You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
3.1 KiB
84 lines
3.1 KiB
package com.epmet.auth;
|
|
|
|
import com.epmet.commons.security.jwt.JwtUtils;
|
|
import com.epmet.commons.security.sign.openapi.OpenApiSignUtils;
|
|
import com.epmet.commons.tools.exception.EpmetErrorCode;
|
|
import com.epmet.commons.tools.exception.RenException;
|
|
import com.epmet.commons.tools.redis.RedisKeys;
|
|
import com.epmet.commons.tools.redis.RedisUtils;
|
|
import com.epmet.commons.tools.utils.Result;
|
|
import com.epmet.commons.tools.utils.SpringContextUtils;
|
|
import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
|
|
import io.jsonwebtoken.Claims;
|
|
import io.jsonwebtoken.Jwts;
|
|
import org.apache.commons.lang3.StringUtils;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
|
import org.springframework.stereotype.Component;
|
|
import org.springframework.web.server.ServerWebExchange;
|
|
|
|
/**
|
|
* 外部应用认证处理器:来平台token的方式
|
|
*/
|
|
@Component
|
|
public class ExtAppFetchTokenAuthProcessor extends ExtAppAuthProcessor {
|
|
|
|
@Autowired
|
|
private JwtUtils jwtTokenUtils;
|
|
|
|
@Autowired
|
|
private RedisUtils redisUtils;
|
|
|
|
@Override
|
|
public void auth(String appId, String token, Long ts, ServerWebExchange exchange) {
|
|
// 这种方式不需要其他平台传appId,因此我们自己从redis中取
|
|
appId = (String) redisUtils.get(RedisKeys.getOpenApiAccessTokenKey(token));
|
|
|
|
// 1.token过期校验
|
|
if (StringUtils.isBlank(appId)) {
|
|
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(),
|
|
EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg());
|
|
}
|
|
|
|
String secret = getSecret(appId);
|
|
|
|
if (jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
|
|
throw new RenException(EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getCode(),
|
|
EpmetErrorCode.OPEN_API_SIGN_TOKEN_EXPIRED.getMsg());
|
|
}
|
|
|
|
// 2.验签
|
|
// 验签暂时放到具体接口中
|
|
//openApiSignUtils.checkSign();
|
|
|
|
// 2. 获取claims
|
|
Claims claims = jwtTokenUtils.getClaimByToken(token, secret);
|
|
appId = claims.get("appId", String.class);
|
|
|
|
if (!StringUtils.isBlank(appId)) {
|
|
ServerHttpRequest.Builder mutate = exchange.getRequest().mutate();
|
|
mutate.header("appId", appId);
|
|
exchange.mutate().request(mutate.build()).build();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @Description 获取秘钥
|
|
* @return
|
|
* @author wxz
|
|
* @date 2021.03.23 14:12
|
|
*/
|
|
private String getSecret(String appId) {
|
|
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
|
|
Result<String> result = commonService.getSecret(appId);
|
|
if (result == null || !result.success()) {
|
|
throw new RenException("fetchToken方式的外部应用认证,获取secret失败");
|
|
}
|
|
String secret = result.getData();
|
|
if (StringUtils.isBlank(secret)) {
|
|
throw new RenException("fetchToken方式的外部应用认证,获取secret失败");
|
|
}
|
|
|
|
return secret;
|
|
}
|
|
}
|
|
|