open-JSD-10138/src/main/java/com/fr/plugin/xx/gxkg/sso/OAuth.java

package com.fr.plugin.xx.gxkg.sso;

import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.json.JSONObject;
import com.fr.plugin.context.PluginContexts;
import com.fr.plugin.xx.gxkg.PluginConstants;
import com.fr.plugin.xx.gxkg.conf.GxkgSsoConfig;
import com.fr.plugin.xx.gxkg.utils.CommonUtils;
import com.fr.plugin.xx.gxkg.utils.HttpUtil;
import com.fr.plugin.xx.gxkg.utils.LogUtils;
import com.fr.plugin.transform.FunctionRecorder;
import com.fr.stable.StringUtils;
import com.fr.stable.fun.Authorize;
import com.fr.web.utils.WebUtils;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author xx
 * @date 2021/11/04
 */
@FunctionRecorder
@Authorize(callSignKey = PluginConstants.PLUGIN_ID)
public class OAuth extends AbstractGlobalRequestFilterProvider {


    @Override
    public void init(FilterConfig filterConfig) {
    }

    @Override
    public String filterName() {
        return "oauthFilter";
    }

    @Override
    public String[] urlPatterns() {
        if (!PluginContexts.currentContext().isAvailable()) {
            LogUtils.error("未注册或禁用");
            return new String[]{"/neverbeused"};
        }
        return new String[]{
                "/decision",
                "/decision/view/report",
                "/decision/view/form",
        };
    }

    @Override
    public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
        GxkgSsoConfig config = GxkgSsoConfig.getInstance();
        if (isAccept(request) || CommonUtils.isLogin(request)) {
            CommonUtils.next(request, response, chain);
            return;
        }
        try {
            String code = request.getParameter("code");
            if (StringUtils.isBlank(code)) {
                jumpAuthorize(request, response, config);
                return;
            }
            String token = getToken(code,config);
            if (StringUtils.isBlank(token)) {
                CommonUtils.setError(response, "token 获取失败");
                return;
            }
            String username = getUsername(token,config);
            if (StringUtils.isBlank(username)) {
                CommonUtils.setError(response, "username 获取失败");
                return;
            }
            if (!CommonUtils.existUser(username)) {
                CommonUtils.setError(response, String.format("[%s]用户不存在", username));
                return;
            }
            CommonUtils.login(username, request, response);
            String state = request.getParameter("state");
            if (StringUtils.isNotBlank(state)) {
                String accessURL = CommonUtils.getCachedParam(state);
                if (StringUtils.isNotBlank(accessURL)) {
                    response.sendRedirect(accessURL);
                    return;
                }
            }
            CommonUtils.next(request, response, chain);
        } catch (Exception e) {
            LogUtils.error("oauth2单点登陆处理失败, Cause by: ", e);
            CommonUtils.setError(response, e.getMessage());
        }
    }

    private String getUsername(String token,GxkgSsoConfig config) {
        String temp = "%s?access_token=%s&client_id=%s";
        String url = String.format(temp, config.getUserUrl(), token,config.getClientId());
        LogUtils.debug4plugin("get username url is {}",url);
        String res = HttpUtil.sendGet(url, null, null);
        LogUtils.debug4plugin("get token res is {}",res);
        JSONObject result = new JSONObject(res);
        if(result.has("user_name")){
            return result.getString("user_name");
        }
        return StringUtils.EMPTY;
    }

    private String getToken(String code,GxkgSsoConfig config) {
        String temp = "%s?client_id=%s&grant_type=authorization_code&code=%s&client_secret=%s";
        String url = String.format(temp, config.getTokenUrl(), config.getClientId(), code, config.getClientSecret());
        LogUtils.debug4plugin("get token url is {}",url);
        String res = HttpUtil.sendPost(url, null, JSONObject.create());
        LogUtils.debug4plugin("get token res is {}",res);
        JSONObject result = new JSONObject(res);
        if(result.has("access_token")){
            return result.getString("access_token");
        }
        return StringUtils.EMPTY;
    }

    private void jumpAuthorize(HttpServletRequest request, HttpServletResponse response, GxkgSsoConfig config) {
        try {
            String redirectUrl = CommonUtils.getUrl(request);
            String key = CommonUtils.cacheParams(redirectUrl);
            String temp = "%s?response_type=code&state=1&redirect_uri=%s&client_id=%s&state=%s";
            String url = String.format(temp, config.getLoginUrl(), config.getRedirect(), config.getClientId(), key);
            LogUtils.debug4plugin("redirect url is {}", url);
            response.sendRedirect(url);
        } catch (Exception e) {
            LogUtils.error(e.getMessage(), e);
        }

    }

    private boolean isAccept(HttpServletRequest request) {
        if (request.getRequestURI().endsWith("/view/form") || request.getRequestURI().endsWith("/view/report")) {
            if (StringUtils.isNotBlank(WebUtils.getHTTPRequestParameter(request, "code"))) {
                return false;
            }
            return true;
        }
        return false;
    }


}