增加内部应用认证注解

5 years ago · 2b988de560
7 changed files with 325 additions and 22 deletions
--- a/epmet-commons/epmet-commons-extapp-auth/pom.xml
+++ b/epmet-commons/epmet-commons-extapp-auth/pom.xml
@ -27,6 +27,12 @@
    </properties>
    <dependencies>
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.7.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/annotation/InternalAppRequestAuth.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/annotation/InternalAppRequestAuth.java
@ -0,0 +1,32 @@
 /**
 * Copyright 2018 人人开源 http://www.renren.io
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
 package com.epmet.commons.extappauth.annotation;
 import java.lang.annotation.*;
 /**
 * 需要认证的内部请求
 * @Author wxz
 * @Description
 * @Date 2020/4/23 16:17
 **/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
 public @interface InternalAppRequestAuth {
 }
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
@ -1,13 +1,23 @@
 package com.epmet.commons.extappauth.aspect;
 import cn.hutool.core.bean.BeanUtil;
 import com.epmet.commons.extappauth.annotation.ExternalAppRequestAuth;
 import com.epmet.commons.extappauth.annotation.InternalAppRequestAuth;
 import com.epmet.commons.extappauth.bean.ExternalAppRequestParam;
 import com.epmet.commons.extappauth.jwt.JwtTokenUtils;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.dto.BaseTokenDto;
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.form.ExternalAppAuthFormDTO;
 import com.epmet.dto.result.ExternalAppAuthResultDTO;
 import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
 import io.jsonwebtoken.Claims;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@ -24,6 +34,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Parameter;
 import java.util.Map;
 /**
 * 外部应用请求认证切面
@ -35,6 +46,7 @@ public class ExternalAppRequestAuthAspect {
    private static Logger logger = LoggerFactory.getLogger(ExternalAppRequestAuthAspect.class);
    public static final String AUTHORIZATION_TOKEN_HEADER_KEY = "Authorization";
    public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken";
    public static final String APP_ID_HEADER_KEY = "appId";
    public static final String APP_ID_TIMESTAMP_KEY = "ts";
@ -44,15 +56,117 @@ public class ExternalAppRequestAuthAspect {
    @Autowired
    private EpmetCommonServiceOpenFeignClient commonServiceOpenFeignClient;
    @Autowired
    private JwtTokenUtils jwtTokenUtils;
    @Autowired
    private RedisUtils redisUtils;
    /**
     * 拦截加了ExternalRequestAuth注解的方法
     *
     * @param point
     * @throws Throwable
     */
-    @Before("@annotation(com.epmet.commons.extappauth.annotation.ExternalAppRequestAuth)")
+    @Before("@annotation(com.epmet.commons.extappauth.annotation.ExternalAppRequestAuth) " +
            "|| @annotation(com.epmet.commons.extappauth.annotation.InternalAppRequestAuth)")
    public void auth(JoinPoint point) throws Throwable {
        MethodSignature signature = (MethodSignature) point.getSignature();
        HttpServletRequest request = getRequest();
        if (signature.getMethod().getAnnotation(ExternalAppRequestAuth.class) != null
                && StringUtils.isNotBlank(request.getHeader(ACCESS_TOKEN_HEADER_KEY))) {
            // 走外部应用认证
            extAppAuth(signature, point, request);
        } else if (signature.getMethod().getAnnotation(InternalAppRequestAuth.class) != null
                && StringUtils.isNotBlank(request.getHeader(AUTHORIZATION_TOKEN_HEADER_KEY))) {
            // 走内部应用认证
            String customerId = null;
            internalAppAuth(signature, point, request);
        } else {
            throw new RenException(EpmetErrorCode.UNSUPPORT_AUTH_TYPE.getCode(), EpmetErrorCode.UNSUPPORT_AUTH_TYPE.getMsg());
        }
    }
    /**
     * 内部应用认证
     *  @param signature
     * @param point
     * @param request
     * @return
     */
    private void internalAppAuth(MethodSignature signature, JoinPoint point, HttpServletRequest request) {
        String authorization = request.getHeader(AUTHORIZATION_TOKEN_HEADER_KEY);
        BaseTokenDto tokenDTO = getTokenDTO(authorization);
        Map<String, Object> tokenMap = redisUtils.hGetAll(RedisKeys.getCpUserKey(tokenDTO.getApp(), tokenDTO.getClient(), tokenDTO.getUserId()));
        BaseTokenDto baseTokenDto = null;
