Skip to content

fix: enable jwt #460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hhhhsc701 merged 2 commits into from
Mar 31, 2026
Merged

fix: enable jwt #460

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e47f7e3
fix: enable jwt
MoeexT Mar 30, 2026
04f5ce8
fix: enable jwt
MoeexT Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 43 additions & 8 deletions backend/api-gateway/src/main/java/com/datamate/gateway/common/filter/AuthFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,19 @@
import java.nio.charset.StandardCharsets;

/**
* 鉴权过滤器
* 用户数据隔离过滤器
*
* 支持两种认证模式:
* 1. SSO 模式:从 OmsAuthFilter 添加的 X-User-Name header 中提取用户信息
* 2. JWT 模式:从 Authorization Bearer Token 中提取用户信息
*
* 无论哪种模式,最终都会添加 User header 供下游服务隔离用户数据
*
* 优先级:SSO > JWT
* Order: 2 (低于 OmsAuthFilter 的 Order=1)
*
* @author songyongtan
* @date 2026-03-30
*/
@Slf4j
@Component
Expand All @@ -49,34 +60,55 @@ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
if (path.equals("/api/user/login") || path.equals("/api/user/signup")) {
return chain.filter(exchange);
}

try {
// 优先检查 SSO 模式(OmsAuthFilter 已添加的 header)
String ssoUser = request.getHeaders().getFirst("X-User-Name");
if (StringUtils.isNotBlank(ssoUser)) {
log.info("SSO mode detected, adding User header: {}", ssoUser);
ServerHttpRequest mutatedRequest = request.mutate()
.headers(httpHeaders -> {
httpHeaders.add(USER_HEADER, ssoUser);
})
.build();
ServerWebExchange mutatedExchange = exchange.mutate()
.request(mutatedRequest)
.build();
return chain.filter(mutatedExchange);
}

// 检查 JWT 模式
if (!jwtEnable) {
log.debug("JWT is disabled, passing request without user header");
return chain.filter(exchange);
}
// Get token from Authorization header

// JWT 模式:验证 Token
String authHeader = request.getHeaders().getFirst(AUTH_HEADER);
if (authHeader == null || !authHeader.startsWith(TOKEN_PREFIX)) {
log.warn("JWT enabled but no valid Authorization header found");
return sendUnauthorizedResponse(exchange);
}

String token = authHeader.substring(TOKEN_PREFIX.length());
String user = userService.validateToken(token);
if (StringUtils.isBlank(user)) {
log.warn("JWT token validation failed");
return sendUnauthorizedResponse(exchange);
}
// 4. 创建新的请求

log.info("JWT mode authenticated, adding User header: {}", user);
ServerHttpRequest mutatedRequest = request.mutate()
.headers(httpHeaders -> {
// 或者直接操作headers
httpHeaders.add(USER_HEADER, user);
})
.build();
// 5. 使用新的请求创建新的exchange
ServerWebExchange mutatedExchange = exchange.mutate()
.request(mutatedRequest)
.build();
return chain.filter(mutatedExchange);
} catch (Exception e) {
log.error("get current user info error", e);
log.error("Error in AuthFilter", e);
return sendUnauthorizedResponse(exchange);
}
}
Expand All @@ -98,9 +130,12 @@ private Mono<Void> sendUnauthorizedResponse(ServerWebExchange exchange) {
}

/**
* JWT 认证优先级低于 SSO
* 用户数据隔离过滤器优先级
*
* Order = 2,在 OmsAuthFilter (Order=1) 之后执行
* 确保先执行 SSO 认证,再执行用户数据隔离
*
* @return order value (2 = lower priority than SSO filter)
* @return order value (2 = after SSO authentication)
*/
@Override
public int getOrder() {
Expand Down
Loading