InternalTokenInterceptor.java
package com.sintia.ffl.admin.optique.api.interceptors;
import com.sintia.ffl.admin.optique.api.exceptions.BadInternalTokenException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
@Component
public class InternalTokenInterceptor implements HandlerInterceptor {
@Value("${app.internal-auth-token}")
private String internalAuthToken;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
final String servletPath = request.getServletPath();
if(servletPath.startsWith("/api")) {
final String internalToken = request.getHeader("X-Internal-Token");
if (internalToken == null || internalToken.isBlank() || !internalToken.equals(internalAuthToken)) {
throw new BadInternalTokenException("Le token d'authentification interne est absent ou invalide");
}
}
return HandlerInterceptor.super.preHandle(request, response, handler);
}
}