luyan
/
epmet-cloud-lingshan
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'dev' into develop

master
wxz 4 years ago
parent
aa8d555e25 d98405c31f
commit
463e65804a
5 changed files with 198 additions and 230 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      epmet-gateway/src/main/java/com/epmet/auth/ExtAppTakeTokenAuthProcessor.java
  2. 344
      epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
  3. 38
      epmet-module/data-aggregator/data-aggregator-client/src/main/java/com/epmet/dataaggre/dto/datastats/form/SubTopicAndGroupFormDTO.java
  4. 38
      epmet-module/data-aggregator/data-aggregator-client/src/main/java/com/epmet/dataaggre/dto/datastats/form/SubUserTotalFormDTO.java
  5. 2
      epmet-module/data-aggregator/data-aggregator-server/src/main/java/com/epmet/dataaggre/aspect/RequestLogAspect.java

6
epmet-gateway/src/main/java/com/epmet/auth/ExtAppTakeTokenAuthProcessor.java
View File

@ -1,7 +1,6 @@
package com.epmet.auth;
import com.epmet.commons.security.jwt.JwtUtils;
import com.epmet.commons.security.sign.openapi.OpenApiSignUtils;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.redis.RedisKeys;
@ -12,7 +11,6 @@ import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
import com.epmet.openapi.constant.InClusterHeaderKeys;
import com.epmet.openapi.constant.RequestParamKeys;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.server.reactive.ServerHttpRequest;
@ -79,11 +77,11 @@ public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class);
Result<String> result = commonService.getSecret(appId);
if (result == null || !result.success()) {
throw new RenException("fetchToken方式的外部应用认证,获取secret失败");
throw new RenException("TakeToken方式的外部应用认证,获取secret失败");
}
String secret = result.getData();
if (StringUtils.isBlank(secret)) {
throw new RenException("fetchToken方式的外部应用认证,获取secret失败");
throw new RenException("TakeToken方式的外部应用认证,获取secret失败");
}
return secret;

