open-JSD-7803/src/main/java/com/fr/plugin/j7803/sso/request/OAuth2Login.java

 /*
  * Copyright (C), 2018-2021
  * Project: starter
  * FileName: OAuth2Login
  * Author:   Louis
  * Date:     2021/3/30 22:09
  */
 package com.fr.plugin.j7803.sso.request;

 import com.fanruan.api.decision.login.LoginKit;
 import com.fanruan.api.log.LogKit;
 import com.fanruan.api.net.NetworkKit;
 import com.fanruan.api.net.http.HttpKit;
 import com.fanruan.api.util.StringKit;
 import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
 import com.fr.decision.webservice.utils.DecisionServiceConstants;
 import com.fr.decision.webservice.v10.login.LoginService;
 import com.fr.general.ComparatorUtils;
 import com.fr.json.JSONObject;
 import com.fr.plugin.j7803.sso.config.SsoConfig;
 import com.fr.third.org.apache.http.client.utils.URIBuilder;
 import com.fr.web.utils.WebUtils;

 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;

 /**
  * <Function Description><br>
  * <OAuth2Login>
  *
  * @author Louis
  * @since 1.0.0
  */
 public class OAuth2Login extends AbstractGlobalRequestFilterProvider {
     public static final String OP_H5 = "H5";
     public static final String MOBILE_PATH = "/url/mobile";
     public static final String REMOTE_DESIGN = "/remote/design";
     public static final String RESOURCES_PATH = "/resources";
     public static final String VIEW_FORM = "/view/form";
     public static final String VIEW_REPORT = "/view/report";
     public static final String FILE_PATH = "/file";
     public static final String SYSTEM_INFO = "/system/info";
     public static final String MATERIALS_MIN_JS_MAP = "/materials.min.js.map";
     public static final String LOGIN_PATH = "/login";
     public static final String LOGIN_OTHER = "/login/";
     public static final String LOGOUT_PATH = "/logout";
     public static final String USER_LANGUAGE = "/v10/user/language";

     public static final String CODE = "code";

     private SsoConfig config;

     /**
      * 过滤器名称
      *
      * @return
      */
     @Override
     public String filterName() {
         return "J7803Filter";
     }

     /**
      * 过滤规则
      *
      * @return
      */
     @Override
     public String[] urlPatterns() {
         return new String[]{"/*"};
     }

     /**
      * 过滤器初始化
      *
      * @param filterConfig
      */
     @Override
     public void init(FilterConfig filterConfig) {
         this.config = SsoConfig.getInstance();
         super.init(filterConfig);
     }

     /**
      * 过滤器处理
      *
      * @param request
      * @param response
      * @param filterChain
      */
     @Override
     public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
         try {
             if (operation(request, response)) {
                 filterChain.doFilter(request, response);
             }
         } catch (Exception e) {
             LogKit.error(e.getMessage(), e);
         }
     }

     /**
      * 用户验证登陆操作
      *
      * @param req
      * @param res
      * @throws Exception
      */
     private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception {
         String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY;
         LogKit.info("sso-OAuth2Login-operation-pathInfo:{}", pathInfo);
         if (pathInfo.startsWith(REMOTE_DESIGN) || pathInfo.startsWith(LOGIN_OTHER)
                 || StringKit.equals(LOGIN_PATH, pathInfo)
                 || pathInfo.startsWith(RESOURCES_PATH) || pathInfo.startsWith(LOGOUT_PATH)
                 || pathInfo.startsWith(SYSTEM_INFO) || pathInfo.startsWith(MATERIALS_MIN_JS_MAP)
                 || pathInfo.startsWith(USER_LANGUAGE) || pathInfo.startsWith(FILE_PATH)) {
             return true;
         }
         // 非移动端放行
         if (!validateMobile(req, pathInfo)) {
             return true;
         }
         // 已登录
         if (LoginService.getInstance().isLogged(req)) {
             return true;
         }
         String code = NetworkKit.getHTTPRequestParameter(req, CODE);
         LogKit.info("sso-OAuth2Login-operation-code:{}", code);
         if (StringKit.isEmpty(code)) {
             loginPage(req, res);
             return false;
         }
         String username = getUsername(code);
         LogKit.info("sso-OAuth2Login-operation-username:{}", username);
         if (StringKit.isEmpty(username)) {
             return true;
         }
         String tokenFR = LoginKit.login(req, res, username);
         req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR);
         return true;
     }

     /**
      * 验证是否移动端请求
      *
      * @param req
      * @param pathInfo
      * @return
      */
     private Boolean validateMobile(HttpServletRequest req, String pathInfo) {
         String op = WebUtils.getHTTPRequestParameter(req, "op");
         return (StringKit.isNotEmpty(op) && StringKit.equals(OP_H5, op.toUpperCase()))
                 || WebUtils.getDevice(req).isMobile()
                 || ComparatorUtils.equalsIgnoreCase(MOBILE_PATH, pathInfo);
     }

     /**
      * 获取code页面
      *
      * @param req
      * @param res
      * @return
      * @throws Exception
      */
     private void loginPage(HttpServletRequest req, HttpServletResponse res) throws Exception {
         Map<String, String> params = new HashMap<>();
         params.put("appid", this.config.getAppKey());
         params.put("response_type", "code");
         params.put("scope", "basic_userinfor");
         params.put("state", "sso");
         params.put("redirect_uri", req.getRequestURL().toString());
         String loginUrl = buildUrl(this.config.getDomainName(), params);
         LogKit.info("sso-OAuth2Login-redirectToLoginPage-loginUrl:{}", loginUrl);
         res.sendRedirect(loginUrl);
     }

     /**
      * 通过凭证获得username
      *
      * @param accessToken
      * @return
      */
     private String getUsername(String accessToken) throws Exception {
         Map<String, String> headers = new HashMap<>();
         headers.put("origin", "finebi.huaqin.com");
         Map<String, String> userInfoParams = new HashMap<>();
         userInfoParams.put("appId", this.config.getAppKey());
         userInfoParams.put("code", accessToken);
         userInfoParams.put("env", "lx");
         LogKit.info("sso-OAuth2Login-getUsername-userInfoParams:{}, headers:{}", userInfoParams, headers);
         String userRes = HttpKit.get(this.config.getAppDomain(), userInfoParams, headers);
         LogKit.info("sso-OAuth2Login-getUsername-userRes:{}", userRes);
         return new JSONObject(userRes).getJSONObject("data").getString("empNo");
     }

     /**
      * 构建 Url
      *
      * @param url    请求地址
      * @param params 参数
      * @return 拼接之后的地址
      * @throws UnsupportedEncodingException 不支持的编码
      */
     private String buildUrl(String url, Map<String, String> params) throws UnsupportedEncodingException {
         if (params == null || params.isEmpty()) {
             return url;
         }
         URIBuilder builder;
         try {
             builder = new URIBuilder(url);
             for (Map.Entry<String, String> entry : params.entrySet()) {
                 String key = entry.getKey();
                 String value = entry.getValue();
                 builder.setParameter(key, value);
             }
             return builder.build().toString();
         } catch (URISyntaxException e) {
             LogKit.debug("Error to build url, please check the arguments.");
         }
         return url;
     }
 }