epmet-cloud-lingshan/epmet-gateway/src/main/java/com/epmet/auth/ExtAppTakeTokenAuthProcesso...

package com.epmet.auth;

import com.epmet.commons.security.jwt.JwtUtils;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.redis.RedisKeys;
import com.epmet.commons.tools.redis.RedisUtils;
import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.utils.SpringContextUtils;
import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.openapi.constant.InClusterHeaderKeys;
import com.epmet.openapi.constant.RequestParamKeys;
import io.jsonwebtoken.Claims;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;

import java.util.Date;

/**
 * 外部应用认证处理器：来平台token的方式
 */
@Component
public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {

    @Autowired
    private JwtUtils jwtTokenUtils;

    @Autowired
    private RedisUtils redisUtils;

    @Override
    public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
        String secret = getSecret(appId);

        // 1.过期验证
        String accessTokenInCache = redisUtils.getString(RedisKeys.getOpenApiAccessTokenKey(appId));
        Date expiration = jwtTokenUtils.getExpiration(token, secret);
        if (StringUtils.isBlank(accessTokenInCache) ||
                expiration == null ||
                jwtTokenUtils.isTokenExpired(expiration)
        ) {

            throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
                    EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
        }

        // 2.验签
        // 验签暂时放到具体接口中，不放在gateway
        //openApiSignUtils.checkSign();

        // 2. 获取claims
        Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
        String appIdInAccessToken = claims.get(RequestParamKeys.APP_ID, String.class);

        if (!appId.equals(appIdInAccessToken)) {
            // 参数列表的appId和token中封装的不一致
            throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getCode(),
                    EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getMsg());
        }

        // 3.将app_id放入header中
        ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
        mutate.header(InClusterHeaderKeys.APP_ID, new String[]{appId});
        exchange.mutate().request(mutate.build()).build();
    }

    /**
     * @return
     * @Description 获取秘钥
     * @author wxz
     * @date 2021.03.23 14:12
     */
    private String getSecret(String appId) {
        EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
        Result<String> result = commonService.getSecret(appId);
        if (result == null || !result.success()) {
            throw new RenException("TakeToken方式的外部应用认证，获取secret失败");
        }
        String secret = result.getData();
        if (StringUtils.isBlank(secret)) {
            throw new RenException("TakeToken方式的外部应用认证，获取secret失败");
        }

        return secret;
    }
}
新增：接口手动验签 4 years ago			`package com.epmet.auth;`

			`import com.epmet.commons.security.jwt.JwtUtils;`
			`import com.epmet.commons.tools.exception.EpmetErrorCode;`
			`import com.epmet.commons.tools.exception.RenException;`
			`import com.epmet.commons.tools.redis.RedisKeys;`
			`import com.epmet.commons.tools.redis.RedisUtils;`
			`import com.epmet.commons.tools.utils.Result;`
			`import com.epmet.commons.tools.utils.SpringContextUtils;`
			`import com.epmet.feign.EpmetCommonServiceOpenFeignClient;`
调整完了openApi参数模式，待测试 4 years ago			`import com.epmet.openapi.constant.InClusterHeaderKeys;`
			`import com.epmet.openapi.constant.RequestParamKeys;`
新增：接口手动验签 4 years ago			`import io.jsonwebtoken.Claims;`
			`import org.apache.commons.lang3.StringUtils;`
			`import org.springframework.beans.factory.annotation.Autowired;`
			`import org.springframework.http.server.reactive.ServerHttpRequest;`
			`import org.springframework.stereotype.Component;`
			`import org.springframework.web.server.ServerWebExchange;`

修复：jwt过期之后，取过期时间为空，造成的空指针问题 4 years ago			`import java.util.Date;`

新增：接口手动验签 4 years ago			`/**`
			`* 外部应用认证处理器：来平台token的方式`
			`*/`
			`@Component`
openApi基本完成 4 years ago			`public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {`
新增：接口手动验签 4 years ago
			`@Autowired`
			`private JwtUtils jwtTokenUtils;`

openApi基本完成 4 years ago			`@Autowired`
			`private RedisUtils redisUtils;`

新增：接口手动验签 4 years ago			`@Override`
			`public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {`
			`String secret = getSecret(appId);`

openApi基本完成 4 years ago			`// 1.过期验证`
			`String accessTokenInCache = redisUtils.getString(RedisKeys.getOpenApiAccessTokenKey(appId));`
修复：jwt过期之后，取过期时间为空，造成的空指针问题 4 years ago			`Date expiration = jwtTokenUtils.getExpiration(token, secret);`
openApi基本完成 4 years ago			`if (StringUtils.isBlank(accessTokenInCache) \|\|`
修复：jwt过期之后，取过期时间为空，造成的空指针问题 4 years ago			`expiration == null \|\|`
			`jwtTokenUtils.isTokenExpired(expiration)`
			`) {`
openApi基本完成 4 years ago
修改：传参方式修改 half 4 years ago			`throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),`
			`EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());`
新增：接口手动验签 4 years ago			`}`

			`// 2.验签`
openApi基本完成 4 years ago			`// 验签暂时放到具体接口中，不放在gateway`
新增：接口手动验签 4 years ago			`//openApiSignUtils.checkSign();`

			`// 2. 获取claims`
			`Claims claims = jwtTokenUtils.getClaimByToken(token, secret);`
调整完了openApi参数模式，待测试 4 years ago			`String appIdInAccessToken = claims.get(RequestParamKeys.APP_ID, String.class);`
新增：接口手动验签 4 years ago
修改：传参方式修改 half 4 years ago			`if (!appId.equals(appIdInAccessToken)) {`
			`// 参数列表的appId和token中封装的不一致`
openApi基本完成 4 years ago			`throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getCode(),`
			`EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getMsg());`
新增：接口手动验签 4 years ago			`}`
修改：传参方式修改 half 4 years ago
			`// 3.将app_id放入header中`
			`ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();`
调整完了openApi参数模式，待测试 4 years ago			`mutate.header(InClusterHeaderKeys.APP_ID, new String[]{appId});`
修改：传参方式修改 half 4 years ago			`exchange.mutate().request(mutate.build()).build();`
新增：接口手动验签 4 years ago			`}`

			`/**`
			`* @return`
调整完了openApi参数模式，待测试 4 years ago			`* @Description 获取秘钥`
新增：接口手动验签 4 years ago			`* @author wxz`
			`* @date 2021.03.23 14:12`
调整完了openApi参数模式，待测试 4 years ago			`*/`
新增：接口手动验签 4 years ago			`private String getSecret(String appId) {`
			`EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);`
			`Result<String> result = commonService.getSecret(appId);`
			`if (result == null \|\| !result.success()) {`
修改：gateway中增加请求url的日志，和报错的日志 4 years ago			`throw new RenException("TakeToken方式的外部应用认证，获取secret失败");`
新增：接口手动验签 4 years ago			`}`
			`String secret = result.getData();`
			`if (StringUtils.isBlank(secret)) {`
修改：gateway中增加请求url的日志，和报错的日志 4 years ago			`throw new RenException("TakeToken方式的外部应用认证，获取secret失败");`
新增：接口手动验签 4 years ago			`}`

			`return secret;`
			`}`
			`}`