344
epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
View File

@ -5,6 +5,7 @@ import com.alibaba.fastjson.JSON;
import com.epmet.auth.ExternalAuthProcessor;
import com.epmet.auth.InternalAuthProcessor;
import com.epmet.commons.tools.constant.AppClientConstant;
import com.epmet.commons.tools.exception.ExceptionUtils;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.utils.IpUtils;
import com.epmet.commons.tools.utils.Result;
@ -26,13 +27,13 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import java.util.*;
/**
* app接口权限过滤器
@ -43,152 +44,197 @@ import java.util.List;
@Component("CpAuth")
public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpAuthGatewayFilterFactory.CpAuthConfig> {
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private InternalAuthProcessor internalAuthProcessor;
@Autowired
private ExternalAuthProcessor externalAuthProcessor;
@Override
public List<String> shortcutFieldOrder() {
return Arrays.asList("enabled");
}
public CpAuthGatewayFilterFactory() {
super(CpAuthConfig.class);
}
@Override
public GatewayFilter apply(CpAuthConfig config) {
return (exchange, chain) -> {
if (!config.isEnabled()) {
return chain.filter(exchange);
}
//添加流水号
ServerHttpRequest request = exchange.getRequest();
List<String> tranSerials = request.getHeaders().get(AppClientConstant.TRANSACTION_SERIAL_KEY);
if (CollectionUtils.isEmpty(tranSerials) || StringUtils.isBlank(tranSerials.get(0))) {
request.mutate().header(AppClientConstant.TRANSACTION_SERIAL_KEY, new String[]{getTransactionSerial()});
}
String authType = getAuthType(request);
String requestUri = request.getPath().pathWithinApplication().value();
logger.info("CpAuthGatewayFilterFactory当前requestUri=[" + requestUri + "],CpAuthGatewayFilterFactory拦截成功,客户端Id:{}", IpUtils.getClientIp(request));
try {
switch (authType) {
case AuthTypeConstant.AUTH_TYPE_ALL:
externalAuthProcessor.auth(exchange, chain);
internalAuthProcessor.auth(exchange, chain);
break;
case AuthTypeConstant.AUTH_TYPE_EXTERNAL:
externalAuthProcessor.auth(exchange, chain);
break;
case AuthTypeConstant.AUTH_TYPE_INTERNAL:
internalAuthProcessor.auth(exchange, chain);
break;
}
} catch (RenException e) {
return response(exchange, new Result<>().error(e.getCode(), e.getMessage()));
} catch (Exception e) {
return response(exchange, new Result<>().error(e.getMessage()));
}
return chain.filter(exchange);
};
}
/**
* 判断需要执行的认证方式(内部应用认证还是外部应用认证)
* @return
*/
private String getAuthType(ServerHttpRequest request) {
//String requestUri = request.getPath().pathWithinApplication().value();
// 是否在外部认证列表中(外部认证列表中的url,是对外部应用开放的,只有在这个列表中的url才对外部应用开放)
//boolean inExtAuthPaths = false;
//
//for (String url : cpProperty.getExternalAuthUrls()) {
// if (antPathMatcher.match(url, requestUri)) {
// inExtAuthPaths = true;
// }
//}
String authType = ServerHttpRequestUtils.getRequestParam(request, RequestParamKeys.AUTH_TYPE);
if (StringUtils.isNotBlank(authType) && AuthTypes.TAKE_TOKEN.equals(authType)) {
return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
}
boolean needExternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY));
boolean needInternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.AUTHORIZATION_TOKEN_HEADER_KEY));
if (needExternal && needInternal) {
return AuthTypeConstant.AUTH_TYPE_ALL;
}
if (needExternal) {
// url对外部应用开放,并且头里面有AccessToken,那么走外部应用认证
return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
}
return AuthTypeConstant.AUTH_TYPE_INTERNAL;
}
/**
* 获取请求头
* @param request
* @return
*/
private String getHeader(ServerHttpRequest request, String headerName) {
HttpHeaders headers = request.getHeaders();
return headers.getFirst(headerName);
}
/**
* 获取事务流水号
* @return
*/
public static String getTransactionSerial() {
String[] letterPool = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n"
, "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"};
StringBuilder sb = new StringBuilder();
for (int i = 0; i < 2; i++) {
sb.append(letterPool[(int) (Math.random() * 25)]);
}
sb.append(System.currentTimeMillis());
return sb.toString();
}
public static class CpAuthConfig {
/**
* 控制是否开启认证
*/
private boolean enabled;
public CpAuthConfig() {
}
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
protected Mono<Void> response(ServerWebExchange exchange, Object object) {
String json = JSON.toJSONString(object);
DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(json.getBytes(StandardCharsets.UTF_8));
exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8);
exchange.getResponse().setStatusCode(HttpStatus.OK);
return exchange.getResponse().writeWith(Flux.just(buffer));
}
private Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private InternalAuthProcessor internalAuthProcessor;
@Autowired
private ExternalAuthProcessor externalAuthProcessor;
@Override
public List<String> shortcutFieldOrder() {
return Arrays.asList("enabled");
