lihongjie/coal
1
0
Fork 0
mirror of https://codeup.aliyun.com/64f7d6b8ce01efaafef1e678/coal/coal.git synced 2026-01-25 07:46:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

完善配置

Browse Source
This commit is contained in:
lihongjie0209
2023-08-15 14:22:29 +08:00
parent d45b8e652b
commit c977703502
4 changed files with 94 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
k8s/master/kustomization.yaml
View File

@@ -53,6 +53,11 @@ patchesStrategicMerge:
proxy_pass http://coal-api.coal-master.svc.cluster.local:7456/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $proxy_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Prefix /api/;
}
}

1
src/main/java/cn/lihongjie/coal/config/SystemConfig.java
View File

@@ -18,6 +18,7 @@ public class SystemConfig {
private AnonymousConfig anonymous;
private String testAdminToken ;
@Data
public static class AnonymousConfig {

144
src/main/java/cn/lihongjie/coal/filter/AuthFilter.java
View File

@@ -18,8 +18,13 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.http.entity.ContentType;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.http.server.PathContainer;
import org.springframework.stereotype.Component;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.support.DefaultTransactionDefinition;
import org.springframework.transaction.support.TransactionTemplate;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.pattern.PathPatternParser;
@@ -27,6 +32,7 @@ import java.io.IOException;
import java.util.Optional;
@Component
@Order(Integer.MIN_VALUE + 100)
public class AuthFilter extends OncePerRequestFilter {
@Autowired
@@ -39,80 +45,104 @@ public class AuthFilter extends OncePerRequestFilter {
@Autowired
ResourceService resourceService;
@Autowired
PlatformTransactionManager transactionManager;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
MDC.remove("user");
if (isMatches(request)) {
filterChain.doFilter(request, response);
return ;
}
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String sessionId = request.getHeader("X-Token");
TransactionTemplate transactionTemplate = new TransactionTemplate(transactionManager, new DefaultTransactionDefinition(TransactionDefinition.PROPAGATION_REQUIRED));
transactionTemplate.executeWithoutResult(tx -> {
MDC.remove("user");
if (isMatches(request)) {
Optional<ResourceEntity> resource = resourceService.findByCode(request.getRequestURI());
if (resource.isEmpty()) {
writeResponse(new BizException("invalidUrl", "资源未找到"), response);
return;
}
request.setAttribute("__resourceEntity", resource.get());
if (StringUtils.isEmpty(sessionId)) {
if (resource.get().getAnonymous()) {
sessionService.anonymousSession();
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
filterChain.doFilter(request, response);
} else {
writeResponse(new BizException("loginRequired", "请先登录"), response);
}
} else {
try {
sessionService.rebuildSession(sessionId);
} catch (BizException ex) {
writeResponse(ex, response);
try {
filterChain.doFilter(request, response);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (ServletException e) {
throw new RuntimeException(e);
}
return;
}
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
Optional<ResourceEntity> userResource = user.getRoles().stream()
.flatMap(x -> x.getPermissions().stream())
.flatMap(x -> x.getResources().stream())
.filter(x -> StringUtils.equals(x.getId(), resource.get().getId())).findAny();
String sessionId = request.getHeader("X-Token");
if (userResource.isEmpty()) {
writeResponse(new BizException("invalidAccess", "当前资源未授权,请联系机构管理员处理。"), response);
} else {
Optional<ResourceEntity> resource = resourceService.findByCode(request.getRequestURI());
filterChain.doFilter(request, response);
if (resource.isEmpty()) {
writeResponse(new BizException("invalidUrl", "资源未找到"), response);
return;
}
request.setAttribute("__resourceEntity", resource.get());
}
if (StringUtils.isEmpty(sessionId)) {
if (resource.get().getAnonymous()) {
sessionService.anonymousSession();
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
try {
filterChain.doFilter(request, response);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (ServletException e) {
throw new RuntimeException(e);
}
} else {
writeResponse(new BizException("loginRequired", "请先登录"), response);
}
} else {
try {
sessionService.rebuildSession(sessionId);
} catch (BizException ex) {
writeResponse(ex, response);
return;
}
UserEntity user = Ctx.currentUser();
MDC.put("user", user.getUsername());
Optional<ResourceEntity> userResource = user.getRoles().stream()
.flatMap(x -> x.getPermissions().stream())
.flatMap(x -> x.getResources().stream())
.filter(x -> StringUtils.equals(x.getId(), resource.get().getId())).findAny();
if (userResource.isEmpty()) {
writeResponse(new BizException("invalidAccess", "当前资源未授权,请联系机构管理员处理。"), response);
} else {
try {
filterChain.doFilter(request, response);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (ServletException e) {
throw new RuntimeException(e);
}
}
}
});
}

1
src/main/resources/application.yaml
View File

@@ -13,6 +13,7 @@ system:
anonymous:
url:
- "/actuator/**"
test-admin-token: "11111111222222"