feat(网关ak校验): 增加接口实时获取ak信息，避免出现redis数据丢失导致外部调用鉴权失败

刘鑫
Commit 83c93760 authored Dec 05, 2023 by 刘鑫
Showing with 101 additions and 64 deletions
project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
project-interface/src/main/java/com/dituhui/pea/user/IUser.java
project-user/src/main/java/com/dituhui/pea/user/controller/UserController.java
project-user/src/main/java/com/dituhui/pea/user/dao/AppDao.java
project-user/src/main/java/com/dituhui/pea/user/service/UserService.java
--- a/project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
+++ b/project-gateway/src/main/java/com/dituhui/pea/gateway/config/AuthFilter.java
 package com.dituhui.pea.gateway.config;

+import cn.hutool.json.JSONUtil;
 import com.alibaba.fastjson.JSON;
 import com.dituhui.pea.common.Result;
 import com.dituhui.pea.constants.Globals;
 import com.dituhui.pea.enums.RedisKeyGroup;
 import com.dituhui.pea.gateway.commom.RedisService;
 import com.dituhui.pea.pojo.UserLoginDTO;
+import com.dituhui.pea.user.IUser;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.google.gson.Gson;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
@@ -21,16 +23,19 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
-import org.springframework.util.MultiValueMap;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;

 import java.nio.charset.StandardCharsets;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;

 @Component
 @Slf4j
+@RequiredArgsConstructor
 public class AuthFilter implements GlobalFilter, Ordered {

    /**
@@ -40,8 +45,8 @@ public class AuthFilter implements GlobalFilter, Ordered {
            "/pea-user/refreshAppkey", "/pea-user/refreshAppkey/");
    private static final Gson gson = new Gson();

-    @Autowired
-    RedisService redisService;
+    private final RedisService redisService;
+    private final IUser iUser;

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
@@ -87,15 +92,14 @@ public class AuthFilter implements GlobalFilter, Ordered {

            if (StringUtils.isNotEmpty(ak)) {
                // 验证ak，设置userDTO
-                String value = redisService.get(RedisKeyGroup.appKey + ":" + ak);
-                if (StringUtils.isNotEmpty(value)) {
                // 验证成功，设置为管理员
                // AppDTO appDTO = gson.fromJson(value, AppDTO.class);
                // String secret = appDTO.getSecret();
-                    //TODO  参数签名校验
+                Optional<Boolean> aBoolean = appKey(ak);
+                if (aBoolean.isPresent() && Objects.equals(Boolean.TRUE, aBoolean.get())) {
                    final String sign = getParams(exchange, "sign", headers);
                    //计算签名
-
+                    //TODO  参数签名校验
                    userDTO = new UserLoginDTO();
                    userDTO.setId(Globals.SUPER_ADMIN_ID);
                }
@@ -118,9 +122,24 @@ public class AuthFilter implements GlobalFilter, Ordered {
        }
    }

+    private Optional<Boolean> appKey(String ak) {
+
+        String value = redisService.get(RedisKeyGroup.appKey + ":" + ak);
+
+        if (StringUtils.isNotBlank(value)) {
+            return Optional.of(Boolean.TRUE);
+        }
+
+        Mono<Boolean> booleanMono = Mono.fromCallable(() -> {
+            String jsonStr = JSONUtil.toJsonStr(iUser.getAppKeyInfo(ak));
+            return StringUtils.isNotBlank(jsonStr);
+        }).subscribeOn(Schedulers.boundedElastic());
+
+        return booleanMono.blockOptional();
+    }
+
    /**
     * 解析所有参数
-     *
     */
    private Map<String, String> parseGetParams(ServerWebExchange exchange) {
        // params
@@ -130,8 +149,6 @@ public class AuthFilter implements GlobalFilter, Ordered {
        Map<String, String> urlRequestParams = exchange.getRequest().getQueryParams().toSingleValueMap();


-
-
        return params;
    }


--- a/project-interface/src/main/java/com/dituhui/pea/user/IUser.java
+++ b/project-interface/src/main/java/com/dituhui/pea/user/IUser.java
 package com.dituhui.pea.user;

 import com.dituhui.pea.common.PageResult;
+import com.dituhui.pea.common.Result;
+import com.dituhui.pea.enums.ThirdPartyEnum;
 import com.dituhui.pea.pojo.*;
 import com.dituhui.pea.pojo.user.OrgInfo;
 import com.dituhui.pea.pojo.user.UserMenuSettingInfo;
 import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestHeader;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-
-import com.dituhui.pea.common.Result;
-import com.dituhui.pea.enums.ThirdPartyEnum;
+import org.springframework.web.bind.annotation.*;

 import java.util.List;

@@ -52,6 +47,15 @@ public interface IUser {
    public Result<Boolean> refreshAppkey();

    /**
+     * 获取指定ak 并刷新所有ak至redis
+     *
+     * @param key ak值
+     * @return ak 对应的密钥等信息
+     */
+    @GetMapping("/pea-user/appkey")
+    AppDTO getAppKeyInfo(@RequestParam(name = "key") String key);
+
+    /**
     * 获取当前登陆用户信息
     *
     * @param token        登录token

--- a/project-user/src/main/java/com/dituhui/pea/user/controller/UserController.java
+++ b/project-user/src/main/java/com/dituhui/pea/user/controller/UserController.java
 package com.dituhui.pea.user.controller;


