fys

fys-common/fys-common-security/pom.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>com.fuyuanshen</groupId>
+        <artifactId>fys-common</artifactId>
+        <version>${revision}</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>fys-common-security</artifactId>
+
+    <description>
+        fys-common-security 安全模块
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.fuyuanshen</groupId>
+            <artifactId>fys-common-satoken</artifactId>
+        </dependency>
+
+    </dependencies>
+
+</project>

fys-common/fys-common-security/src/main/java/com/fuyuanshen/common/security/config/SecurityConfig.java

@@ -0,0 +1,100 @@
+package com.fuyuanshen.common.security.config;
+
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.filter.SaServletFilter;
+import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
+import cn.dev33.satoken.interceptor.SaInterceptor;
+import cn.dev33.satoken.router.SaRouter;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import com.fuyuanshen.common.core.constant.HttpStatus;
+import com.fuyuanshen.common.core.utils.ServletUtils;
+import com.fuyuanshen.common.core.utils.SpringUtils;
+import com.fuyuanshen.common.core.utils.StringUtils;
+import com.fuyuanshen.common.satoken.utils.LoginHelper;
+import com.fuyuanshen.common.security.config.properties.SecurityProperties;
+import com.fuyuanshen.common.security.handler.AllUrlHandler;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * 权限安全配置
+ *
+ * @author Lion Li
+ */
+
+@Slf4j
+@AutoConfiguration
+@EnableConfigurationProperties(SecurityProperties.class)
+@RequiredArgsConstructor
+public class SecurityConfig implements WebMvcConfigurer {
+
+    private final SecurityProperties securityProperties;
+    @Value("${sse.path}")
+    private String ssePath;
+
+    /**
+     * 注册sa-token的拦截器
+     */
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        // 注册路由拦截器，自定义验证规则
+        registry.addInterceptor(new SaInterceptor(handler -> {
+                AllUrlHandler allUrlHandler = SpringUtils.getBean(AllUrlHandler.class);
+                // 登录验证 -- 排除多个路径
+                SaRouter
+                    // 获取所有的
+                    .match(allUrlHandler.getUrls())
+                    // 对未排除的路径进行检查
+                    .check(() -> {
+                        HttpServletRequest request = ServletUtils.getRequest();
+                        // 检查是否登录 是否有token
+                        StpUtil.checkLogin();
+
+                        // 检查 header 与 param 里的 clientid 与 token 里的是否一致
+                        String headerCid = request.getHeader(LoginHelper.CLIENT_KEY);
+                        String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);
+                        String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
+                        if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
+                            // token 无效
+                            throw NotLoginException.newInstance(StpUtil.getLoginType(),
+                                "-100", "客户端ID与Token不匹配",
+                                StpUtil.getTokenValue());
+                        }
+
+                        // 有效率影响 用于临时测试
+                        // if (log.isDebugEnabled()) {
+                        //     log.info("剩余有效时间: {}", StpUtil.getTokenTimeout());
+                        //     log.info("临时有效时间: {}", StpUtil.getTokenActivityTimeout());
+                        // }
+
+                    });
+            })).addPathPatterns("/**")
+            // 排除不需要拦截的路径
+            .excludePathPatterns(securityProperties.getExcludes())
+            .excludePathPatterns(ssePath);
+    }
+
+    /**
+     * 对 actuator 健康检查接口 做账号密码鉴权
+     */
+    @Bean
+    public SaServletFilter getSaServletFilter() {
+        String username = SpringUtils.getProperty("spring.boot.admin.client.username");
+        String password = SpringUtils.getProperty("spring.boot.admin.client.password");
+        return new SaServletFilter()
+            .addInclude("/actuator", "/actuator/**")
+            .setAuth(obj -> {
+                SaHttpBasicUtil.check(username + ":" + password);
+            })
+            .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
+    }
+
+}

fys-common/fys-common-security/src/main/java/com/fuyuanshen/common/security/config/properties/SecurityProperties.java

@@ -0,0 +1,21 @@
+package com.fuyuanshen.common.security.config.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * Security 配置属性
+ *
+ * @author Lion Li
+ */
+@Data
+@ConfigurationProperties(prefix = "security")
+public class SecurityProperties {
+
+    /**
+     * 排除路径
+     */
+    private String[] excludes;
+
+
+}

fys-common/fys-common-security/src/main/java/com/fuyuanshen/common/security/handler/AllUrlHandler.java

@@ -0,0 +1,39 @@
+package com.fuyuanshen.common.security.handler;
+
+import cn.hutool.core.util.ReUtil;
+import com.fuyuanshen.common.core.utils.SpringUtils;
+import lombok.Data;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+import java.util.*;
+import java.util.regex.Pattern;
+
+/**
+ * 获取所有Url配置
+ *
+ * @author Lion Li
+ */
+@Data
+public class AllUrlHandler implements InitializingBean {
+
+    private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");
+
+    private List<String> urls = new ArrayList<>();
+
+    @Override
+    public void afterPropertiesSet() {
+        Set<String> set = new HashSet<>();
+        RequestMappingHandlerMapping mapping = SpringUtils.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
+        Map<RequestMappingInfo, HandlerMethod> map = mapping.getHandlerMethods();
+        map.keySet().forEach(info -> {
+            // 获取注解上边的 path 替代 path variable 为 *
+            Objects.requireNonNull(info.getPathPatternsCondition().getPatterns())
+                    .forEach(url -> set.add(ReUtil.replaceAll(url.getPatternString(), PATTERN, "*")));
+        });
+        urls.addAll(set);
+    }
+
+}

fys-common/fys-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -0,0 +1,2 @@
+com.fuyuanshen.common.security.handler.AllUrlHandler
+com.fuyuanshen.common.security.config.SecurityConfig