open-JSD-10156/src/main/java/com/fr/plugin/xx/ltqc/auth/RemoteFilter.java

package com.fr.plugin.xx.ltqc.auth;

import com.fr.data.NetworkHelper;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.webservice.Response;
import com.fr.decision.webservice.exception.login.UserPwdErrorException;
import com.fr.decision.webservice.exception.user.UserNotExistException;
import com.fr.decision.webservice.v10.remote.RemoteDesignStatusService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.exception.RemoteDesignPermissionDeniedException;
import com.fr.general.ComparatorUtils;
import com.fr.json.JSONObject;
import com.fr.plugin.xx.ltqc.auth.conf.AuthSsoConfig;
import com.fr.plugin.xx.ltqc.auth.utils.CommonUtils;
import com.fr.plugin.xx.ltqc.auth.utils.HttpUtil;
import com.fr.plugin.xx.ltqc.auth.utils.LogUtils;
import com.fr.security.JwtUtils;
import com.fr.security.SecurityToolbox;
import com.fr.security.encryption.mode.EncryptionMode;
import com.fr.security.encryption.storage.StorageEncryptors;
import com.fr.stable.StringUtils;
import com.fr.web.service.RemoteDesignAuthorityDataService;
import com.fr.web.utils.WebUtils;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;

/**
 * @Author xx
 * @Date 2022/5/9
 * @Description
 **/
public class RemoteFilter extends AbstractGlobalRequestFilterProvider {
    @Override
    public String filterName() {
        return "design";
    }

    @Override
    public String[] urlPatterns() {
        return new String[]{"/decision/remote/design/token"};
    }

    @Override
    public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
        LogUtils.debug4plugin("捕获到远程设计器请求");
        try {
            String username, password, compatibleParameters0;
            if (StringUtils.equalsIgnoreCase(req.getMethod(), "GET")) {
                username = NetworkHelper.getHTTPRequestParameter(req, "username");
                password = NetworkHelper.getHTTPRequestParameter(req, "password");
                compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0");
            } else {
                username = NetworkHelper.getHTTPRequestParameter(req, "username");
                password = SecurityToolbox.defaultDecrypt(NetworkHelper.getHTTPRequestParameter(req, "password"));
                compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0");
            }
            if (StringUtils.isEmpty(compatibleParameters0) && !ComparatorUtils.equals(StorageEncryptors.getInstance().getCurrentEncryptionMode(), EncryptionMode.RSA)) {
                throw new RemoteDesignPermissionDeniedException();
            }
            String token = StringUtils.EMPTY;
            Map<String, Object> loginParam = new HashMap<>();
            loginParam.put("username", username);
            loginParam.put("password", password);
            String loginRes = HttpUtil.doFormPost(AuthSsoConfig.getInstance().getEnvUrl(), null, loginParam, "UTF-8");
            LogUtils.debug4plugin("login res is {}", loginRes);
            JSONObject loginObject = new JSONObject(loginRes);
            if (loginObject.has("data") && loginObject.getInt("__statusCode") == 1) {
                token = loginObject.getString("data");
            } else {
                throw new UserPwdErrorException();
            }
            LogUtils.debug4plugin("get token is {}",token);
            String validateUser = StringUtils.EMPTY;
            Map<String, String> param = new HashMap<>();
            param.put("ticketValue", token);
            String result = HttpUtil.sendGet(AuthSsoConfig.getInstance().getValidateUrl(), param, null);
            LogUtils.debug4plugin("validate cookie url is {}, param is {}, res is {}", AuthSsoConfig.getInstance().getValidateUrl(), param, res);
            JSONObject object = new JSONObject(result);
            if (object.has("data")) {
                validateUser = object.getString("data");
                if (CommonUtils.checkUser(validateUser)) {
                    login(res, username);
                } else {
                    throw new UserNotExistException();
                }
            }
        } catch (RemoteDesignPermissionDeniedException | UserNotExistException | UserPwdErrorException e) {
            setRes(res, Response.error(e.errorCode(), e.getMessage()));
        } catch (Exception e) {
            LogUtils.error(e.getMessage(), e);
        }
    }

    private void login(HttpServletResponse res, String username) throws Exception {
        User user = UserService.getInstance().getUserByUserName(username);
        if (user != null && RemoteDesignAuthorityDataService.getInstance().hasAuthority(user.getId())) {
            setRes(res, Response.ok(this.generateToken(username)));
        } else {
            throw new RemoteDesignPermissionDeniedException();
        }
    }

    private void setRes(HttpServletResponse res, Response body) {
        try {
            res.setContentType("application/json");
            WebUtils.printAsJSON(res, JSONObject.mapFrom(body));
        } catch (Exception e) {
            LogUtils.error(e.getMessage(), e);
        }
    }

    private String generateToken(String username) throws Exception {
        String jwt = JwtUtils.createDefaultJWT(username);
        RemoteDesignStatusService.loginStatusService().put(jwt, username, 1209600000);
        return jwt;
    }
}