feat:黑名单自定义异常状态码

youlai-common/common-core/src/main/java/com/youlai/common/result/ResultCode.java

@@ -26,6 +26,7 @@ public enum ResultCode implements IResultCode, Serializable {
     INPUT_PASSWORD_EXCEED_LIMIT("A0211", "用户输入密码次数超限"),
     CLIENT_AUTHENTICATION_FAILED("A0212", "客户端认证失败"), // *
     TOKEN_INVALID_OR_EXPIRED("A0230", "token无效或已过期"),
+    TOKEN_ACCESS_FORBIDDEN("A0231", "token已被禁止访问"),
 
     AUTHORIZED_ERROR("A0300", "访问权限异常"),
     ACCESS_UNAUTHORIZED("A0301", "访问未授权"),

youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java

@@ -54,19 +54,19 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
 
         // 无token放行
         String token = request.getHeaders().getFirst(AuthConstants.AUTHORIZATION_KEY);
-        if (StrUtil.isBlank(token) || !token.startsWith(AuthConstants.JWT_PREFIX)) {
+        if (StrUtil.isBlank(token) || !token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) {
             return chain.filter(exchange);
         }
 
         // 解析JWT获取jti，以jti为key判断redis的黑名单列表是否存在，存在拦截响应token失效
-        token = token.replace(AuthConstants.JWT_PREFIX, Strings.EMPTY);
+        token = token.replace(AuthConstants.AUTHORIZATION_PREFIX, Strings.EMPTY);
         JWSObject jwsObject = JWSObject.parse(token);
         String payload = jwsObject.getPayload().toString();
         JSONObject jsonObject = JSONUtil.parseObj(payload);
-        String jti = jsonObject.getStr(AuthConstants.CLIENT_ID_KEY);
+        String jti = jsonObject.getStr(AuthConstants.JWT_JTI);
         Boolean isBlack = redisTemplate.hasKey(AuthConstants.TOKEN_BLACKLIST_PREFIX + jti);
         if (isBlack) {
-            return WebUtils.writeFailedToResponse(response, ResultCode.TOKEN_INVALID_OR_EXPIRED);
+            return WebUtils.writeFailedToResponse(response, ResultCode.TOKEN_ACCESS_FORBIDDEN);
         }
 
         // 存在token且不是黑名单，request写入JWT的载体信息