open-JSD-9983/src/main/java/com/fr/plugin/ishc/request/OAuthLogin.java

 /*
  * Copyright (C), 2018-2021
  * Project: starter
  * FileName: OAuthLogin
  * Author:   xx
  * Date:     2021/3/30 22:09
  */
 package com.fr.plugin.ishc.request;

 import com.fanruan.api.decision.login.LoginKit;
 import com.fanruan.api.decision.user.UserKit;
 import com.fanruan.api.i18n.I18nKit;
 import com.fanruan.api.log.LogKit;
 import com.fanruan.api.net.NetworkKit;
 import com.fanruan.api.net.http.HttpKit;
 import com.fanruan.api.util.StringKit;
 import com.fr.decision.authority.data.User;
 import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
 import com.fr.decision.privilege.TransmissionTool;
 import com.fr.decision.webservice.bean.user.UserBean;
 import com.fr.decision.webservice.utils.DecisionServiceConstants;
 import com.fr.decision.webservice.utils.WebServiceUtils;
 import com.fr.decision.webservice.v10.user.UserService;
 import com.fr.json.JSONObject;
 import com.fr.plugin.context.PluginContexts;
 import com.fr.plugin.ishc.config.IshcConfig;
 import com.fr.stable.core.UUID;
 import com.fr.stable.fun.Authorize;
 import com.fr.web.utils.WebUtils;

 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import java.util.Map;

 import static com.fr.plugin.ishc.config.IshcConfig.PLUGIN_ID;

 /**
  * <Function Description><br>
  * <OAuthLogin>
  *
  * @author xx
  * @since 1.0.0
  */
 @Authorize(callSignKey = PLUGIN_ID)
 public class OAuthLogin extends AbstractGlobalRequestFilterProvider {
     public static final String YL_TOKEN = "YL_TOKEN";
     public static final String YL_USER = "YL_USER";
     public static final String YL_APP_CODE = "YL_APP_CODE";
     private IshcConfig config;

     /**
      * 过滤器名称
      *
      * @return
      */
     @Override
     public String filterName() {
         return "ishcFilter";
     }

     /**
      * 过滤规则
      *
      * @return
      */
     @Override
     public String[] urlPatterns() {
         if (PluginContexts.currentContext() == null || !PluginContexts.currentContext().isAvailable()) {
             LogKit.error(I18nKit.getLocText("Plugin-ishc_Licence_Expired"));
             return new String[]{};
         }
         return new String[]{"/decision/view/form", "/decision/view/report", "/decision/v10/entry/access/*"};
     }

     /**
      * 过滤器初始化
      *
      * @param filterConfig
      */
     @Override
     public void init(FilterConfig filterConfig) {
         this.config = IshcConfig.getInstance();
         super.init(filterConfig);
     }

     /**
      * 过滤器处理
      *
      * @param request
      * @param response
      * @param filterChain
      */
     @Override
     public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
         try {
             if (operation(request, response)) {
                 filterChain.doFilter(request, response);
             }
         } catch (Exception e) {
             LogKit.error(e.getMessage(), e);
         }
     }

     /**
      * 用户验证登陆操作
      *
      * @param req
      * @param res
      * @throws Exception
      */
     private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception {
         // 管理员放行
         try {
             User currentUser = UserService.getInstance().getUserByRequestCookie(req);
             if (UserService.getInstance().isAdmin(currentUser.getId())) {
                 return true;
             }
         } catch (Exception e) {
         }
         String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY;
         if (pathInfo.startsWith("/v10/entry/access")) {
             WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("非管理员，无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY));
             return false;
         }
         if (StringKit.isBlank(WebUtils.getHTTPRequestParameter(req, "viewlet"))) {
             return true;
         }
//         LogKit.info("ishc-OAuthLogin-operation-url:{}", WebUtils.getOriginalURL(req));
         String tokenYL = getWebParam(req, YL_TOKEN);
         String userYL = getWebParam(req, YL_USER);
         String appCodeYL = getWebParam(req, YL_APP_CODE);
         String templateName = WebUtils.getReportTitleFromRequest(req);
         if (StringKit.isBlank(tokenYL) || StringKit.isBlank(userYL) || StringKit.isBlank(appCodeYL) || StringKit.isBlank(templateName)) {
             WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("无认证参数，无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY));
             return false;
         }
         JSONObject result = authJMS(tokenYL, userYL, appCodeYL, templateName);
         if (!StringKit.equals(result.getString("code"), "1")) {
             printErrorPage(res, result);
             return false;
         }
         if (!UserKit.existUsername(userYL)) {
             UserBean userBean = new UserBean();
             userBean.setUsername(userYL);
             userBean.setPassword(TransmissionTool.defaultEncrypt(UUID.randomUUID().toString()));
             userBean.setRealName(userYL);
             UserService.getInstance().addUser(userBean);
         }
         String tokenFR = LoginKit.login(req, res, userYL);
         req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR);
         return true;
     }

