登录拦截

195e200c · 李小龙 · bc0a4755 · 195e200c · 195e200c · 195e200c
Commit 195e200c authored Aug 29, 2023 by 李小龙
Showing with 241 additions and 38 deletions
saas-module/src/main/java/com/makeit/controller/config/SwaggerFixtureConfig.java
server-common/src/main/java/com/makeit/config/WebInterceptorConfig.java
server-common/src/main/java/com/makeit/enums/HeaderConst.java
server-common/src/main/java/com/makeit/enums/order/InterceptorOrderConst.java
server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthenticationInterceptor.java
server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthorizationInterceptor.java
server-common/src/main/java/com/makeit/global/inteceptor/SysAuthenticationInterceptor.java → server-common/src/main/java/com/makeit/global/inteceptor/TntAuthenticationInterceptor.java
server-common/src/main/java/com/makeit/global/inteceptor/SysAuthorizationInterceptor.java → server-common/src/main/java/com/makeit/global/inteceptor/TntAuthorizationInterceptor.java
server-common/src/main/java/com/makeit/module/admin/saas/UserRoleMenuRedisVO.java → server-common/src/main/java/com/makeit/module/admin/saas/SaasUserRoleMenuRedisVO.java
server-common/src/main/java/com/makeit/utils/user/PlatUserUtil.java
server-common/src/main/java/com/makeit/utils/user/TokenUtil.java
server-service/src/main/java/com/makeit/service/saas/impl/SaasUserServiceImpl.java
server-web/src/main/resources/application.yml
--- a/saas-module/src/main/java/com/makeit/controller/config/SwaggerFixtureConfig.java
+++ b/saas-module/src/main/java/com/makeit/controller/config/SwaggerFixtureConfig.java
+package com.makeit.controller.config;
+import com.makeit.config.BizCondition;
+import com.makeit.config.swagger.SwaggerModuleConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.context.annotation.Configuration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.RequestHandlerSelectors;
+import springfox.documentation.service.ApiInfo;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.ApiSelectorBuilder;
+import springfox.documentation.spring.web.plugins.Docket;
+import java.util.Arrays;
+/**
+ * swagger 配置类，访问地址：http://localhost:8080/swagger-ui.html
+ * Knife4j 访问地址：http://localhost:8080/doc.html
+ *
+ * @author yaohy
+ */
+@Configuration
+@Conditional(BizCondition.class)
+public class SwaggerFixtureConfig {
+    @Bean
+    public SwaggerModuleConfig fixtureModule() {
+        SwaggerModuleConfig config = new SwaggerModuleConfig();
+        config.setPackageList(Arrays.asList("com.makeit.controller"));
+        config.setModuleName("saas管理");
+        return config;
+    }
+    @Bean
+    public Docket fixtureApi() {
+        Docket docket = new Docket(DocumentationType.SWAGGER_2)
+                .apiInfo(apiInfo())
+                .groupName("01-saas管理");
+        ApiSelectorBuilder builder = docket.select();
+        //api过滤
+        builder = builder.apis(
+                RequestHandlerSelectors.basePackage("com.makeit.controller.saas")
+        );
+        return builder.build();
+    }
+    private ApiInfo apiInfo() {
+        return new ApiInfoBuilder().title("IOT文档")
+                .description("服务端接口文档")
+                .version("1.0.1")
+                .build();
+    }
+}
+//TODO ywc 放到各自的模块里
\ No newline at end of file
--- a/server-common/src/main/java/com/makeit/config/WebInterceptorConfig.java
+++ b/server-common/src/main/java/com/makeit/config/WebInterceptorConfig.java
 package com.makeit.config;
 import com.makeit.global.inteceptor.RequestIdInterceptor;
-import com.makeit.global.inteceptor.SysAuthenticationInterceptor;
+import com.makeit.global.inteceptor.SaasAuthenticationInterceptor;
-import com.makeit.global.inteceptor.SysAuthorizationInterceptor;
+import com.makeit.global.inteceptor.SaasAuthorizationInterceptor;
+import com.makeit.global.inteceptor.TntAuthenticationInterceptor;
+import com.makeit.global.inteceptor.TntAuthorizationInterceptor;
 import com.makeit.utils.old.StringUtils;
 import lombok.Data;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,16 +25,21 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
    private RequestIdInterceptor requestIdInterceptor;
    @Autowired
-    private SysAuthenticationInterceptor sysAuthenticationInterceptor;
+    private TntAuthenticationInterceptor tntAuthenticationInterceptor;
+    @Autowired
+    private TntAuthorizationInterceptor tntAuthorizationInterceptor;
    @Autowired
-    private SysAuthorizationInterceptor sysAuthorizationInterceptor;
+    private SaasAuthenticationInterceptor saasAuthenticationInterceptor;
+    @Autowired
+    private SaasAuthorizationInterceptor saasAuthorizationInterceptor;
-    private String authenticationPlatPath;
-    private String authenticationPlatPathIgnore;
-    private String authorizationPlatPath;
+    private String authenticationSaasPath;
-    private String authorizationPlatPathIgnore;
+    private String authenticationSaasPathIgnore;
+    private String authorizationSaasPath;
+    private String authorizationSaasPathIgnore;
    private String authenticationTntPath;
@@ -44,27 +51,29 @@ public class WebInterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
+        //请求日志
        registry.addInterceptor(requestIdInterceptor).addPathPatterns("/**");
-        InterceptorRegistration authenticationTnt = registry.addInterceptor(sysAuthenticationInterceptor);
+        //tnt 认证
+        addInterceptor(registry.addInterceptor(tntAuthenticationInterceptor), authenticationTntPath, authenticationTntPathIgnore);
+        //tnt 授权
+        addInterceptor(registry.addInterceptor(tntAuthorizationInterceptor), authorizationTntPath, authorizationTntPathIgnore);
+        //saas 认证
+        addInterceptor(registry.addInterceptor(saasAuthenticationInterceptor), authenticationSaasPath, authenticationSaasPathIgnore);
+        //saas 授权
+        addInterceptor(registry.addInterceptor(saasAuthorizationInterceptor), authorizationSaasPath, authorizationSaasPathIgnore);
-        if (StringUtils.isNotBlank(authenticationTntPath)) {
+    }
-            authenticationTnt.addPathPatterns(Arrays.asList(authenticationTntPath.split(",")));
-        }
-        if (StringUtils.isNotBlank(authenticationTntPathIgnore)) {
-            authenticationTnt.excludePathPatterns(Arrays.asList(authenticationTntPathIgnore.split(",")));
-        }
-        InterceptorRegistration authorizationTnt = registry.addInterceptor(sysAuthorizationInterceptor);
+    private void addInterceptor(InterceptorRegistration registry, String authenticationPath, String authenticationPathIgnore) {
+        InterceptorRegistration authenticationTnt = registry;
-        if (StringUtils.isNotBlank(authorizationTntPath)) {
+        if (StringUtils.isNotBlank(authenticationPath)) {
-            authorizationTnt.addPathPatterns(Arrays.asList(authorizationTntPath.split(",")));
+            authenticationTnt.addPathPatterns(Arrays.asList(authenticationPath.split(",")));
        }
-        if (StringUtils.isNotBlank(authorizationTntPathIgnore)) {
+        if (StringUtils.isNotBlank(authenticationPathIgnore)) {
-            authorizationTnt.excludePathPatterns(Arrays.asList(authorizationTntPathIgnore.split(",")));
+            authenticationTnt.excludePathPatterns(Arrays.asList(authenticationPathIgnore.split(",")));
        }
    }

