cookie身份解析

base-servers/account/account-server/src/test/java/com/usoftchina/saas/account/api/AccountCacheTest.java

@@ -1,6 +1,7 @@
 package com.usoftchina.saas.account.api;
 
 import com.usoftchina.saas.account.cache.AccountCache;
+import com.usoftchina.saas.context.BaseContextHolder;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -17,7 +18,8 @@ public class AccountCacheTest {
 
     @Test
     public void hdel() {
-        AccountCache.of(43).hdel();
-        System.out.println(AccountCache.of(43).exists());
+//        AccountCache.of(43).hdel();
+        BaseContextHolder.setToken("eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWx5IiwiYXBwSWQiOiJ0cmFkZS1hcHAiLCJ1c2VySWQiOjQzLCJjb21wYW55SWQiOjEsInVzZXJOYW1lIjoic3VseSIsInJlYWxOYW1lIjoi6IuP54G16LCjIiwiZXhwIjoxNTQzNDg5NjM0fQ.oqOIqO97zAH2W1RZsofmCstKHNYsQlnMr_UkOw69zw175fhAefysux2njV1FEbldTQA62RiQ7JrnntWPqOmsNmrBsD0cwvy9xkUma3CNjIuZirbg09CYjUVIFnDpwz-WpmZMQFDIBVQYchCDRzDUgPYPB4phptCGNpTG6VpztPo");
+        System.out.println(AccountCache.of(43).getAccount());
     }
 }

base-servers/auth/auth-api/pom.xml

@@ -17,6 +17,10 @@
             <groupId>com.usoftchina.saas</groupId>
             <artifactId>auth-dto</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.usoftchina.saas</groupId>
+            <artifactId>auth-common</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.usoftchina.saas</groupId>
             <artifactId>core</artifactId>

base-servers/auth/auth-api/src/main/java/com/usoftchina/saas/auth/api/AuthApi.java

@@ -1,5 +1,6 @@
 package com.usoftchina.saas.auth.api;
 
+import com.usoftchina.saas.auth.common.cookie.CookieInfo;
 import com.usoftchina.saas.auth.dto.AuthDTO;
 import com.usoftchina.saas.auth.dto.TokenDTO;
 import com.usoftchina.saas.base.Result;
@@ -40,4 +41,13 @@ public interface AuthApi {
      */
     @GetMapping("/info")
     Result<AuthDTO> getInfo();
+
+    /**
+     * 使用账户中心登录cookie信息产生token登录
+     *
+     * @param info
+     * @return
+     */
+    @PostMapping(value = "/sso/authorize")
+    Result<AuthDTO> ssoAuthorize(CookieInfo info);
 }

base-servers/auth/auth-common/src/main/java/com/usoftchina/saas/auth/common/jwt/JwtToken.java

@@ -24,6 +24,12 @@ public class JwtToken implements Serializable {
         this.timestamp = System.currentTimeMillis();
     }
 
+    public JwtToken(String token, Integer expire, Long timestamp) {
+        this.token = token;
+        this.expire = expire;
+        this.timestamp = timestamp;
+    }
+
     public String getToken() {
         return token;
     }

base-servers/auth/auth-common/src/test/java/com/usoftchina/saas/auth/common/jwt/JwtHelperTest.java

