登录拦截

saas-module/src/main/java/com/makeit/controller/config/SwaggerFixtureConfig.java

+package com.makeit.controller.config;
+
+import com.makeit.config.BizCondition;
+import com.makeit.config.swagger.SwaggerModuleConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.context.annotation.Configuration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.RequestHandlerSelectors;
+import springfox.documentation.service.ApiInfo;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.ApiSelectorBuilder;
+import springfox.documentation.spring.web.plugins.Docket;
+
+import java.util.Arrays;
+
+/**
+ * swagger 配置类，访问地址：http://localhost:8080/swagger-ui.html
+ * Knife4j 访问地址：http://localhost:8080/doc.html
+ *
+ * @author yaohy
+ */
+@Configuration
+@Conditional(BizCondition.class)
+public class SwaggerFixtureConfig {
+
+    @Bean
+    public SwaggerModuleConfig fixtureModule() {
+        SwaggerModuleConfig config = new SwaggerModuleConfig();
+        config.setPackageList(Arrays.asList("com.makeit.controller"));
+        config.setModuleName("saas管理");
+        return config;
+    }
+
+
+    @Bean
+    public Docket fixtureApi() {
+
+        Docket docket = new Docket(DocumentationType.SWAGGER_2)
+                .apiInfo(apiInfo())
+                .groupName("01-saas管理");
+        ApiSelectorBuilder builder = docket.select();
+        //api过滤
+        builder = builder.apis(
+                RequestHandlerSelectors.basePackage("com.makeit.controller.saas")
+        );
+        return builder.build();
+    }
+
+    private ApiInfo apiInfo() {
+        return new ApiInfoBuilder().title("IOT文档")
+                .description("服务端接口文档")
+                .version("1.0.1")
+                .build();
+    }
+}
+//TODO ywc 放到各自的模块里
\ No newline at end of file

server-common/src/main/java/com/makeit/config/WebInterceptorConfig.java

 package com.makeit.config;
 
 import com.makeit.global.inteceptor.RequestIdInterceptor;
-import com.makeit.global.inteceptor.SysAuthenticationInterceptor;
-import com.makeit.global.inteceptor.SysAuthorizationInterceptor;
+import com.makeit.global.inteceptor.SaasAuthenticationInterceptor;
+import com.makeit.global.inteceptor.SaasAuthorizationInterceptor;
+import com.makeit.global.inteceptor.TntAuthenticationInterceptor;
+import com.makeit.global.inteceptor.TntAuthorizationInterceptor;
 import com.makeit.utils.old.StringUtils;
 import lombok.Data;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,16 +25,21 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
     private RequestIdInterceptor requestIdInterceptor;
 
     @Autowired
-    private SysAuthenticationInterceptor sysAuthenticationInterceptor;
+    private TntAuthenticationInterceptor tntAuthenticationInterceptor;
+    @Autowired
+    private TntAuthorizationInterceptor tntAuthorizationInterceptor;
 
     @Autowired
-    private SysAuthorizationInterceptor sysAuthorizationInterceptor;
+    private SaasAuthenticationInterceptor saasAuthenticationInterceptor;
+    @Autowired
+    private SaasAuthorizationInterceptor saasAuthorizationInterceptor;
+
 
-    private String authenticationPlatPath;
-    private String authenticationPlatPathIgnore;
+    private String authenticationSaasPath;
+    private String authenticationSaasPathIgnore;
 
-    private String authorizationPlatPath;
-    private String authorizationPlatPathIgnore;
+    private String authorizationSaasPath;
+    private String authorizationSaasPathIgnore;
 
 
     private String authenticationTntPath;
@@ -44,27 +51,29 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
 
+        //请求日志
         registry.addInterceptor(requestIdInterceptor).addPathPatterns("/**");
 
