|
|
|
|
package com.epmet.auth;
|
|
|
|
|
|
|
|
|
|
import com.epmet.commons.tools.exception.EpmetErrorCode;
|
|
|
|
|
import com.epmet.commons.tools.exception.ExceptionUtils;
|
|
|
|
|
import com.epmet.commons.tools.exception.RenException;
|
|
|
|
|
import com.epmet.filter.CpProperty;
|
|
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
|
|
|
import org.slf4j.Logger;
|
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
|
|
|
|
import org.springframework.http.HttpHeaders;
|
|
|
|
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
|
|
|
|
import org.springframework.stereotype.Component;
|
|
|
|
|
import org.springframework.util.AntPathMatcher;
|
|
|
|
|
import org.springframework.web.server.ServerWebExchange;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 外部应用认证
|
|
|
|
|
*/
|
|
|
|
|
@Component
|
|
|
|
|
public class ExternalAuthProcessor extends AuthProcessor {
|
|
|
|
|
|
|
|
|
|
private Logger logger = LoggerFactory.getLogger(getClass());
|
|
|
|
|
|
|
|
|
|
// 头s
|
|
|
|
|
public static final String AUTHORIZATION_TOKEN_HEADER_KEY = "Authorization";
|
|
|
|
|
public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken";
|
|
|
|
|
public static final String APP_ID_HEADER_KEY = "appId";
|
|
|
|
|
public static final String APP_ID_TIMESTAMP_KEY = "ts";
|
|
|
|
|
public static final String APP_ID_CUSTOMER_ID_KEY = "CustomerId";
|
|
|
|
|
public static final String APP_ID_AUTY_TYPE_KEY = "AuthType";
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 认证方式
|
|
|
|
|
*/
|
|
|
|
|
// 调用方生成jwt
|
|
|
|
|
public static final String APP_AUTH_TYPE_JWT = "jwt";
|
|
|
|
|
// 调用方生成md5
|
|
|
|
|
public static final String APP_AUTH_TYPE_MD5 = "md5";
|
|
|
|
|
// 获取token方式
|
|
|
|
|
public static final String APP_AUTH_TYPE_FETCH_TOKEN = "fetchToken";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private ExtAppJwtAuthProcessor jwtAuthProcessor;
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private ExtAppMD5AuthProcessor md5AuthProcessor;
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private ExtAppFetchTokenAuthProcessor fetchTokenAuthProcessor;
|
|
|
|
|
|
|
|
|
|
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private CpProperty cpProperty;
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) {
|
|
|
|
|
ServerHttpRequest request = exchange.getRequest();
|
|
|
|
|
|
|
|
|
|
// 只有在外部应用urls中的url才会允许外部应用访问,否则不允许访问
|
|
|
|
|
String requestUri = request.getPath().pathWithinApplication().value();
|
|
|
|
|
|
|
|
|
|
boolean inPaths = false;
|
|
|
|
|
for (String url : cpProperty.getExternalOpenUrls()) {
|
|
|
|
|
if (antPathMatcher.match(url, requestUri)) {
|
|
|
|
|
inPaths = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!inPaths) {
|
|
|
|
|
throw new RenException(EpmetErrorCode.ERR401.getCode(), "所请求的url并未对外部应用开放");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
HttpHeaders headers = request.getHeaders();
|
|
|
|
|
|
|
|
|
|
String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY);
|
|
|
|
|
String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY);
|
|
|
|
|
String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY);
|
|
|
|
|
String authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY);
|
|
|
|
|
|
|
|
|
|
logger.info("外部应用请求认证拦截Aspect执行,token:{}, ts:{}, customerId:{}, authType:{}",
|
|
|
|
|
token, ts, customerId, authType);
|
|
|
|
|
|
|
|
|
|
// 没传authType或者传的jwt都用jwtprocessor处理
|
|
|
|
|
try {
|
|
|
|
|
if (StringUtils.isBlank(authType) || APP_AUTH_TYPE_JWT.equals(authType)) {
|
|
|
|
|
String appId = headers.getFirst(APP_ID_HEADER_KEY);
|
|
|
|
|
if (StringUtils.isAnyBlank(token, appId)) {
|
|
|
|
|
throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空");
|
|
|
|
|
}
|
|
|
|
|
jwtAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
|
|
|
|
|
} else if (APP_AUTH_TYPE_MD5.equals(authType)) {
|
|
|
|
|
String appId = headers.getFirst(APP_ID_HEADER_KEY);
|
|
|
|
|
if (StringUtils.isAnyBlank(token, appId)) {
|
|
|
|
|
throw new RenException(EpmetErrorCode.ERR401.getCode(), "请求头中的AccessToken和AppId不能为空");
|
|
|
|
|
}
|
|
|
|
|
md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
|
|
|
|
|
} else if (APP_AUTH_TYPE_FETCH_TOKEN.equals(authType)) {
|
|
|
|
|
fetchTokenAuthProcessor.auth(null, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null, exchange);
|
|
|
|
|
} else {
|
|
|
|
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
|
|
|
|
|
}
|
|
|
|
|
} catch (RenException e) {
|
|
|
|
|
//return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
|
|
|
|
|
throw new RenException(e.getCode(),e.getInternalMsg());
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
logger.error("外部应用请求认证发生未知错误:" + ExceptionUtils.getErrorStackTrace(e));
|
|
|
|
|
//return response(exchange, new Result<>().error("外部应用请求认证发生未知错误"));
|
|
|
|
|
throw new RenException("外部应用请求认证发生未知错误");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return exchange;
|
|
|
|
|
}
|
|
|
|
|
}
|