--- a/server-common/src/main/java/com/makeit/enums/HeaderConst.java
+++ b/server-common/src/main/java/com/makeit/enums/HeaderConst.java
@@ -4,8 +4,9 @@ public class HeaderConst {
    public static final String TENANT_ID = Const.TENANT_ID;
-    public static final String PLATFORM_TOKEN = "platformToken";
+    //todo 2023年8月29日 不区分呢
+//    public static final String PLATFORM_TOKEN = "platformToken";
+    public static final String PLATFORM_TOKEN = "token";
    public static final String TOKEN = "token";
    public static final String WECHAT_TOKEN = "wechatToken";

--- a/server-common/src/main/java/com/makeit/enums/order/InterceptorOrderConst.java
+++ b/server-common/src/main/java/com/makeit/enums/order/InterceptorOrderConst.java
@@ -12,6 +12,10 @@ public class InterceptorOrderConst {
    public static final int REQUEST_ID_INTERCEPTOR = 105;//这里用到用户信息
+    public static final int PLAT_AUTHENTICATION_INTERCEPTOR = 120;
+    public static final int PLAT_AUTHORIZATION_INTERCEPTOR = 130;
    public static final int TNT_AUTHENTICATION_INTERCEPTOR = 140;
    public static final int TNT_AUTHORIZATION_INTERCEPTOR = 150;

