forked from luyan/epmet-cloud-lingshan
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 lines
3.3 KiB
89 lines
3.3 KiB
package com.epmet.auth;
|
|
|
|
import com.epmet.commons.security.jwt.JwtUtils;
|
|
import com.epmet.commons.tools.exception.EpmetErrorCode;
|
|
import com.epmet.commons.tools.exception.RenException;
|
|
import com.epmet.commons.tools.redis.RedisKeys;
|
|
import com.epmet.commons.tools.redis.RedisUtils;
|
|
import com.epmet.commons.tools.utils.Result;
|
|
import com.epmet.commons.tools.utils.SpringContextUtils;
|
|
import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
|
|
import com.epmet.openapi.constant.InClusterHeaderKeys;
|
|
import com.epmet.openapi.constant.RequestParamKeys;
|
|
import io.jsonwebtoken.Claims;
|
|
import org.apache.commons.lang3.StringUtils;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
|
import org.springframework.stereotype.Component;
|
|
import org.springframework.web.server.ServerWebExchange;
|
|
|
|
import java.util.Date;
|
|
|
|
/**
|
|
* 外部应用认证处理器:来平台token的方式
|
|
*/
|
|
@Component
|
|
public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {
|
|
|
|
@Autowired
|
|
private JwtUtils jwtTokenUtils;
|
|
|
|
@Autowired
|
|
private RedisUtils redisUtils;
|
|
|
|
@Override
|
|
public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
|
|
String secret = getSecret(appId);
|
|
|
|
// 1.过期验证
|
|
String accessTokenInCache = redisUtils.getString(RedisKeys.getOpenApiAccessTokenKey(appId));
|
|
Date expiration = jwtTokenUtils.getExpiration(token, secret);
|
|
if (StringUtils.isBlank(accessTokenInCache) ||
|
|
expiration == null ||
|
|
jwtTokenUtils.isTokenExpired(expiration)
|
|
) {
|
|
|
|
throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
|
|
EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
|
|
}
|
|
|
|
// 2.验签
|
|
// 验签暂时放到具体接口中,不放在gateway
|
|
//openApiSignUtils.checkSign();
|
|
|
|
// 2. 获取claims
|
|
Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
|
|
String appIdInAccessToken = claims.get(RequestParamKeys.APP_ID, String.class);
|
|
|
|
if (!appId.equals(appIdInAccessToken)) {
|
|
// 参数列表的appId和token中封装的不一致
|
|
throw new RenException(EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getCode(),
|
|
EpmetErrorCode.OPEN_API_PARAMS_APPID_DIFF.getMsg());
|
|
}
|
|
|
|
// 3.将app_id放入header中
|
|
ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
|
|
mutate.header(InClusterHeaderKeys.APP_ID, new String[]{appId});
|
|
exchange.mutate().request(mutate.build()).build();
|
|
}
|
|
|
|
/**
|
|
* @return
|
|
* @Description 获取秘钥
|
|
* @author wxz
|
|
* @date 2021.03.23 14:12
|
|
*/
|
|
private String getSecret(String appId) {
|
|
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
|
|
Result<String> result = commonService.getSecret(appId);
|
|
if (result == null || !result.success()) {
|
|
throw new RenException("TakeToken方式的外部应用认证,获取secret失败");
|
|
}
|
|
String secret = result.getData();
|
|
if (StringUtils.isBlank(secret)) {
|
|
throw new RenException("TakeToken方式的外部应用认证,获取secret失败");
|
|
}
|
|
|
|
return secret;
|
|
}
|
|
}
|
|
|