feature: 发送令牌操作日志到审计

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/token/facade/IAuthTokenFacade.java

@@ -1,9 +1,12 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
+import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
 /**
@@ -44,5 +47,12 @@ public interface IAuthTokenFacade {
     @GetMapping("cacheStandardUserToken")
     void cacheStandardUserToken(@RequestParam("idcard") String idcard, @RequestParam("userTokeId") String userTokeId, @RequestParam("expiredTime") Integer expiredTime);
 
-
+    /**
+     * 接收令牌
+     *
+     * @param receiveVO
+     * @return
+     */
+    @PostMapping("tokenReceive")
+    MessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/TokenOperationDto.java

@@ -0,0 +1,28 @@
+package com.dragoninfo.dcuc.auth.audit.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.Date;
+
+/**
+ * @author mazq
+ * @date 2023/3/31
+ */
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+public class TokenOperationDto {
+
+    private String pid;
+
+    private Date operateTime;
+
+    private String tokenType;
+
+    private String action;
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/TokenReceiveVO.java

@@ -0,0 +1,35 @@
+package com.dragoninfo.dcuc.auth.token.vo;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+/**
+ * @author mazq
+ * @date 2023/3/31
+ */
+@Data
+public class TokenReceiveVO {
+
+    @NotBlank
+    @ApiModelProperty(value = "令牌行为 online 上线 offline 下线 renew续期")
+    private String action;
+
+    @NotBlank
+    @ApiModelProperty(value = "令牌类型 user用户令牌 app应用令牌")
+    private String type;
+
+    @NotBlank
+    @ApiModelProperty(value = "令牌详细信息")
+    private String token;
+
+    @NotBlank
+    @ApiModelProperty(value = "签名随机数")
+    private String nonce;
+
+    @NotBlank
+    @ApiModelProperty(value = "签名")
+    private String sign;
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/constance/AuditConstance.java

@@ -27,6 +27,9 @@ public class AuditConstance {
     /**启明logType定义：权限中心报送风险日志 */
     public static String AUDIT_LOG_TYPE_FXBS = "011";
 
+    /**启明logType定义：权限中心报送令牌操作日志 */
+    public static String AUDIT_LOG_TYPE_LPCZ = "015";
+
     /**启明authType定义：应用鉴权 */
     public static String AUDIT_AUTH_TYPE_YYJQ = "6";
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -12,6 +12,7 @@ import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLog;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationRiskLog;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.TokenOperationLog;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
@@ -51,6 +52,38 @@ public class QmAuditPushService {
     @Autowired
     private AuditConfig config;
 
+    /**
+     * 推送令牌操作日志
+     *
+     * @param dto
+     */
+    public void pushTokenReceiveLog(TokenOperationDto dto) {
+        Boolean qmEnabled = config.getQmEnabled();
+        if(null == qmEnabled || !qmEnabled) {
+            return;
+        }
+        executor.submit(()-> pushTokenLogToAudit(dto));
+    }
+
+    private void pushTokenLogToAudit(TokenOperationDto dto) {
+        String sysId = config.getSysId();
+        String logType = AuditConstance.AUDIT_LOG_TYPE_LPCZ;
+        List<TokenOperationLog> operateLogs = getTokenOperateLog(dto);
+        if(CollectionUtils.isNotEmpty(operateLogs)) {
+            log.debug("QmAuditPushService pushLogMessage START");
+            logSendComponent.sendTokenOperateLog(sysId, logType, operateLogs);
+        }
+    }
+
+    private List<TokenOperationLog> getTokenOperateLog(TokenOperationDto dto) {
+        TokenOperationLog tokenOperationLog = new TokenOperationLog();
+        tokenOperationLog.setAction(dto.getAction());
+        tokenOperationLog.setPid(dto.getPid());
+        tokenOperationLog.setType(dto.getTokenType());
+        tokenOperationLog.setOperateTime(getTimeStr(dto.getOperateTime()));
+        return Collections.singletonList(tokenOperationLog);
+    }
+
     /**
      * 推送授权日志
      * @param authorizeLogDto
@@ -327,6 +360,7 @@ public class QmAuditPushService {
     private String getMainType(RiskProgrammeTypeEnum riskType) {
         switch (riskType) {
             case DSJPFJQFX:
+                return AuditConstance.AUDIT_RISK_MAIN_TYPE_PFJQ;
             case DSJPFHBMDMZFX:
                 return AuditConstance.AUDIT_RISK_MAIN_TYPE_PFJQ;
             case JQBYTJBWZFX:
@@ -336,4 +370,5 @@ public class QmAuditPushService {
         }
         return null;
     }
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/IAuthTokenBusiness.java

