1 year ago · 2256042484
--- a/src/main/java/com/tuoheng/gateway/config/GatewayFilterConfig.java
+++ b/src/main/java/com/tuoheng/gateway/config/GatewayFilterConfig.java
@@ -65,7 +65,7 @@ public class GatewayFilterConfig implements GlobalFilter, Ordered {
            //去除gateway path 前缀
            String apiUrl = requestUrl.replace(GatewayUrlPathUtil.getPathByClientId(clientId),"");
            List<Integer> roleIds = GatewayUrlPathUtil.getRoleIdByApiUrlPermission(clientId, apiUrl, token);
            log.info("roleIds is :{}", clientId);
            log.info("roleIds is :{}", roleIds);
            //return invalidClientIdMono(exchange);
            if(roleIds.size() > 0){
                //说明这个url 需要一定的角色才可以访问
--- a/src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java
+++ b/src/main/java/com/tuoheng/gateway/config/WebSecurityConfig.java
@@ -1,6 +1,7 @@
 package com.tuoheng.gateway.config;

 import com.tuoheng.gateway.constants.AuthorityConstant;
 import com.tuoheng.gateway.constants.PermitPathConstant;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
@@ -63,13 +64,15 @@ public class WebSecurityConfig {
    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity){
        String[] OAUTH_PATH = oauthUrlStr.split(",");
        String[] PERMIT_PATH = permitUrlStr.split(",");
        String[] HhzPermitPath = PermitPathConstant.hhzPermitUrlStr;
        httpSecurity
                .authorizeExchange()
                .pathMatchers(OAUTH_PATH).hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_DSP_MP, AuthorityConstant.SCOPE_TUOHNEG_DSP_WEB)
                .pathMatchers(HhzPermitPath).permitAll()
                .pathMatchers("/pilot/miniprogram/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_PILOT_MP)
                .pathMatchers("/pilot/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_PILOT_ADMIN)
                .pathMatchers("/hhz/admin/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_HHZ_ADMIN)
                .pathMatchers("/hhz/api/**").hasAnyAuthority(AuthorityConstant.SCOPE_ADMIN, AuthorityConstant.SCOPE_TUOHNEG_HHZ_MP)
                .pathMatchers("/oidc/admin/**").authenticated()
                //.pathMatchers(PERMIT_PATH).permitAll()
                .anyExchange().permitAll()
--- a/src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java
+++ b/src/main/java/com/tuoheng/gateway/constants/AuthorityConstant.java
@@ -31,6 +31,6 @@ public class AuthorityConstant {
     */
    public static final String SCOPE_TUOHNEG_HHZ_ADMIN = "SCOPE_tuoheng-hhz-admin";


    public static final String SCOPE_TUOHNEG_HHZ_MP = "SCOPE_tuoheng-hhz-mp";

 }
--- a/src/main/java/com/tuoheng/gateway/constants/PermitPathConstant.java
+++ b/src/main/java/com/tuoheng/gateway/constants/PermitPathConstant.java
@@ -0,0 +1,34 @@
 package com.tuoheng.gateway.constants;

 /**
 * @author chenjiandong
 * @description: TODO
 * @date 2022/12/1 8:49
 */
 public class PermitPathConstant {

    public static String hhzPermitUrlStr[] = {
            "/hhz/admin/analyse/**",
            "/hhz/admin/websocket/**",
            "/hhz/admin/login/**",
            "/hhz/admin/meeting/updatePeopleStatus/**",
            "/hhz/admin/download/workUserExcel/**",
            "/hhz/admin/tencentCloudRtc/genUserSig/**",
            "/hhz/admin/inspection/track/**",
            "/hhz/admin/inspection/uploadFlightUrl/**",
            "/hhz/admin/inspection/updateTaskByCode/**",
            "/hhz/admin/inspection/status/**",
            "/hhz/admin/taskFile/**",
            "/hhz/admin/flightdata/**",
            "/hhz/admin/tenant/**",
            "/hhz/admin/dsp/**",
            "/hhz/admin/common/**",
            "/hhz/api/tenant/**",
            "/hhz/api/dsp/**",
            "/hhz/api/meeting/updatePeopleStatus/**",
            "/hhz/api/common/**",
            "/hhz/api/common/**",
            "/hhz/api/apiConfig/getConfigInfo/**"
    };

