From c97770350204e8cbcb8760afddd664377bcbfd57 Mon Sep 17 00:00:00 2001
From: lihongjie0209 <lihongjie0209@gmail.com>
Date: Tue, 15 Aug 2023 14:22:29 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 k8s/master/kustomization.yaml                 |   5 +
 .../lihongjie/coal/config/SystemConfig.java   |   1 +
 .../cn/lihongjie/coal/filter/AuthFilter.java  | 144 +++++++++++-------
 src/main/resources/application.yaml           |   1 +
 4 files changed, 94 insertions(+), 57 deletions(-)

diff --git a/k8s/master/kustomization.yaml b/k8s/master/kustomization.yaml
index 049cd971..b88897b3 100644
--- a/k8s/master/kustomization.yaml
+++ b/k8s/master/kustomization.yaml
@@ -53,6 +53,11 @@ patchesStrategicMerge:
           proxy_pass http://coal-api.coal-master.svc.cluster.local:7456/;
           proxy_set_header    X-Real-IP        $remote_addr;
           proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
+          proxy_set_header Host $proxy_host;
+          proxy_set_header X-Forwarded-Host $http_host;
+          proxy_set_header X-Forwarded-Proto http;
+          proxy_set_header X-Forwarded-Port 80; 
+          proxy_set_header X-Forwarded-Prefix /api/;
         }
         }
         
diff --git a/src/main/java/cn/lihongjie/coal/config/SystemConfig.java b/src/main/java/cn/lihongjie/coal/config/SystemConfig.java
index 240062b2..51453965 100644
--- a/src/main/java/cn/lihongjie/coal/config/SystemConfig.java
+++ b/src/main/java/cn/lihongjie/coal/config/SystemConfig.java
@@ -18,6 +18,7 @@ public class SystemConfig {
 
     private AnonymousConfig anonymous;
 
+    private String testAdminToken ;
     @Data
     public static class AnonymousConfig {
 
diff --git a/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java b/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java
index 54cd407b..24cf02ea 100644
--- a/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java
+++ b/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java
@@ -18,8 +18,13 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.http.entity.ContentType;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.server.PathContainer;
 import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.support.DefaultTransactionDefinition;
+import org.springframework.transaction.support.TransactionTemplate;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.pattern.PathPatternParser;
 
@@ -27,6 +32,7 @@ import java.io.IOException;
 import java.util.Optional;
 
 @Component
+@Order(Integer.MIN_VALUE + 100)
 public class AuthFilter extends OncePerRequestFilter {
 
     @Autowired
@@ -39,80 +45,104 @@ public class AuthFilter extends OncePerRequestFilter {
     @Autowired
     ResourceService resourceService;
 
+    @Autowired
+    PlatformTransactionManager transactionManager;
 
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-
-        MDC.remove("user");
-        if (isMatches(request)) {
-
-            filterChain.doFilter(request, response);
-            return ;
-        }
+    public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 
 
-        String sessionId = request.getHeader("X-Token");
+        TransactionTemplate transactionTemplate = new TransactionTemplate(transactionManager, new DefaultTransactionDefinition(TransactionDefinition.PROPAGATION_REQUIRED));
 
+        transactionTemplate.executeWithoutResult(tx -> {
 
+            MDC.remove("user");
+            if (isMatches(request)) {
 
-
-        Optional<ResourceEntity> resource = resourceService.findByCode(request.getRequestURI());
-
-
-        if (resource.isEmpty()) {
-            writeResponse(new BizException("invalidUrl", "资源未找到"), response);
-            return;
-        }
-
-        request.setAttribute("__resourceEntity", resource.get());
-
-        if (StringUtils.isEmpty(sessionId)) {
-
-
-            if (resource.get().getAnonymous()) {
-                sessionService.anonymousSession();
-                UserEntity user = Ctx.currentUser();
-                MDC.put("user", user.getUsername());
-                filterChain.doFilter(request, response);
-            } else {
-
-                writeResponse(new BizException("loginRequired", "请先登录"), response);
-            }
-
-        } else {
-
-
-            try {
-
-                sessionService.rebuildSession(sessionId);
-
-
-            } catch (BizException ex) {
-
-                writeResponse(ex, response);
-
+                try {
+                    filterChain.doFilter(request, response);
+                } catch (IOException e) {
+                    throw new RuntimeException(e);
+                } catch (ServletException e) {
+                    throw new RuntimeException(e);
+                }
                 return;
             }
 
 
-            UserEntity user = Ctx.currentUser();
-            MDC.put("user", user.getUsername());
-
-            Optional<ResourceEntity> userResource = user.getRoles().stream()
-                    .flatMap(x -> x.getPermissions().stream())
-                    .flatMap(x -> x.getResources().stream())
-                    .filter(x -> StringUtils.equals(x.getId(), resource.get().getId())).findAny();
+            String sessionId = request.getHeader("X-Token");
 
 
-            if (userResource.isEmpty()) {
-                writeResponse(new BizException("invalidAccess", "当前资源未授权，请联系机构管理员处理。"), response);
-            } else {
+            Optional<ResourceEntity> resource = resourceService.findByCode(request.getRequestURI());
 
-                filterChain.doFilter(request, response);
+
+            if (resource.isEmpty()) {
+                writeResponse(new BizException("invalidUrl", "资源未找到"), response);
+                return;
             }
 
+            request.setAttribute("__resourceEntity", resource.get());
 
-        }
+            if (StringUtils.isEmpty(sessionId)) {
+
+
+                if (resource.get().getAnonymous()) {
+                    sessionService.anonymousSession();
+                    UserEntity user = Ctx.currentUser();
+                    MDC.put("user", user.getUsername());
+                    try {
+                        filterChain.doFilter(request, response);
+                    } catch (IOException e) {
+                        throw new RuntimeException(e);
+                    } catch (ServletException e) {
+                        throw new RuntimeException(e);
+                    }
+                } else {
+
+                    writeResponse(new BizException("loginRequired", "请先登录"), response);
+                }
+
+            } else {
+
+
+                try {
+
+                    sessionService.rebuildSession(sessionId);
+
+
+                } catch (BizException ex) {
+
+                    writeResponse(ex, response);
+
+                    return;
+                }
+
+
+                UserEntity user = Ctx.currentUser();
+                MDC.put("user", user.getUsername());
+
+                Optional<ResourceEntity> userResource = user.getRoles().stream()
+                        .flatMap(x -> x.getPermissions().stream())
+                        .flatMap(x -> x.getResources().stream())
+                        .filter(x -> StringUtils.equals(x.getId(), resource.get().getId())).findAny();
+
+
+                if (userResource.isEmpty()) {
+                    writeResponse(new BizException("invalidAccess", "当前资源未授权，请联系机构管理员处理。"), response);
+                } else {
+
+                    try {
+                        filterChain.doFilter(request, response);
+                    } catch (IOException e) {
+                        throw new RuntimeException(e);
+                    } catch (ServletException e) {
+                        throw new RuntimeException(e);
+                    }
+                }
+
+
+            }
+        });
 
     }
 
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index a76cda8a..a40e8abf 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -13,6 +13,7 @@ system:
   anonymous:
     url:
       - "/actuator/**"
+  test-admin-token: "11111111222222"