@@ -9,7 +9,7 @@ public class JwtHelperTest {
 
     @org.junit.Test
     public void getInfoFromToken() throws Exception {
-        String token = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWx5IiwiYXBwSWQiOiJ0cmFkZS1hcHAiLCJ1c2VySWQiOjQzLCJjb21wYW55SWQiOjEsInVzZXJOYW1lIjoic3VseSIsInJlYWxOYW1lIjoi6IuP54G16LCjIiwiZXhwIjoxNTQzNDExNzY0fQ.KMZV5H4tH4ifYBmY7rV4HSsW1fZHU2k-Yl47b9C3bt6S1_BqzTO-RbVDNMR-WXHpHFwXiq0aoHbqaA512z_-icLPcmeCb2TmnERisgjhnqn7OYordtAWahNlZfiaExnnttLvcNHQSiOWK9vYxxHnf2gC34XdKI0Bo8QZRSR3eo8";
+        String token = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJzdWx5IiwiYXBwSWQiOiJ0cmFkZS1hcHAiLCJ1c2VySWQiOjQzLCJjb21wYW55SWQiOjEsInVzZXJOYW1lIjoic3VseSIsInJlYWxOYW1lIjoi6IuP54G16LCjIiwiZXhwIjoxNTQzNDg5NjM0fQ.oqOIqO97zAH2W1RZsofmCstKHNYsQlnMr_UkOw69zw175fhAefysux2njV1FEbldTQA62RiQ7JrnntWPqOmsNmrBsD0cwvy9xkUma3CNjIuZirbg09CYjUVIFnDpwz-WpmZMQFDIBVQYchCDRzDUgPYPB4phptCGNpTG6VpztPo";
         String keyPath = "pub.key";
         JwtInfo info = JwtHelper.getInfoFromToken(token, keyPath);
     }

base-servers/auth/auth-server/src/main/java/com/usoftchina/saas/auth/config/CookieConfig.java

@@ -0,0 +1,29 @@
+package com.usoftchina.saas.auth.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * @author yingp
+ * @date 2018/11/29
+ */
+@ConfigurationProperties("auth.cookie")
+public class CookieConfig {
+    private String name;
+    private String secretKey;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public void setSecretKey(String secretKey) {
+        this.secretKey = secretKey;
+    }
+}

base-servers/auth/auth-server/src/main/java/com/usoftchina/saas/auth/controller/AuthController.java

@@ -7,10 +7,13 @@ import com.usoftchina.saas.account.dto.AccountCopyDTO;
 import com.usoftchina.saas.account.dto.AccountDTO;
 import com.usoftchina.saas.account.dto.AccountUpdateDTO;
 import com.usoftchina.saas.account.dto.CompanyBaseDTO;
+import com.usoftchina.saas.auth.common.cookie.CookieHelper;
 import com.usoftchina.saas.auth.common.cookie.CookieInfo;
+import com.usoftchina.saas.auth.common.cookie.CookieUtils;
 import com.usoftchina.saas.auth.common.jwt.JwtHelper;
 import com.usoftchina.saas.auth.common.jwt.JwtInfo;
 import com.usoftchina.saas.auth.common.jwt.JwtToken;
+import com.usoftchina.saas.auth.config.CookieConfig;
 import com.usoftchina.saas.auth.dto.AuthDTO;
 import com.usoftchina.saas.auth.dto.AuthorizeLogDTO;
 import com.usoftchina.saas.auth.dto.TokenDTO;
@@ -30,6 +33,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
@@ -45,6 +51,7 @@ import java.util.List;
  */
 @RestController
 @RequestMapping
+@EnableConfigurationProperties(CookieConfig.class)
 public class AuthController {
 
     @Autowired
@@ -65,6 +72,9 @@ public class AuthController {
     @Value("${auth.max-errors:5}")
     private int maxErrors;
 
+    @Autowired
+    private CookieConfig cookieConfig;
+
     @Autowired
     private AuthorizeLogService authorizeLogService;
 
@@ -151,6 +161,53 @@ public class AuthController {
         return Result.success(new AuthDTO(tokenDTO, accountDTO));
     }
 
+    /**
+     * 使用账户中心登录cookie信息产生token登录
+     *
+     * @param info
+     * @return
+     */
+    @GetMapping("/sso/authorize")
+    public Result<AuthDTO> ssoAuthorize(HttpServletRequest request, HttpServletResponse response, CookieInfo info) throws IOException{
+        if (null != info && null != info.getMobile()) {
+            AccountDTO accountDTO = null;
+            Result<AccountDTO> result = accountApi.getAccount(info.getMobile());
+            if (!result.isSuccess()) {
+                if (ExceptionCode.USER_NOT_EXIST.getCode() == result.getCode()) {
+                    // 新用户，自动注册
+                    accountDTO = createAccountByCookieInfo(info);
+                } else {
+                    return Result.error(result);
+                }
+            } else {
+                accountDTO = result.getData();
+                // 检测uu是否正确
+                if (null == accountDTO.getUu() || !info.getUserUU().equals(accountDTO.getUu())) {
+                    accountDTO.setUu(info.getUserUU());
+                    Result updateResult = accountApi.update(BeanMapper.map(accountDTO, AccountUpdateDTO.class));
+                    if (!updateResult.isSuccess()) {
+                        return Result.error(updateResult);
+                    }
+                }
+            }
+            // TODO
+            String appId = "trade-app";
+            // 登录日志
+            authorizeLogService.save(AuthorizeLog.from(request)
+                    .setAccountId(accountDTO.getId())
+                    .setAppId(appId).build());
+            Long companyId = null;
+            if (!CollectionUtils.isEmpty(accountDTO.getCompanies())) {
+                companyId = accountDTO.getCompanies().get(0).getId();
+            }
+            JwtInfo jwtInfo = new JwtInfo(appId, companyId, accountDTO.getId(), accountDTO.getUsername(), accountDTO.getRealname());
+            JwtToken jwtToken = JwtHelper.generateToken(jwtInfo, privateKeyPath, expire);
+            TokenDTO tokenDTO = BeanMapper.map(jwtToken, TokenDTO.class);
+            return Result.success(new AuthDTO(tokenDTO, accountDTO));
+        }
+        return Result.error(ExceptionCode.COOKIE_ILLEGAL_ARGUMENT);
+    }
+
     /**
      * 账户中心登录时jsonp回调
      *
@@ -261,8 +318,18 @@ public class AuthController {
      * @return
      */
     @GetMapping("/info")
-    public Result<AuthDTO> getInfo(HttpServletRequest request) {
+    public Result<AuthDTO> getInfo(HttpServletRequest request, HttpServletResponse response) throws IOException{
         String token = request.getHeader(authHeader);
+        if (StringUtils.isEmpty(token)) {
+            // 解析cookie获取身份
+            CookieInfo info = CookieHelper.geInfoFromRequest(request,
+                    cookieConfig.getName(), cookieConfig.getSecretKey());
+            if (null != info) {
+                return ssoAuthorize(request, response, info);
+            } else {
+                return Result.error(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
+            }
+        }
         JwtInfo infoFromToken = JwtHelper.getInfoFromToken(token, publicKeyPath);
         Result<AccountDTO> result = accountApi.getAccount(infoFromToken.getUserName());
         if (result.isSuccess()) {

base-servers/auth/auth-server/src/main/resources/application.yml

@@ -81,4 +81,7 @@ mybatis:
   mapper-locations: classpath:mapper/*.xml
 auth:
   private-key: auth/pri.key
-  public-key: auth/pub.key
+  public-key: auth/pub.key
+  cookie:
+    name: uid
+    secret-key: 0taQcW073Z7G628g5H

base-servers/gateway-server/src/main/java/com/usoftchina/saas/gateway/config/AuthFilter.java

@@ -4,8 +4,14 @@ import com.usoftchina.saas.account.cache.AccountCache;
 import com.usoftchina.saas.account.cache.ResourceCache;
 import com.usoftchina.saas.account.dto.AccountDTO;
 import com.usoftchina.saas.account.dto.UrlResourceDTO;
+import com.usoftchina.saas.auth.api.AuthApi;
+import com.usoftchina.saas.auth.common.cookie.CookieHelper;
+import com.usoftchina.saas.auth.common.cookie.CookieInfo;
 import com.usoftchina.saas.auth.common.jwt.JwtHelper;
 import com.usoftchina.saas.auth.common.jwt.JwtInfo;
+import com.usoftchina.saas.auth.dto.AuthDTO;
+import com.usoftchina.saas.auth.dto.TokenDTO;
+import com.usoftchina.saas.base.Result;
 import com.usoftchina.saas.context.BaseContextHolder;
 import com.usoftchina.saas.exception.BizException;
 import com.usoftchina.saas.exception.ExceptionCode;
@@ -34,18 +40,27 @@ import java.util.stream.Collectors;
  * @date 2018/10/13
  */
 @Configuration
-@EnableConfigurationProperties(AuthConfig.class)
+@EnableConfigurationProperties({
+        AuthConfig.class,
+        CookieConfig.class
+})
 public class AuthFilter implements GlobalFilter, Ordered {
 
     @Autowired
     private AuthConfig authConfig;
 
+    @Autowired
+    private CookieConfig cookieConfig;
+
+    @Autowired
+    private AuthApi authApi;
+
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         try {
             if (!isIgnore(exchange.getRequest())) {
                 // 鉴别身份信息
-                String token = getAuthHeaderToken(exchange.getRequest());
+                String token = getAuthToken(exchange.getRequest());
                 JwtInfo jwt = JwtHelper.getInfoFromToken(token, authConfig.getPublicKey());
                 BaseContextHolder.setAppId(jwt.getAppId());
                 BaseContextHolder.setUserId(jwt.getUserId());
@@ -121,10 +136,17 @@ public class AuthFilter implements GlobalFilter, Ordered {
                 new AntPathRequestMatcher(ignore).matches(request));
     }
 
-    private String getAuthHeaderToken(ServerHttpRequest request) {
+    private String getAuthToken(ServerHttpRequest request) {
+        // from header
         if (!request.getHeaders().containsKey(authConfig.getAuthHeader())) {
-            throw new BizException(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
+            // from cookie
+            String token = getAuthCookieInfo(request);
+            if (null == token) {
+                throw new BizException(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
+            }
+            return token;
         }
+
         List<String> headers = request.getHeaders().get(authConfig.getAuthHeader());
         if (headers.isEmpty()) {
             throw new BizException(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
@@ -132,6 +154,29 @@ public class AuthFilter implements GlobalFilter, Ordered {
         return headers.get(0).trim();
     }
 
+    /**
+     * 解析cookie获取身份
+     *
+     * @param request
+     * @return
+     */
+    private String getAuthCookieInfo(ServerHttpRequest request) {
+        if (request.getCookies().containsKey(cookieConfig.getName())) {
+            String value = request.getCookies().getFirst(cookieConfig.getName()).getValue();
+            CookieInfo info = CookieHelper.geInfoFromToken(value, cookieConfig.getSecretKey());
+            Result<AuthDTO> result = authApi.ssoAuthorize(info);
+            if (result.isSuccess()) {
+                TokenDTO token = result.getData().getToken();
+                // 传递身份信息到后面代理的服务
+                request.getHeaders().add(authConfig.getAuthHeader(), token.getToken());
+                return token.getToken();
+            } else {
+                throw new BizException(result.getCode(), result.getMessage());
+            }
+        }
+        return null;
+    }
+
     @Override
     public int getOrder() {
         return -100;

base-servers/gateway-server/src/main/java/com/usoftchina/saas/gateway/config/CookieConfig.java

@@ -0,0 +1,29 @@
+package com.usoftchina.saas.gateway.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * @author yingp
+ * @date 2018/11/29
+ */
+@ConfigurationProperties("auth.cookie")
+public class CookieConfig {
+    private String name;
+    private String secretKey;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    public void setSecretKey(String secretKey) {
+        this.secretKey = secretKey;
+    }
+}

base-servers/gateway-server/src/main/resources/application.yml

@@ -185,3 +185,6 @@ auth:
     - /api/auth/info
     - /ws/**
     - /api/file/download
+  cookie:
+    name: uid
+    secret-key: 0taQcW073Z7G628g5H