|
|
@@ -3,11 +3,10 @@ package com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v4.controller
|
|
|
import cn.hutool.core.bean.BeanUtil;
|
|
|
import cn.hutool.core.util.StrUtil;
|
|
|
import com.alibaba.fastjson.JSON;
|
|
|
-import com.dragoninfo.dcuc.auth.api.vo.BusinessRespEnum;
|
|
|
-import com.dragoninfo.dcuc.auth.api.vo.DataRespVO;
|
|
|
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
|
|
|
-import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
|
|
|
+import com.dragoninfo.dcuc.auth.api.vo.*;
|
|
|
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
|
|
|
import com.dragoninfo.dcuc.auth.auth.api.IApiDataAuthFacade;
|
|
|
+import com.dragoninfo.dcuc.auth.auth.api.IZeroTrustAuthFacade;
|
|
|
import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
|
|
|
import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
|
|
|
import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
|
|
|
@@ -26,11 +25,10 @@ import com.dragoninfo.dcuc.auth.token.facade.IAuthTokenFacade;
|
|
|
import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
|
|
|
import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
|
|
|
import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
|
|
|
-import com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v4.vo.*;
|
|
|
-import com.dragoninfo.dcuc.common.utils.LangUtil;
|
|
|
import com.dragoninfo.dcuc.common.utils.ResponseUtil;
|
|
|
import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
|
|
|
import com.dragonsoft.duceap.commons.util.ip.IpUtils;
|
|
|
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
|
|
|
import io.swagger.annotations.Api;
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
@@ -60,15 +58,6 @@ import java.util.stream.Collectors;
|
|
|
@RequestMapping(value = "/api/auth-service/v4/")
|
|
|
public class AuthV4Controller {
|
|
|
|
|
|
- @Autowired
|
|
|
- private IStaffAssignAuthInfoFacade staffAssignAuthInfoFacade;
|
|
|
-
|
|
|
- @Autowired
|
|
|
- private IServiceAuthFlowFacade serviceAuthFlowFacade;
|
|
|
-
|
|
|
- @Autowired
|
|
|
- private IRoleFacade roleFacade;
|
|
|
-
|
|
|
@Autowired
|
|
|
private IApiDataAuthFacade apiDataAuthFacade;
|
|
|
|
|
|
@@ -76,7 +65,7 @@ public class AuthV4Controller {
|
|
|
private IAuthTokenFacade authTokenFacade;
|
|
|
|
|
|
@Autowired
|
|
|
- private IAuthUserInfoFacade userInfoFacade;
|
|
|
+ private IZeroTrustAuthFacade zeroTrustAuthFacade;
|
|
|
|
|
|
/**
|
|
|
* 应用级鉴权
|
|
|
@@ -85,51 +74,16 @@ public class AuthV4Controller {
|
|
|
* @return 应用级权限
|
|
|
*/
|
|
|
@PostMapping("appAuth")
|
|
|
- public DataRespVO<String> appAuth(@RequestBody AppAuthReqVO appAuthReqVO) {
|
|
|
+ public ZeroTrustDataRespVO<String> appAuth(@RequestBody AppAuthReqVO appAuthReqVO) {
|
|
|
String userTokenId = appAuthReqVO.getUserTokenId();
|
|
|
-
|
|
|
- log.info("传入的用户令牌为:{}", userTokenId);
|
|
|
-
|
|
|
+ log.info("=============应用级鉴权开始, 请求参数:{}===============", userTokenId);
|
|
|
