/* * Copyright (C), 2018-2021 * Project: starter * FileName: OAuthLogin * Author: xx * Date: 2021/3/30 22:09 */ package com.fr.plugin.ishc.request; import com.fanruan.api.decision.login.LoginKit; import com.fanruan.api.decision.user.UserKit; import com.fanruan.api.i18n.I18nKit; import com.fanruan.api.log.LogKit; import com.fanruan.api.net.NetworkKit; import com.fanruan.api.net.http.HttpKit; import com.fanruan.api.util.StringKit; import com.fr.decision.authority.data.User; import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; import com.fr.decision.privilege.TransmissionTool; import com.fr.decision.webservice.bean.user.UserBean; import com.fr.decision.webservice.utils.DecisionServiceConstants; import com.fr.decision.webservice.utils.WebServiceUtils; import com.fr.decision.webservice.v10.user.UserService; import com.fr.json.JSONObject; import com.fr.plugin.context.PluginContexts; import com.fr.plugin.ishc.config.IshcConfig; import com.fr.stable.core.UUID; import com.fr.stable.fun.Authorize; import com.fr.web.utils.WebUtils; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.Map; import static com.fr.plugin.ishc.config.IshcConfig.PLUGIN_ID; /** *
* * * @author xx * @since 1.0.0 */ @Authorize(callSignKey = PLUGIN_ID) public class OAuthLogin extends AbstractGlobalRequestFilterProvider { public static final String YL_TOKEN = "YL_TOKEN"; public static final String YL_USER = "YL_USER"; public static final String YL_APP_CODE = "YL_APP_CODE"; private IshcConfig config; /** * 过滤器名称 * * @return */ @Override public String filterName() { return "ishcFilter"; } /** * 过滤规则 * * @return */ @Override public String[] urlPatterns() { if (PluginContexts.currentContext() == null || !PluginContexts.currentContext().isAvailable()) { LogKit.error(I18nKit.getLocText("Plugin-ishc_Licence_Expired")); return new String[]{}; } return new String[]{"/decision/view/form", "/decision/view/report", "/decision/v10/entry/access/*"}; } /** * 过滤器初始化 * * @param filterConfig */ @Override public void init(FilterConfig filterConfig) { this.config = IshcConfig.getInstance(); super.init(filterConfig); } /** * 过滤器处理 * * @param request * @param response * @param filterChain */ @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) { try { if (operation(request, response)) { filterChain.doFilter(request, response); } } catch (Exception e) { LogKit.error(e.getMessage(), e); } } /** * 用户验证登陆操作 * * @param req * @param res * @throws Exception */ private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception { // 管理员放行 try { User currentUser = UserService.getInstance().getUserByRequestCookie(req); if (UserService.getInstance().isAdmin(currentUser.getId())) { return true; } } catch (Exception e) { } String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY; if (pathInfo.startsWith("/v10/entry/access")) { WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("非管理员,无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY)); return false; } if (StringKit.isBlank(WebUtils.getHTTPRequestParameter(req, "viewlet"))) { return true; } // LogKit.info("ishc-OAuthLogin-operation-url:{}", WebUtils.getOriginalURL(req)); String tokenYL = getWebParam(req, YL_TOKEN); String userYL = getWebParam(req, YL_USER); String appCodeYL = getWebParam(req, YL_APP_CODE); String templateName = WebUtils.getReportTitleFromRequest(req); if (StringKit.isBlank(tokenYL) || StringKit.isBlank(userYL) || StringKit.isBlank(appCodeYL) || StringKit.isBlank(templateName)) { WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage("无认证参数,无权限访问此页面", StringKit.EMPTY, StringKit.EMPTY)); return false; } JSONObject result = authJMS(tokenYL, userYL, appCodeYL, templateName); if (!StringKit.equals(result.getString("code"), "1")) { printErrorPage(res, result); return false; } if (!UserKit.existUsername(userYL)) { UserBean userBean = new UserBean(); userBean.setUsername(userYL); userBean.setPassword(TransmissionTool.defaultEncrypt(UUID.randomUUID().toString())); userBean.setRealName(userYL); UserService.getInstance().addUser(userBean); } String tokenFR = LoginKit.login(req, res, userYL); req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR); return true; } private void printErrorPage(HttpServletResponse res, JSONObject result) throws Exception { String errorMsg; if (StringKit.equals(result.getString("code"), "403")) { errorMsg = "您的菜单权限已被收回,请联系上级管理员"; } else if (StringKit.equals(result.getString("code"), "401")) { errorMsg = "长时间未操作,请重新登录"; } else if (StringKit.equals(result.getString("code"), "405")) { errorMsg = "您的账号已在其他设备登录,请注意账号安全"; } else { errorMsg = result.getString("msg"); } WebUtils.printAsString(res, WebServiceUtils.generateErrorWebPage(errorMsg, StringKit.EMPTY, StringKit.EMPTY)); } private String getWebParam(HttpServletRequest req, String paramName) { if (StringKit.isNotBlank(req.getHeader(paramName))) { return req.getHeader(paramName); } return NetworkKit.getHTTPRequestParameter(req, paramName); } /** * 通过凭证获得code * * @param tokenYL * @param userYL * @param appCodeYL * @param templateName * @return */ private JSONObject authJMS(String tokenYL, String userYL, String appCodeYL, String templateName) throws Exception { Map headers = new HashMap<>(); headers.put("Content-Type", "application/json"); headers.put(YL_TOKEN, tokenYL); headers.put(YL_USER, userYL); headers.put(YL_APP_CODE, appCodeYL); Map params = new HashMap<>(); params.put("templateName", templateName); LogKit.info("ishc-OAuthLogin-authJMS-headers:{}, params:{}", headers, params); String res = HttpKit.get(this.config.getUriBase(), params, headers); LogKit.info("ishc-OAuthLogin-authJMS-res:{}", res); if (StringKit.isBlank(res)) { return JSONObject.EMPTY; } return new JSONObject(res); } }