxy-Client-IP");
|
}
|
if (StringUtils.isBlank(XFor) || UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
XFor = request.getHeader("HTTP_CLIENT_IP");
|
}
|
if (StringUtils.isBlank(XFor) || UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
XFor = request.getHeader("HTTP_X_FORWARDED_FOR");
|
}
|
if (StringUtils.isBlank(XFor) || UNKNOWN_IP.equalsIgnoreCase(XFor)) {
|
XFor = request.getRemoteAddr();
|
}
|
return XFor;
|
}
|
}
|
