chenjiandong
2 years ago
11 changed files with 258 additions and 25 deletions
+ 26
- 0
src/main/java/com/tuoheng/gateway/commons/CommonsConfig.java
View File
| @@ -0,0 +1,26 @@ | |||
| package com.tuoheng.gateway.commons; | |||
| import lombok.Data; | |||
| import org.springframework.beans.factory.annotation.Value; | |||
| import org.springframework.context.annotation.Configuration; | |||
| /** | |||
| * @author chenjiandong | |||
| * @description: TODO | |||
| * @date 2022/11/17 14:55 | |||
| */ | |||
| @Configuration | |||
| @Data | |||
| public class CommonsConfig { | |||
| /** | |||
| * 图片域名 | |||
| */ | |||
| public static String hhzPermissionUrl; | |||
| @Value("${tuoheng.hhz-admin-perUrl}") | |||
| public void setPermissionUrl(String url) { | |||
| hhzPermissionUrl = url; | |||
| } | |||
| } | |||
+ 5
- 20
src/main/java/com/tuoheng/gateway/config/GatewayFilterConfig.java
View File
| @@ -6,8 +6,8 @@ import com.alibaba.fastjson.serializer.SerializerFeature; | |||
| import com.auth0.jwt.JWT; | |||
| import com.auth0.jwt.interfaces.DecodedJWT; | |||
| import com.tuoheng.gateway.model.ClientUserRoleDto; | |||
| import com.tuoheng.gateway.ustil.EncryptUtil; | |||
| import com.tuoheng.gateway.ustil.GatewayUrlPathUtil; | |||
| import com.tuoheng.gateway.utils.EncryptUtil; | |||
| import com.tuoheng.gateway.utils.GatewayUrlPathUtil; | |||
| import io.micrometer.core.instrument.util.StringUtils; | |||
| import org.springframework.cloud.gateway.filter.GatewayFilterChain; | |||
| import org.springframework.cloud.gateway.filter.GlobalFilter; | |||
| @@ -18,7 +18,6 @@ import org.springframework.http.HttpStatus; | |||
| import org.springframework.http.server.reactive.ServerHttpRequest; | |||
| import org.springframework.http.server.reactive.ServerHttpResponse; | |||
| import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; | |||
| import org.springframework.util.AntPathMatcher; | |||
| import org.springframework.web.server.ServerWebExchange; | |||
| import reactor.core.publisher.Mono; | |||
| @@ -56,17 +55,15 @@ public class GatewayFilterConfig implements GlobalFilter, Ordered { | |||
| String str = decodedJWT.getClaim(CLIENTROLELIST).asString(); | |||
| clientUserRoleDtoList = JSONArray.parseArray(str, ClientUserRoleDto.class);; | |||
| } | |||
| //todo:header里封装 Client-Id 信息 | |||
| //header里封装 Client-Id 信息 | |||
| String clientId = getClientId(exchange); | |||
| if(!StringUtils.isEmpty(clientId)){ | |||
| String requestUrl = exchange.getRequest().getPath().value(); | |||
| //去除gateway path 前缀 | |||
| String apiUrl = requestUrl.replace(GatewayUrlPathUtil.getPathByClientId(clientId),""); | |||
| //todo:获取当前系统、当前接口 可以访问的角色集合 start | |||
| List<Integer> roleIds = getRoleIdByApiUrlPermission(clientId, apiUrl); | |||
| //todo:获取当前系统、当前接口 可以访问的角色集合 end | |||
| List<Integer> roleIds = GatewayUrlPathUtil.getRoleIdByApiUrlPermission(clientId, apiUrl, token); | |||
| //return invalidClientIdMono(exchange); | |||
| if(roleIds != null){ | |||
| if(roleIds.size() > 0){ | |||
| //说明这个url 需要一定的角色才可以访问 | |||
| //在不是admin权限的情况下进行校验 | |||
| if(!authorityList.contains(ADMIN)){ | |||
| @@ -190,18 +187,6 @@ public class GatewayFilterConfig implements GlobalFilter, Ordered { | |||
| return response.writeWith(Mono.just(buffer)); | |||
| } | |||
| /** | |||
| * 根据 clientId 从业务系统获取 permission - role 数据 | |||
| * @return | |||
| */ | |||
| private List<Integer> getRoleIdByApiUrlPermission(String clientId, String apiUrl){ | |||
| // permissionUrl - roleIdList | |||
| List<Integer> roleIds = new ArrayList<>(); | |||
| roleIds.add(2); | |||
| roleIds.add(1002); | |||
| return roleIds; | |||
| } | |||
| @Override | |||
| public int getOrder() { | |||
| return 0; | |||
+ 14
- 0
src/main/java/com/tuoheng/gateway/request/GetPermissionRoleIdListByApiUrlDto.java
View File
| @@ -0,0 +1,14 @@ | |||
