From e89ef5496cd68aa65811cb126f2aa85e28f1740f Mon Sep 17 00:00:00 2001
From: YunaiV <zhijiantianya@gmail.com>
Date: Fri, 3 Jun 2022 01:11:13 +0800
Subject: [PATCH] =?UTF-8?q?1.=20system=20=E6=8F=90=E4=BE=9B=20OAuth2TokenA?=
 =?UTF-8?q?pi=20=E6=8E=A5=E5=8F=A3=202.=20gateway=20=E9=80=9A=E8=BF=87=20f?=
 =?UTF-8?q?eign=20=E5=BC=95=E5=85=A5=20OAuth2TokenApi=20=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 yudao-gateway/pom.xml                         | 12 +++++
 .../gateway/GatewayServerApplication.java     |  5 +++
 .../filter/TokenAuthenticationFilter.java     | 45 +++++++++++++++++++
 .../gateway/util/SecurityFrameworkUtils.java  | 39 ++++++++++++++++
 .../yudao-module-system-api/pom.xml           |  7 +++
 .../system/api/auth/OAuth2TokenApi.java       | 13 +++++-
 .../system/api/auth/OAuth2TokenApiImpl.java   |  3 +-
 7 files changed, 121 insertions(+), 3 deletions(-)
 create mode 100644 yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
 create mode 100644 yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java

diff --git a/yudao-gateway/pom.xml b/yudao-gateway/pom.xml
index 6df6ba494..8d2386954 100644
--- a/yudao-gateway/pom.xml
+++ b/yudao-gateway/pom.xml
@@ -16,6 +16,13 @@
     <url>https://github.com/YunaiV/yudao-cloud</url>
 
     <dependencies>
+        <!-- 业务组件 -->
+        <dependency>
+            <groupId>cn.iocoder.cloud</groupId>
+            <artifactId>yudao-module-system-api</artifactId>
+            <version>${revision}</version>
+        </dependency>
+
         <!-- Gateway 网关相关 -->
         <dependency>
             <groupId>org.springframework.cloud</groupId>
@@ -28,6 +35,11 @@
             <artifactId>spring-cloud-starter-loadbalancer</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+        </dependency>
+
         <!-- Registry 注册中心相关 -->
         <dependency>
             <groupId>com.alibaba.cloud</groupId>
diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
index d5904db49..ff4b97f09 100644
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
@@ -1,9 +1,14 @@
 package cn.iocoder.yudao.gateway;
 
+import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 
 @SpringBootApplication
+@EnableFeignClients(clients = {
+        OAuth2TokenApi.class
+}) // TODO 芋艿：需要改下
 public class GatewayServerApplication {
 
