登录相关

base-servers/gateway-server/pom.xml

@@ -66,6 +66,16 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-openfeign</artifactId>
         </dependency>
+      <dependency>
+        <groupId>com.usoftchina.smartschool</groupId>
+        <artifactId>auth-dto</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+      </dependency>
+      <dependency>
+        <groupId>com.usoftchina.smartschool</groupId>
+        <artifactId>account-api</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+      </dependency>
     </dependencies>
     <build>
         <plugins>

base-servers/gateway-server/src/main/java/com/usoftchina/smartschool/gateway/config/AuthFilter.java

@@ -1,27 +1,12 @@
-/*
 package com.usoftchina.smartschool.gateway.config;
 
-import com.usoftchina.saas.account.cache.AccountCache;
-import com.usoftchina.saas.account.cache.ResourceCache;
-import com.usoftchina.saas.account.com.usoftchina.smartschool.file.dto.AccountDTO;
-import com.usoftchina.saas.account.com.usoftchina.smartschool.file.dto.UrlResourceDTO;
-import com.usoftchina.saas.auth.api.AuthApi;
-import com.usoftchina.saas.auth.common.cookie.CookieHelper;
-import com.usoftchina.saas.auth.common.cookie.CookieInfo;
-import com.usoftchina.saas.auth.common.jwt.JwtHelper;
-import com.usoftchina.saas.auth.common.jwt.JwtInfo;
-import com.usoftchina.saas.auth.com.usoftchina.smartschool.file.dto.AuthDTO;
-import com.usoftchina.saas.auth.com.usoftchina.smartschool.file.dto.TokenDTO;
-import com.usoftchina.saas.base.Result;
-import com.usoftchina.saas.cache.CacheKeyHelper;
-import com.usoftchina.saas.context.BaseContextHolder;
-import com.usoftchina.saas.exception.BizException;
-import com.usoftchina.saas.exception.ExceptionCode;
-import com.usoftchina.saas.gateway.error.PermissionException;
-import com.usoftchina.saas.gateway.util.AntPathRequestMatcher;
-import com.usoftchina.saas.utils.CollectionUtils;
-import com.usoftchina.saas.utils.JsonUtils;
-import com.usoftchina.saas.utils.RedisUtil;
+import com.usoftchina.smartschool.account.api.AccountApi;
+import com.usoftchina.smartschool.account.dto.AccountDTO;
+import com.usoftchina.smartschool.auth.jwt.JwtHelper;
+import com.usoftchina.smartschool.auth.jwt.JwtInfo;
+import com.usoftchina.smartschool.context.BaseContextHolder;
+import com.usoftchina.smartschool.exception.BizException;
+import com.usoftchina.smartschool.exception.ExceptionCode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -35,151 +20,47 @@ import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
 import java.util.List;
-import java.util.Set;
-import java.util.stream.Collectors;
 
-*/
-/**
- * 全局过滤器鉴权
- *
- * @author yingp
- * @date 2018/10/13
- *//*
 
 @Configuration
 @EnableConfigurationProperties({
-        AuthConfig.class,
-        CookieConfig.class
+        AuthConfig.class
 })
 public class AuthFilter implements GlobalFilter, Ordered {
 
     @Autowired
     private AuthConfig authConfig;
-
-    @Autowired
-    private CookieConfig cookieConfig;
-
     @Autowired
-    private AuthApi authApi;
+    private AccountApi accountApi;
 
     private static final Logger LOGGER = LoggerFactory.getLogger(AuthFilter.class);
 
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         try {
-            if (!isIgnore(exchange.getRequest())) {
                 // 鉴别身份信息
                 String token = getAuthToken(exchange.getRequest());
-                String key = CacheKeyHelper.generatePublicKey(token);
-                //刷新时间
-                RedisUtil.expire(key, authConfig.getExpire());
                 JwtInfo jwt = null;
                 try {
                     jwt = JwtHelper.getInfoFromToken(token, authConfig.getPublicKey());
                 } catch (BizException e) {
-                    if (ExceptionCode.JWT_TOKEN_EXPIRED.getCode() == e.getCode()) {
-                        jwt = (JwtInfo)RedisUtil.get(key);
-                        if (jwt == null) {
-                            throw new BizException(ExceptionCode.JWT_TOKEN_EXPIRED.getCode(), ExceptionCode.JWT_TOKEN_EXPIRED.getMessage());
-                        }
-                        Result<TokenDTO> result = authApi.generateToken(jwt);
-                        if (result.isSuccess() && null != result.getData()) {
-                            token = result.getData().getToken();
-                            //返回前端处理
-                            exchange.getResponse().getHeaders().add(authConfig.getAuthHeader(), token);
-                            //向headers中放token，记得build
-                            ServerHttpRequest request = exchange.getRequest().mutate().header(authConfig.getAuthHeader(), token).build();
-                            //将现在的request 变成 change对象
-                            exchange = exchange.mutate().request(request).build();
-                        }
-                        //删除已过期token信息
-                        RedisUtil.del(key);
-                    }
+                    throw new BizException(ExceptionCode.JWT_TOKEN_EXPIRED.getCode(), ExceptionCode.JWT_TOKEN_EXPIRED.getMessage());
                 }
                 BaseContextHolder.setAppId(jwt.getAppId());
                 BaseContextHolder.setUserId(jwt.getUserId());
-                BaseContextHolder.setCompanyId(jwt.getCompanyId());
-                BaseContextHolder.setUserName(jwt.getRealName());
+                BaseContextHolder.setUserName(jwt.getUserName());
                 BaseContextHolder.setToken(token);
-                if (jwt.getUserId() != -99999) {    //非虚拟用户登录时
-                    AccountDTO accountDTO = AccountCache.current().getAccount();
-                    if (null == accountDTO) {
-                        throw new BizException(ExceptionCode.USER_NOT_EXIST);
-                    }
-                    // 鉴别角色权限
-                    checkPermission(exchange.getRequest(), jwt, accountDTO);
+                AccountDTO accountDTO = accountApi.findByMobile(jwt.getUserName()).getData();
+                if (null == accountDTO) {
+                    throw new BizException(ExceptionCode.USER_NOT_EXIST);
                 }
-
-            }
             return chain.filter(exchange);
         } finally {
             BaseContextHolder.remove();
         }
     }
 
