diff --git a/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java b/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java new file mode 100644 index 0000000000..fe721b92c0 --- /dev/null +++ b/sdk/common/src/main/java/io/dataease/auth/filter/CommunityTokenFilter.java @@ -0,0 +1,79 @@ +package io.dataease.auth.filter; + +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.interfaces.DecodedJWT; +import com.auth0.jwt.interfaces.Verification; +import io.dataease.auth.bo.TokenUserBO; +import io.dataease.auth.config.SubstituleLoginConfig; +import io.dataease.license.utils.LicenseUtil; +import io.dataease.utils.*; +import jakarta.servlet.*; +import jakarta.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.HttpStatusCode; +import org.springframework.http.ResponseEntity; +import org.springframework.util.ReflectionUtils; + +import java.io.IOException; +import java.lang.reflect.Method; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; +import java.util.Objects; + +public class CommunityTokenFilter implements Filter { + + private static final String headName = "DE-GATEWAY-FLAG"; + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + Long userId = null; + String token = ServletUtils.getToken(); + TokenUserBO userBO = null; + if (StringUtils.isNotBlank(token) && ObjectUtils.isNotEmpty(userBO = AuthUtils.getUser()) && ObjectUtils.isNotEmpty(userId = userBO.getUserId()) && !LicenseUtil.licenseValid()) { + String secret = null; + if (ObjectUtils.isEmpty(CommonBeanFactory.getBean("loginServer"))) { + String pwd = SubstituleLoginConfig.getPwd(); + secret = Md5Utils.md5(pwd); + } else { + Object apisixTokenManage = CommonBeanFactory.getBean("apisixTokenManage"); + Method method = DeReflectUtil.findMethod(apisixTokenManage.getClass(), "userCacheBO"); + Object o = ReflectionUtils.invokeMethod(method, apisixTokenManage, userId); + Method pwdMethod = DeReflectUtil.findMethod(o.getClass(), "getPwd"); + Object pwdObj = ReflectionUtils.invokeMethod(pwdMethod, o); + secret = pwdObj.toString(); + } + try { + Algorithm algorithm = Algorithm.HMAC256(secret); + Verification verification = JWT.require(algorithm).withClaim("uid", userId).withClaim("oid", userBO.getDefaultOid()); + JWTVerifier verifier = verification.build(); + DecodedJWT decode = JWT.decode(token); + algorithm.verify(decode); + verifier.verify(token); + } catch (Exception e) { + HttpServletResponse res = (HttpServletResponse) servletResponse; + LogUtil.error(e.getMessage(), e); + HttpHeaders headers = new HttpHeaders(); + String msg = URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8).replace("+", "%20"); + headers.add(headName, msg); + sendResponseEntity(res, new ResponseEntity<>(e.getMessage(), headers, HttpStatus.UNAUTHORIZED)); + } + } + + filterChain.doFilter(servletRequest, servletResponse); + } + + private void sendResponseEntity(HttpServletResponse httpResponse, ResponseEntity responseEntity) throws IOException { + HttpHeaders headers = responseEntity.getHeaders(); + HttpStatusCode statusCode = responseEntity.getStatusCode(); + httpResponse.setStatus(statusCode.value()); + for (String name : headers.keySet()) { + httpResponse.setHeader(name, headers.getFirst(name)); + } + httpResponse.getWriter().write(Objects.requireNonNull(responseEntity.getBody())); + } +} diff --git a/sdk/common/src/main/java/io/dataease/auth/filter/FilterConfig.java b/sdk/common/src/main/java/io/dataease/auth/filter/FilterConfig.java index 60d1926497..e37b120712 100644 --- a/sdk/common/src/main/java/io/dataease/auth/filter/FilterConfig.java +++ b/sdk/common/src/main/java/io/dataease/auth/filter/FilterConfig.java @@ -16,4 +16,14 @@ public class FilterConfig { filter.setOrder(0); return filter; } + + @Bean + public FilterRegistrationBean communityFilter() { + FilterRegistrationBean filter = new FilterRegistrationBean<>(); + filter.setName("communityTokenFilter"); + filter.setFilter(new CommunityTokenFilter()); + filter.addUrlPatterns("/*"); + filter.setOrder(5); + return filter; + } } diff --git a/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java b/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java index 8f3d117267..aa91793b30 100644 --- a/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java +++ b/sdk/common/src/main/java/io/dataease/auth/filter/TokenFilter.java @@ -3,28 +3,15 @@ package io.dataease.auth.filter; import io.dataease.auth.bo.TokenUserBO; import io.dataease.constant.AuthConstant; import io.dataease.utils.