     public static void main(String[] args) {
diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
new file mode 100644
index 000000000..3b9642317
--- /dev/null
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
@@ -0,0 +1,45 @@
+package cn.iocoder.yudao.gateway.filter;
+
+import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+import javax.annotation.Resource;
+import java.util.function.Consumer;
+
+/**
+ * Token 过滤器，验证 token 的有效性
+ * 1. 验证通过时，将 userId、userType、tenantId 通过 Header 转发给服务
+ * 2. 验证不通过，还是会转发给服务。因为，接口是否需要登录的校验，还是交给服务自身处理
+ *
+ * @author 芋道源码
+ */
+@Component // TODO 芋艿：要改成 configuration
+public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
+
+    @Resource
+    private OAuth2TokenApi oauth2TokenApi;
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+        exchange = exchange.mutate().request(r -> r.headers(new Consumer<HttpHeaders>() {
+            @Override
+            public void accept(HttpHeaders headers) {
+                headers.set("user-id", "1");
+            }
+        })).build();
+        return chain.filter(exchange);
+    }
+
+    @Override
+    public int getOrder() {
+        return -100; // 和 Spring Security Filter 的顺序对齐
+    }
+
+}
diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java
new file mode 100644
index 000000000..1ce8af64d
--- /dev/null
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java
@@ -0,0 +1,39 @@
+package cn.iocoder.yudao.gateway.util;
+
+import org.springframework.util.StringUtils;
+import org.springframework.web.server.ServerWebExchange;
+
+/**
+ * 安全服务工具类
+ *
+ * copy from yudao-spring-boot-starter-security 的 SecurityFrameworkUtils 类
+ *
+ * @author 芋道源码
+ */
+public class SecurityFrameworkUtils {
+
+    public static final String AUTHORIZATION_HEADER = "Authorization";
+
+    public static final String AUTHORIZATION_BEARER = "Bearer";
+
+    private SecurityFrameworkUtils() {}
+
+    /**
+     * 从请求中，获得认证 Token
+     *
+     * @param exchange 请求
+     * @return 认证 Token
+     */
+    public static String obtainAuthorization(ServerWebExchange exchange) {
+        String authorization = exchange.getRequest().getHeaders().getFirst(AUTHORIZATION_HEADER);
+        if (!StringUtils.hasText(authorization)) {
+            return null;
+        }
+        int index = authorization.indexOf(AUTHORIZATION_BEARER + " ");
+        if (index == -1) { // 未找到
+            return null;
+        }
+        return authorization.substring(index + 7).trim();
+    }
+
+}
diff --git a/yudao-module-system/yudao-module-system-api/pom.xml b/yudao-module-system/yudao-module-system-api/pom.xml
index a9054a152..1c1215f06 100644
--- a/yudao-module-system/yudao-module-system-api/pom.xml
+++ b/yudao-module-system/yudao-module-system-api/pom.xml
@@ -29,6 +29,13 @@
             <optional>true</optional>
         </dependency>
 
+        <!-- RPC 远程调用相关 -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <optional>true</optional>
+        </dependency>
+
     </dependencies>
 
 </project>
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java
index 5d0201565..a769a431f 100644
--- a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java
@@ -3,6 +3,9 @@ package cn.iocoder.yudao.module.system.api.auth;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCreateReqDTO;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.validation.Valid;
 
@@ -11,6 +14,7 @@ import javax.validation.Valid;
  *
  * @author 芋道源码
  */
+@FeignClient(name = "system-server") // TODO 芋艿：fallbackFactory =
 public interface OAuth2TokenApi {
 
     /**
@@ -19,6 +23,7 @@ public interface OAuth2TokenApi {
      * @param reqDTO 访问令牌的创建信息
      * @return 访问令牌的信息
      */
+    @GetMapping("/tmp")
     OAuth2AccessTokenRespDTO createAccessToken(@Valid OAuth2AccessTokenCreateReqDTO reqDTO);
 
     /**
@@ -27,7 +32,8 @@ public interface OAuth2TokenApi {
      * @param accessToken 访问令牌
      * @return 访问令牌的信息
      */
-    OAuth2AccessTokenCheckRespDTO checkAccessToken(String accessToken);
+    @GetMapping("/app-api/check")
+    OAuth2AccessTokenCheckRespDTO checkAccessToken(@RequestParam("accessToken") String accessToken);
 
     /**
      * 移除访问令牌
@@ -35,6 +41,7 @@ public interface OAuth2TokenApi {
      * @param accessToken 访问令牌
      * @return 访问令牌的信息
      */
+    @GetMapping("/tmp2")
     OAuth2AccessTokenRespDTO removeAccessToken(String accessToken);
 
     /**
@@ -44,6 +51,8 @@ public interface OAuth2TokenApi {
      * @param clientId 客户端编号
      * @return 访问令牌的信息
      */
-    OAuth2AccessTokenRespDTO refreshAccessToken(String refreshToken, String clientId);
+    @GetMapping("/tmp3")
+    OAuth2AccessTokenRespDTO refreshAccessToken(@RequestParam("refreshToken") String refreshToken,
+                                                @RequestParam("clientId") String clientId);
 
 }
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java
index 438cf9463..3eec3fc11 100644
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java
@@ -7,6 +7,7 @@ import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
 import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
 import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
 import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
 
@@ -15,7 +16,7 @@ import javax.annotation.Resource;
  *
  * @author 芋道源码
  */
-@Service
+@RestController
 public class OAuth2TokenApiImpl implements OAuth2TokenApi {
 
     @Resource