越权问题处理

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java

@@ -2,6 +2,7 @@ package com.epmet.commons.tools.feign;
 
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.dto.result.OperResouce;
 import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory;
 import com.epmet.commons.tools.utils.Result;
 import org.springframework.cloud.openfeign.FeignClient;
@@ -9,6 +10,8 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+import java.util.List;
+
 /**
  * @Description 运营端权限模块
  * @Author yinzuomei
@@ -33,4 +36,11 @@ public interface CommonOperAccessOpenFeignClient {
      */
     @PostMapping("/oper/access/menu/hasPermission")
     Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
+
+    /**
+     * 需要验证的菜单资源
+     * @return
+     */
+    @PostMapping("/oper/access/menu/getExamineResourceUrls")
+    Result<List<OperResouce>> getExamineResourceUrls();
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java

@@ -2,10 +2,13 @@ package com.epmet.commons.tools.feign.fallback;
 
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.dto.result.OperResouce;
 import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
 import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
 
+import java.util.List;
+
 /**
  * @Description 运营端权限模块
  * @Author yinzuomei
@@ -23,5 +26,10 @@ public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccess
     public Result hasOperPermission(HasOperPermissionFormDTO form) {
         return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
     }
+
+    @Override
+    public Result<List<OperResouce>> getExamineResourceUrls() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls");
+    }
 }
 

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java

@@ -895,8 +895,12 @@ public class RedisKeys {
 	 * @param operId
 	 * @return
 	 */
+	public static String operResourcesBaseDir() {
+		return rootPrefix.concat("oper:access:resources:");
+	}
+
     public static String operResourcesByUserId(String operId) {
-		return rootPrefix.concat("oper:access:resources:").concat(operId);
+		return operResourcesBaseDir().concat(operId);
     }
 
 	/**

epmet-gateway/src/main/java/com/epmet/GatewayApplication.java

@@ -53,11 +53,11 @@ public class GatewayApplication {
 	/**
 	 * 初始化运营端校验资源列表
 	 */
-	@PostConstruct
+//	@PostConstruct
-	public void initOperExamineResources() {
+//	public void initOperExamineResources() {
-		if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) {
+//		if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) {
-			List<CpProperty.OperExamineResource> operExamineResourceUrls = cpProperty.getOperExamineResourceUrls();
+//			List<CpProperty.OperExamineResource> operExamineResourceUrls = cpProperty.getOperExamineResourceUrls();
-			redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls));
+//			redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls));
-		}
+//		}
-	}
+//	}
 }

epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java

@@ -4,12 +4,14 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.TypeReference;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
 import com.epmet.commons.tools.dto.result.OperResouce;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.EpmetException;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import com.epmet.commons.tools.feign.ResultDataResolver;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.dto.BaseTokenDto;
@@ -37,7 +39,7 @@ import java.util.List;
  * 内部认证处理器
  */
 @Component
-public class InternalAuthProcessor extends AuthProcessor {
+public class InternalAuthProcessor extends AuthProcessor implements ResultDataResolver {
 
     private Logger logger = LoggerFactory.getLogger(getClass());
 
@@ -145,7 +147,12 @@ public class InternalAuthProcessor extends AuthProcessor {
         List<OperResouce> resources = JSON.parseObject(resourceJsonString, new TypeReference<List<OperResouce>>() {});
 
         if (resources == null) {
-            return true;
+            // redis中没有缓存，需要api获取
+            resources = getResultDataOrThrowsException(operAccessOpenFeignClient.getExamineResourceUrls(), ServiceConstant.OPER_ACCESS_SERVER,
+                    EpmetErrorCode.SERVER_ERROR.getCode(), "调用operaccess获取要校验的资源失败", "调用operaccess获取要校验的资源失败");
+
+            // 缓存
+            redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(resources));
         }
 
         for (OperResouce resource : resources) {

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java

@@ -33,4 +33,11 @@ public interface OperAccessOpenFeignClient {
      */
     @PostMapping("/oper/access/menu/hasPermission")
     Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
+
+    /**
+     * 需要验证的菜单资源
+     * @return
+     */
+    @PostMapping("/oper/access/menu/getExamineResourceUrls")
+    Result getExamineResourceUrls();
 }

epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java

@@ -23,5 +23,10 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli
     public Result hasOperPermission(HasOperPermissionFormDTO form) {
         return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
     }
+
+    @Override
+    public Result getExamineResourceUrls() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls");
+    }
 }
 

