epmet-cloud-lingshan/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java

package com.epmet.auth;

import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.utils.Result;
import com.epmet.filter.CpProperty;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/**
 * 外部应用认证
 */
@Component
public class ExternalAuthProcessor extends AuthProcessor {

    private Logger logger = LoggerFactory.getLogger(getClass());

    // 头s
    public static final String AUTHORIZATION_TOKEN_HEADER_KEY = "Authorization";
    public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken";
    public static final String APP_ID_HEADER_KEY = "appId";
    public static final String APP_ID_TIMESTAMP_KEY = "ts";
    public static final String APP_ID_CUSTOMER_ID_KEY = "CustomerId";
    public static final String APP_ID_AUTY_TYPE_KEY = "AuthType";

    // 认证方式
    public static final String APP_AUTH_TYPE_JWT = "jwt";
    public static final String APP_AUTH_TYPE_MD5 = "md5";


    @Autowired
    private ExtAppJwtAuthProcessor jwtAuthProcessor;

    @Autowired
    private ExtAppMD5AuthProcessor md5AuthProcessor;

    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Autowired
    private CpProperty cpProperty;

    @Override
    public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();

        // 只有在外部应用urls中的url才会允许外部应用访问，否则不允许访问
        String requestUri = request.getPath().pathWithinApplication().value();

        boolean inPaths = false;
        for (String url : cpProperty.getExternalOpenUrls()) {
            if (antPathMatcher.match(url, requestUri)) {
                inPaths = true;
            }
        }

        if (!inPaths) {
            throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放");
        }

        HttpHeaders headers = request.getHeaders();

        String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);
        String appId = headers.getFirst(APP_ID_HEADER_KEY);
        String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY);
        String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY);
        String authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY);

        if (StringUtils.isAnyBlank(token, appId)) {
            throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空");
        }

        logger.info("外部应用请求认证拦截Aspect执行，appId:{}, token:{}, ts:{}, customerId:{}, authType:{}",
                appId, token, ts, customerId, authType);

        // 没传authType或者传的jwt都用jwtprocessor处理
        try {
            if (StringUtils.isBlank(authType) || APP_AUTH_TYPE_JWT.equals(authType)) {
                jwtAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
            } else if (APP_AUTH_TYPE_MD5.equals(authType)) {
                md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
            } else {
                throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
            }
        } catch (RenException e) {
            return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
        } catch (Exception e) {
            logger.error("外部应用请求认证发生未知错误:" + ExceptionUtils.getErrorStackTrace(e));
            return response(exchange, new Result<>().error("外部应用请求认证发生未知错误"));
        }

        return chain.filter(exchange);
    }
}
重构认证-初步完成重构内部应用认证，待验证 5 years ago			`package com.epmet.auth;`

完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`import com.epmet.commons.tools.exception.EpmetErrorCode;`
			`import com.epmet.commons.tools.exception.ExceptionUtils;`
			`import com.epmet.commons.tools.exception.RenException;`
			`import com.epmet.commons.tools.utils.Result;`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`import com.epmet.filter.CpProperty;`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`import org.apache.commons.lang3.StringUtils;`
			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`
			`import org.springframework.beans.factory.annotation.Autowired;`
重构认证-初步完成重构内部应用认证，待验证 5 years ago			`import org.springframework.cloud.gateway.filter.GatewayFilterChain;`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`import org.springframework.http.HttpHeaders;`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`import org.springframework.http.server.reactive.ServerHttpRequest;`
重构认证-初步完成重构内部应用认证，待验证 5 years ago			`import org.springframework.stereotype.Component;`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`import org.springframework.util.AntPathMatcher;`
重构认证-初步完成重构内部应用认证，待验证 5 years ago			`import org.springframework.web.server.ServerWebExchange;`
			`import reactor.core.publisher.Mono;`

			`/**`
			`* 外部应用认证`
			`*/`
			`@Component`
			`public class ExternalAuthProcessor extends AuthProcessor {`

完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`private Logger logger = LoggerFactory.getLogger(getClass());`

			`// 头s`
			`public static final String AUTHORIZATION_TOKEN_HEADER_KEY = "Authorization";`
			`public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken";`
			`public static final String APP_ID_HEADER_KEY = "appId";`
			`public static final String APP_ID_TIMESTAMP_KEY = "ts";`
			`public static final String APP_ID_CUSTOMER_ID_KEY = "CustomerId";`
			`public static final String APP_ID_AUTY_TYPE_KEY = "AuthType";`

			`// 认证方式`
			`public static final String APP_AUTH_TYPE_JWT = "jwt";`
			`public static final String APP_AUTH_TYPE_MD5 = "md5";`


			`@Autowired`
			`private ExtAppJwtAuthProcessor jwtAuthProcessor;`

			`@Autowired`
			`private ExtAppMD5AuthProcessor md5AuthProcessor;`

调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`private final AntPathMatcher antPathMatcher = new AntPathMatcher();`

			`@Autowired`
			`private CpProperty cpProperty;`

重构认证-初步完成重构内部应用认证，待验证 5 years ago			`@Override`
			`public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) {`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`ServerHttpRequest request = exchange.getRequest();`

			`// 只有在外部应用urls中的url才会允许外部应用访问，否则不允许访问`
			`String requestUri = request.getPath().pathWithinApplication().value();`

			`boolean inPaths = false;`
			`for (String url : cpProperty.getExternalOpenUrls()) {`
			`if (antPathMatcher.match(url, requestUri)) {`
			`inPaths = true;`
			`}`
			`}`

			`if (!inPaths) {`
			`throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放");`
			`}`

			`HttpHeaders headers = request.getHeaders();`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago
			`String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);`
			`String appId = headers.getFirst(APP_ID_HEADER_KEY);`
			`String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY);`
			`String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY);`
			`String authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY);`

			`if (StringUtils.isAnyBlank(token, appId)) {`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空");`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`}`
重构认证-初步完成重构内部应用认证，待验证 5 years ago
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`logger.info("外部应用请求认证拦截Aspect执行，appId:{}, token:{}, ts:{}, customerId:{}, authType:{}",`
			`appId, token, ts, customerId, authType);`
重构认证-初步完成重构内部应用认证，待验证 5 years ago
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`// 没传authType或者传的jwt都用jwtprocessor处理`
			`try {`
			`if (StringUtils.isBlank(authType) \|\| APP_AUTH_TYPE_JWT.equals(authType)) {`
将外部应用认证-jwt方式-的customerId放到头里面，以便业务服务取用 5 years ago			`jwtAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`} else if (APP_AUTH_TYPE_MD5.equals(authType)) {`
将外部应用认证-jwt方式-的customerId放到头里面，以便业务服务取用 5 years ago			`md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`} else {`
调整内外部认证的逻辑，外部应用全部需要认证，urls中的是开放的 5 years ago			`throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");`
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`}`
			`} catch (RenException e) {`
			`return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));`
			`} catch (Exception e) {`
			`logger.error("外部应用请求认证发生未知错误:" + ExceptionUtils.getErrorStackTrace(e));`
			`return response(exchange, new Result<>().error("外部应用请求认证发生未知错误"));`
			`}`
重构认证-初步完成重构内部应用认证，待验证 5 years ago
完成"内部鉴权+外部应用鉴权"的整合 5 years ago			`return chain.filter(exchange);`
重构认证-初步完成重构内部应用认证，待验证 5 years ago			`}`
			`}`