|
|
@@ -1,7 +1,9 @@
|
|
|
package cn.start.tz.module.system.service.auth;
|
|
|
|
|
|
+import cn.hutool.core.util.IdUtil;
|
|
|
import cn.hutool.core.util.ObjectUtil;
|
|
|
import cn.hutool.core.util.StrUtil;
|
|
|
+import cn.hutool.crypto.digest.DigestUtil;
|
|
|
import cn.start.tz.framework.common.enums.CommonStatusEnum;
|
|
|
import cn.start.tz.framework.common.enums.UserTypeEnum;
|
|
|
import cn.start.tz.framework.common.util.monitor.TracerUtils;
|
|
|
@@ -130,6 +132,16 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|
|
@Setter // 为了单测:开启或者关闭验证码
|
|
|
private Boolean captchaEnable;
|
|
|
|
|
|
+
|
|
|
+ @Value("${app-auth.base-url:http://localhost:48080}")
|
|
|
+ private String baseUrl;
|
|
|
+
|
|
|
+ @Value("${app-auth.app-id:xxxxxx}")
|
|
|
+ private String appId;
|
|
|
+
|
|
|
+ @Value("${app-auth.app-secret:yyyyyy}")
|
|
|
+ private String appSecret;
|
|
|
+
|
|
|
@Override
|
|
|
public AdminUserDO authenticate(String username, String password) {
|
|
|
log.info("[authenticate] 开始认证用户, username={}", username);
|
|
|
@@ -352,34 +364,59 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|
|
return respVO;
|
|
|
}
|
|
|
|
|
|
+ private <T> HttpEntity<T> genYiQunAuthHttpEntity(AuthAppTokenLoginReqVO reqVO) {
|
|
|
+ long timestamp = System.currentTimeMillis();
|
|
|
+ String nonce = IdUtil.fastSimpleUUID();
|
|
|
+ String accessToken = reqVO.getAppToken();
|
|
|
+ String signString = "appId=" + appId + "&nonce=" + nonce + "×tamp=" + timestamp + appSecret;
|
|
|
+ String sign = DigestUtil.sha256Hex(signString);
|
|
|
+
|
|
|
+ HttpHeaders httpHeaders = new HttpHeaders();
|
|
|
+ httpHeaders.add("Authorization", "Bearer " + accessToken);
|
|
|
+ httpHeaders.add("Content-Type", "application/json");
|
|
|
+ httpHeaders.set("appId", appId);
|
|
|
+ httpHeaders.set("timestamp", String.valueOf(timestamp));
|
|
|
+ httpHeaders.set("nonce", nonce);
|
|
|
+ httpHeaders.set("sign", sign);
|
|
|
+
|
|
|
+ log.info("[请求蚁群APP鉴权接口][appId={}, timestamp={}, nonce={}, sign:{}]", appId, timestamp, nonce, sign);
|
|
|
+ return new HttpEntity<>(httpHeaders);
|
|
|
+ }
|
|
|
+
|
|
|
@Override
|
|
|
public AuthLoginRespVO loginByAppToken(AuthAppTokenLoginReqVO reqVO) {
|
|
|
-// HttpHeaders httpHeaders = new HttpHeaders();
|
|
|
-// httpHeaders.add("Authorization", "Bearer " + reqVO.getAppToken());
|
|
|
-// httpHeaders.add("Content-Type", "application/json");
|
|
|
-//
|
|
|
-// HttpEntity<Object> req = new HttpEntity<>(null, httpHeaders);
|
|
|
-// String baseUrl = "https://cloud-admin-uat.gzsei.com";
|
|
|
-// // 使用 token 交换用户信息
|
|
|
-// ResponseEntity<String> yiqunResp = restTemplate.postForEntity(baseUrl + "/external-api/system/auth/app-auth", req, String.class);
|
|
|
-// AuthYiqunUserDTO user = null;
|
|
|
-// if (!yiqunResp.getStatusCode().equals(HttpStatus.OK)) {
|
|
|
-// log.warn("[authenticate] APPToken 无效");
|
|
|
-// } else {
|
|
|
-// String json = yiqunResp.getBody();
|
|
|
-// try {
|
|
|
-// JsonNode jsonNode = objectMapper.readTree(json);
|
|
|
-// user = objectMapper.convertValue(jsonNode.get("data"), AuthYiqunUserDTO.class);
|
|
|
-// } catch (JsonProcessingException e) {
|
|
|
-// throw new RuntimeException(e);
|
|
|
-// }
|
|
|
-// }
|
|
|
-//
|
|
|
-// if (user == null) {
|
|
|
-// log.warn("[authenticate] APPToken 无效");
|
|
|
-// createLoginLog(user.getId(), user.getUsername(), LoginLogTypeEnum.LOGIN_YIQUNAPP, LoginResultEnum.BAD_CREDENTIALS);
|
|
|
-// throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
|
|
|
-// }
|
|
|
+ log.info("[authenticate] 用户认证开始, req={}", reqVO.toString());
|
|
|
+ HttpEntity<Void> req = genYiQunAuthHttpEntity(reqVO);
|
|
|
+ String appAuthPath = "/external-api/system/auth/app-auth";
|
|
|
+ // 使用 token 交换用户信息
|
|
|
+ ResponseEntity<String> yiqunResp = restTemplate.postForEntity(baseUrl + appAuthPath, req, String.class);
|
|
|
+ AuthYiqunUserDTO user = null;
|
|
|
+ if (!yiqunResp.getStatusCode().equals(HttpStatus.OK)) {
|
|
|
+ log.warn("[authenticate] APPToken 无效");
|
|
|
+ throw new RuntimeException("认证接口错误码:" + yiqunResp.getStatusCode());
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ String json = yiqunResp.getBody();
|
|
|
+ try {
|
|
|
+ JsonNode jsonNode = objectMapper.readTree(json);
|
|
|
+ if (!Objects.equals(jsonNode.get("code").asInt(), 0)) {
|
|
|
+ throw new Exception(jsonNode.get("msg").asText());
|
|
|
+ }
|
|
|
+
|
|
|
+ user = objectMapper.convertValue(jsonNode.get("data"), AuthYiqunUserDTO.class);
|
|
|
+ } catch (JsonProcessingException e) {
|
|
|
+ throw new RuntimeException(e);
|
|
|
+ } catch (Exception e) {
|
|
|
+ log.error("蚁群APP鉴权接口调用失败,失败原因:{}", e.getMessage());
|
|
|
+ throw exception(AUTH_THIRD_LOGIN_NOT_BIND);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (user == null) {
|
|
|
+ log.warn("[authenticate] APPToken 无效");
|
|
|
+ createLoginLog(user.getId(), user.getUsername(), LoginLogTypeEnum.LOGIN_YIQUNAPP, LoginResultEnum.BAD_CREDENTIALS);
|
|
|
+ throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
|
|
|
+ }
|
|
|
|
|
|
if (Objects.equals(reqVO.getMode(), "WEB")) {
|
|
|
if (!Objects.equals(reqVO.getPassword(), "bowin123")) {
|
|
|
@@ -387,9 +424,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- log.info("[authenticate] 用户认证开始, req={}", reqVO.toString());
|
|
|
- String userId = reqVO.getUserId();
|
|
|
- AdminUserDO existedUser = userService.getUser(userId);
|
|
|
+ String username = reqVO.getUsername();
|
|
|
+ AdminUserDO existedUser = userService.getUserByUsername(username);
|
|
|
if (existedUser == null) {
|
|
|
throw exception(USER_NOT_EXISTS);
|
|
|
}
|