-        InterceptorRegistration authenticationTnt = registry.addInterceptor(sysAuthenticationInterceptor);
+        //tnt 认证
+        addInterceptor(registry.addInterceptor(tntAuthenticationInterceptor), authenticationTntPath, authenticationTntPathIgnore);
+        //tnt 授权
+        addInterceptor(registry.addInterceptor(tntAuthorizationInterceptor), authorizationTntPath, authorizationTntPathIgnore);
+        //saas 认证
+        addInterceptor(registry.addInterceptor(saasAuthenticationInterceptor), authenticationSaasPath, authenticationSaasPathIgnore);
+        //saas 授权
+        addInterceptor(registry.addInterceptor(saasAuthorizationInterceptor), authorizationSaasPath, authorizationSaasPathIgnore);
 
-        if (StringUtils.isNotBlank(authenticationTntPath)) {
-            authenticationTnt.addPathPatterns(Arrays.asList(authenticationTntPath.split(",")));
-        }
-        if (StringUtils.isNotBlank(authenticationTntPathIgnore)) {
-            authenticationTnt.excludePathPatterns(Arrays.asList(authenticationTntPathIgnore.split(",")));
     }
 
-        InterceptorRegistration authorizationTnt = registry.addInterceptor(sysAuthorizationInterceptor);
+    private void addInterceptor(InterceptorRegistration registry, String authenticationPath, String authenticationPathIgnore) {
+        InterceptorRegistration authenticationTnt = registry;
 
-        if (StringUtils.isNotBlank(authorizationTntPath)) {
-            authorizationTnt.addPathPatterns(Arrays.asList(authorizationTntPath.split(",")));
+        if (StringUtils.isNotBlank(authenticationPath)) {
+            authenticationTnt.addPathPatterns(Arrays.asList(authenticationPath.split(",")));
         }
-        if (StringUtils.isNotBlank(authorizationTntPathIgnore)) {
-            authorizationTnt.excludePathPatterns(Arrays.asList(authorizationTntPathIgnore.split(",")));
+        if (StringUtils.isNotBlank(authenticationPathIgnore)) {
+            authenticationTnt.excludePathPatterns(Arrays.asList(authenticationPathIgnore.split(",")));
         }
-
-
     }
 
 

server-common/src/main/java/com/makeit/enums/HeaderConst.java

@@ -4,8 +4,9 @@ public class HeaderConst {
 
     public static final String TENANT_ID = Const.TENANT_ID;
 
-    public static final String PLATFORM_TOKEN = "platformToken";
-
+    //todo 2023年8月29日 不区分呢
+//    public static final String PLATFORM_TOKEN = "platformToken";
+    public static final String PLATFORM_TOKEN = "token";
     public static final String TOKEN = "token";
     public static final String WECHAT_TOKEN = "wechatToken";
 

server-common/src/main/java/com/makeit/enums/order/InterceptorOrderConst.java

@@ -12,6 +12,10 @@ public class InterceptorOrderConst {
 
     public static final int REQUEST_ID_INTERCEPTOR = 105;//这里用到用户信息
 
+    public static final int PLAT_AUTHENTICATION_INTERCEPTOR = 120;
+    public static final int PLAT_AUTHORIZATION_INTERCEPTOR = 130;
+
+
     public static final int TNT_AUTHENTICATION_INTERCEPTOR = 140;
     public static final int TNT_AUTHORIZATION_INTERCEPTOR = 150;
 

server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthenticationInterceptor.java

+package com.makeit.global.inteceptor;
+
+import com.makeit.enums.order.InterceptorOrderConst;
+import com.makeit.global.annotation.AuthIgnore;
+import com.makeit.utils.user.TokenUtil;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Order(InterceptorOrderConst.PLAT_AUTHENTICATION_INTERCEPTOR)
+@Component
+public class SaasAuthenticationInterceptor implements HandlerInterceptor {
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+
+        AuthIgnore annotation;
+        if (handler instanceof HandlerMethod) {
+            annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthIgnore.class);
+        } else {
+            return true;
+        }
+
+        //如果有@IgnoreAuth注解，则不验证token
+        if (annotation != null) {
+            return true;
+        }
+
+        TokenUtil.platGetToken();
+        TokenUtil.platRefreshToken();
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+
+    }
+}

server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthorizationInterceptor.java