     private void printErrorPage(HttpServletResponse res, JSONObject result) throws Exception {
         String errorMsg;
         if (StringKit.equals(result.getString("code"), "403")) {
             errorMsg = "您的菜单权限已被收回，请联系上级管理员";
         } else if (StringKit.equals(result.getString("code"), "401")) {
             errorMsg = "长时间未操作，请重新登录";
         } else if (StringKit.equals(result.getString("code"), "405")) {
             errorMsg = "您的账号已在其他设备登录，请注意账号安全";
         } else {
             errorMsg = result.getString("msg");
         }
         WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage(errorMsg, StringKit.EMPTY, StringKit.EMPTY));
     }

     private String getWebParam(HttpServletRequest req, String paramName) {
         if (StringKit.isNotBlank(req.getHeader(paramName))) {
             return req.getHeader(paramName);
         }
         return NetworkKit.getHTTPRequestParameter(req, paramName);
     }

     /**
      * 通过凭证获得code
      *
      * @param tokenYL
      * @param userYL
      * @param appCodeYL
      * @param templateName
      * @return
      */
     private JSONObject authJMS(String tokenYL, String userYL, String appCodeYL, String templateName) throws Exception {
         Map<String, String> headers = new HashMap<>();
         headers.put("Content-Type", "application/json");
         headers.put(YL_TOKEN, tokenYL);
         headers.put(YL_USER, userYL);
         headers.put(YL_APP_CODE, appCodeYL);
         Map<String, String> params = new HashMap<>();
         params.put("templateName", templateName);
         LogKit.info("ishc-OAuthLogin-authJMS-headers:{}, params:{}", headers, params);
         String res = HttpKit.get(this.config.getUriBase(), params, headers);
         LogKit.info("ishc-OAuthLogin-authJMS-res:{}", res);
         if (StringKit.isBlank(res)) {
             return JSONObject.EMPTY;
         }
         return new JSONObject(res);
     }
 }
open 3 years ago			`/*`
			`* Copyright (C), 2018-2021`
			`* Project: starter`
			`* FileName: OAuthLogin`
			`* Author: xx`
			`* Date: 2021/3/30 22:09`
			`*/`
			`package com.fr.plugin.ishc.request;`

			`import com.fanruan.api.decision.login.LoginKit;`
			`import com.fanruan.api.decision.user.UserKit;`
			`import com.fanruan.api.i18n.I18nKit;`
			`import com.fanruan.api.log.LogKit;`
			`import com.fanruan.api.net.NetworkKit;`
			`import com.fanruan.api.net.http.HttpKit;`
			`import com.fanruan.api.util.StringKit;`
			`import com.fr.decision.authority.data.User;`
			`import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;`
			`import com.fr.decision.privilege.TransmissionTool;`
			`import com.fr.decision.webservice.bean.user.UserBean;`
			`import com.fr.decision.webservice.utils.DecisionServiceConstants;`
			`import com.fr.decision.webservice.utils.WebServiceUtils;`
			`import com.fr.decision.webservice.v10.user.UserService;`
			`import com.fr.json.JSONObject;`
			`import com.fr.plugin.context.PluginContexts;`
			`import com.fr.plugin.ishc.config.IshcConfig;`
			`import com.fr.stable.core.UUID;`
			`import com.fr.stable.fun.Authorize;`
			`import com.fr.web.utils.WebUtils;`

			`import javax.servlet.FilterChain;`
			`import javax.servlet.FilterConfig;`
			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletResponse;`
			`import java.util.HashMap;`
			`import java.util.Map;`

			`import static com.fr.plugin.ishc.config.IshcConfig.PLUGIN_ID;`

			`/**`
			`* <Function Description><br>`
			`* <OAuthLogin>`
			`*`
			`* @author xx`
			`* @since 1.0.0`
			`*/`
			`@Authorize(callSignKey = PLUGIN_ID)`
			`public class OAuthLogin extends AbstractGlobalRequestFilterProvider {`
			`public static final String YL_TOKEN = "YL_TOKEN";`
			`public static final String YL_USER = "YL_USER";`
			`public static final String YL_APP_CODE = "YL_APP_CODE";`
			`private IshcConfig config;`

			`/**`
			`* 过滤器名称`
			`*`
			`* @return`
			`*/`
			`@Override`
			`public String filterName() {`
			`return "ishcFilter";`
			`}`

			`/**`
			`* 过滤规则`
			`*`
			`* @return`
			`*/`
			`@Override`
			`public String[] urlPatterns() {`
			`if (PluginContexts.currentContext() == null \|\| !PluginContexts.currentContext().isAvailable()) {`
			`LogKit.error(I18nKit.getLocText("Plugin-ishc_Licence_Expired"));`
			`return new String[]{};`
			`}`
			`return new String[]{"/decision/view/form", "/decision/view/report", "/decision/v10/entry/access/*"};`
			`}`