| package com.tuoheng.gateway.request; | |||
| import lombok.Data; | |||
| import lombok.experimental.Accessors; | |||
| @Data | |||
| @Accessors(chain = true) | |||
| public class GetPermissionRoleIdListByApiUrlDto { | |||
| private String apiUrl; | |||
| private String method; | |||
| } | |||
src/main/java/com/tuoheng/gateway/ustil/EncryptUtil.java → src/main/java/com/tuoheng/gateway/utils/EncryptUtil.java
View File
| @@ -1,4 +1,4 @@ | |||
| package com.tuoheng.gateway.ustil; | |||
| package com.tuoheng.gateway.utils; | |||
| import org.slf4j.Logger; | |||
+ 66
- 0
src/main/java/com/tuoheng/gateway/utils/GatewayUrlPathUtil.java
View File
| @@ -0,0 +1,66 @@ | |||
| package com.tuoheng.gateway.utils; | |||
| import com.alibaba.fastjson.JSONObject; | |||
| import com.tuoheng.gateway.commons.CommonsConfig; | |||
| import lombok.extern.slf4j.Slf4j; | |||
| import org.springframework.beans.factory.annotation.Autowired; | |||
| import org.springframework.http.*; | |||
| import org.springframework.web.client.RestTemplate; | |||
| import java.util.ArrayList; | |||
| import java.util.List; | |||
| import java.util.Objects; | |||
| /** | |||
| * @author chenjiandong | |||
| * @description: 根据client-id获取路由path | |||
| * @date 2022/11/17 9:38 | |||
| */ | |||
| @Slf4j | |||
| public class GatewayUrlPathUtil { | |||
| @Autowired | |||
| private static RestTemplate restTemplate; | |||
| private static final String HHZ_ADMIN = "tuoheng-hhz-admin"; | |||
| /** | |||
| * 获取 gateway 路由前缀,匹配url | |||
| * @param clientId | |||
| * @return | |||
| */ | |||
| public static String getPathByClientId(String clientId) { | |||
| String apiPath = ""; | |||
| switch (clientId){ | |||
| case HHZ_ADMIN: | |||
| apiPath = "/hhz/admin"; | |||
| break; | |||
| } | |||
| return apiPath; | |||
| } | |||
| /** | |||
| * 根据 clientId 从业务系统获取 permission - role 数据 | |||
| * @return | |||
| */ | |||
| public static List<Integer> getRoleIdByApiUrlPermission(String clientId, String apiUrl, String token){ | |||
| List<Integer> resList = new ArrayList<>(); | |||
| if(clientId.equals(HHZ_ADMIN)){ | |||
| String url = CommonsConfig.hhzPermissionUrl; | |||
| HttpHeaders resultRequestHeader = new HttpHeaders(); | |||
| resultRequestHeader.add("Authorization", "Bearer " + token); | |||
| JSONObject json = new JSONObject(); | |||
| json.put("apiUrl", apiUrl); | |||
| HttpEntity<JSONObject> entity = new HttpEntity<>(json, resultRequestHeader); | |||
| String result = new RestTemplate().postForObject(url, entity, String.class); | |||
| JSONObject jsonObject = JSONObject.parseObject(result); | |||
| Object obj = jsonObject.get("data"); | |||
| if(!Objects.isNull(obj)){ | |||
| for (Object o : (List<?>) obj) { | |||
| resList.add(Integer.class.cast(o)); | |||
| } | |||
| } | |||
| } | |||
| return resList; | |||
| } | |||
| } | |||
+ 99
- 0
src/main/java/com/tuoheng/gateway/utils/JsonResult.java
View File
| @@ -0,0 +1,99 @@ | |||
| package com.tuoheng.gateway.utils; | |||
| import java.io.Serializable; | |||
| /** | |||
| * JSON回应类 | |||
| * | |||
| * @author 牧羊人 | |||
| * @date 2019/11/28 | |||
| */ | |||
| public class JsonResult<T> implements Serializable { | |||
| private static final long serialVersionUID = 1L; | |||
| /** | |||
| * 成功 | |||
| */ | |||
| public static final int SUCCESS = 0; | |||
| /** | |||
| * 失败 | |||
| */ | |||
| public static final int ERROR = -1; | |||
| private int code; | |||
| private String msg; | |||
| private T data; | |||
| public static <T> JsonResult<T> success() { | |||
| return jsonResult(null, SUCCESS, "操作成功"); | |||
| } | |||
| public static <T> JsonResult<T> success(String msg) { | |||
| return jsonResult(null, SUCCESS, msg); | |||
| } | |||
| public static <T> JsonResult<T> success(T data) { | |||
| return jsonResult(data, SUCCESS, "操作成功"); | |||
| } | |||
| public static <T> JsonResult<T> success(T data, String msg) { | |||
