Merge branch 'release/v1.2.0' of http://192.168.0.144/dcuc-tjdsj/auth-service into role-apply-update-230718

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/entity/zerotrust/ApprovalResult.java

@@ -58,5 +58,11 @@ public class ApprovalResult extends BaseUpdateEntity implements IdEntity<String>
      */
     private String applyType;
 
+    /**
+     * 是否已经回调处理
+     * 0：没有  1：有
+     */
+    private String callBack = "0";
+
 
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/AuthRedisConstant.java

@@ -10,27 +10,33 @@ public class AuthRedisConstant {
 
     }
 
+
     /**
      * 令牌命名空间
      */
-    public static final String REDIS_TOKEN_NAMESPACE = "DCUC-AUTH:";
+    public static final String REDIS_DCUC_AUTH_NAMESPACE = "DCUC-AUTH:";
     /**
      * 用户令牌命名空间
      */
-    public static final String REDIS_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "USER:";
+    public static final String REDIS_USER_TOKEN_NAMESPACE = REDIS_DCUC_AUTH_NAMESPACE + "USER:";
 
     /**
      * BIM token命名空间
      */
-    public static final String REDIS_BIM_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "TOKEN";
+    public static final String REDIS_BIM_TOKEN_NAMESPACE = REDIS_DCUC_AUTH_NAMESPACE + "TOKEN";
 
     /**
      * BIM USER_TOKEN命名空间
      */
-    public static final String REDIS_BIM_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "TASK_USER_TOKEN";
+    public static final String REDIS_BIM_USER_TOKEN_NAMESPACE = REDIS_DCUC_AUTH_NAMESPACE + "TASK_USER_TOKEN";
 
     /**
      * BIM APP_TOKEN命名空间
      */
-    public static final String REDIS_BIM_APP_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "TASK_APP_TOKEN";
+    public static final String REDIS_BIM_APP_TOKEN_NAMESPACE = REDIS_DCUC_AUTH_NAMESPACE + "TASK_APP_TOKEN";
+
+    /**
+     * 审批回调接口
+     */
+    public static final String REDIS_APPROVAL_CALL_BACK_NAMESPACE = REDIS_DCUC_AUTH_NAMESPACE + "APPROVAL_CALL_BACK:";
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -159,7 +159,7 @@ public class DataAuthLogHandler {
         List<AuthorizeObjectDto> authorizeObjectDtos = delList.stream().map(e -> {
             AuthorizeObjectDto authorizeObjectDto = new AuthorizeObjectDto();
             authorizeObjectDto.setObjectName(Optional.ofNullable(
-                    dataResourceFacade.getDetailByIdAndClaType(e.getId(), e.getClassifyCode())).map(DataLevelVo::getLevelName).orElse(""));
+                    dataResourceFacade.getDetailByIdAndClaType(e.getDataId(), e.getClassifyCode())).map(DataLevelVo::getLevelName).orElse(""));
             authorizeObjectDto.setObjectId(e.getDataId());
             return authorizeObjectDto;
         }).collect(Collectors.toList());

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleOperateApplyServiceImpl.java

@@ -128,7 +128,7 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
 
     @Override
     public void delete(String id) {
-
+        repository.deleteById(id);
     }
 
     @Transactional(rollbackFor = Exception.class)

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -4,6 +4,8 @@ import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.lang.Assert;
 import cn.hutool.json.JSONUtil;
+import com.dragoninfo.dcuc.auth.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.auth.constance.zerotrust.approval.ApprovalConstance;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.*;
@@ -26,9 +28,9 @@ import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragoninfo.dcuc.common.utils.SecurityUserUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.ObjectUtils;
-import com.dragonsoft.duceap.commons.util.UUIDUtils;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
@@ -37,6 +39,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 import java.util.Collections;
 import java.util.Date;
@@ -221,6 +224,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         approvalResult.setProcessInstId(processInstId);
         approvalResult.setTaskId(applyDto.getTaskId());
         approvalResult.setTaskIdDate(DateUtils.getCurrTimeStr(DateConst.DB_STORE_DATE));
+        approvalResult.setCallBack(BooleanEnum.FALSE.value);
         approvalResultService.save(approvalResult);
     }
 
@@ -240,34 +244,65 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         return approveRemoteCallBusiness.flowDetail(appTokenId, processInstId);
     }
 