			`/**`
			`* 过滤器初始化`
			`*`
			`* @param filterConfig`
			`*/`
			`@Override`
			`public void init(FilterConfig filterConfig) {`
			`this.config = IshcConfig.getInstance();`
			`super.init(filterConfig);`
			`}`

			`/**`
			`* 过滤器处理`
			`*`
			`* @param request`
			`* @param response`
			`* @param filterChain`
			`*/`
			`@Override`
			`public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {`
			`try {`
			`if (operation(request, response)) {`
			`filterChain.doFilter(request, response);`
			`}`
			`} catch (Exception e) {`
			`LogKit.error(e.getMessage(), e);`
			`}`
			`}`

			`/**`
			`* 用户验证登陆操作`
			`*`
			`* @param req`
			`* @param res`
			`* @throws Exception`
			`*/`
			`private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception {`
			`// 管理员放行`
			`try {`
			`User currentUser = UserService.getInstance().getUserByRequestCookie(req);`
			`if (UserService.getInstance().isAdmin(currentUser.getId())) {`
			`return true;`
			`}`
			`} catch (Exception e) {`
			`}`
			`String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY;`
			`if (pathInfo.startsWith("/v10/entry/access")) {`
			`WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("非管理员，无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY));`
			`return false;`
			`}`
			`if (StringKit.isBlank(WebUtils.getHTTPRequestParameter(req, "viewlet"))) {`
			`return true;`
			`}`
			`// LogKit.info("ishc-OAuthLogin-operation-url:{}", WebUtils.getOriginalURL(req));`
			`String tokenYL = getWebParam(req, YL_TOKEN);`
			`String userYL = getWebParam(req, YL_USER);`
			`String appCodeYL = getWebParam(req, YL_APP_CODE);`
			`String templateName = WebUtils.getReportTitleFromRequest(req);`
			`if (StringKit.isBlank(tokenYL) \|\| StringKit.isBlank(userYL) \|\| StringKit.isBlank(appCodeYL) \|\| StringKit.isBlank(templateName)) {`
			`WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("无认证参数，无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY));`
			`return false;`
			`}`
			`JSONObject result = authJMS(tokenYL, userYL, appCodeYL, templateName);`
			`if (!StringKit.equals(result.getString("code"), "1")) {`
			`printErrorPage(res, result);`
			`return false;`
			`}`
			`if (!UserKit.existUsername(userYL)) {`
			`UserBean userBean = new UserBean();`
			`userBean.setUsername(userYL);`
			`userBean.setPassword(TransmissionTool.defaultEncrypt(UUID.randomUUID().toString()));`
			`userBean.setRealName(userYL);`
			`UserService.getInstance().addUser(userBean);`
			`}`
			`String tokenFR = LoginKit.login(req, res, userYL);`
			`req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR);`
			`return true;`
			`}`

			`private void printErrorPage(HttpServletResponse res, JSONObject result) throws Exception {`
			`String errorMsg;`
			`if (StringKit.equals(result.getString("code"), "403")) {`
			`errorMsg = "您的菜单权限已被收回，请联系上级管理员";`
			`} else if (StringKit.equals(result.getString("code"), "401")) {`
			`errorMsg = "长时间未操作，请重新登录";`
			`} else if (StringKit.equals(result.getString("code"), "405")) {`
			`errorMsg = "您的账号已在其他设备登录，请注意账号安全";`
			`} else {`
			`errorMsg = result.getString("msg");`
			`}`
			`WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage(errorMsg, StringKit.EMPTY, StringKit.EMPTY));`
			`}`

			`private String getWebParam(HttpServletRequest req, String paramName) {`
			`if (StringKit.isNotBlank(req.getHeader(paramName))) {`
			`return req.getHeader(paramName);`
			`}`
			`return NetworkKit.getHTTPRequestParameter(req, paramName);`
			`}`

			`/**`
			`* 通过凭证获得code`
			`*`
			`* @param tokenYL`
			`* @param userYL`
			`* @param appCodeYL`
			`* @param templateName`
			`* @return`
			`*/`
			`private JSONObject authJMS(String tokenYL, String userYL, String appCodeYL, String templateName) throws Exception {`
			`Map<String, String> headers = new HashMap<>();`
			`headers.put("Content-Type", "application/json");`
			`headers.put(YL_TOKEN, tokenYL);`
			`headers.put(YL_USER, userYL);`
			`headers.put(YL_APP_CODE, appCodeYL);`
			`Map<String, String> params = new HashMap<>();`
			`params.put("templateName", templateName);`
			`LogKit.info("ishc-OAuthLogin-authJMS-headers:{}, params:{}", headers, params);`
			`String res = HttpKit.get(this.config.getUriBase(), params, headers);`
			`LogKit.info("ishc-OAuthLogin-authJMS-res:{}", res);`
			`if (StringKit.isBlank(res)) {`
			`return JSONObject.EMPTY;`
			`}`
			`return new JSONObject(res);`
			`}`
			`}`