1. system 提供 OAuth2TokenApi 接口

2. gateway 通过 feign 引入 OAuth2TokenApi 接口

yudao-gateway/pom.xml

@@ -16,6 +16,13 @@
     <url>https://github.com/YunaiV/yudao-cloud</url>
 
     <dependencies>
+        <!-- 业务组件 -->
+        <dependency>
+            <groupId>cn.iocoder.cloud</groupId>
+            <artifactId>yudao-module-system-api</artifactId>
+            <version>${revision}</version>
+        </dependency>
+
         <!-- Gateway 网关相关 -->
         <dependency>
             <groupId>org.springframework.cloud</groupId>
@@ -28,6 +35,11 @@
             <artifactId>spring-cloud-starter-loadbalancer</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+        </dependency>
+
         <!-- Registry 注册中心相关 -->
         <dependency>
             <groupId>com.alibaba.cloud</groupId>

yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java

@@ -1,9 +1,14 @@
 package cn.iocoder.yudao.gateway;
 
+import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 
 @SpringBootApplication
+@EnableFeignClients(clients = {
+        OAuth2TokenApi.class
+}) // TODO 芋艿：需要改下
 public class GatewayServerApplication {
 
     public static void main(String[] args) {

yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java

@@ -0,0 +1,45 @@
+package cn.iocoder.yudao.gateway.filter;
+
+import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+import javax.annotation.Resource;
+import java.util.function.Consumer;
+
+/**
+ * Token 过滤器，验证 token 的有效性
+ * 1. 验证通过时，将 userId、userType、tenantId 通过 Header 转发给服务
+ * 2. 验证不通过，还是会转发给服务。因为，接口是否需要登录的校验，还是交给服务自身处理
+ *
+ * @author 芋道源码
+ */
+@Component // TODO 芋艿：要改成 configuration
+public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
+
+    @Resource
+    private OAuth2TokenApi oauth2TokenApi;
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+        exchange = exchange.mutate().request(r -> r.headers(new Consumer<HttpHeaders>() {
+            @Override
+            public void accept(HttpHeaders headers) {
+                headers.set("user-id", "1");
+            }
+        })).build();
+        return chain.filter(exchange);
+    }
+
+    @Override
+    public int getOrder() {
+        return -100; // 和 Spring Security Filter 的顺序对齐
+    }
+
+}

yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/util/SecurityFrameworkUtils.java

@@ -0,0 +1,39 @@
+package cn.iocoder.yudao.gateway.util;
+
+import org.springframework.util.StringUtils;
+import org.springframework.web.server.ServerWebExchange;
+
+/**
+ * 安全服务工具类
+ *
+ * copy from yudao-spring-boot-starter-security 的 SecurityFrameworkUtils 类
+ *
+ * @author 芋道源码
+ */
+public class SecurityFrameworkUtils {
+
+    public static final String AUTHORIZATION_HEADER = "Authorization";
+
+    public static final String AUTHORIZATION_BEARER = "Bearer";
+
+    private SecurityFrameworkUtils() {}
+
+    /**
+     * 从请求中，获得认证 Token
+     *
+     * @param exchange 请求
+     * @return 认证 Token
+     */
+    public static String obtainAuthorization(ServerWebExchange exchange) {
+        String authorization = exchange.getRequest().getHeaders().getFirst(AUTHORIZATION_HEADER);
+        if (!StringUtils.hasText(authorization)) {
+            return null;
+        }
+        int index = authorization.indexOf(AUTHORIZATION_BEARER + " ");
+        if (index == -1) { // 未找到
+            return null;
+        }
+        return authorization.substring(index + 7).trim();
+    }
+
+}

yudao-module-system/yudao-module-system-api/pom.xml

@@ -29,6 +29,13 @@
             <optional>true</optional>
         </dependency>
 
+        <!-- RPC 远程调用相关 -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <optional>true</optional>
+        </dependency>
+
     </dependencies>
 
 </project>

yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java

@@ -3,6 +3,9 @@ package cn.iocoder.yudao.module.system.api.auth;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCreateReqDTO;
 import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.validation.Valid;
 
@@ -11,6 +14,7 @@ import javax.validation.Valid;
  *
  * @author 芋道源码
  */
+@FeignClient(name = "system-server") // TODO 芋艿：fallbackFactory =
 public interface OAuth2TokenApi {
 
     /**
@@ -19,6 +23,7 @@ public interface OAuth2TokenApi {
      * @param reqDTO 访问令牌的创建信息
      * @return 访问令牌的信息
      */
+    @GetMapping("/tmp")
     OAuth2AccessTokenRespDTO createAccessToken(@Valid OAuth2AccessTokenCreateReqDTO reqDTO);
 
     /**
@@ -27,7 +32,8 @@ public interface OAuth2TokenApi {
      * @param accessToken 访问令牌
      * @return 访问令牌的信息
      */
-    OAuth2AccessTokenCheckRespDTO checkAccessToken(String accessToken);
+    @GetMapping("/app-api/check")
+    OAuth2AccessTokenCheckRespDTO checkAccessToken(@RequestParam("accessToken") String accessToken);
 
     /**
      * 移除访问令牌
@@ -35,6 +41,7 @@ public interface OAuth2TokenApi {
      * @param accessToken 访问令牌
      * @return 访问令牌的信息
      */
+    @GetMapping("/tmp2")
     OAuth2AccessTokenRespDTO removeAccessToken(String accessToken);
 
     /**
@@ -44,6 +51,8 @@ public interface OAuth2TokenApi {
      * @param clientId 客户端编号
      * @return 访问令牌的信息
      */
-    OAuth2AccessTokenRespDTO refreshAccessToken(String refreshToken, String clientId);
+    @GetMapping("/tmp3")
+    OAuth2AccessTokenRespDTO refreshAccessToken(@RequestParam("refreshToken") String refreshToken,
+                                                @RequestParam("clientId") String clientId);
 
 }

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java

@@ -7,6 +7,7 @@ import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
 import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
 import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
 import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
 
@@ -15,7 +16,7 @@ import javax.annotation.Resource;
  *
  * @author 芋道源码
  */
-@Service
+@RestController
 public class OAuth2TokenApiImpl implements OAuth2TokenApi {
 
     @Resource