+import cn.hutool.core.util.ObjectUtil;
 import com.dituhui.pea.common.PageResult;
+import com.dituhui.pea.common.Result;
+import com.dituhui.pea.enums.StatusCodeEnum;
+import com.dituhui.pea.enums.ThirdPartyEnum;
 import com.dituhui.pea.pojo.*;
 import com.dituhui.pea.pojo.user.OrgInfo;
 import com.dituhui.pea.pojo.user.UserMenuSettingInfo;
-import com.dituhui.pea.user.dao.UserOrgDao;
+import com.dituhui.pea.user.IUser;
+import com.dituhui.pea.user.entity.AppEntity;
+import com.dituhui.pea.user.service.UserService;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.RestController;

-import com.dituhui.pea.common.Result;
-import com.dituhui.pea.enums.StatusCodeEnum;
-import com.dituhui.pea.enums.ThirdPartyEnum;
-import com.dituhui.pea.user.IUser;
-import com.dituhui.pea.user.service.UserService;
-
-import cn.hutool.core.util.ObjectUtil;
-
 import java.util.List;
+import java.util.Objects;

 /**
 * 用户控制层
@@ -46,6 +45,19 @@ public class UserController implements IUser {
    }

    @Override
+    public AppDTO getAppKeyInfo(String key) {
+        AppEntity appentity = userService.getAppentity(key);
+        AppDTO appDTO = new AppDTO();
+        if (Objects.nonNull(appentity)) {
+            appDTO.setId(appentity.getId());
+            appDTO.setKey(appentity.getKey());
+            appDTO.setName(appentity.getName());
+            appDTO.setSecret(appDTO.getSecret());
+        }
+        return appDTO;
+    }
+
+    @Override
    public WebResult<UserInfo> getCurrentUserInfo(String userToken, Boolean needTeamInfo) {
        return null;
    }

--- a/project-user/src/main/java/com/dituhui/pea/user/dao/AppDao.java
+++ b/project-user/src/main/java/com/dituhui/pea/user/dao/AppDao.java
@@ -21,6 +21,6 @@ public interface AppDao extends JpaRepository<AppEntity, String>,
     * @param key
     * @return
     */
-	ResourceEntity findByKey(String key);
+	AppEntity findByKey(String key);

 }
--- a/project-user/src/main/java/com/dituhui/pea/user/service/UserService.java
+++ b/project-user/src/main/java/com/dituhui/pea/user/service/UserService.java
 package com.dituhui.pea.user.service;

-import java.math.BigInteger;
-import java.util.*;
-import java.util.stream.Collector;
-import java.util.stream.Collectors;
-
-import javax.persistence.EntityManager;
-import javax.persistence.Query;
-import javax.persistence.criteria.Path;
-import javax.persistence.criteria.Predicate;
-
-import com.alibaba.fastjson.JSONObject;
+import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.lang.Validator;
+import cn.hutool.core.util.IdUtil;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.crypto.SecureUtil;
 import com.dituhui.pea.common.PageResult;
+import com.dituhui.pea.common.Result;
+import com.dituhui.pea.common.ResultEnum;
+import com.dituhui.pea.constants.Globals;
+import com.dituhui.pea.enums.RedisKeyGroup;
+import com.dituhui.pea.enums.StatusCodeEnum;
+import com.dituhui.pea.enums.ThirdPartyEnum;
+import com.dituhui.pea.exception.BusinessException;
+import com.dituhui.pea.order.IOrganization;
 import com.dituhui.pea.pojo.*;
 import com.dituhui.pea.pojo.user.OrgInfo;
 import com.dituhui.pea.pojo.user.UserMenuSettingInfo;
+import com.dituhui.pea.user.commom.RedisService;
+import com.dituhui.pea.user.constant.TextConstant;
 import com.dituhui.pea.user.dao.*;
 import com.dituhui.pea.user.entity.*;
+import com.dituhui.pea.user.factory.ThirdStrategy;
+import com.dituhui.pea.user.factory.ThirdStrategyFactory;
 import com.dituhui.pea.user.utils.LevelUtils;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import com.dituhui.pea.user.utils.TextHelper;
+import com.google.gson.Gson;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
@@ -29,29 +38,13 @@ import org.springframework.data.jpa.domain.Specification;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

-import com.dituhui.pea.common.Result;
-import com.dituhui.pea.common.ResultEnum;
-import com.dituhui.pea.constants.Globals;
-import com.dituhui.pea.enums.RedisKeyGroup;
-import com.dituhui.pea.enums.StatusCodeEnum;
-import com.dituhui.pea.enums.ThirdPartyEnum;
-import com.dituhui.pea.exception.BusinessException;
-import com.dituhui.pea.order.IOrganization;
-import com.dituhui.pea.user.commom.RedisService;
-import com.dituhui.pea.user.constant.TextConstant;
-import com.dituhui.pea.user.factory.ThirdStrategy;
-import com.dituhui.pea.user.factory.ThirdStrategyFactory;
-import com.dituhui.pea.user.utils.TextHelper;
-import com.google.common.collect.Lists;
-import com.google.gson.Gson;
-
-import cn.hutool.core.bean.BeanUtil;
-import cn.hutool.core.collection.CollUtil;
-import cn.hutool.core.lang.Validator;
-import cn.hutool.core.util.IdUtil;
-import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.crypto.SecureUtil;
-import lombok.extern.slf4j.Slf4j;
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+import javax.persistence.criteria.Path;
+import javax.persistence.criteria.Predicate;
+import java.math.BigInteger;
+import java.util.*;
+import java.util.stream.Collectors;

 /**
 * 用户业务层
@@ -739,6 +732,17 @@ public class UserService {
    }

    /**
+     * 根据key获取 app token
+     *
+     * @param key app key
+     * @return
+     */
+    public AppEntity getAppentity(String key) {
+        refreshAppkey();
+        return appDao.findByKey(key);
+    }
+
+    /**
     * 查询用户列表
     *
     * @param search