@@ -1,7 +1,9 @@
 package com.dragoninfo.dcuc.auth.business;
 
+import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
 
 /**
@@ -44,4 +46,12 @@ public interface IAuthTokenBusiness {
      * @param expiredTime
      */
     void cacheStandardUserToken(String idcard, String userTokenId, Integer expiredTime);
+
+    /**
+     * 接收令牌
+     *
+     * @param receiveVO
+     * @return
+     */
+    MessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/AuthTokenBusinessImpl.java

@@ -4,9 +4,13 @@ import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.api.vo.BusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespPageVo;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
+import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
+import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
+import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
@@ -14,6 +18,8 @@ import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.vo.*;
+import com.dragonsoft.auditlog.collection.qmtj.enums.TokenTypeEnum;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.TokenOperationLog;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
@@ -28,6 +34,7 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -53,6 +60,8 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     private StringRedisTemplate stringRedisTemplate;
 
+    private QmAuditPushService qmAuditPushService;
+
     @Autowired
     public void setDcucAuthConfig(DcucAuthConfig dcucAuthConfig) {
         this.dcucAuthConfig = dcucAuthConfig;
@@ -110,8 +119,8 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         if (null == appToken) {
             return TokenDetailRespVo.empty();
         }
-        TokenDetailRespVo.TokenDetailRespVoBuilder builder = TokenDetailRespVo.builder();
         UserTokenInfoRespVO userToken = appToken.getUserToken();
+        TokenDetailRespVo.TokenDetailRespVoBuilder builder = TokenDetailRespVo.builder();
         builder.appToken(appToken).userToken(userToken);
         // 根据用户令牌获取用户信息
         if (needUserInfo) {
@@ -134,6 +143,30 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         stringRedisTemplate.opsForValue().set(AuthRedisConstant.REDIS_STANDARD_USER_TOKEN_NAMESPACE + idcard, userTokenId, expiredTime, TimeUnit.SECONDS);
     }
 
+    @Override
+    public MessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
+        // 暂时发送令牌接收日志即可
+        String type = receiveVO.getType();
+        UserTokenInfoRespVO userTokenInfo ;
+        if (TokenTypeEnum.USER.getValue().equals(type)) {
+            userTokenInfo = getUserTokenInfo(receiveVO.getToken());
+        } else {
+            TokenDetailRespVo appTokenInfo = getByAppTokenId(receiveVO.getToken(), false, false);
+            userTokenInfo = appTokenInfo.getUserToken();
+        }
+        if (null == userTokenInfo) {
+            return MessageRespVO.messageEnumMessage(BusinessRespEnum.TOKEN_FAIL);
+        }
+        TokenOperationDto dto = TokenOperationDto.builder()
+                .action(receiveVO.getAction())
+                .operateTime(new Date())
+                .pid(userTokenInfo.getPId())
+                .tokenType(receiveVO.getType())
+                .build();
+        qmAuditPushService.pushTokenReceiveLog(dto);
+        return MessageRespVO.messageEnumMessage(BusinessRespEnum.SUCCESS);
+    }
+
     private AuthUserVo getAuthUserVo(String pid) {
         // pid为人员身份证号
         // 查询权限中心用户信息, 填充id字段

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/token/facade/AuthTokenFacade.java

@@ -1,7 +1,9 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
+import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -36,4 +38,9 @@ public class AuthTokenFacade implements IAuthTokenFacade {
     public void cacheStandardUserToken(String idcard, String userTokeId, Integer expiredTime) {
         tokenBusiness.cacheStandardUserToken(idcard, userTokeId, expiredTime);
     }
+
+    @Override
+    public MessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
+        return tokenBusiness.tokenReceive(receiveVO);
+    }
 }