}
public CpAuthGatewayFilterFactory() {
super(CpAuthConfig.class);
}
@Override
public GatewayFilter apply(CpAuthConfig config) {
return (exchange, chain) -> {
if (!config.isEnabled()) {
return chain.filter(exchange);
}
//1.添加流水号
ServerHttpRequest request = exchange.getRequest();
List<String> tranSerials = request.getHeaders().get(AppClientConstant.TRANSACTION_SERIAL_KEY);
if (CollectionUtils.isEmpty(tranSerials) || StringUtils.isBlank(tranSerials.get(0))) {
request.mutate().header(AppClientConstant.TRANSACTION_SERIAL_KEY, new String[]{getTransactionSerial()});
}
//2.获取请求路径,参数
String requestUri = request.getPath().pathWithinApplication().value();
MultiValueMap<String, String> queryParams = request.getQueryParams();
String queryParamsStr = convertQueryParams2String(queryParams);
logger.info("CpAuthGatewayFilterFactory当前requestUri=[" + requestUri.concat(queryParamsStr) + "],CpAuthGatewayFilterFactory拦截成功,客户端Id:{}", IpUtils.getClientIp(request));
//3.认证
String authType = getAuthType(request);
logger.info("认证类型为:{}", authType);
try {
switch (authType) {
case AuthTypeConstant.AUTH_TYPE_ALL:
externalAuthProcessor.auth(exchange, chain);
internalAuthProcessor.auth(exchange, chain);
break;
case AuthTypeConstant.AUTH_TYPE_EXTERNAL:
externalAuthProcessor.auth(exchange, chain);
break;
case AuthTypeConstant.AUTH_TYPE_INTERNAL:
internalAuthProcessor.auth(exchange, chain);
break;
}
} catch (RenException e) {
logger.error("CpAuthGatewayFilterFactory认证出错,错误信息:{}", ExceptionUtils.getErrorStackTrace(e));
return response(exchange, new Result<>().error(e.getCode(), e.getMessage()));
} catch (Exception e) {
logger.error("CpAuthGatewayFilterFactory认证出错,错误信息:{}", ExceptionUtils.getErrorStackTrace(e));
return response(exchange, new Result<>().error(e.getMessage()));
}
return chain.filter(exchange);
};
}
/**
* @return
* @Description 将url参数转化为String
* @author wxz
* @date 2021.08.11 23:12
*/
private String convertQueryParams2String(MultiValueMap<String, String> queryParams) {
try {
if (queryParams == null || queryParams.size() == 0) {
return "";
}
StringBuilder sb = new StringBuilder("");
queryParams.entrySet().forEach(entry -> {
String key = entry.getKey();
List<String> values = entry.getValue();
String value = "";
if (values != null && values.size() > 0) {
value = values.get(0);
}
sb.append("&").append(key).append("=").append(value);
});
String result = sb.toString();
if (result.startsWith("&")) {
result = result.substring(1);
return "?".concat(result);
}
return "";
} catch (Exception e) {
logger.warn("gateway中将url参数转化为String失败,程序继续执行,错误信息:".concat(ExceptionUtils.getErrorStackTrace(e)));
return "";
}
}
/**
* 判断需要执行的认证方式(内部应用认证还是外部应用认证)
*
* @return
*/
private String getAuthType(ServerHttpRequest request) {
//String requestUri = request.getPath().pathWithinApplication().value();
// 是否在外部认证列表中(外部认证列表中的url,是对外部应用开放的,只有在这个列表中的url才对外部应用开放)
//boolean inExtAuthPaths = false;
//
//for (String url : cpProperty.getExternalAuthUrls()) {
// if (antPathMatcher.match(url, requestUri)) {
// inExtAuthPaths = true;
// }
//}
String authType = ServerHttpRequestUtils.getRequestParam(request, RequestParamKeys.AUTH_TYPE);
if (StringUtils.isNotBlank(authType) && AuthTypes.TAKE_TOKEN.equals(authType)) {
return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
}
boolean needExternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY));
boolean needInternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.AUTHORIZATION_TOKEN_HEADER_KEY));
if (needExternal && needInternal) {
return AuthTypeConstant.AUTH_TYPE_ALL;
}
if (needExternal) {
// url对外部应用开放,并且头里面有AccessToken,那么走外部应用认证
return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
}
return AuthTypeConstant.AUTH_TYPE_INTERNAL;
}
/**
* 获取请求头
*
* @param request
* @return
*/
private String getHeader(ServerHttpRequest request, String headerName) {
HttpHeaders headers = request.getHeaders();
return headers.getFirst(headerName);
}
/**
* 获取事务流水号
*
* @return
*/
public static String getTransactionSerial() {
String[] letterPool = {"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n"
, "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"};
StringBuilder sb = new StringBuilder();
for (int i = 0; i < 2; i++) {
sb.append(letterPool[(int) (Math.random() * 25)]);
}
sb.append(System.currentTimeMillis());
return sb.toString();
}
public static class CpAuthConfig {
/**
* 控制是否开启认证
*/
private boolean enabled;
public CpAuthConfig() {
}
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
protected Mono<Void> response(ServerWebExchange exchange, Object object) {
String json = JSON.toJSONString(object);
DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(json.getBytes(StandardCharsets.UTF_8));
exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8);
exchange.getResponse().setStatusCode(HttpStatus.OK);
return exchange.getResponse().writeWith(Flux.just(buffer));
}
}