+    @Transactional(rollbackFor = Exception.class)
     @Override
     public ZeroTrustMessageRespVO approvalCallBack(ApprovalCallBackReqVO approvalCallBackReqVO) {
         log.info("接收到的审批回调信息:{}", JSONUtil.toJsonStr(approvalCallBackReqVO));
-
         String processInstId = approvalCallBackReqVO.getProcessInstId();
-        String status = approvalCallBackReqVO.getEndFlag();
-        ApprovalResult approvalResult = approvalResultService.getByProcessInstId(processInstId);
-        if (ObjectUtils.isEmpty(approvalResult)) {
-            log.error("processInstId {} can't find", processInstId);
-            return ZeroTrustMessageRespVO.requestErrorMessage("审批单不存在");
+
+        // 接口回调并发控制
+        String key = AuthRedisConstant.REDIS_APPROVAL_CALL_BACK_NAMESPACE + processInstId;
+        Boolean ifAbsent = stringRedisTemplate.opsForValue()
+                .setIfAbsent(key, BooleanEnum.TRUE.value, 5, TimeUnit.MINUTES);
+        if (ifAbsent != null && !ifAbsent) {
+            log.info("回调接口并发控制");
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
         }
-        String applyType = approvalResult.getApplyType();
+        log.info("流程回调开始");
+        try {
+            String status = approvalCallBackReqVO.getEndFlag();
+            ApprovalResult approvalResult = approvalResultService.getByProcessInstId(processInstId);
+            if (ObjectUtils.isEmpty(approvalResult)) {
+                log.error("无对应的流程实例id:{}", processInstId);
+                return ZeroTrustMessageRespVO.requestErrorMessage("审批单不存在");
+            }
+
+            // 流程重复回调控制
+            String callBack = approvalResult.getCallBack();
+            if (BooleanEnum.TRUE.value.equals(callBack)) {
+                log.info("流程已经被回调处理");
+                return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+            }
 
-        AmCallbackStatusEnum amCallbackStatusEnum = EnumUtils.enumOf(AmCallbackStatusEnum.class, status);
-        String endFlag = amCallbackStatusEnum.toEndFlag();
-        // 无该类型，默认使用end
-        String type = "end";
+            String applyType = approvalResult.getApplyType();
 
-        // 角色操作申请处理
-        ApprovalBaseRespDto approvalBaseRespDto = new ApprovalBaseRespDto().success();
-        if (ApprovalApplyTypeEnum.ROLE_OPERATE.getValue().equals(applyType)) {
-            approvalBaseRespDto = roleOperateCallBackHandle(processInstId, type, endFlag);
+            AmCallbackStatusEnum amCallbackStatusEnum = EnumUtils.enumOf(AmCallbackStatusEnum.class, status);
+            String endFlag = amCallbackStatusEnum.toEndFlag();
+            // 无该类型，默认使用end
+            String type = "end";
+
+            // 角色操作申请处理
+            ApprovalBaseRespDto approvalBaseRespDto = new ApprovalBaseRespDto().success();
+            if (ApprovalApplyTypeEnum.ROLE_OPERATE.getValue().equals(applyType)) {
+                approvalBaseRespDto = roleOperateCallBackHandle(processInstId, type, endFlag);
+            }
+
+            // 更新审批结果
+            updateApprovalResult(approvalResult, approvalCallBackReqVO);
+            ZeroTrustMessageRespVO zeroTrustMessageRespVO = new ZeroTrustMessageRespVO();
+            BeanUtil.copyProperties(approvalBaseRespDto, zeroTrustMessageRespVO);
+            return zeroTrustMessageRespVO;
+        } finally {
+            stringRedisTemplate.delete(key);
+            log.info("流程回调结束");
         }
 
-        // TODO 更新审批结果
-        ZeroTrustMessageRespVO zeroTrustMessageRespVO = new ZeroTrustMessageRespVO();
-        BeanUtil.copyProperties(approvalBaseRespDto, zeroTrustMessageRespVO);
-        return zeroTrustMessageRespVO;
+    }
+
+    private void updateApprovalResult(ApprovalResult approvalResult, ApprovalCallBackReqVO approvalCallBackReqVO) {
+        BeanUtil.copyProperties(approvalCallBackReqVO, approvalResult, "taskId", "businessKey");
+        approvalResult.setCallBack(BooleanEnum.TRUE.value);
+        approvalResultService.update(approvalResult);
     }
 
     private ApprovalBaseRespDto roleOperateCallBackHandle(String processInstId, String type, String endFlag) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApproveRemoteCallBusinessImpl.java

@@ -272,7 +272,7 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
     protected ResponseDTO<FlowApplyRespDTO> beginFlow(FlowApplyReqDTO flowApplyReqDTO) {
 
         String baseUrl = approvalProperties.getBaseUrl();
-        String url = baseUrl + "/api/v3/apply";
+        String url = baseUrl + ApprovalApiConstance.ROLE_OPEATE_APPLY;
         ResponseDTO<FlowApplyRespDTO> responseDTO = this.baseReqData(url, flowApplyReqDTO, "开启流程请求",
                 new TypeReference<FlowDataRespDto<FlowApplyRespDTO>>() {
                 });
@@ -290,6 +290,8 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         String appTokenId = dto.getAppTokenId();
         String processDefId = dto.getProcessDefId();
         String title = dto.getTitle();
+
+        log.info("调用审批,生成签名时使用的应用令牌:{}, 流程标识:{}", appTokenId, processDefId);
         Assert.notBlank(appTokenId);
         Assert.notBlank(processDefId);
         Assert.notBlank(title);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/AuthTokenBusinessImpl.java

