From 5a952656d5c6217e13b4ce1eba45ffd74175d59a Mon Sep 17 00:00:00 2001
From: songhuangfeng123 <shf18767906695@163.com>
Date: 星期三, 03 八月 2022 16:08:04 +0800
Subject: [PATCH] 应急实施fix

---
 safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java |   74 ++++++++++++++++++++++++++----------
 1 files changed, 53 insertions(+), 21 deletions(-)

diff --git a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
index 874b46f..1316c2a 100644
--- a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
+++ b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
@@ -2,13 +2,17 @@
 
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
-import com.gkhy.safePlatform.account.rpc.apimodel.UserAccountService;
-import com.gkhy.safePlatform.commons.co.CacheUser;
+import com.gkhy.safePlatform.account.rpc.apimodel.AccountAuthService;
+import com.gkhy.safePlatform.account.rpc.apimodel.AccountAuthService;
+import com.gkhy.safePlatform.commons.co.ContextCacheAuthority;
+import com.gkhy.safePlatform.commons.co.ContextCacheUser;
 import com.gkhy.safePlatform.commons.enums.RedisKeyEnum;
 import com.gkhy.safePlatform.commons.enums.ResultCodes;
 import com.gkhy.safePlatform.commons.exception.BusinessException;
+import com.gkhy.safePlatform.commons.utils.RPCUtils;
 import com.gkhy.safePlatform.commons.utils.StringUtils;
 import com.gkhy.safePlatform.commons.vo.ResultVO;
+import com.gkhy.safePlatform.config.redis.RedisUtils;
 import org.apache.dubbo.config.annotation.DubboReference;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -36,7 +40,9 @@
     @Autowired
     private TokenConfig tokenConfig;
     @DubboReference(check = false)
-    private UserAccountService userAccountService;
+    private AccountAuthService userAccountService;
+    @Autowired
+    private RedisUtils redisUtils;
 
 
 
@@ -53,12 +59,8 @@
             chain.doFilter(req, resp);
         } catch (BusinessException e) {
             // 返回异常
-            this.writeJSON(req, resp, new ResultVO<>(e.getError()));
-        } catch (Exception e) {
-            e.printStackTrace();
-            this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR));
+            this.writeJSON(req, resp, new ResultVO<>(e.getCode(),e.getMessage()));
         }
-
 
     }
 
@@ -77,36 +79,66 @@
             // 这里是验证获取权限信息
             // 1.从redis中获取对应该用户的权限信息
             String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId);
-            String o = userAccountService.getValueByKeyFromRedis(accessTokenKey);
+            Object o = redisUtils.get(accessTokenKey);
             // 2.token是否存在
             if (o == null) {
                 // 是否存在
-                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID);
+                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
             }else{
                 Long userId = Long.valueOf(loginUserId);
-                CacheUser cacheUser = JSONObject.parseObject(o, CacheUser.class);
-                assert userId.equals(cacheUser.getUserId());
-                if ( !authToken.equals(cacheUser.getAccessToken())) {
+                ContextCacheUser contextCacheUser = JSONObject.parseObject(o.toString(), ContextCacheUser.class);
+                assert userId.equals(contextCacheUser.getUid());
+                if ( !authToken.equals(contextCacheUser.getAccessToken())) {
                     throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
                 }
 
                 // 3.redis获取权限
                 String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId);
-                String oo = userAccountService.getValueByKeyFromRedis(authoritiesKey);
-                List<GrantedAuthority> authorities;
+                Object oo = redisUtils.get(authoritiesKey);
+                List<GrantedAuthority> authorities = new ArrayList<>();
                 // 4.redis中是否存在
                 if (oo != null) {
                     // 5.存在
-                    authorities = JSONArray.parseArray(oo, GrantedAuthority.class);
+                    List<ContextCacheAuthority> cacheAuthorities = JSONArray.parseArray(oo.toString(), ContextCacheAuthority.class);
+                    for (ContextCacheAuthority cacheAuthority: cacheAuthorities) {
+                        authorities.add(new SimpleGrantedAuthority(cacheAuthority.getAuthority()));
+                    }
                 }else {
-                    authorities = new ArrayList<>();
                     // 6.不存在=>数据库查询
-                    String roleCode = userAccountService.getUserRoleCodeByUserId(userId);
+                    ResultVO<String> rpcResultRole = userAccountService.getUserRoleCodeByUserId(userId);
+
+                    if (rpcResultRole == null) {
+                        throw new BusinessException(ResultCodes.RPC_RESULT_NULL);
+                    }
+                    if (!ResultCodes.OK.getCode().equals(rpcResultRole.getCode())) {
+                        throw new BusinessException(rpcResultRole.getCode(), rpcResultRole.getMsg());
+                    }
+                    if (rpcResultRole.getData() == null) {
+                        throw new BusinessException(ResultCodes.RPC_DATA_NULL);
+                    }
+                    if (!(rpcResultRole.getData() instanceof String)) {
+                        throw new BusinessException(ResultCodes.RPC_DATA_TYPE_NOT_MATCH);
+                    }
                     // role
-                    authorities.add(new SimpleGrantedAuthority("ROLE_" + roleCode));
+                    authorities.add(new SimpleGrantedAuthority("ROLE_" + rpcResultRole.getData().toString()));
 
                     // permission
-                    List<String> permissions = userAccountService.getUserPermissionByUserId(userId);
+                    ResultVO<List<String>> rpcResultPermission = userAccountService.getUserPermissionByUserId(userId);
+
+                    if (rpcResultPermission == null) {
+                        throw new BusinessException(ResultCodes.RPC_RESULT_NULL);
+                    }
+                    if (!ResultCodes.OK.getCode().equals(rpcResultPermission.getCode())) {
+                        throw new BusinessException(rpcResultRole.getCode(), rpcResultRole.getMsg());
+                    }
+                    if (rpcResultPermission.getData() == null) {
+                        throw new BusinessException(ResultCodes.RPC_DATA_NULL);
+                    }
+                    if (!(rpcResultPermission.getData() instanceof List)) {
+                        throw new BusinessException(ResultCodes.RPC_DATA_TYPE_NOT_MATCH);
+                    }
+
+                    List<String> permissions = RPCUtils.castList(rpcResultPermission.getData(), String.class);
                     for (String permission : permissions) {
                         SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission);
                         authorities.add(simpleGrantedAuthority);
@@ -114,7 +146,7 @@
                 }
 
                 // security对象中存入登陆者信息
-                return new UsernamePasswordAuthenticationToken(userId,authToken,authorities);
+                return new UsernamePasswordAuthenticationToken(contextCacheUser,authToken,authorities);
 
             }
 

--
Gitblit v1.9.2