38
epmet-module/data-aggregator/data-aggregator-client/src/main/java/com/epmet/dataaggre/dto/datastats/form/SubTopicAndGroupFormDTO.java
View File

@ -1,38 +0,0 @@
package com.epmet.dataaggre.dto.datastats.form;
import com.epmet.commons.tools.validator.group.CustomerClientShowGroup;
import lombok.Data;
import javax.validation.constraints.NotBlank;
import java.io.Serializable;
/**
* @Description 对外接口-查询下级话题和小组数-接口入参
* @Auth sun
*/
@Data
public class SubTopicAndGroupFormDTO implements Serializable {
private static final long serialVersionUID = -3381286960911634231L;
/**
* 当前组织id从组织树取
*/
@NotBlank(message = "组织ID不能为空", groups = SubTopicAndGroupFormDTO.Agency.class)
private String agencyId;
/**
* 当前组织级别从组织树取
* 机关级别社区级community
* 街道:street,
* 区县级: district,
* 市级: city
* 省级:province
*/
@NotBlank(message = "组织级别不能为空", groups = SubTopicAndGroupFormDTO.Agency.class)
private String agencyLevel;
/**
* 日维度IdyyyyMMdd eg20210808默认前一天
*/
private String dateId;
public interface Agency extends CustomerClientShowGroup{}
}

38
epmet-module/data-aggregator/data-aggregator-client/src/main/java/com/epmet/dataaggre/dto/datastats/form/SubUserTotalFormDTO.java
View File

@ -1,38 +0,0 @@
package com.epmet.dataaggre.dto.datastats.form;
import com.epmet.commons.tools.validator.group.CustomerClientShowGroup;
import lombok.Data;
import javax.validation.constraints.NotBlank;
import java.io.Serializable;
/**
* @Description 对外接口-查询下级用户党员数-接口入参
* @Auth sun
*/
@Data
public class SubUserTotalFormDTO implements Serializable {
private static final long serialVersionUID = -3381286960911634231L;
/**
* 当前组织id从组织树取
*/
@NotBlank(message = "组织ID不能为空", groups = SubUserTotalFormDTO.Agency.class)
private String agencyId;
/**
* 当前组织级别从组织树取
* 机关级别社区级community
* 街道:street,
* 区县级: district,
* 市级: city
* 省级:province
*/
@NotBlank(message = "组织级别不能为空", groups = SubUserTotalFormDTO.Agency.class)
private String agencyLevel;
/**
* 日维度IdyyyyMMdd eg20210808默认前一天
*/
private String dateId;
public interface Agency extends CustomerClientShowGroup{}
}

2
epmet-module/data-aggregator/data-aggregator-server/src/main/java/com/epmet/dataaggre/aspect/RequestLogAspect.java
View File

@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletRequest;
public class RequestLogAspect extends BaseRequestLogAspect {
@Override
@Around(value = "execution(* com.epmet.dataaggre.controller.*Controller.*(..)) ")
@Around(value = "execution(* com.epmet.dataaggre.controller..*Controller.*(..)) ")
public Object proceed(ProceedingJoinPoint point) throws Throwable {
return super.proceed(point, getRequest());
}

Write Preview
Loading…
Cancel
Save