Pārlūkot izejas kodu

app,调整蚁群APP跳转锅炉管道的认证逻辑

yangguanjin 1 nedēļu atpakaļ
vecāks
revīzija
ef1ed9d10b

+ 18 - 4
tz-module-system/tz-module-system-biz/src/main/java/cn/start/tz/module/system/controller/appapi/auth/vo/AuthYiqunUserDTO.java

@@ -3,6 +3,8 @@ package cn.start.tz.module.system.controller.appapi.auth.vo;
 import lombok.Getter;
 import lombok.Setter;
 
+import java.util.List;
+
 @Getter
 @Setter
 public class AuthYiqunUserDTO {
@@ -32,6 +34,8 @@ public class AuthYiqunUserDTO {
      * */
     private String deptId;
 
+    private List<String> postIds;
+
     /**
      * 用户邮箱
      * */
@@ -42,9 +46,19 @@ public class AuthYiqunUserDTO {
      * */
     private String mobile;
 
-    /**
-     * 用户性别
-     * */
-    private Integer sex;
+//    /**
+//     * 用户性别
+//     * */
+//    private Integer sex;
+
+    private String avatar;
+
+    private Integer status;
+
+    private String signUrl;
+
+//    private Object appointmentDept;
+//
+//    private Map<String, Object> transMap;
 
 }

+ 65 - 29
tz-module-system/tz-module-system-biz/src/main/java/cn/start/tz/module/system/service/auth/AdminAuthServiceImpl.java

@@ -1,7 +1,9 @@
 package cn.start.tz.module.system.service.auth;
 
+import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.digest.DigestUtil;
 import cn.start.tz.framework.common.enums.CommonStatusEnum;
 import cn.start.tz.framework.common.enums.UserTypeEnum;
 import cn.start.tz.framework.common.util.monitor.TracerUtils;
@@ -130,6 +132,16 @@ public class AdminAuthServiceImpl implements AdminAuthService {
     @Setter // 为了单测:开启或者关闭验证码
     private Boolean captchaEnable;
 
+
+    @Value("${app-auth.base-url:http://localhost:48080}")
+    private String baseUrl;
+
+    @Value("${app-auth.app-id:xxxxxx}")
+    private String appId;
+
+    @Value("${app-auth.app-secret:yyyyyy}")
+    private String appSecret;
+
     @Override
     public AdminUserDO authenticate(String username, String password) {
         log.info("[authenticate] 开始认证用户, username={}", username);
@@ -352,34 +364,59 @@ public class AdminAuthServiceImpl implements AdminAuthService {
         return respVO;
     }
 