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java

@@ -16,6 +16,7 @@ import com.epmet.commons.tools.validator.group.UpdateGroup;
 import com.epmet.dto.OperMenuDTO;
 import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.dto.result.MenuResourceDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.excel.OperMenuExcel;
 import com.epmet.service.OperMenuService;
 import com.epmet.service.OperResourceService;
@@ -166,7 +167,7 @@ public class OperMenuController {
 	}
 
 	/**
-	 * 是否有该接口的权限
+	 * 改运营人员是否有该接口的权限
 	 * @return
 	 */
 	@PostMapping("hasPermission")
@@ -187,4 +188,14 @@ public class OperMenuController {
 			return new Result().error();
 		}
 	}
+
+	/**
+	 * 需要验证的菜单资源
+	 * @return
+	 */
+	@PostMapping("getExamineResourceUrls")
+	public Result getExamineResourceUrls() {
+		List<OperResouce> resources = operMenuService.getExamineResourceUrls();
+		return new Result().ok(resources);
+	}
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java

@@ -52,4 +52,6 @@ public interface OperMenuDao extends BaseDao<OperMenuEntity> {
     List<OperMenuEntity> getListPid(String pid);
 
     List<OperResouce> getOperResourcesByUserId(String operId);
+
+    List<OperResouce> getExamineResourceUrls();
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java

@@ -21,6 +21,7 @@ import com.epmet.commons.mybatis.service.BaseService;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;
 
 import java.util.List;
@@ -143,4 +144,6 @@ public interface OperMenuService extends BaseService<OperMenuEntity> {
     void clearOperUserAccess(String app, String client, String userId);
 
     Boolean hasOperPermission(String uri, String method, String loginUserId);
+
+    List<OperResouce> getExamineResourceUrls();
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java

@@ -24,8 +24,11 @@ import com.epmet.commons.tools.constant.Constant;
 import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
 import com.epmet.commons.tools.exception.ErrorCode;
+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.HttpContextUtils;
@@ -72,6 +75,8 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
     private OperResourceService operResourceService;
     @Autowired
     private OperLanguageService operLanguageService;
+    @Autowired
+    private RedisUtils redisUtils;
 
     private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
@@ -116,6 +121,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
         insert(entity);
         saveLanguage(entity.getId(), "name", entity.getName());
 
+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("保存菜单配置异常:{}", msg);
+        }
+
         //保存菜单资源
         operResourceService.saveMenuResource(entity.getId(), entity.getName(), dto.getResourceList());
 
@@ -137,6 +149,21 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
         updateById(entity);
         saveLanguage(entity.getId(), "name", entity.getName());
 
+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("修改菜单配置异常:{}", msg);
+        }
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("修改菜单配置异常:{}", msg);
+        }
+
+
         //更新菜单资源
         operResourceService.saveMenuResource(entity.getId(), entity.getName(), dto.getResourceList());
 
@@ -154,6 +181,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void delete(String id, TokenDto tokenDto) {
+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("删除菜单配置异常:{}", msg);
+        }
+
         //逻辑删除
         baseDao.deleteBatchIds(Collections.singletonList(id));
         //删除角色菜单关系
@@ -279,4 +313,9 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
         }
         return false;
     }
+
+    @Override
+    public List<OperResouce> getExamineResourceUrls() {
+        return baseDao.getExamineResourceUrls();
+    }
 }