 }
--- a/src/main/java/com/tuoheng/gateway/utils/GatewayUrlPathUtil.java
+++ b/src/main/java/com/tuoheng/gateway/utils/GatewayUrlPathUtil.java
@@ -23,6 +23,8 @@ public class GatewayUrlPathUtil {

    private static final String HHZ_ADMIN = "tuoheng-hhz-admin";

    private static final String HHZ_MP = "tuoheng-hhz-mp";

    /**
     * 获取 gateway 路由前缀，匹配url
     * @param clientId
@@ -34,6 +36,9 @@ public class GatewayUrlPathUtil {
            case HHZ_ADMIN:
                apiPath = "/hhz/admin";
                break;
            case HHZ_MP:
                apiPath = "/hhz/api";
                break;
        }
        return apiPath;
    }
@@ -44,7 +49,7 @@ public class GatewayUrlPathUtil {
     */
    public static List<Integer> getRoleIdByApiUrlPermission(String clientId, String apiUrl, String token){
        List<Integer> resList = new ArrayList<>();
        if(clientId.equals(HHZ_ADMIN)){
        if(clientId.equals(HHZ_ADMIN) || clientId.equals(HHZ_MP)){
            String url = CommonsConfig.hhzPermissionUrl;
            HttpHeaders resultRequestHeader = new HttpHeaders();
            resultRequestHeader.add("Authorization", "Bearer " + token);
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@@ -123,6 +123,27 @@ spring:
            - Path=/pilot/web/**
          filters:
            - StripPrefix=2
        # freeway后台管理
        - id: tuoheng-freeway-admin
          uri: lb://tuoheng-freeway-admin
          predicates:
            - Path=/freeway/admin/**
          filters:
            - StripPrefix=2
        # freeway小程序服务
        - id: tuoheng-freeway-miniprogram
          uri: lb://tuoheng-freeway-miniprogram
          predicates:
            - Path=/freeway/miniprogram/**
          filters:
            - StripPrefix=2
        # freeway api服务
        - id: tuoheng-freeway-api
          uri: lb://tuoheng-freeway-api
          predicates:
            - Path=/freeway/web/**
          filters:
            - StripPrefix=2
        # oidc admin服务
        - id: tuoheng-oidc-admin
          uri: lb://tuoheng-oidc-admin
@@ -137,6 +158,13 @@ spring:
            - Path=/hhz/admin/**
          filters:
            - StripPrefix=2
        # hhz 小程序服务
        - id: tuoheng-hhz-api
          uri: lb://tuoheng-hhz-api
          predicates:
            - Path=/hhz/api/**
          filters:
            - StripPrefix=2
  # Redis数据源
  redis:
    # 缓存库默认索引0
@@ -165,4 +193,4 @@ security:

