登錄鑒權

登錄鑒權：
1. 用戶名+密碼 登錄請求
2. 後臺接收登錄請求，生成ToKen（用戶名/密碼正確） 返回token
3. 請求其他api 都帶上token，後臺校驗token是否存在/過期

後臺代碼如下：
登錄/登出 --------------
@RestController
@RequestMapping
class AuthController {

@Autowired
private lateinit var tokenService: TokenService
@Autowired
private lateinit var appUserService: AppUserService

@PostMapping(value = ["/auth/login"])
fun login(username: String, password: String,
request: HttpServletRequest): RestResponse<Any> {
val predicate = Predicate.eq("username", username).eq("password", password)
val user = appUserService.findOne(predicate) ?: return RestResponse(1, "用戶不存在")
// 生成一個 token，保存用戶登錄狀態
val tokenModel = tokenService.createToken(user.userId, user.nickname, Utils.getIp(request))
return RestResponse(0, mapOf(
"user" to user,
"token" to tokenModel.token,
"roles" to arrayOf("admin")))
}
@PostMapping(value = ["/auth/logout"])
fun logout(@RequestAttribute tokenModel: TokenModel): RestResponse<Any> {
tokenService.deleteToken(tokenModel.token)
return RestResponse(0, "success")
}

}
-----配置攔截器---------------------------
WebAppConfigurer.kt
override fun addInterceptors(registry: InterceptorRegistry) {
registry.addInterceptor(authInterceptor())
.excludePathPatterns("/auth/**")
.excludePathPatterns("/rest/**")
}

@Bean
fun authInterceptor(): AuthInterceptor {
return AuthInterceptor()
}
攔截器-------------------------------
@Component
class AuthInterceptor : HandlerInterceptorAdapter() {

@Autowired
private lateinit var tokenService: TokenService

@Throws(Exception::class)
override fun preHandle(request: HttpServletRequest, response: HttpServletResponse, handler: Any): Boolean {
//從header中得到token
val token = request.getHeader("x-token")
//驗證token
val tokenModel = tokenService.checkToken(token)
if (tokenModel != null) {
//如果token驗證成功，將token對應的用戶id存在request中，便於之後註入
request.setAttribute("tokenModel", tokenModel)
return true
}
//如果驗證token失敗，返回401錯誤
response.status = HttpServletResponse.SC_UNAUTHORIZED
return false
}
}