        String customerId;
        if ("gov".equals(tokenDTO.getApp())) {
            GovTokenDto govTokenDto = BeanUtil.mapToBean(tokenMap, GovTokenDto.class, true);
            customerId = govTokenDto.getCustomerId();
            baseTokenDto = govTokenDto;
        } else {
            TokenDto tokenDto = BeanUtil.mapToBean(tokenMap, TokenDto.class, true);
            customerId = tokenDto.getCustomerId();
            baseTokenDto = tokenDTO;
        }
        if (baseTokenDto == null) {
            logger.error("内部应用认证，redis中没有找到登录缓存信息");
            throw new RenException(EpmetErrorCode.ERR10006.getCode(), EpmetErrorCode.ERR10006.getMsg());
        }
        if (!authorization.equals(baseTokenDto.getToken())) {
            logger.error("内部应用认证，redis中找到的token与header里面传入的不一致，可能发生了别处登录");
            throw new RenException(EpmetErrorCode.ERR10007.getCode(), EpmetErrorCode.ERR10007.getMsg());
        }
        // header参数赋值
        Parameter[] parameters = signature.getMethod().getParameters();
        if (parameters != null && parameters.length != 0) {
            for (int i = 0; i < parameters.length; i++) {
                if (parameters[i].getType() == ExternalAppRequestParam.class) {
                    ExternalAppRequestParam requestParam = (ExternalAppRequestParam) point.getArgs()[i];
                    requestParam.setCustomerId(customerId);
                }
            }
        }
    }
    private BaseTokenDto getTokenDTO(String authorization) {
        if (StringUtils.isBlank(authorization)) {
            logger.error("内部应用认证，没有携带authorization头信息");
            throw new RenException(EpmetErrorCode.ERR401.getCode(), EpmetErrorCode.ERR401.getMsg());
        }
        //是否过期
        Claims claims = jwtTokenUtils.getClaimByToken(authorization);
        if (claims == null) {
            logger.error("内部应用认证，Claims为空");
            throw new RenException(EpmetErrorCode.ERR401.getCode(), EpmetErrorCode.ERR401.getMsg());
        }
        if (jwtTokenUtils.isTokenExpired(claims.getExpiration())) {
            logger.error("内部应用认证，token过期");
            throw new RenException(EpmetErrorCode.ERR10006.getCode(), EpmetErrorCode.ERR10006.getMsg());
        }
        //获取用户ID
        String app = (String) claims.get("app");
        String client = (String) claims.get("client");
        String userId = (String) claims.get("userId");
        return new BaseTokenDto(app, client, userId, authorization);
    }
    /**
     * 外部应用认证
     *
     * @param signature
     * @param point
     */
    public void extAppAuth(MethodSignature signature, JoinPoint point, HttpServletRequest request) {
        String token = request.getHeader(ACCESS_TOKEN_HEADER_KEY);
        String appId = request.getHeader(APP_ID_HEADER_KEY);
        String ts = request.getHeader(APP_ID_TIMESTAMP_KEY);
@ -89,7 +203,6 @@ public class ExternalAppRequestAuthAspect {
        // header参数赋值
        MethodSignature signature = (MethodSignature) point.getSignature();
        Parameter[] parameters = signature.getMethod().getParameters();
        if (parameters != null && parameters.length != 0) {
            for (int i = 0; i < parameters.length; i++) {
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/jwt/JwtTokenProperties.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/jwt/JwtTokenProperties.java
@ -0,0 +1,41 @@
 /**
 * Copyright (c) 2018 人人开源 All rights reserved.
 *
 * https://www.renren.io
 *
 * 版权所有，侵权必究！
 */
 package com.epmet.commons.extappauth.jwt;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 /**
 * Jwt
 *
 * @author Mark sunlightcs@gmail.com
 * @since 1.0.0
 */
@Configuration
@ConfigurationProperties(prefix = "jwt.token")
 public class JwtTokenProperties {
    private String secret;
    private int expire;
    public String getSecret() {
        return secret;
    }
    public void setSecret(String secret) {
        this.secret = secret;
    }
    public int getExpire() {
        return expire;
    }
    public void setExpire(int expire) {
        this.expire = expire;
    }
 }
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/jwt/JwtTokenUtils.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/jwt/JwtTokenUtils.java
@ -0,0 +1,130 @@
 /**
 * Copyright (c) 2018 人人开源 All rights reserved.
 * <p>
 * https://www.renren.io
 * <p>
 * 版权所有，侵权必究！
 */
 package com.epmet.commons.extappauth.jwt;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.joda.time.DateTime;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * Jwt工具类
 *
 * @author Mark sunlightcs@gmail.com
 * @since 1.0.0
 */
@Component
 public class JwtTokenUtils {
    private static final Logger logger = LoggerFactory.getLogger(JwtTokenUtils.class);
    @Autowired
    private JwtTokenProperties jwtProperties;
    /**
     * 生成jwt token 弃用
     */
    @Deprecated
    public String generateToken(String userId) {
        return Jwts.builder()
                .setHeaderParam("typ", "JWT")
                .setSubject(userId)
                .setIssuedAt(new Date())
                .setExpiration(DateTime.now().plusSeconds(jwtProperties.getExpire()).toDate())
                .signWith(SignatureAlgorithm.HS512, jwtProperties.getSecret())
                .compact();
    }
    public Claims getClaimByToken(String token) {
        try {
            return Jwts.parser()
                    .setSigningKey(jwtProperties.getSecret())
                    .parseClaimsJws(token)
                    .getBody();
        } catch (Exception e) {
            logger.debug("validate is token error, token = " + token, e);
            return null;
        }
    }
    /**
     * @return java.util.Date
     * @param token
     * @Author yinzuomei
     * @Description 获取token的有效期截止时间
     * @Date 2020/3/18 22:17
     **/
    public Date getExpiration(String token){
        try {
            return Jwts.parser()
                    .setSigningKey(jwtProperties.getSecret())
                    .parseClaimsJws(token)
                    .getBody().getExpiration();
        } catch (Exception e) {
            logger.debug("validate is token error, token = " + token, e);
            return null;
        }
    }
    /**
     * @param map
     * @return java.lang.String
     * @Author yinzuomei
     * @Description 根据app+client+userId生成token
     * @Date 2020/3/18 22:29
     **/
    public String createToken(Map<String, Object> map) {
        return Jwts.builder()
                .setHeaderParam("typ", "JWT")
                .setClaims(map)
                .setIssuedAt(new Date())
                .setExpiration(DateTime.now().plusSeconds(jwtProperties.getExpire()).toDate())
                .signWith(SignatureAlgorithm.HS512, jwtProperties.getSecret())
                .compact();
    }
    /**
     * token是否过期
     *
     * @return true：过期
     */
    public boolean isTokenExpired(Date expiration) {
        return expiration.before(new Date());
    }
    public static void main(String[] args) {
        Map<String, Object> map=new HashMap<>();
        map.put("app","gov");
        map.put("client","wxmp");
        map.put("userId","100526ABC");
        String tokenStr=Jwts.builder()
                .setHeaderParam("typ", "JWT")
                .setClaims(map)
                .setIssuedAt(new Date())
                .setExpiration(DateTime.now().plusSeconds(604800).toDate())
                .signWith(SignatureAlgorithm.HS512, "7016867071f0ebf1c46f123eaaf4b9d6[elink.epmet]")
                .compact();
        System.out.println(tokenStr);
        Claims claims= Jwts.parser()
                .setSigningKey("7016867071f0ebf1c46f123eaaf4b9d6[elink.epmet]")
                .parseClaimsJws(tokenStr)
                .getBody();
        System.out.println("app="+ claims.get("app"));
        System.out.println("client="+ claims.get("client"));
        System.out.println("userId="+ claims.get("userId"));
    }
 }
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java
@ -95,7 +95,6 @@ public enum EpmetErrorCode {
 	SIGN_IN_TIME_NO(8513, "签到时间还未到~"),
    SIGN_IN_TIME_END(8514, "签到时间已结束~"),
    // 该错误不会提示给前端，只是后端传输错误信息用。
    ACCESS_SQL_FILTER_MISSION_ARGS(8701, "缺少生成权限过滤SQL所需参数"),
    OPER_ADD_CUSTOMER_ROOT_AGENCY_ERROR(8702, "添加客户根级组织失败"),
    OPER_ADD_CUSTOMER_ROOT_AGENCY_EXISTS(8703, "添加客户根级组织失败，根级组织已存在"),
@ -108,6 +107,7 @@ public enum EpmetErrorCode {
    OPER_EXTERNAL_CUSTOMER_NOT_EXISTS(8710, "该客户不存在"),
    OPER_EXTERNAL_APP_EXISTS(8711, "应用已存在"),
    OPER_EXT_APP_SECRET_RESET_FAIL(8713, "秘钥更新失败"),
    UNSUPPORT_AUTH_TYPE(8714, "不支持的认证方式"),
 	// 党建声音 前端提示 88段
 	DRAFT_CONTENT_IS_NULL(8801, "至少需要添加一个段落"),
--- a/epmet-module/data-report/data-report-server/src/main/java/com/epmet/controller/test/TestController.java
+++ b/epmet-module/data-report/data-report-server/src/main/java/com/epmet/controller/test/TestController.java
@ -1,19 +0,0 @@
 package com.epmet.controller.test;
 import com.epmet.commons.extappauth.annotation.ExternalAppRequestAuth;
 import com.epmet.commons.extappauth.bean.ExternalAppRequestParam;
 import com.epmet.commons.tools.utils.Result;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("test")
 public class TestController {
    @ExternalAppRequestAuth
    @RequestMapping("/test")
    public Result test(ExternalAppRequestParam externalAppRequestParam, String ext) {
        return new Result().ok("调用成功,客户信息:"+externalAppRequestParam);
    }
 }