fix:token验证迁移至微服务（配置启用）

liquidnet-bus-common/liquidnet-common-base/src/main/java/com/liquidnet/commons/lang/util/CurrentUtil.java

@@ -5,13 +5,13 @@ import org.apache.commons.lang3.StringUtils;
 import javax.servlet.http.HttpServletRequest;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
-import java.util.HashMap;
 import java.util.Map;
 
 public class CurrentUtil {
     public static final String uID = "sub";
     public static final String uTag = "u-tag";
-    public static final String uToken = "u-token";
+    public static final String uToken = "authorization";
+
     public static final String CLI_SOURCE = "source";
     public static final String CLI_VERSION = "version";
     public static final String CLI_UNKNOWN = "unknown";
@@ -21,19 +21,15 @@ public class CurrentUtil {
     private static final String LOCALHOST_IP1 = "127.0.0.1";
 
     public static String getToken() {
-        String authToken = ServletUtils.getRequest().getHeader(uToken);
-        return StringUtils.isEmpty(authToken) ? "" : authToken;
+        return StringUtils.defaultIfEmpty((String) ServletUtils.getRequest().getAttribute(uToken), "");
     }
 
     public static Map getTokenClaims() {
-        String utag = ServletUtils.getRequest().getHeader(uTag);
-        return JsonUtils.fromJson(utag, Map.class);
+        return JsonUtils.fromJson((String) ServletUtils.getRequest().getAttribute(CurrentUtil.uTag), Map.class);
     }
 
     public static String getCurrentUid() {
-        String uid = ServletUtils.getRequest().getHeader(uID);
-        // TODO: 2021/5/14 dev联调API未启用token默认使用1
-        return StringUtils.isEmpty(uid) ? "1" : uid;
+        return (String) ServletUtils.getRequest().getAttribute(uID);
     }
 
     public static String getCliSource() {

liquidnet-bus-common/liquidnet-common-cache/liquidnet-common-cache-redis/pom.xml

@@ -11,6 +11,10 @@
 
     <artifactId>liquidnet-common-cache-redis</artifactId>
     <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>

liquidnet-bus-common/liquidnet-common-exception/liquidnet-common-exception-handler-service/src/main/java/com/liquidnet/common/exception/ValidControllerAdviceHandler.java

-package com.liquidnet.common.exception;
-
-import com.liquidnet.common.exception.entity.Error;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.validation.BindException;
-import org.springframework.validation.BindingResult;
-import org.springframework.validation.ObjectError;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.RestControllerAdvice;
-
-import java.util.List;
-
-@RestControllerAdvice
-public class ValidControllerAdviceHandler {
-
-    @ExceptionHandler(BindException.class)
-    @ResponseBody
-    public ResponseEntity<Error> handleBindException(Exception e) {
-        //打印校验住的所有的错误信息
-        StringBuilder sb = new StringBuilder("参数错误：[");
-        List<ObjectError> list = ((BindException) e).getAllErrors();
-        for (ObjectError item : list) {
-            sb.append(item.getDefaultMessage()).append(',');
-        }
-        sb.deleteCharAt(sb.length() - 1);
-        sb.append(']');
-
-        String msg = sb.toString();
-        return new ResponseEntity<Error>(new Error("400", msg), HttpStatus.OK);
-    }
-
-
-}

liquidnet-bus-common/liquidnet-common-service-base/src/main/java/com/liquidnet/service/base/ResponseDto.java

 package com.liquidnet.service.base;
 
+import com.fasterxml.jackson.annotation.JsonInclude;
 import com.liquidnet.commons.lang.util.JsonUtils;
 
 import java.io.Serializable;
@@ -14,6 +15,7 @@ public class ResponseDto<T> implements Serializable, Cloneable {
     private static final long serialVersionUID = 8377276776600901982L;
     private String code;
     private String message;
+    @JsonInclude(JsonInclude.Include.NON_NULL)
     private T data;
 
     public boolean isSuccess() {

liquidnet-bus-common/liquidnet-common-web/pom.xml

@@ -10,14 +10,19 @@
 
 	<artifactId>liquidnet-common-web</artifactId>
 	<dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.liquidnet</groupId>
             <artifactId>liquidnet-common-service-base</artifactId>
             <version>1.0-SNAPSHOT</version>
         </dependency>
         <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <groupId>com.liquidnet</groupId>
+            <artifactId>liquidnet-common-cache-redis</artifactId>
+            <version>1.0-SNAPSHOT</version>
         </dependency>
     </dependencies>
 

liquidnet-bus-common/liquidnet-common-web/src/main/java/com/liquidnet/common/web/config/CorsConfig.java