if (StrUtil.isBlank(userTokenId)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.TOKEN_FAIL);
|
|
|
+ log.error("鉴权参数为空");
|
|
|
+ return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
|
|
|
}
|
|
|
-
|
|
|
- UserTokenInfoRespVO userToken = authTokenFacade.getUserTokenInfo(userTokenId);
|
|
|
- log.info("应用鉴权查寻到的令牌结果:{}", JSON.toJSONString(userToken));
|
|
|
-
|
|
|
- String pId = userToken.getPid();
|
|
|
- log.info("pid:{}", pId);
|
|
|
-
|
|
|
- AuthUserDTO userInfo = userInfoFacade.findByIdcard(pId);
|
|
|
- if (userInfo == null) {
|
|
|
- log.info("查询不到用户信息");
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.AUTH_FAIL);
|
|
|
- }
|
|
|
-
|
|
|
- // 缓存应用令牌
|
|
|
- int expiredTime = (int) ((userToken.getExpireAt().getTime() - System.currentTimeMillis()) / 1000);
|
|
|
-
|
|
|
- authTokenFacade.cacheStandardUserToken(userInfo.getIdcard(), userToken.getUserTokenId(), expiredTime);
|
|
|
-
|
|
|
- AuthUserVo userVo = new AuthUserVo();
|
|
|
- BeanUtil.copyProperties(userInfo, userVo);
|
|
|
- ApiAppAuthVo authVo = ApiAppAuthVo.builder()
|
|
|
- .userInfo(userVo)
|
|
|
- .userToken(userTokenId)
|
|
|
- .terminalIp(IpUtils.getIp())
|
|
|
- .build();
|
|
|
- List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoFacade.apiAppAuth(authVo);
|
|
|
-
|
|
|
- StringBuilder appAuthBuilder = new StringBuilder();
|
|
|
-
|
|
|
- for (AppDataSensitiveLevelDTO appDataSensitiveLevelDTO : appList) {
|
|
|
- String code = appDataSensitiveLevelDTO.getCode();
|
|
|
-
|
|
|
- appAuthBuilder.append(code).append(StrUtil.COMMA);
|
|
|
- }
|
|
|
-
|
|
|
- String appAuth = LangUtil.subLastSymbol(appAuthBuilder.toString(), StrUtil.COMMA);
|
|
|
- return DataRespVO.success(appAuth);
|
|
|
+ ZeroTrustDataRespVO<String> respVo = zeroTrustAuthFacade.appAuth(appAuthReqVO);
|
|
|
+ log.info("应用鉴权结果:{}", JSON.toJSONString(respVo));
|
|
|
+ return respVo;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -139,35 +93,17 @@ public class AuthV4Controller {
|
|
|
* @return 功能级鉴权
|
|
|
*/
|
|
|
@PostMapping("functionAuth")
|
|
|
- public DataRespVO<String> functionAuth(@RequestBody FunctionAuthReqVO functionAuthReqVO) {
|
|
|
+ public ZeroTrustDataRespVO<String> functionAuth(@RequestBody FunctionAuthReqVO functionAuthReqVO) {
|
|
|
String appTokenId = functionAuthReqVO.getAppTokenId();
|
|
|
String taskId = functionAuthReqVO.getTaskId();
|
|
|
-
|
|
|
- if (StrUtil.isBlank(appTokenId)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.PARAM_ERROR);
|
|
|
+ log.info("==============功能级鉴权开始, 请求参数appTokenId:{}, taskId:{}================", appTokenId, taskId);
|
|
|
+ if (StrUtil.isBlank(appTokenId) || StrUtil.isBlank(taskId)) {
|
|
|
+ log.error("鉴权参数为空");
|
|
|
+ return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
|
|
|
}
|
|
|
- TokenDetailRespVo tokenInfo = authTokenFacade.getByAppTokenId(appTokenId, true, false);
|
|
|
- AuthUserVo userInfo = tokenInfo.getUserInfo();
|
|
|
- if (userInfo == null) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.AUTH_FAIL);