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java

@@ -21,7 +21,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.constant.FieldConstant;
+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.dao.OperRoleDao;
 import com.epmet.dto.OperRoleDTO;
@@ -30,6 +33,7 @@ import com.epmet.redis.OperRoleRedis;
 import com.epmet.service.OperRoleMenuService;
 import com.epmet.service.OperRoleService;
 import com.epmet.service.OperRoleUserService;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -46,6 +50,7 @@ import java.util.Map;
  * @since v1.0.0 2020-03-18
  */
 @Service
+@Slf4j
 public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEntity> implements OperRoleService {
 
     @Autowired
@@ -55,6 +60,9 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
     @Autowired
     private OperRoleUserService operRoleUserService;
 
+    @Autowired
+    private RedisUtils redisUtils;
+
     @Override
     public PageData<OperRoleDTO> page(Map<String, Object> params) {
         IPage<OperRoleEntity> page = baseDao.selectPage(
@@ -93,6 +101,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
         insert(entity);
         //保存角色菜单关系
         OperRoleMenuService.saveOrUpdate(entity.getId(), dto.getMenuIdList());
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("新增运营角色信息配置异常:{}", msg);
+        }
     }
 
     @Override
@@ -102,6 +117,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
         updateById(entity);
         //保存角色菜单关系
         OperRoleMenuService.saveOrUpdate(entity.getId(), dto.getMenuIdList());
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("修改运营角色信息配置异常:{}", msg);
+        }
     }
 
     @Override
@@ -113,6 +135,7 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
         OperRoleMenuService.deleteByRoleIds(ids);
 
         operRoleUserService.deleteByRoleIds(ids);
+
     }
 
 }

epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml

@@ -45,9 +45,16 @@
              , res.resource_method
         from oper_role_user ru
                      inner join oper_role_menu orm on (ru.role_id = orm.role_id and orm.DEL_FLAG = 0)
-                     inner join oper_menu m on (orm.menu_id = m.id and m.DEL_FLAG = 0 and m.type = 1)
                      inner join oper_resource res on (orm.menu_id = res.resource_code and res.DEL_FLAG=0)
         where ru.user_id = #{operId}
           and ru.DEL_FLAG = 0
     </select>
+
+    <!--需要验证的资源列表(配置给了菜单，并且没有被删除的资源列表)-->
+    <select id="getExamineResourceUrls" resultType="com.epmet.dto.result.OperResouce">
+        select distinct res.resource_url, res.resource_method
+        from oper_menu menu
+                     inner join oper_resource res on (menu.id = res.resource_code and res.DEL_FLAG = 0)
+        where menu.DEL_FLAG = 0
+    </select>
 </mapper>

epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java

@@ -26,8 +26,11 @@ import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.EpmetException;
+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.Result;
@@ -39,6 +42,7 @@ import com.epmet.entity.UserEntity;
 import com.epmet.feign.OperRoleUserFeignClient;
 import com.epmet.service.OperUserService;
 import com.epmet.service.UserService;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -56,6 +60,7 @@ import java.util.Map;
  * @since v1.0.0 2020-03-18
  */
 @Service
+@Slf4j
 public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEntity> implements OperUserService {
 
     @Autowired
@@ -64,6 +69,8 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
     private OperRoleUserFeignClient operRoleUserFeignClient;
     @Autowired
     private UserService userService;
+    @Autowired
+    private RedisUtils redisUtils;
 
     @Override
     public PageData<OperUserDTO> page(Map<String, Object> params) {
@@ -132,6 +139,13 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
 
         //更新角色用户关系
         operRoleUserFeignClient.saveOrUpdate(entity.getUserId(),dto.getRoleIdList());
+
+        try {
+            redisUtils.delete(RedisKeys.operResourcesByUserId(entity.getUserId()));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("删除运营人员信息配置异常:{}", msg);
+        }
     }
 
     @Override
@@ -141,6 +155,7 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
         baseDao.deleteBatchIds(Arrays.asList(ids));
 
         operRoleUserFeignClient.deleteByUserIds(ids);
+
     }
 
     @Override