|  |  |  | package com.epmet.auth; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import com.epmet.commons.tools.constant.AppClientConstant; | 
					
						
							|  |  |  | import com.epmet.commons.tools.constant.Constant; | 
					
						
							|  |  |  | import com.epmet.commons.tools.exception.EpmetErrorCode; | 
					
						
							|  |  |  | import com.epmet.commons.tools.exception.RenException; | 
					
						
							|  |  |  | import com.epmet.commons.tools.security.dto.BaseTokenDto; | 
					
						
							|  |  |  | import com.epmet.commons.tools.security.dto.GovTokenDto; | 
					
						
							|  |  |  | import com.epmet.commons.tools.security.dto.TokenDto; | 
					
						
							|  |  |  | import com.epmet.commons.tools.utils.CpUserDetailRedis; | 
					
						
							|  |  |  | import com.epmet.filter.CpProperty; | 
					
						
							|  |  |  | import com.epmet.jwt.JwtTokenUtils; | 
					
						
							|  |  |  | import io.jsonwebtoken.Claims; | 
					
						
							|  |  |  | import org.apache.commons.lang3.StringUtils; | 
					
						
							|  |  |  | import org.slf4j.Logger; | 
					
						
							|  |  |  | import org.slf4j.LoggerFactory; | 
					
						
							|  |  |  | import org.springframework.beans.factory.annotation.Autowired; | 
					
						
							|  |  |  | import org.springframework.cloud.gateway.filter.GatewayFilterChain; | 
					
						
							|  |  |  | import org.springframework.http.HttpHeaders; | 
					
						
							|  |  |  | import org.springframework.http.server.reactive.ServerHttpRequest; | 
					
						
							|  |  |  | import org.springframework.stereotype.Component; | 
					
						
							|  |  |  | import org.springframework.util.AntPathMatcher; | 
					
						
							|  |  |  | import org.springframework.web.server.ServerWebExchange; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * 内部认证处理器 | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | @Component | 
					
						
							|  |  |  | public class InternalAuthProcessor extends AuthProcessor { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     private Logger logger = LoggerFactory.getLogger(getClass()); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     @Autowired | 
					
						
							|  |  |  |     private JwtTokenUtils jwtTokenUtils; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     @Autowired | 
					
						
							|  |  |  |     private CpUserDetailRedis cpUserDetailRedis; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     private final AntPathMatcher antPathMatcher = new AntPathMatcher(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     @Autowired | 
					
						
							|  |  |  |     private CpProperty cpProperty; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     @Override | 
					
						
							|  |  |  |     public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) { | 
					
						
							|  |  |  |         ServerHttpRequest request = exchange.getRequest(); | 
					
						
							|  |  |  |         String requestUri = request.getPath().pathWithinApplication().value(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         String token = getTokenFromRequest(request); | 
					
						
							|  |  |  |         //BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null;
 | 
					
						
							|  |  |  |         BaseTokenDto baseTokenDto; | 
					
						
							|  |  |  |         if(StringUtils.isNotBlank(token)){ | 
					
						
							|  |  |  |             try{ | 
					
						
							|  |  |  |                 baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); | 
					
						
							|  |  |  |             }catch(RenException e){ | 
					
						
							|  |  |  |                 //return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
 | 
					
						
							|  |  |  |                 throw new RenException(e.getCode(), e.getInternalMsg()); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         }else{ | 
					
						
							|  |  |  |             baseTokenDto = null; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         String customerId = ""; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (baseTokenDto != null) { | 
					
						
							|  |  |  |             if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) { | 
					
						
							|  |  |  |                 // 居民端
 | 
					
						
							|  |  |  |                 TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class); | 
					
						
							|  |  |  |                 if (resiTokenDto != null) { | 
					
						
							|  |  |  |                     customerId = resiTokenDto.getCustomerId(); | 
					
						
							|  |  |  |                     baseTokenDto = resiTokenDto; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) { | 
					
						
							|  |  |  |                 // 政府端
 | 
					
						
							|  |  |  |                 GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, GovTokenDto.class); | 
					
						
							|  |  |  |                 if (govTokenDto != null) { | 
					
						
							|  |  |  |                     customerId = govTokenDto.getCustomerId(); | 
					
						
							|  |  |  |                     baseTokenDto = govTokenDto; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){ | 
					
						
							|  |  |  |                 //运营端
 | 
					
						
							|  |  |  |                 TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class); | 
					
						
							|  |  |  |                 if (resiTokenDto != null) { | 
					
						
							|  |  |  |                     customerId = resiTokenDto.getCustomerId(); | 
					
						
							|  |  |  |                     baseTokenDto = resiTokenDto; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (needAuth(requestUri)) { | 
					
						
							|  |  |  |             // 校验token
 | 
					
						
							|  |  |  |             if (StringUtils.isBlank(token)) { | 
					
						
							|  |  |  |                 //return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
 | 
					
						
							|  |  |  |                 throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             try { | 
					
						
							|  |  |  |                 validateTokenDto(baseTokenDto, token); | 
					
						
							|  |  |  |             } catch (RenException e) { | 
					
						
							|  |  |  |                 //return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
 | 
					