-    */
-/**
-     * 鉴别角色权限
-     *
-     * @param request
-     * @param jwt
-     * @param accountDTO
-     *//*
-
-    private void checkPermission(ServerHttpRequest request, JwtInfo jwt, AccountDTO accountDTO) {
-        LOGGER.info("JwtInfo: " + JsonUtils.toJsonString(jwt));
-        LOGGER.info("accountDTO:" + JsonUtils.toJsonString(accountDTO));
-        if (!accountDTO.isAdmin(jwt.getCompanyId())) {
-            // 非管理账户，需要鉴权
-            List<UrlResourceDTO> resources = ResourceCache.current().getUrlResources();
-            if (!CollectionUtils.isEmpty(resources)) {
-                // 本次请求相关的资源
-                List<UrlResourceDTO> permissions = resources.parallelStream().filter(resource -> {
-                    AntPathRequestMatcher matcher = new AntPathRequestMatcher(resource.getUrl(), resource.getMethod());
-                    return matcher.matches(request);
-                }).collect(Collectors.toList());
-                if (!CollectionUtils.isEmpty(permissions)) {
-                    Set<Long> resourceIds = accountDTO.getResources(jwt.getAppId(), jwt.getCompanyId());
-                    LOGGER.info("permissions: " + permissions);
-                    LOGGER.info("resourceIds: " + resourceIds);
-                    boolean permitted = false;
-                    if (null != resourceIds) {
-                        // 权限匹配
-                        permitted = permissions.stream()
-                                .anyMatch(resource -> resourceIds.contains(resource.getId()));
-                    }
-                    if (!permitted) {
-                        throw new PermissionException(permissions.get(0));
-                    }
-                }
-            }
-        }
-    }
-
-    */
-/**
-     * 是否设置为忽略鉴权的请求
-     *
-     * @param request
-     * @return
-     *//*
-
-    private boolean isIgnore(ServerHttpRequest request) {
-        return authConfig.getIgnores().stream().anyMatch(ignore ->
-                new AntPathRequestMatcher(ignore).matches(request));
-    }
-
     private String getAuthToken(ServerHttpRequest request) {
-        // from header
-        if (!request.getHeaders().containsKey(authConfig.getAuthHeader())) {
-            // from cookie
-            String token = getAuthCookieInfo(request);
-            if (null == token) {
-                throw new BizException(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
-            }
-            return token;
-        }
-
         List<String> headers = request.getHeaders().get(authConfig.getAuthHeader());
         if (headers.isEmpty()) {
             throw new BizException(ExceptionCode.JWT_ILLEGAL_ARGUMENT);
@@ -187,34 +68,8 @@ public class AuthFilter implements GlobalFilter, Ordered {
         return headers.get(0).trim();
     }
 
-    */
-/**
-     * 解析cookie获取身份
-     *
-     * @param request
-     * @return
-     *//*
-
-    private String getAuthCookieInfo(ServerHttpRequest request) {
-        if (request.getCookies().containsKey(cookieConfig.getName())) {
-            String value = request.getCookies().getFirst(cookieConfig.getName()).getValue();
-            CookieInfo info = CookieHelper.geInfoFromToken(value, cookieConfig.getSecretKey());
-            Result<AuthDTO> result = authApi.ssoAuthorize(info);
-            if (result.isSuccess()) {
-                TokenDTO token = result.getData().getToken();
-                // 传递身份信息到后面代理的服务
-                request.getHeaders().add(authConfig.getAuthHeader(), token.getToken());
-                return token.getToken();
-            } else {
-                throw new BizException(result.getCode(), result.getMessage());
-            }
-        }
-        return null;
-    }
-
     @Override
     public int getOrder() {
         return -100;
     }
 }
-*/