+package com.makeit.global.inteceptor;
+
+import com.makeit.enums.CodeMessageEnum;
+import com.makeit.enums.id.IdConst;
+import com.makeit.enums.order.InterceptorOrderConst;
+import com.makeit.exception.BusinessException;
+import com.makeit.global.annotation.Action;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
+import com.makeit.utils.user.PlatUserUtil;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashSet;
+import java.util.Set;
+
+@Order(InterceptorOrderConst.PLAT_AUTHORIZATION_INTERCEPTOR)
+@Component
+public class SaasAuthorizationInterceptor implements HandlerInterceptor {
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        Action annotation;
+        if (handler instanceof HandlerMethod) {
+            annotation = ((HandlerMethod) handler).getMethodAnnotation(Action.class);
+        } else {
+            return true;
+        }
+
+        //如果没有@PermissionInfo注解，则不验证
+        if (annotation == null) {
+            return true;
+        }
+
+        SaasUserRoleMenuRedisVO userLoginVO = PlatUserUtil.getPlatUserRoleMenu();
+        if (userLoginVO == null) {
+            return true;
+        }
+
+        if (IdConst.SUPER_ADMIN_ID.equals(userLoginVO.getId())) {
+            return true;
+        }
+
+        Set<String> codeSet = new HashSet<>(userLoginVO.getButtonCodeList());
+        for (String e : annotation.code()) {
+            if (codeSet.contains(e)) {
+                return true;
+            }
+        }
+        throw new BusinessException(CodeMessageEnum.SYSTEM_ERROR_NO_PERMISSION);
+        //return false;
+
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+
+    }
+}

server-common/src/main/java/com/makeit/global/inteceptor/SysAuthenticationInterceptor.java → server-common/src/main/java/com/makeit/global/inteceptor/TntAuthenticationInterceptor.java

@@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse;
 
 @Order(InterceptorOrderConst.TNT_AUTHENTICATION_INTERCEPTOR)
 @Component
-public class SysAuthenticationInterceptor implements HandlerInterceptor {
+public class TntAuthenticationInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
 

server-common/src/main/java/com/makeit/global/inteceptor/SysAuthorizationInterceptor.java → server-common/src/main/java/com/makeit/global/inteceptor/TntAuthorizationInterceptor.java

@@ -20,7 +20,7 @@ import java.util.Set;
 
 @Order(InterceptorOrderConst.TNT_AUTHORIZATION_INTERCEPTOR)
 @Component
-public class SysAuthorizationInterceptor implements HandlerInterceptor {
+public class TntAuthorizationInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
 

server-common/src/main/java/com/makeit/module/admin/saas/UserRoleMenuRedisVO.java → server-common/src/main/java/com/makeit/module/admin/saas/SaasUserRoleMenuRedisVO.java

@@ -7,7 +7,7 @@ import java.io.Serializable;
 import java.util.List;
 
 @Data
-public class UserRoleMenuRedisVO implements Serializable {
+public class SaasUserRoleMenuRedisVO implements Serializable {
 
     @ApiModelProperty("id")
     private String id;

server-common/src/main/java/com/makeit/utils/user/PlatUserUtil.java

 package com.makeit.utils.user;
 
 
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.utils.data.convert.BeanDtoVoUtils;
 
 public class PlatUserUtil {
@@ -20,7 +20,7 @@ public class PlatUserUtil {
         return TokenUtil.getPlatUserDetail();
     }
 
