调整内外部认证，支持同时使用内外部认证

5 years ago · 0195e7ec54
5 changed files with 30 additions and 22 deletions
--- a/epmet-gateway/src/main/java/com/epmet/auth/AuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/AuthProcessor.java
@ -13,14 +13,6 @@ import java.nio.charset.StandardCharsets;
 public abstract class AuthProcessor {
-    abstract Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain);
+    abstract ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain);
    protected Mono<Void> response(ServerWebExchange exchange, Object object) {
        String json = JSON.toJSONString(object);
        DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(json.getBytes(StandardCharsets.UTF_8));
        exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8);
        exchange.getResponse().setStatusCode(HttpStatus.OK);
        return exchange.getResponse().writeWith(Flux.just(buffer));
    }
 }
--- a/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExternalAuthProcessor.java
@ -50,7 +50,7 @@ public class ExternalAuthProcessor extends AuthProcessor {
    private CpProperty cpProperty;
    @Override
-    public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) {
+    public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        // 只有在外部应用urls中的url才会允许外部应用访问，否则不允许访问
@ -92,12 +92,14 @@ public class ExternalAuthProcessor extends AuthProcessor {
                throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的外部认证类型");
            }
        } catch (RenException e) {
-            return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
+            //return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
            throw new RenException(e.getCode(),e.getMsg());
        } catch (Exception e) {
            logger.error("外部应用请求认证发生未知错误:" + ExceptionUtils.getErrorStackTrace(e));
-            return response(exchange, new Result<>().error("外部应用请求认证发生未知错误"));
+            //return response(exchange, new Result<>().error("外部应用请求认证发生未知错误"));
            throw new RenException("外部应用请求认证发生未知错误");
        }
-        return chain.filter(exchange);
+        return exchange;
    }
 }
--- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
@ -44,7 +44,7 @@ public class InternalAuthProcessor extends AuthProcessor {
    private CpProperty cpProperty;
    @Override
-    public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) {
+    public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        String requestUri = request.getPath().pathWithinApplication().value();
@ -56,7 +56,8 @@ public class InternalAuthProcessor extends AuthProcessor {
            try{
                baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
            }catch(RenException e){
-                return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
+                //return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
                throw new RenException(e.getCode(), e.getMsg());
            }
        }else{
            baseTokenDto = null;
@ -92,12 +93,14 @@ public class InternalAuthProcessor extends AuthProcessor {
        if (needAuth(requestUri)) {
            // 校验token
            if (StringUtils.isBlank(token)) {
-                return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
+                //return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
                throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
            }
            try {
                validateTokenDto(baseTokenDto, token);
            } catch (RenException e) {
-                return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
+                //return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
                throw new RenException(e.getCode(), e.getMsg());
            }
        }
@ -119,10 +122,10 @@ public class InternalAuthProcessor extends AuthProcessor {
                exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
            }
            ServerHttpRequest build = exchange.getRequest().mutate().build();
-            return chain.filter(exchange.mutate().request(build).build());
+            return exchange.mutate().request(build).build();
        }
-        return chain.filter(exchange);
+        return exchange;
    }
    /**
--- a/epmet-gateway/src/main/java/com/epmet/constant/AuthTypeConstant.java
+++ b/epmet-gateway/src/main/java/com/epmet/constant/AuthTypeConstant.java
@ -1,6 +1,7 @@
 package com.epmet.constant;
 public class AuthTypeConstant {
    public static final String AUTH_TYPE_ALL = "all";
    public static final String AUTH_TYPE_INTERNAL = "internal";
    public static final String AUTH_TYPE_EXTERNAL = "external";
    public static final String AUTH_TYPE_NO_NEED = "no_need";
--- a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java
@ -74,10 +74,13 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 			try {
 				switch (authType) {
 					case AuthTypeConstant.AUTH_TYPE_ALL:
 						externalAuthProcessor.auth(exchange, chain);
 						internalAuthProcessor.auth(exchange, chain);
 					case AuthTypeConstant.AUTH_TYPE_EXTERNAL:
-						return externalAuthProcessor.auth(exchange, chain);
+						externalAuthProcessor.auth(exchange, chain);
 					case AuthTypeConstant.AUTH_TYPE_INTERNAL:
-						return internalAuthProcessor.auth(exchange, chain);
+						internalAuthProcessor.auth(exchange, chain);
 				}
 			} catch (RenException e) {
 				return response(exchange, new Result<>().error(e.getCode(), e.getMessage()));
@ -105,7 +108,14 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 		//	}
 		//}
-		if (StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY))) {
+		boolean needExternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.ACCESS_TOKEN_HEADER_KEY));
 		boolean needInternal = StringUtils.isNotBlank(request.getHeaders().getFirst(TokenHeaderKeyConstant.AUTHORIZATION_TOKEN_HEADER_KEY));
 		if (needExternal && needInternal) {
 			return AuthTypeConstant.AUTH_TYPE_ALL;
 		}
 		if (needExternal) {
 			// url对外部应用开放，并且头里面有AccessToken，那么走外部应用认证
 			return AuthTypeConstant.AUTH_TYPE_EXTERNAL;
 		}