						
							|  |  |  |                 throw new RenException(e.getCode(), e.getInternalMsg()); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // 添加header
 | 
					
						
							|  |  |  |         if (baseTokenDto != null) { | 
					
						
							|  |  |  |             String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId(); | 
					
						
							|  |  |  |             logger.info("redisKey=" + redisKey); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             ServerHttpRequest.Builder builder = exchange.getRequest().mutate(); | 
					
						
							|  |  |  |             builder.header(Constant.APP_USER_KEY, redisKey); | 
					
						
							|  |  |  |             builder.header(AppClientConstant.APP,baseTokenDto.getApp()); | 
					
						
							|  |  |  |             builder.header(AppClientConstant.CLIENT,baseTokenDto.getClient()); | 
					
						
							|  |  |  |             builder.header(AppClientConstant.USER_ID,baseTokenDto.getUserId()); | 
					
						
							|  |  |  |             if (StringUtils.isNotBlank(baseTokenDto.getCustomerId())) { | 
					
						
							|  |  |  |                 builder.header(AppClientConstant.CUSTOMER_ID,baseTokenDto.getCustomerId()); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (StringUtils.equals(baseTokenDto.getApp(), "gov")) {//工作端
 | 
					
						
							|  |  |  |                 if(StringUtils.isNotBlank(customerId)){ | 
					
						
							|  |  |  |                     exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } else if (StringUtils.equals(baseTokenDto.getApp(), "public")) {//公众号端
 | 
					
						
							|  |  |  |                 exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             ServerHttpRequest build = exchange.getRequest().mutate().build(); | 
					
						
							|  |  |  |             return exchange.mutate().request(build).build(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return exchange; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * 是否需要认证 | 
					
						
							|  |  |  |      * @param requestUri | 
					
						
							|  |  |  |      * @return | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     private boolean needAuth(String requestUri) { | 
					
						
							|  |  |  |         for (String url : cpProperty.getInternalAuthUrlsWhiteList()) { | 
					
						
							|  |  |  |             if (antPathMatcher.match(url, requestUri)) { | 
					
						
							|  |  |  |                 return false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         for (String url : cpProperty.getInternalAuthUrls()) { | 
					
						
							|  |  |  |             if (antPathMatcher.match(url, requestUri)) { | 
					
						
							|  |  |  |                 return true; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return false; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * 从请求中获取token | 
					
						
							|  |  |  |      * @param request | 
					
						
							|  |  |  |      * @return | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     private String getTokenFromRequest(ServerHttpRequest request) { | 
					
						
							|  |  |  |         HttpHeaders headers = request.getHeaders(); | 
					
						
							|  |  |  |         String token = headers.getFirst(Constant.AUTHORIZATION_HEADER); | 
					
						
							|  |  |  |         if (StringUtils.isBlank(token)) { | 
					
						
							|  |  |  |             token = headers.getFirst(Constant.TOKEN_HEADER); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (StringUtils.isBlank(token)) { | 
					
						
							|  |  |  |             token = request.getQueryParams().getFirst(Constant.AUTHORIZATION_HEADER); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return token; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) { | 
					
						
							|  |  |  |         //是否过期
 | 
					
						
							|  |  |  |         Claims claims = jwtTokenUtils.getClaimByToken(token); | 
					
						
							|  |  |  |         if (claims == null || jwtTokenUtils.isTokenExpired(claims.getExpiration())) { | 
					
						
							|  |  |  |             return null; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         //获取用户ID
 | 
					
						
							|  |  |  |         String app = (String) claims.get("app"); | 
					
						
							|  |  |  |         String client = (String) claims.get("client"); | 
					
						
							|  |  |  |         String userId = (String) claims.get("userId"); | 
					
						
							|  |  |  |         return new BaseTokenDto(app, client, userId, token); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     private <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, Class<T> clz) { | 
					
						
							|  |  |  |         BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); | 
					
						
							|  |  |  |         //查询Redis
 | 
					
						
							|  |  |  |         return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * 校验Token是否异常 | 
					
						
							|  |  |  |      * @param tokenDto | 
					
						
							|  |  |  |      * @param tokenStr | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     private void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) { | 
					
						
							|  |  |  |         if (null == tokenDto) { | 
					
						
							|  |  |  |             //说明登录状态时效(超时)
 | 
					
						
							|  |  |  |             throw new RenException(EpmetErrorCode.ERR10006.getCode()); | 
					
						
							|  |  |  |         }else{ | 
					
						
							|  |  |  |             //Redis中存在数据,取出token,进行比对
 | 
					
						
							|  |  |  |             if(StringUtils.equals(tokenDto.getToken(),tokenStr)){ | 
					
						
							|  |  |  |                 //用户携带token与Redis中一致
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             }else{ | 
					
						
							|  |  |  |                 //用户携带token与Redis中不一致,说明当前用户此次会话失效,提示重新登陆
 | 
					
						
							|  |  |  |                 throw new RenException(EpmetErrorCode.ERR10007.getCode()); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } |