Merge branch 'dev_wxz_gateway_access' into dev

4 years ago · fb327ddd54
2 changed files with 55 additions and 86 deletions
--- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
@ -5,8 +5,6 @@ import com.epmet.commons.tools.constant.Constant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.dto.BaseTokenDto;
-import com.epmet.commons.tools.security.dto.GovTokenDto;
-import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.filter.CpProperty;
 import com.epmet.jwt.JwtTokenUtils;
@ -22,6 +20,8 @@ import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.web.server.ServerWebExchange;

+import java.util.Date;
+
 /**
 * 内部认证处理器
 */
@ -47,93 +47,65 @@ public class InternalAuthProcessor extends AuthProcessor {
        String requestUri = request.getPath().pathWithinApplication().value();

        String token = getTokenFromRequest(request);
-        //BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null;
-        BaseTokenDto baseTokenDto;
-        if(StringUtils.isNotBlank(token)){
-            try{
-                baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
-            }catch(RenException e){
-                //return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
-                throw new RenException(e.getCode(), e.getInternalMsg());
-            }
-        }else{
-            baseTokenDto = null;
+        boolean needAuth = needAuth(requestUri);
+
+        if (needAuth && StringUtils.isBlank(token)) {
+            // token不能为空
+            throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
        }

+        BaseTokenDto baseTokenDto = null;
+        String app = "";
+        String client = "";
+        String userId = "";
        String customerId = "";
+        Date expiration = null;

-        if (baseTokenDto != null) {
-            if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) {
-                // 居民端
-                TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class);
-                if (resiTokenDto != null) {
-                    customerId = resiTokenDto.getCustomerId();
-                    baseTokenDto = resiTokenDto;
-                }
-            } else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) {
-                // 政府端
-                GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, GovTokenDto.class);
-                if (govTokenDto != null) {
-                    customerId = govTokenDto.getCustomerId();
-                    baseTokenDto = govTokenDto;
-                }
-            } else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){
-                //运营端
-                TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class);
-                if (resiTokenDto != null) {
-                    customerId = resiTokenDto.getCustomerId();
-                    baseTokenDto = resiTokenDto;
-                }
+        if(StringUtils.isNotBlank(token)){
+            //是否过期
+            Claims claims = jwtTokenUtils.getClaimByToken(token);
+            if (claims != null) {
+                app = (String) claims.get(AppClientConstant.APP);
+                client = (String) claims.get(AppClientConstant.CLIENT);
+                userId = (String) claims.get(AppClientConstant.USER_ID);
+                expiration = claims.getExpiration();
+                baseTokenDto = cpUserDetailRedis.get(app, client, userId, BaseTokenDto.class);
            }
        }

-        if (needAuth(requestUri)) {
-            // 校验token
-            if (StringUtils.isBlank(token)) {
-                //return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
-                throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
-            }
-            try {
-                validateTokenDto(baseTokenDto, token);
-            } catch (RenException e) {
-                //return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
-                throw new RenException(e.getCode(), e.getInternalMsg());
-            }
+        if (baseTokenDto != null) {
+            customerId = baseTokenDto.getCustomerId();
+        }
+
+        if (needAuth) {
+            validateToken(baseTokenDto, token, expiration);
        }

        // 添加header
+        ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
+        if (StringUtils.isNotBlank(app)) {
+            builder.header(AppClientConstant.APP, app);
+        }
+        if (StringUtils.isNotBlank(client)) {
+            builder.header(AppClientConstant.CLIENT, client);
+        }
+        if (StringUtils.isNotBlank(userId)) {
+            builder.header(AppClientConstant.USER_ID, userId);
+        }
+
        if (baseTokenDto != null) {
            String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId();
            logger.info("redisKey=" + redisKey);

-            ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
            builder.header(Constant.APP_USER_KEY, redisKey);
-            builder.header(AppClientConstant.APP,baseTokenDto.getApp());
-            builder.header(AppClientConstant.CLIENT,baseTokenDto.getClient());
-            builder.header(AppClientConstant.USER_ID,baseTokenDto.getUserId());
-
-            if(StringUtils.isNotBlank(customerId)){
-                if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI, "public")) {//工作端/居民端
-                    builder.header(AppClientConstant.CUSTOMER_ID, customerId);
-                }
-            }
+        }

-            //if (StringUtils.isNotBlank(baseTokenDto.getCustomerId())) {
-            //    builder.header(AppClientConstant.CUSTOMER_ID,baseTokenDto.getCustomerId());
-            //}
-            //
-            //if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI)) {//工作端/居民端
-            //    if(StringUtils.isNotBlank(customerId)){
-            //        exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
-            //    }
-            //} else if (StringUtils.equals(baseTokenDto.getApp(), "public")) {//公众号端
-            //    exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
-            //}
-            ServerHttpRequest build = exchange.getRequest().mutate().build();
-            return exchange.mutate().request(build).build();
+        if(StringUtils.isNotBlank(customerId)){
+            builder.header(AppClientConstant.CUSTOMER_ID, customerId);
        }

-        return exchange;
+        ServerHttpRequest shr = builder.build();
+        return exchange.mutate().request(shr).build();
    }

    /**
@ -173,6 +145,12 @@ public class InternalAuthProcessor extends AuthProcessor {
        return token;
    }

+    /**
+     * @Description 从用户token中取app,client,userId三项数据
+     * @return
+     * @author wxz
+     * @date 2021.06.11 15:04
+    */
    private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) {
        //是否过期
        Claims claims = jwtTokenUtils.getClaimByToken(token);
@ -186,29 +164,20 @@ public class InternalAuthProcessor extends AuthProcessor {
        return new BaseTokenDto(app, client, userId, token);
    }

-    private <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, Class<T> clz) {
-        BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
-        //查询Redis
-        return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz);
-    }
-
    /**
     * 校验Token是否异常
     * @param tokenDto
     * @param tokenStr
     */
-    private void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) {
-        if (null == tokenDto) {
+    private void validateToken(BaseTokenDto tokenDto, String tokenStr, Date expiration) {
+        if (null == tokenDto || jwtTokenUtils.isTokenExpired(expiration)) {
            //说明登录状态时效（超时）
-            throw new RenException(EpmetErrorCode.ERR10006.getCode());
+            throw new RenException(EpmetErrorCode.ERR10006.getCode(), EpmetErrorCode.ERR10006.getMsg());
        }else{
            //Redis中存在数据，取出token，进行比对
-            if(StringUtils.equals(tokenDto.getToken(),tokenStr)){
-                //用户携带token与Redis中一致
-
-            }else{
+            if(!StringUtils.equals(tokenDto.getToken(),tokenStr)){
                //用户携带token与Redis中不一致，说明当前用户此次会话失效，提示重新登陆
-                throw new RenException(EpmetErrorCode.ERR10007.getCode());
+                throw new RenException(EpmetErrorCode.ERR10007.getCode(), EpmetErrorCode.ERR10007.getMsg());
            }
        }
    }
--- a/epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java
+++ b/epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java
@ -116,7 +116,7 @@ public class JwtTokenUtils {
     * @return true：过期
     */
    public boolean isTokenExpired(Date expiration) {
-        return expiration.before(new Date());
+        return expiration == null || expiration.before(new Date());
    }

    public static void main(String[] args) {