-    public static UserRoleMenuRedisVO getPlatUserRoleMenu(){
+    public static SaasUserRoleMenuRedisVO getPlatUserRoleMenu(){
         return TokenUtil.getPlatUserRoleMenu();
     }
 

server-common/src/main/java/com/makeit/utils/user/TokenUtil.java

@@ -5,7 +5,7 @@ import com.makeit.enums.CodeMessageEnum;
 import com.makeit.enums.HeaderConst;
 import com.makeit.enums.redis.RedisConst;
 import com.makeit.exception.BusinessException;
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.utils.redis.RedisTemplateUtil;
 import com.makeit.utils.redis.RedisUtil;
 import com.makeit.utils.request.RequestUtil;
@@ -284,16 +284,27 @@ public class TokenUtil {
         login(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN), t);
     }
 
-    public static UserRoleMenuRedisVO getPlatUserRoleMenu() {
+    public static SaasUserRoleMenuRedisVO getPlatUserRoleMenu() {
         String token = RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN);
         if (StringUtils.isNotBlank(token)) {
-            UserRoleMenuRedisVO userLoginVO = RedisUtil.get(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX + token);
+            SaasUserRoleMenuRedisVO userLoginVO = RedisUtil.get(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX + token);
             return userLoginVO;
         }
         return null;
     }
 
-    public static <T> void platLogin(String token, T t) {
+    /**
+     * saas端登录
+     * @param token
+     * @param t
+     * @param <T>
+     */
+    public static <T> void saasLogin(String token, T t) {
         login(RedisConst.PLATFORM_TOKEN_PREFIX, token, t);
     }
+
+    public static void platRefreshToken() {
+        refreshToken(RedisConst.PLATFORM_TOKEN_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN));
+        refreshToken(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN));
+    }
 }

server-service/src/main/java/com/makeit/service/saas/impl/SaasUserServiceImpl.java

@@ -25,7 +25,7 @@ import com.makeit.module.admin.saas.PlatMenuDTOVO;
 import com.makeit.module.admin.saas.PlatRoleDTOVO;
 import com.makeit.module.admin.saas.PlatUserDTOVO;
 import com.makeit.module.admin.saas.PlatUserQueryDTO;
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.service.saas.SaasMenuService;
 import com.makeit.service.saas.SaasRoleMenuService;
 import com.makeit.service.saas.SaasRoleService;
@@ -344,7 +344,7 @@ implements SaasUserService{
     }
 
     private void setRoleMenuToRedis(UserLoginVO userLoginVO) {
-        UserRoleMenuRedisVO platUserRoleMenuRedisVO = new UserRoleMenuRedisVO();
+        SaasUserRoleMenuRedisVO platUserRoleMenuRedisVO = new SaasUserRoleMenuRedisVO();
         platUserRoleMenuRedisVO.setId(userLoginVO.getId());
         if (userLoginVO.getRoleList() != null) {
             platUserRoleMenuRedisVO.setRoleCodeList(StreamUtil.map(userLoginVO.getRoleList(), PlatRoleDTOVO::getCode));
@@ -445,7 +445,7 @@ implements SaasUserService{
         userLoginVO.setToken(token);
         //getRoleAndMenuList(userLoginVO);
 
-        TokenUtil.platLogin(token, userLoginVO);
+        TokenUtil.saasLogin(token, userLoginVO);
 
         //tntLoginLogService.addPlatform(userLoginVO.getId());
 

server-web/src/main/resources/application.yml

@@ -110,13 +110,19 @@ sa-token:
 interceptor:
   ## 登录拦截路径
   authenticationTntPath: /**
-  authenticationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/login/**,/error
+  authenticationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/**,/error
 
   ## 权限拦截路径
   authorizationTntPath: /**
-  authorizationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/login/**,/error
+  authorizationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/**,/error
 
+  ## saas端登录拦截路径
+  authenticationSaasPath: /saas/**
+  authenticationSaasPathIgnore: /saas/login/login
 
+  ## saas端权限拦截路径
+  authorizationSaasPath: /saas/**
+  authorizationSaasPathIgnore: /saas/login/login
 
 sign:
   flag: true