@@ -22,9 +22,14 @@ public class CorsConfig {
 
         // 可以自行筛选
         corsConfiguration.addAllowedOrigin("*");
+        corsConfiguration.addAllowedOrigin("http://devpartner.zhengzai.tv");
+        corsConfiguration.addAllowedOrigin("https://devpartner.zhengzai.tv");
+
         corsConfiguration.addAllowedHeader("*");
         corsConfiguration.addAllowedMethod("*");
 
+        corsConfiguration.setAllowCredentials(true);
+
         return corsConfiguration;
     }
 

liquidnet-bus-common/liquidnet-common-web/src/main/java/com/liquidnet/common/web/filter/GlobalAuthorityInterceptor.java

+package com.liquidnet.common.web.filter;
+
+import com.liquidnet.common.cache.redis.util.RedisUtil;
+import com.liquidnet.commons.lang.core.JwtValidator;
+import com.liquidnet.commons.lang.util.CurrentUtil;
+import com.liquidnet.commons.lang.util.JsonUtils;
+import com.liquidnet.service.base.ErrorMapping;
+import com.liquidnet.service.base.ResponseDto;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.DigestUtils;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+
+@Slf4j
+@Data
+@Component
+@ConfigurationProperties(prefix = "global-auth")
+public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
+    private List<String> includeUrlPattern;
+    private List<String> excludeUrlPattern;
+
+    private static final String CONTENT_TYPE = "application/json;charset=utf-8";
+    private static final String TOKEN_ILLEGAL = "40001";
+    private static final String TOKEN_KICK = "40002";
+    private static final String TOKEN_INVALID = "40003";
+
+    private static final String KYLIN_STATION_JWT_VALID = "/kylin/station/**";
+
+    private final static AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    @Autowired
+    JwtValidator jwtValidator;
+    @Autowired
+    RedisUtil redisUtil;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String authorization = request.getHeader(CurrentUtil.uToken), uri = request.getRequestURI(),
+                responseCode = null, token = null, currentUid = null;
+
+        if (StringUtils.isNotBlank(authorization) && StringUtils.length(authorization) > 7) {
+            token = authorization.substring(7);
+            try {
+                // 解析没有异常则表示token验证通过，如有必要可根据自身需求增加验证逻辑
+                Claims claims = jwtValidator.parse(token);
+
+                currentUid = (String) claims.get(CurrentUtil.uID);
+
+                request.setAttribute(CurrentUtil.uToken, token);
+                request.setAttribute(CurrentUtil.uID, currentUid);
+                request.setAttribute(CurrentUtil.uTag, JsonUtils.toJson(claims));
+
+            } catch (ExpiredJwtException expiredJwtEx) {
+                responseCode = TOKEN_INVALID;
+            } catch (Exception ex) {
+                responseCode = TOKEN_ILLEGAL;
+            }
+        } else {
+            responseCode = TOKEN_ILLEGAL;
+        }
+
+        for (String urlPattern : excludeUrlPattern) {
+            if (antPathMatcher.match(urlPattern, uri)) {
+                return true;
+            }
+        }
+        if (StringUtils.isNotEmpty(responseCode)) {
+            this.responseHandler(response, responseCode);
+            return false;
+        }
+        if (StringUtils.isEmpty(currentUid)) {
+            this.responseHandler(response, TOKEN_ILLEGAL);
+            return false;
+        }
+        if (this.authorityHandler(response, uri, token, currentUid)) {
+            return true;
+        }
+        this.responseHandler(response, responseCode);
+
+        return false;
+    }
+
+    private void responseHandler(HttpServletResponse response, String responseCode) throws IOException {
+        ResponseDto<Object> responseDto = ResponseDto.failure(ErrorMapping.get(responseCode));
+        response.setCharacterEncoding(StandardCharsets.UTF_8.name());
+        response.setStatus(HttpServletResponse.SC_OK);
+        response.setContentType(CONTENT_TYPE);
+        response.getWriter().write(JsonUtils.toJson(responseDto));
+    }
+
+    private boolean authorityHandler(HttpServletResponse response, String uri, String token, String currentUid) throws IOException {
+        if (antPathMatcher.match(KYLIN_STATION_JWT_VALID, uri)) {// 专业版APP
+            // adam:identity:sso:${uid}:MD5(${token})=${1-在线|0-离线}
+//            String ssoUidM5TokenKey = jwtValidator.getSsoRedisKey()
+//                    .concat(uid).concat(":").concat(DigestUtils.md5DigestAsHex(uToken.getBytes(StandardCharsets.UTF_8)));
+//            Integer online = (Integer) redisUtil.get(ssoUidM5TokenKey);
+//            if (null == online || online != 1) {
+//                this.respHandler(ctx, TOKEN_INVALID);
+//            } else {
+            return true;
+//            }
+        } else {
+            // adam:identity:sso:${uid}=MD5(${token})
+            String ssoKey = jwtValidator.getSsoRedisKey().concat(currentUid), md5Token;
+
+            if (StringUtils.isEmpty(md5Token = (String) redisUtil.get(ssoKey))) {
+                // 已离线
+                this.responseHandler(response, TOKEN_INVALID);
+
+                return false;
+            } else {
+                // 与在线TOKEN比对
+                if (md5Token.equals(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)))) {
+                    // 一致则放行
+                    return true;
+                } else {
+                    // 不一致则被踢下线
+                    this.responseHandler(response, TOKEN_KICK);
+
+                    return false;
+                }
+            }
+        }
+    }
+}

liquidnet-bus-common/pom.xml

@@ -55,10 +55,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-redis</artifactId>
-        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/config/AdamCorsConfig.java

+package com.liquidnet.service.adam.config;
+
+import com.liquidnet.common.web.config.CorsConfig;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class AdamCorsConfig extends CorsConfig {
+}

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/config/AdamWebMvcConfig.java

+package com.liquidnet.service.adam.config;
+
+import com.liquidnet.common.web.config.WebMvcConfig;
+import com.liquidnet.common.web.filter.GlobalAuthorityInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+
+@Configuration
+public class AdamWebMvcConfig extends WebMvcConfig {
+    @Autowired
+    GlobalAuthorityInterceptor globalAuthorityInterceptor;
+
+    @Override
+    protected void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(globalAuthorityInterceptor).addPathPatterns("/**");
+        super.addInterceptors(registry);
+    }
+}

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/resources/errors.properties

+40001=非法TOKEN
+40002=被踢下线喽
+40003=TOKEN失效
+# ------------------------ 4开头错误码作系统保留
+
 10001=验证码发送失败
 10002=验证码无效
 10003=
@@ -56,3 +61,7 @@
 10502=会员订单回调处理失败，该订单已处理
 10503=会员订单回调处理失败，订单金额有误
 10504=会员卡信息不存在，请核实
+
+
+
+

liquidnet-bus-service/liquidnet-service-bank/pom.xml

@@ -22,11 +22,6 @@
             <artifactId>liquidnet-common-base</artifactId>
             <version>1.0-SNAPSHOT</version>
         </dependency>
-        <dependency>
-            <groupId>com.liquidnet</groupId>
-            <artifactId>liquidnet-common-web</artifactId>
-            <version>1.0-SNAPSHOT</version>
-        </dependency>
         <dependency>
             <groupId>com.liquidnet</groupId>
             <artifactId>liquidnet-common-service-base</artifactId>

liquidnet-bus-support/liquidnet-support-zuul/pom.xml

@@ -42,11 +42,6 @@
 			<artifactId>liquidnet-common-web</artifactId>
 			<version>1.0-SNAPSHOT</version>
 		</dependency>
-		<dependency>
-			<groupId>com.liquidnet</groupId>
-			<artifactId>liquidnet-common-cache-redis</artifactId>
-			<version>1.0-SNAPSHOT</version>
-		</dependency>
 
 		<dependency>
 			<groupId>com.liquidnet</groupId>

liquidnet-bus-support/liquidnet-support-zuul/src/main/java/com/liquidnet/support/zuul/config/CorsConfig.java

@@ -6,7 +6,7 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 
-@Configuration
+//@Configuration
 public class CorsConfig {
     private CorsConfiguration buildConfig() {
         CorsConfiguration corsConfiguration = new CorsConfiguration();

liquidnet-bus-support/liquidnet-support-zuul/src/main/java/com/liquidnet/support/zuul/filter/GlobalAuthFilter.java

@@ -26,9 +26,9 @@ import java.util.List;
 import java.util.Map;
 
 @Slf4j
-@Data
-@Component
-@ConfigurationProperties(prefix = "global-auth")
+//@Data
+//@Component
+//@ConfigurationProperties(prefix = "global-auth")
 public class GlobalAuthFilter extends ZuulFilter {
     private List<String> includeUrl;
     private List<String> includeUrlPattern;