@@ -144,45 +144,30 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         if (CollectionUtils.isEmpty(tokenReceiveReqVoList)) {
             return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
         }
-        List<TokenOperationDto> logList = new ArrayList<>();
         for (TokenReceiveVO receiveVo : tokenReceiveReqVoList) {
             // 校验请求签名
             ZeroTrustMessageRespVO check = tokenReceiveSignCheck(receiveVo);
             if (check.isRespFail()) {
                 return check;
             }
-            // 令牌缓存处理
-            String pid = tokenReceiveCache(receiveVo);
-            TokenOperationDto dto = TokenOperationDto.builder()
-                    .action(receiveVo.getAction())
-                    .operateTime(new Date())
-                    .pid(pid)
-                    .tokenType(receiveVo.getType())
-                    .build();
-            // 添加日志
-            logList.add(dto);
+           tokenReceiveCache(receiveVo);
         }
-        // 发送令牌处理日志
-        qmAuditPushService.pushTokenReceiveLog(logList);
+
         return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
     }
 
-    private String tokenReceiveCache(TokenReceiveVO receiveVo) throws JsonProcessingException {
+    private void tokenReceiveCache(TokenReceiveVO receiveVo) throws JsonProcessingException {
         String action = receiveVo.getAction();
         String type = receiveVo.getType();
         String token = receiveVo.getToken();
-        String pid;
         ObjectMapper objectMapper = new ObjectMapper();
         if (TokenTypeEnum.USER.getValue().equals(type)) {
             UserTokenInfoRespVO tokenInfo = objectMapper.readValue(token, UserTokenInfoRespVO.class);
-            pid = tokenInfo.getPid();
             cacheBusiness.userTokenActionHandle(tokenInfo, action);
         } else {
             AppTokenInfoRespVO tokenInfo = objectMapper.readValue(token, AppTokenInfoRespVO.class);
-            pid = tokenInfo.getUserToken().getPid();
             cacheBusiness.appTokenActionHandle(tokenInfo, action);
         }
-        return pid;
     }
 
     private ZeroTrustMessageRespVO tokenReceiveSignCheck(TokenReceiveVO receiveVo) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/RedisCacheBusinessImpl.java

@@ -2,6 +2,8 @@ package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
 
 import cn.hutool.core.util.StrUtil;
 import com.alibaba.fastjson.JSON;
+import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
+import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragoninfo.dcuc.auth.auth.dto.AppAuthResultDto;
 import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
 import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
@@ -13,6 +15,7 @@ import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.base.exception.ApplicationException;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 
@@ -44,6 +47,9 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
     @Resource
     private StringRedisTemplate stringRedisTemplate;
 
+    @Autowired
+    private QmAuditPushService qmAuditPushService;
+
     private void cacheUserToken(UserTokenInfoRespVO userToken) {
         // 缓存人员令牌
         long tokenExpireTime = userToken.getExpireAt().getTime();
@@ -214,6 +220,14 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         } else if (TokenActionEnum.RENEW.getValue().equals(action)) {
             renewAppToken(tokenInfo);
         }
+        TokenOperationDto dto = TokenOperationDto.builder()
+                .action(action)
+                .operateTime(new Date())
+                .pid(tokenInfo.getUserToken().getPid())
+                .tokenType(TokenTypeEnum.USER.getValue())
+                .build();
+        // 发送令牌处理日志
+        qmAuditPushService.pushTokenReceiveLog(Collections.singletonList(dto));
     }
 
     @Override
@@ -228,6 +242,14 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         } else if (TokenActionEnum.RENEW.getValue().equals(action)) {
             renewUserToken(tokenInfo);
         }
+        TokenOperationDto dto = TokenOperationDto.builder()
+                .action(action)
+                .operateTime(new Date())
+                .pid(tokenInfo.getPid())
+                .tokenType(TokenTypeEnum.USER.getValue())
+                .build();
+        // 发送令牌处理日志
+        qmAuditPushService.pushTokenReceiveLog(Collections.singletonList(dto));
     }
 
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/TokenRemoteCallBusinessImpl.java

@@ -103,7 +103,7 @@ public class TokenRemoteCallBusinessImpl implements ITokenRemoteCallBusiness {
                 log.error("解析JSON异常", e);
             }
             if (responseEntityBody != null) {
-                if (responseEntityBody.getStatusCode().equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue())) {
+                if (ZeroTrustBusinessRespEnum.SUCCESS.getValue().equalsIgnoreCase(responseEntityBody.getStatusCode())) {
 
                     // 校验令牌签名
                     if (zerotrustConfig.getCheckTokenSign()) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/ApprovalApiConstance.java

@@ -61,4 +61,9 @@ public class ApprovalApiConstance {
      * 任务列表获取地址
      */
     public static final String CLASS_TYPE_URL = "/approve-core/api/v3/task-classes";
+
+    /**
+     * 角色操作流程地址
+     */
+    public static final String ROLE_OPEATE_APPLY = "/approve-core/api/v3/apply";
 }

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0034__AddCallBack.sql

@@ -0,0 +1,2 @@
+alter table t_auth_approval_result
+    add CALL_BACK varchar(2) default '0' null comment '是否已经回调处理';