*; -import jakarta.servlet.FilterConfig; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.http.HttpStatusCode; -import org.springframework.http.ResponseEntity; import java.io.IOException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; import java.util.Objects; public class TokenFilter implements Filter { - private static final String headName = "DE-GATEWAY-FLAG"; - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { @@ -57,41 +44,9 @@ public class TokenFilter implements Filter { return; } String token = ServletUtils.getToken(); - TokenUserBO userBO = null; - try { - userBO = TokenUtils.validate(token); - UserUtils.setUserInfo(userBO); - } catch (Exception e) { - HttpServletResponse res = (HttpServletResponse) servletResponse; - LogUtil.error(e.getMessage(), e); - HttpHeaders headers = new HttpHeaders(); - String msg = URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8).replace("+", "%20"); - headers.add(headName, msg); - sendResponseEntity(res, new ResponseEntity<>(e.getMessage(), headers, HttpStatus.UNAUTHORIZED)); - return; - } + TokenUserBO userBO = TokenUtils.validate(token); + UserUtils.setUserInfo(userBO); filterChain.doFilter(servletRequest, servletResponse); } - @Override - public void destroy() { - } - - private void sendResponseEntity(HttpServletResponse httpResponse, ResponseEntity responseEntity) throws IOException { - HttpHeaders headers = responseEntity.getHeaders(); - HttpStatusCode statusCode = responseEntity.getStatusCode(); - - // 设置状态码 - httpResponse.setStatus(statusCode.value()); - - // 设置响应头 - if (headers != null) { - for (String name : headers.keySet()) { - httpResponse.setHeader(name, headers.getFirst(name)); - } - } - - // 设置响应体 - httpResponse.getWriter().write(responseEntity.getBody()); - } } diff --git a/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java b/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java index 8603b6debc..526e7bc164 100644 --- a/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java +++ b/sdk/common/src/main/java/io/dataease/utils/TokenUtils.java @@ -1,19 +1,11 @@ package io.dataease.utils; import com.auth0.jwt.JWT; -import com.auth0.jwt.JWTVerifier; -import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.DecodedJWT; -import com.auth0.jwt.interfaces.Verification; import io.dataease.auth.bo.TokenUserBO; -import io.dataease.auth.config.SubstituleLoginConfig; import io.dataease.exception.DEException; -import io.dataease.license.utils.LicenseUtil; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; -import org.springframework.util.ReflectionUtils; - -import java.lang.reflect.Method; public class TokenUtils { @@ -36,30 +28,7 @@ public class TokenUtils { if (StringUtils.length(token) < 100) { DEException.throwException("token is invalid"); } - TokenUserBO userBO = userBOByToken(token); - if (ObjectUtils.isEmpty(userBO) || LicenseUtil.licenseValid()) { - return userBO; - } - Long userId = userBO.getUserId(); - String secret = null; - if (ObjectUtils.isEmpty(CommonBeanFactory.getBean("loginServer"))) { - String pwd = SubstituleLoginConfig.getPwd(); - secret = Md5Utils.md5(pwd); - } else { - Object apisixTokenManage = CommonBeanFactory.getBean("apisixTokenManage"); - Method method = DeReflectUtil.findMethod(apisixTokenManage.getClass(), "userCacheBO"); - Object o = ReflectionUtils.invokeMethod(method, apisixTokenManage, userId); - Method pwdMethod = DeReflectUtil.findMethod(o.getClass(), "getPwd"); - Object pwdObj = ReflectionUtils.invokeMethod(pwdMethod, o); - secret = pwdObj.toString(); - } - Algorithm algorithm = Algorithm.HMAC256(secret); - Verification verification = JWT.require(algorithm).withClaim("uid", userId).withClaim("oid", userBO.getDefaultOid()); - JWTVerifier verifier = verification.build(); - DecodedJWT decode = JWT.decode(token); - algorithm.verify(decode); - verifier.verify(token); - return userBO; + return userBOByToken(token); }