|
|
|
- }
|
|
|
- String appCode = tokenInfo.getAppToken().getAppId();
|
|
|
-
|
|
|
- RoleApiDto roleApiDto = new RoleApiDto();
|
|
|
- roleApiDto.setAppCode(appCode);
|
|
|
- roleApiDto.setUserId(userInfo.getId());
|
|
|
- roleApiDto.setIdcard(userInfo.getIdcard());
|
|
|
- List<AppFunInfoDTO> menus = roleFacade.getMenus(roleApiDto);
|
|
|
-
|
|
|
- StringBuilder functionAuthBuilder = new StringBuilder();
|
|
|
-
|
|
|
- for (AppFunInfoDTO menu : menus) {
|
|
|
- String code = menu.getCode();
|
|
|
- functionAuthBuilder.append(code).append(StrUtil.COMMA);
|
|
|
- }
|
|
|
-
|
|
|
- String appAuth = LangUtil.subLastSymbol(functionAuthBuilder.toString(), StrUtil.COMMA);
|
|
|
- return DataRespVO.success(appAuth);
|
|
|
+ ZeroTrustDataRespVO<String> respVO = zeroTrustAuthFacade.functionAuth(functionAuthReqVO);
|
|
|
+ log.info("功能鉴权结果:{}", JSON.toJSONString(respVO));
|
|
|
+ return respVO;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -177,31 +113,19 @@ public class AuthV4Controller {
|
|
|
* @return 服务级鉴权
|
|
|
*/
|
|
|
@PostMapping("serviceAuth")
|
|
|
- public DataRespVO<String> serviceAuth(@RequestBody ServiceAuthReqVO serviceAuthReqVO) {
|
|
|
+ public ZeroTrustDataRespVO<String> serviceAuth(@RequestBody ServiceAuthReqVO serviceAuthReqVO) {
|
|
|
String appTokenId = serviceAuthReqVO.getAppTokenId();
|
|
|
String taskId = serviceAuthReqVO.getTaskId();
|
|
|
- if (StrUtil.isBlank(appTokenId)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.PARAM_ERROR);
|
|
|
- }
|
|
|
-
|
|
|
- TokenDetailRespVo tokenInfo = authTokenFacade.getByAppTokenId(appTokenId, true, false);
|
|
|
- AuthUserVo userInfo = tokenInfo.getUserInfo();
|
|
|
- if (userInfo == null) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.AUTH_FAIL);
|
|
|
- }
|
|
|
- String appCode = tokenInfo.getAppToken().getAppId();
|
|
|
-
|
|
|
- List<ServiceAuthenticationResVO> serviceAuthenticationResVOList = serviceAuthFlowFacade.serviceAuthentication(userInfo.getIdcard(), appCode, "", "");
|
|
|
-
|
|
|
- StringBuilder serviceAuthBuilder = new StringBuilder();
|
|
|
+ log.info("===========服务级鉴权开始,appTokenId:{}, taskId:{}===========", appTokenId, taskId);
|
|
|
|
|
|
- for (ServiceAuthenticationResVO serviceAuthenticationResVO : serviceAuthenticationResVOList) {
|
|
|
- String serviceCode = serviceAuthenticationResVO.getServiceCode();
|
|
|
- serviceAuthBuilder.append(serviceCode).append(StrUtil.COMMA);
|
|
|
+ if (StrUtil.isBlank(taskId) || StrUtil.isBlank(appTokenId)) {
|
|
|
+ log.error("鉴权参数为空");
|
|
|
+ return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
|
|
|
}
|
|
|
|
|
|
- String serviceAuth = LangUtil.subLastSymbol(serviceAuthBuilder.toString(), StrUtil.COMMA);
|
|
|
- return DataRespVO.success(serviceAuth);
|
|
|
+ ZeroTrustDataRespVO<String> respVO = zeroTrustAuthFacade.serviceAuth(serviceAuthReqVO);
|
|
|
+ log.info("服务级鉴权结果:{}", JSON.toJSONString(respVO));
|
|
|
+ return respVO;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -211,49 +135,22 @@ public class AuthV4Controller {