--- a/server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthenticationInterceptor.java
+++ b/server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthenticationInterceptor.java
+package com.makeit.global.inteceptor;
+import com.makeit.enums.order.InterceptorOrderConst;
+import com.makeit.global.annotation.AuthIgnore;
+import com.makeit.utils.user.TokenUtil;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+@Order(InterceptorOrderConst.PLAT_AUTHENTICATION_INTERCEPTOR)
+@Component
+public class SaasAuthenticationInterceptor implements HandlerInterceptor {
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        AuthIgnore annotation;
+        if (handler instanceof HandlerMethod) {
+            annotation = ((HandlerMethod) handler).getMethodAnnotation(AuthIgnore.class);
+        } else {
+            return true;
+        }
+        //如果有@IgnoreAuth注解，则不验证token
+        if (annotation != null) {
+            return true;
+        }
+        TokenUtil.platGetToken();
+        TokenUtil.platRefreshToken();
+        return true;
+    }
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+    }
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+    }
+}
--- a/server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthorizationInterceptor.java
+++ b/server-common/src/main/java/com/makeit/global/inteceptor/SaasAuthorizationInterceptor.java
+package com.makeit.global.inteceptor;
+import com.makeit.enums.CodeMessageEnum;
+import com.makeit.enums.id.IdConst;
+import com.makeit.enums.order.InterceptorOrderConst;
+import com.makeit.exception.BusinessException;
+import com.makeit.global.annotation.Action;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
+import com.makeit.utils.user.PlatUserUtil;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashSet;
+import java.util.Set;
+@Order(InterceptorOrderConst.PLAT_AUTHORIZATION_INTERCEPTOR)
+@Component
+public class SaasAuthorizationInterceptor implements HandlerInterceptor {
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        Action annotation;
+        if (handler instanceof HandlerMethod) {
+            annotation = ((HandlerMethod) handler).getMethodAnnotation(Action.class);
+        } else {
+            return true;
+        }
+        //如果没有@PermissionInfo注解，则不验证
+        if (annotation == null) {
+            return true;
+        }
+        SaasUserRoleMenuRedisVO userLoginVO = PlatUserUtil.getPlatUserRoleMenu();
+        if (userLoginVO == null) {
+            return true;
+        }
+        if (IdConst.SUPER_ADMIN_ID.equals(userLoginVO.getId())) {
+            return true;
+        }
+        Set<String> codeSet = new HashSet<>(userLoginVO.getButtonCodeList());
+        for (String e : annotation.code()) {
+            if (codeSet.contains(e)) {
+                return true;
+            }
+        }
+        throw new BusinessException(CodeMessageEnum.SYSTEM_ERROR_NO_PERMISSION);
+        //return false;
+    }
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+    }
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+    }
+}
--- a/server-common/src/main/java/com/makeit/global/inteceptor/SysAuthenticationInterceptor.java
+++ b/server-common/src/main/java/com/makeit/global/inteceptor/SysAuthenticationInterceptor.java
@@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse;
 @Order(InterceptorOrderConst.TNT_AUTHENTICATION_INTERCEPTOR)
 @Component
-public class SysAuthenticationInterceptor implements HandlerInterceptor {
+public class TntAuthenticationInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

--- a/server-common/src/main/java/com/makeit/global/inteceptor/SysAuthorizationInterceptor.java
+++ b/server-common/src/main/java/com/makeit/global/inteceptor/SysAuthorizationInterceptor.java
@@ -20,7 +20,7 @@ import java.util.Set;
 @Order(InterceptorOrderConst.TNT_AUTHORIZATION_INTERCEPTOR)
 @Component
-public class SysAuthorizationInterceptor implements HandlerInterceptor {
+public class TntAuthorizationInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

--- a/server-common/src/main/java/com/makeit/module/admin/saas/UserRoleMenuRedisVO.java
+++ b/server-common/src/main/java/com/makeit/module/admin/saas/UserRoleMenuRedisVO.java
@@ -7,7 +7,7 @@ import java.io.Serializable;
 import java.util.List;
 @Data
-public class UserRoleMenuRedisVO implements Serializable {
+public class SaasUserRoleMenuRedisVO implements Serializable {
    @ApiModelProperty("id")
    private String id;

--- a/server-common/src/main/java/com/makeit/utils/user/PlatUserUtil.java
+++ b/server-common/src/main/java/com/makeit/utils/user/PlatUserUtil.java
 package com.makeit.utils.user;
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.utils.data.convert.BeanDtoVoUtils;
 public class PlatUserUtil {
@@ -20,7 +20,7 @@ public class PlatUserUtil {
        return TokenUtil.getPlatUserDetail();
    }
-    public static UserRoleMenuRedisVO getPlatUserRoleMenu(){
+    public static SaasUserRoleMenuRedisVO getPlatUserRoleMenu(){
        return TokenUtil.getPlatUserRoleMenu();
    }