+    private <T> HttpEntity<T> genYiQunAuthHttpEntity(AuthAppTokenLoginReqVO reqVO) {
+        long timestamp = System.currentTimeMillis();
+        String nonce = IdUtil.fastSimpleUUID();
+        String accessToken = reqVO.getAppToken();
+        String signString = "appId=" + appId + "&nonce=" + nonce + "&timestamp=" + timestamp + appSecret;
+        String sign = DigestUtil.sha256Hex(signString);
+
+        HttpHeaders httpHeaders = new HttpHeaders();
+        httpHeaders.add("Authorization", "Bearer " + accessToken);
+        httpHeaders.add("Content-Type", "application/json");
+        httpHeaders.set("appId", appId);
+        httpHeaders.set("timestamp", String.valueOf(timestamp));
+        httpHeaders.set("nonce", nonce);
+        httpHeaders.set("sign", sign);
+
+        log.info("[请求蚁群APP鉴权接口][appId={}, timestamp={}, nonce={}, sign:{}]", appId, timestamp, nonce, sign);
+        return new HttpEntity<>(httpHeaders);
+    }
+
     @Override
     public AuthLoginRespVO loginByAppToken(AuthAppTokenLoginReqVO reqVO) {
-//        HttpHeaders httpHeaders = new HttpHeaders();
-//        httpHeaders.add("Authorization", "Bearer " + reqVO.getAppToken());
-//        httpHeaders.add("Content-Type", "application/json");
-//
-//        HttpEntity<Object> req = new HttpEntity<>(null, httpHeaders);
-//        String baseUrl = "https://cloud-admin-uat.gzsei.com";
-//        // 使用 token 交换用户信息
-//        ResponseEntity<String> yiqunResp = restTemplate.postForEntity(baseUrl + "/external-api/system/auth/app-auth", req, String.class);
-//        AuthYiqunUserDTO user = null;
-//        if (!yiqunResp.getStatusCode().equals(HttpStatus.OK)) {
-//            log.warn("[authenticate] APPToken 无效");
-//        } else {
-//            String json = yiqunResp.getBody();
-//            try {
-//                JsonNode jsonNode = objectMapper.readTree(json);
-//                user = objectMapper.convertValue(jsonNode.get("data"), AuthYiqunUserDTO.class);
-//            } catch (JsonProcessingException e) {
-//                throw new RuntimeException(e);
-//            }
-//        }
-//
-//        if (user == null) {
-//            log.warn("[authenticate] APPToken 无效");
-//            createLoginLog(user.getId(), user.getUsername(), LoginLogTypeEnum.LOGIN_YIQUNAPP, LoginResultEnum.BAD_CREDENTIALS);
-//            throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
-//        }
+        log.info("[authenticate] 用户认证开始, req={}", reqVO.toString());
+        HttpEntity<Void> req = genYiQunAuthHttpEntity(reqVO);
+        String appAuthPath = "/external-api/system/auth/app-auth";
+        // 使用 token 交换用户信息
+        ResponseEntity<String> yiqunResp = restTemplate.postForEntity(baseUrl + appAuthPath, req, String.class);
+        AuthYiqunUserDTO user = null;
+        if (!yiqunResp.getStatusCode().equals(HttpStatus.OK)) {
+            log.warn("[authenticate] APPToken 无效");
+            throw new RuntimeException("认证接口错误码:" + yiqunResp.getStatusCode());
+        }
+
+
+        String json = yiqunResp.getBody();
+        try {
+            JsonNode jsonNode = objectMapper.readTree(json);
+            if (!Objects.equals(jsonNode.get("code").asInt(), 0)) {
+                throw new Exception(jsonNode.get("msg").asText());
+            }
+
+            user = objectMapper.convertValue(jsonNode.get("data"), AuthYiqunUserDTO.class);
+        } catch (JsonProcessingException e) {
+            throw new RuntimeException(e);
+        } catch (Exception e) {
+            log.error("蚁群APP鉴权接口调用失败,失败原因:{}", e.getMessage());
+            throw exception(AUTH_THIRD_LOGIN_NOT_BIND);
+        }
+
+        if (user == null) {
+            log.warn("[authenticate] APPToken 无效");
+            createLoginLog(user.getId(), user.getUsername(), LoginLogTypeEnum.LOGIN_YIQUNAPP, LoginResultEnum.BAD_CREDENTIALS);
+            throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
+        }
 
         if (Objects.equals(reqVO.getMode(), "WEB")) {
             if (!Objects.equals(reqVO.getPassword(), "bowin123")) {
@@ -387,9 +424,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
             }
         }
 
-        log.info("[authenticate] 用户认证开始, req={}", reqVO.toString());
-        String userId = reqVO.getUserId();
-        AdminUserDO existedUser = userService.getUser(userId);
+        String username = reqVO.getUsername();
+        AdminUserDO existedUser = userService.getUserByUsername(username);
         if (existedUser == null) {
             throw exception(USER_NOT_EXISTS);
         }

+ 5 - 0
tz-module-system/tz-module-system-biz/src/main/resources/application-hsd.yaml

@@ -202,3 +202,8 @@ cas:
 
   # 应用秘钥
   secret: Zk8qMjQwNDIwMjYwNzE0MzI2NTUZip
+
+app-auth:
+  base-url: https://cloud-admin-uat.gzsei.com
+  app-id: 20260527
+  app-secret: ce9fba85d73b475ab3897cbb9d62d61d

+ 5 - 0
tz-module-system/tz-module-system-biz/src/main/resources/application-prod.yaml

@@ -198,3 +198,8 @@ cas:
   # cas客户端地址
   client-host-url: http://192.168.19.165:40081
   #client-host-url: https://cyjw.gzsei.work
+
+app-auth:
+  base-url: http://192.168.19.165:48080
+  app-id: 202606003
+  app-secret: 4bb6167b3fe84dfcba5d8d43b2f35194

+ 6 - 1
tz-module-system/tz-module-system-biz/src/main/resources/application-uat.yaml

@@ -197,4 +197,9 @@ cas:
   front-url: https://cyjw.gzsei.work
   # cas客户端地址
   #client-host-url: http://192.168.19.165:40081
-  client-host-url: https://cyjw.gzsei.work
+  client-host-url: https://cyjw.gzsei.work
+
+app-auth:
+  base-url: https://cloud-admin-uat.gzsei.com
+  app-id: 20260527
+  app-secret: ce9fba85d73b475ab3897cbb9d62d61d