|
|
|
* @return 数据级鉴权
|
|
|
*/
|
|
|
@PostMapping("dataAuth")
|
|
|
- public DataRespVO<List<DataAuthRespVO>> dataAuth(@RequestBody DataAuthReqVO dataAuthReqVO) {
|
|
|
- String appTokenId = dataAuthReqVO.getAppTokenId();
|
|
|
-
|
|
|
- if (StrUtil.isBlank(appTokenId)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.PARAM_ERROR);
|
|
|
- }
|
|
|
-
|
|
|
+ public ZeroTrustDataRespVO<DataAuthRespVO> dataAuth(@RequestBody DataAuthReqVO dataAuthReqVO) {
|
|
|
String resourceId = dataAuthReqVO.getResourceId();
|
|
|
- if (StrUtil.isBlank(resourceId)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.PARAM_ERROR);
|
|
|
- }
|
|
|
-
|
|
|
- TokenDetailRespVo tokenInfo = authTokenFacade.getByAppTokenId(appTokenId, true, false);
|
|
|
- AuthUserVo userInfo = tokenInfo.getUserInfo();
|
|
|
- if (null == userInfo) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.AUTH_FAIL);
|
|
|
- }
|
|
|
-
|
|
|
- DataAuthV2ReqDTO v2ReqDTO = new DataAuthV2ReqDTO();
|
|
|
- v2ReqDTO.setIdcard(userInfo.getIdcard());
|
|
|
- v2ReqDTO.setResourceId(resourceId);
|
|
|
- v2ReqDTO.setAppToken(appTokenId);
|
|
|
- v2ReqDTO.setUserToken(tokenInfo.getUserToken().getUserTokenId());
|
|
|
- v2ReqDTO.setRequestAppCode(tokenInfo.getAppToken().getAppId());
|
|
|
-
|
|
|
- ResponseDTO<DataAuthV2RespDTO> dto = apiDataAuthFacade.dataItemsCheckV2(v2ReqDTO);
|
|
|
- if (!ResponseUtil.isSuccess(dto)) {
|
|
|
- return DataRespVO.resultEnumMessage(BusinessRespEnum.AUTH_FAIL);
|
|
|
- } else {
|
|
|
- DataAuthV2RespDTO respDTO = (DataAuthV2RespDTO) dto.getResult();
|
|
|
- Set<String> resultSet = respDTO.getItemIdentifier();
|
|
|
- List<DataAuthRespVO> collect = Optional.ofNullable(resultSet).orElse(Collections.emptySet()).stream().map(e -> {
|
|
|
- DataAuthRespVO vo = new DataAuthRespVO();
|
|
|
- vo.setResourceId(resourceId);
|
|
|
- vo.setItemIdentifier(e);
|
|
|
- return vo;
|
|
|
- }).collect(Collectors.toList());
|
|
|
- return DataRespVO.success(collect);
|
|
|
+ String taskId = dataAuthReqVO.getTaskId();
|
|
|
+ String appTokenId = dataAuthReqVO.getAppTokenId();
|
|
|
+ log.info("======数据级鉴权开始, 请求参数resourceId:{}, taskId:{}, appTokenId:{}=====", resourceId, taskId, appTokenId);
|
|
|
+ if (StrUtil.isBlank(resourceId) || StrUtil.isBlank(taskId) || StrUtil.isBlank(appTokenId)) {
|
|
|
+ log.error("鉴权参数为空");
|
|
|
+ return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL, DataAuthRespVO.empty());
|
|
|
}
|
|
|
+ ZeroTrustDataRespVO<DataAuthRespVO> respVO = zeroTrustAuthFacade.dataAuth(dataAuthReqVO);
|
|
|
+ log.info("数据鉴权结果:{}", JSON.toJSONString(respVO));
|
|
|
+ return respVO;
|
|
|
}
|
|
|
|
|
|
@PostMapping("token-receive")
|
|
|
- public MessageRespVO tokenReceive(@Valid @RequestBody TokenReceiveVO receiveVO) {
|
|
|
+ public ZeroTustMessageRespVO tokenReceive(@Valid @RequestBody TokenReceiveVO receiveVO) {
|
|
|
return authTokenFacade.tokenReceive(receiveVO);
|
|
|
}
|
|
|
|
mazq