feature: 鉴权接口任务信息校验

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustDataRespVO.java

@@ -2,6 +2,7 @@ package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
 
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.DataItemRespVO;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
@@ -60,4 +61,28 @@ public class ZeroTrustDataRespVO<T> {
         dataItemRespVO.setResult(result);
         return dataRespVO;
     }
+
+
+    /**
+     * 是否成功
+     *
+     * @return 是否成功
+     */
+    @JsonIgnore
+    public boolean isRespSuccess() {
+        return this.statusCode.equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue());
+    }
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustMessageRespVO.java

@@ -106,4 +106,18 @@ public class ZeroTrustMessageRespVO {
         objectResultRespVO.setMessage(message);
         return objectResultRespVO;
     }
+
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -89,6 +89,10 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
     public ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO) {
         String userTokenId = appAuthReqVO.getUserTokenId();
         UserTokenInfoRespVO userToken = authTokenBusiness.getUserTokenInfo(userTokenId);
+        if (null == userToken) {
+            log.error("查询不到用户令牌信息");
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
         String pId = userToken.getPid();
         log.info("传入的用户令牌为:{}, 应用鉴权查寻到的令牌结果:{}, pid:{}", userTokenId, JSON.toJSONString(userToken), pId);
         // 构建sysLogVo

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustDataAuthBusiness.java

@@ -12,12 +12,14 @@ import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustDataAuthBusine
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
 import com.dragoninfo.dcuc.auth.auth.dto.data.DataAuthV2ReqDTO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -42,6 +44,13 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
 
     private IDataAuthBusiness dataAuthBusiness;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setDataAuthBusiness(IDataAuthBusiness dataAuthBusiness) {
         this.dataAuthBusiness = dataAuthBusiness;
@@ -62,15 +71,27 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
         String appTokenId = dataAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
+            log.error("令牌查询结果为空");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
-
         DataItemsCheckDto dto = new DataItemsCheckDto();
         dto.setCurrentAppCode(tokenInfo.getAppToken().getAppId());
         dto.setCurrentIdcard(tokenInfo.getUserToken().getPid());
         dto.setIdcard(tokenInfo.getUserToken().getPid());
         dto.setDataItemsDtoList(Collections.emptyList());
 
+        // 任务信息校验
+        String taskId = dataAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.FAIL, dto, IpUtils.getIp(), appTokenId, tokenInfo.getUserToken().getUserTokenId());
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (null == userInfo) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustFunAuthBusiness.java

@@ -9,7 +9,10 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustFunAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
+import com.dragoninfo.dcuc.auth.auth.service.IApprovalService;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleService;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -42,6 +45,13 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
 
     private LogInfoFillService logInfoFillService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
         this.logInfoFillService = logInfoFillService;
@@ -62,7 +72,7 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         String appTokenId = functionAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, true);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
@@ -70,6 +80,20 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         RoleApiDto roleApiDto = new RoleApiDto();
         roleApiDto.setAppCode(appCode);
         AuthUserVo userInfo = tokenInfo.getUserInfo();
+
+        // 任务信息校验
+        String taskId = functionAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.FAIL, roleApiDto, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId);
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         if (userInfo == null) {
             log.error("查询不到用户信息");
             // 发送鉴权失败日志

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustServiceAuthBusiness.java

@@ -9,6 +9,7 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustServiceAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.service.IServiceAuthResultService;
 import com.dragoninfo.dcuc.auth.auth.vo.ServiceAuthenticationResVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -39,6 +40,13 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
 
     private IServiceAuthResultService serviceAuthResultService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setServiceAuthResultService(IServiceAuthResultService serviceAuthResultService) {
         this.serviceAuthResultService = serviceAuthResultService;
@@ -59,10 +67,24 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
         String appTokenId = serviceAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
+        // 任务信息校验
+        String taskId = serviceAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.FAIL, null, tokenInfo.getAppToken().getAppId(),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()));
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (userInfo == null) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApiCommonBusiness.java

@@ -5,13 +5,19 @@ import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
 import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
+import com.dragoninfo.dcuc.auth.sub.dto.zerotrust.tasktype.TaskInfoDetailResp;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,6 +43,13 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
     private StringRedisTemplate stringRedisTemplate;
 
+    private IApproveRemoteCallBusiness approveRemoteCallBusiness;
+
+    @Autowired
+    public void setApproveRemoteCallBusiness(IApproveRemoteCallBusiness approveRemoteCallBusiness) {
+        this.approveRemoteCallBusiness = approveRemoteCallBusiness;
+    }
+
     @Autowired
     public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
         this.stringRedisTemplate = stringRedisTemplate;
@@ -137,4 +150,28 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
         }
         return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");
     }
+
+    @Override
+    public ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId) {
+        if (StrUtil.isBlank(taskId)) {
+            log.info("任务id为空");
+            return ZeroTrustMessageRespVO.requestErrorMessage("任务ID必填").toDataRespVO();
+        }
+
+        Boolean checkAuthApiRealTaskId = zerotrustConfig.getCheckAuthApiRealTaskId();
+        String taskClass = "";
+        log.info("校验任务ID开关：{}", checkAuthApiRealTaskId);
+        if (checkAuthApiRealTaskId) {
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{}", appTokenId, taskId);
+            ResponseDTO<TaskInfoDetailResp> taskInfoDetail = approveRemoteCallBusiness.getTaskInfoDetail(appTokenId, taskId);
+
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{} ,结果:{}", appTokenId, taskId, JsonUtils.toJSONString(taskInfoDetail));
+            if (ResponseUtil.isFail(taskInfoDetail)) {
+                return ZeroTrustMessageRespVO.requestErrorMessage(taskInfoDetail.getMessage()).toDataRespVO();
+            }
+            TaskInfoDetailResp taskInfoDetailResp = ResponseUtil.getResult(taskInfoDetail);
+            taskClass = taskInfoDetailResp.getTaskClassCode();
+        }
+        return ZeroTrustDataRespVO.success(taskClass);
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApproveRemoteCallBusinessImpl.java

@@ -93,7 +93,7 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         TypeReference<ResponseDTO<TaskInfoDetailResp>> typeReference = new TypeReference<ResponseDTO<TaskInfoDetailResp>>() {
         };
         log.info("获取审批任务详情地址:{}", taskIdCheckUrl);
-        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference);
+        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference, taskId);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IApiCommonBusiness.java

@@ -1,5 +1,6 @@
 package com.dragoninfo.dcuc.auth.business.zerotrust;
 
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 
@@ -11,10 +12,17 @@ public interface IApiCommonBusiness {
 
 
     /**
-     * 校验令牌签名
+     * 校验接口调用签名
      * @param signReqVO
      * @return
      */
     ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO);
 
+    /**
+     * 任务信息校验
+     * @param appTokenId
+     * @param taskId
+     * @return
+     */
+    ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/ApprovalApiConstance.java

@@ -55,10 +55,10 @@ public class ApprovalApiConstance {
     /**
      * 任务校验地址
      */
-    public static final String TASK_ID_CHECK_URL = "/approve-core/api/v1/tasks/{taskCode}";
+    public static final String TASK_ID_CHECK_URL = "/approve-core/api/v3/tasks/{taskCode}";
 
     /**
      * 任务列表获取地址
      */
-    public static final String CLASS_TYPE_URL = "/approve-core/api/v1/task-classes";
+    public static final String CLASS_TYPE_URL = "/approve-core/api/v3/task-classes";
 }