 # 获取 apiUrl 可访问的 roleIdList
 tuoheng:
  hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList
  hhz-admin-perUrl: http://192.168.11.11:9055/permission/getRoleIdList
--- a/src/main/resources/application-local.yml
+++ b/src/main/resources/application-local.yml
@@ -122,6 +122,27 @@ spring:
            - Path=/pilot/web/**
          filters:
            - StripPrefix=2
        # freeway后台管理
        - id: tuoheng-freeway-admin
          uri: lb://tuoheng-freeway-admin
          predicates:
            - Path=/freeway/admin/**
          filters:
            - StripPrefix=2
        # freeway小程序服务
        - id: tuoheng-freeway-miniprogram
          uri: lb://tuoheng-freeway-miniprogram
          predicates:
            - Path=/freeway/miniprogram/**
          filters:
            - StripPrefix=2
        # freeway api服务
        - id: tuoheng-freeway-api
          uri: lb://tuoheng-freeway-api
          predicates:
            - Path=/freeway/web/**
          filters:
            - StripPrefix=2
        # oidc admin服务
        - id: tuoheng-oidc-admin
          uri: lb://tuoheng-oidc-admin
@@ -136,6 +157,13 @@ spring:
            - Path=/hhz/admin/**
          filters:
            - StripPrefix=2
        # hhz 小程序服务
        - id: tuoheng-hhz-api
          uri: lb://tuoheng-hhz-api
          predicates:
            - Path=/hhz/api/**
          filters:
            - StripPrefix=2
  # Redis数据源
  redis:
    # 缓存库默认索引0
--- a/src/main/resources/application-prod.yml
+++ b/src/main/resources/application-prod.yml
@@ -115,6 +115,27 @@ spring:
            - Path=/pilot/web/**
          filters:
            - StripPrefix=2
        # freeway后台管理
        - id: tuoheng-freeway-admin
          uri: lb://tuoheng-freeway-admin
          predicates:
            - Path=/freeway/admin/**
          filters:
            - StripPrefix=2
        # freeway小程序服务
        - id: tuoheng-freeway-miniprogram
          uri: lb://tuoheng-freeway-miniprogram
          predicates:
            - Path=/freeway/miniprogram/**
          filters:
            - StripPrefix=2
        # freeway api服务
        - id: tuoheng-freeway-api
          uri: lb://tuoheng-freeway-api
          predicates:
            - Path=/freeway/web/**
          filters:
            - StripPrefix=2
      # oidc admin服务
        - id: tuoheng-oidc-admin
          uri: lb://tuoheng-oidc-admin
@@ -129,6 +150,13 @@ spring:
            - Path=/hhz/admin/**
          filters:
            - StripPrefix=2
        # hhz 小程序服务
        - id: tuoheng-hhz-api
          uri: lb://tuoheng-hhz-api
          predicates:
            - Path=/hhz/api/**
          filters:
            - StripPrefix=2
  # Redis数据源
  redis:
    # 缓存库默认索引0
--- a/src/main/resources/application-test.yml
+++ b/src/main/resources/application-test.yml
@@ -116,6 +116,27 @@ spring:
            - Path=/pilot/web/**
          filters:
            - StripPrefix=2
        # freeway后台管理
        - id: tuoheng-freeway-admin
          uri: lb://tuoheng-freeway-admin
          predicates:
            - Path=/freeway/admin/**
          filters:
            - StripPrefix=2
        # freeway小程序服务
        - id: tuoheng-freeway-miniprogram
          uri: lb://tuoheng-freeway-miniprogram
          predicates:
            - Path=/freeway/miniprogram/**
          filters:
            - StripPrefix=2
        # freeway api服务
        - id: tuoheng-freeway-api
          uri: lb://tuoheng-freeway-api
          predicates:
            - Path=/freeway/web/**
          filters:
            - StripPrefix=2
        # oidc admin服务
        - id: tuoheng-oidc-admin
          uri: lb://tuoheng-oidc-admin
@@ -130,6 +151,13 @@ spring:
            - Path=/hhz/admin/**
          filters:
            - StripPrefix=2
        # hhz 小程序服务
        - id: tuoheng-hhz-api
          uri: lb://tuoheng-hhz-api
          predicates:
            - Path=/hhz/api/**
          filters:
            - StripPrefix=2
  # Redis数据源
  redis:
    # 缓存库默认索引0
@@ -158,4 +186,4 @@ security:

 # 获取 apiUrl 可访问的 roleIdList
 tuoheng:
  hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList
  hhz-admin-perUrl: http://172.15.1.21:9055/permission/getRoleIdList