| return jsonResult(data, SUCCESS, msg); | |||
| } | |||
| public static <T> JsonResult<T> error() { | |||
| return jsonResult(null, ERROR, "操作失败"); | |||
| } | |||
| public static <T> JsonResult<T> error(String msg) { | |||
| return jsonResult(null, ERROR, msg); | |||
| } | |||
| public static <T> JsonResult<T> error(T data) { | |||
| return jsonResult(data, ERROR, "操作失败"); | |||
| } | |||
| public static <T> JsonResult<T> error(T data, String msg) { | |||
| return jsonResult(data, ERROR, msg); | |||
| } | |||
| public static <T> JsonResult<T> error(int code, String msg) { | |||
| return jsonResult(null, code, msg); | |||
| } | |||
| private static <T> JsonResult<T> jsonResult(T data, int code, String msg) { | |||
| JsonResult<T> result = new JsonResult<>(); | |||
| result.setCode(code); | |||
| result.setData(data); | |||
| result.setMsg(msg); | |||
| return result; | |||
| } | |||
| public int getCode() { | |||
| return code; | |||
| } | |||
| public void setCode(int code) { | |||
| this.code = code; | |||
| } | |||
| public String getMsg() { | |||
| return msg; | |||
| } | |||
| public void setMsg(String msg) { | |||
| this.msg = msg; | |||
| } | |||
| public T getData() { | |||
| return data; | |||
| } | |||
| public void setData(T data) { | |||
| this.data = data; | |||
| } | |||
| } | |||
+ 27
- 0
src/main/java/com/tuoheng/gateway/utils/ServiceException.java
View File
| @@ -0,0 +1,27 @@ | |||
| package com.tuoheng.gateway.utils; | |||
| /** | |||
| * 业务异常类(业务处理时手动抛出异常) | |||
| */ | |||
| public class ServiceException extends RuntimeException { | |||
| public int code; | |||
| private String msg; | |||
| /** | |||
| * 构造器 | |||
| * | |||
| * @param code | |||
| * @param msg | |||
| */ | |||
| public ServiceException(int code, String msg) { | |||
| super(msg); | |||
| this.msg = msg; | |||
| this.code = code; | |||
| } | |||
| } | |||
+ 5
- 1
src/main/resources/application-dev.yml
View File
| @@ -161,4 +161,8 @@ spring: | |||
| security: | |||
| ignore: | |||
| permitUrls: /api/system/demo/msg | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| # 获取 apiUrl 可访问的 roleIdList | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList | |||
+ 5
- 1
src/main/resources/application-local.yml
View File
| @@ -160,4 +160,8 @@ spring: | |||
| security: | |||
| ignore: | |||
| permitUrls: /api/system/demo/msg | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| # 获取 apiUrl 可访问的 roleIdList | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList | |||
+ 5
- 1
src/main/resources/application-prod.yml
View File
| @@ -153,4 +153,8 @@ spring: | |||
| security: | |||
| ignore: | |||
| permitUrls: /api/system/demo/msg | |||
| oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList | |||
| oauthUrls: /api/system/demo/hello,/api/portal/serviceInst/*/getServiceInstParam/*,/api/portal/serviceInst/*/getServiceInstCaseUrl/*,/api/portal/serviceInst/*/*/application,/api/portal/serviceInst/*/*/questionList,/api/miniprogram/serviceInst/*/getServiceInstParam/*,/api/miniprogram/serviceInst/*/getServiceInstCaseUrl/*,/api/miniprogram/serviceInst/*/*/application,/api/miniprogram/serviceInst/*/*/questionList | |||
| # 获取 apiUrl 可访问的 roleIdList | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList | |||
+ 5
- 1
src/main/resources/application-test.yml
View File
| @@ -154,4 +154,8 @@ spring: | |||
| security: | |||
| ignore: | |||
| permitUrls: /api/system/demo/msg | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| oauthUrls: /api/system/demo/hello,/api/*/serviceInst/*/getServiceInstParam/*,/api/*/serviceInst/*/getServiceInstCaseUrl/*,/api/*/serviceInst/*/*/application,/api/*/serviceInst/*/*/questionList | |||
| # 获取 apiUrl 可访问的 roleIdList | |||
| tuoheng: | |||
| hhz-admin-perUrl: http://192.168.11.22:9055/api/permission/getRoleIdList | |||
Loading…