--- a/server-common/src/main/java/com/makeit/utils/user/TokenUtil.java
+++ b/server-common/src/main/java/com/makeit/utils/user/TokenUtil.java
@@ -5,7 +5,7 @@ import com.makeit.enums.CodeMessageEnum;
 import com.makeit.enums.HeaderConst;
 import com.makeit.enums.redis.RedisConst;
 import com.makeit.exception.BusinessException;
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.utils.redis.RedisTemplateUtil;
 import com.makeit.utils.redis.RedisUtil;
 import com.makeit.utils.request.RequestUtil;
@@ -284,16 +284,27 @@ public class TokenUtil {
        login(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN), t);
    }
-    public static UserRoleMenuRedisVO getPlatUserRoleMenu() {
+    public static SaasUserRoleMenuRedisVO getPlatUserRoleMenu() {
        String token = RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN);
        if (StringUtils.isNotBlank(token)) {
-            UserRoleMenuRedisVO userLoginVO = RedisUtil.get(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX + token);
+            SaasUserRoleMenuRedisVO userLoginVO = RedisUtil.get(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX + token);
            return userLoginVO;
        }
        return null;
    }
-    public static <T> void platLogin(String token, T t) {
+    /**
+     * saas端登录
+     * @param token
+     * @param t
+     * @param <T>
+     */
+    public static <T> void saasLogin(String token, T t) {
        login(RedisConst.PLATFORM_TOKEN_PREFIX, token, t);
    }
+    public static void platRefreshToken() {
+        refreshToken(RedisConst.PLATFORM_TOKEN_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN));
+        refreshToken(RedisConst.PLATFORM_TOKEN_ROLE_MENU_PREFIX, RequestUtil.getHeader(HeaderConst.PLATFORM_TOKEN));
+    }
 }
--- a/server-service/src/main/java/com/makeit/service/saas/impl/SaasUserServiceImpl.java
+++ b/server-service/src/main/java/com/makeit/service/saas/impl/SaasUserServiceImpl.java
@@ -25,7 +25,7 @@ import com.makeit.module.admin.saas.PlatMenuDTOVO;
 import com.makeit.module.admin.saas.PlatRoleDTOVO;
 import com.makeit.module.admin.saas.PlatUserDTOVO;
 import com.makeit.module.admin.saas.PlatUserQueryDTO;
-import com.makeit.module.admin.saas.UserRoleMenuRedisVO;
+import com.makeit.module.admin.saas.SaasUserRoleMenuRedisVO;
 import com.makeit.service.saas.SaasMenuService;
 import com.makeit.service.saas.SaasRoleMenuService;
 import com.makeit.service.saas.SaasRoleService;
@@ -344,7 +344,7 @@ implements SaasUserService{
    }
    private void setRoleMenuToRedis(UserLoginVO userLoginVO) {
-        UserRoleMenuRedisVO platUserRoleMenuRedisVO = new UserRoleMenuRedisVO();
+        SaasUserRoleMenuRedisVO platUserRoleMenuRedisVO = new SaasUserRoleMenuRedisVO();
        platUserRoleMenuRedisVO.setId(userLoginVO.getId());
        if (userLoginVO.getRoleList() != null) {
            platUserRoleMenuRedisVO.setRoleCodeList(StreamUtil.map(userLoginVO.getRoleList(), PlatRoleDTOVO::getCode));
@@ -445,7 +445,7 @@ implements SaasUserService{
        userLoginVO.setToken(token);
        //getRoleAndMenuList(userLoginVO);
-        TokenUtil.platLogin(token, userLoginVO);
+        TokenUtil.saasLogin(token, userLoginVO);
        //tntLoginLogService.addPlatform(userLoginVO.getId());

--- a/server-web/src/main/resources/application.yml
+++ b/server-web/src/main/resources/application.yml
@@ -110,13 +110,19 @@ sa-token:
 interceptor:
  ## 登录拦截路径
  authenticationTntPath: /**
-  authenticationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/login/**,/error
+  authenticationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/**,/error
  ## 权限拦截路径
  authorizationTntPath: /**
-  authorizationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/login/**,/error
+  authorizationTntPathIgnore: /swagger-resources/**,/v2/api-docs/**,/sys/login/**,/sys/dictionaryCategory/getDictionaryCategoryByList,/mobile/**,/doc.html,/saas/**,/error
+  ## saas端登录拦截路径
+  authenticationSaasPath: /saas/**
+  authenticationSaasPathIgnore: /saas/login/login
+  ## saas端权限拦截路径
+  authorizationSaasPath: /saas/**
+  authorizationSaasPathIgnore: /saas/login/login
 sign:
  flag: true