增加 auth 认证拦截器

common/common-framework/src/main/java/cn/iocoder/common/framework/util/ServiceExceptionUtil.java

@@ -4,6 +4,7 @@ import cn.iocoder.common.framework.exception.ServiceException;
 import cn.iocoder.common.framework.vo.CommonResult;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.util.Assert;
 
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -100,6 +101,11 @@ public class ServiceExceptionUtil {
         return new ServiceException(code, message);
     }
 
+    public static ServiceException exception(CommonResult result) {
+        Assert.isTrue(result.isError(), "结果必须是错误的");
+        return new ServiceException(result.getCode(), result.getMessage());
+    }
+
     /**
      * 将错误编号对应的消息使用 params 进行格式化。
      *

common/mall-spring-boot-starter-security/pom.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>common</artifactId>
+        <groupId>cn.iocoder.mall</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>mall-spring-boot-starter-security</artifactId>
+
+    <dependencies>
+        <!-- Mall 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>system-rpc-api</artifactId>
+            <version>1.0-SNAPSHOT</version>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Spring 核心 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Web 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-spring-boot-starter-web</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+        <!-- RPC 相关 -->
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo</artifactId>
+            <optional>true</optional>
+        </dependency>
+    </dependencies>
+
+</project>

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java

@@ -0,0 +1,16 @@
+package cn.iocoder.mall.security.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+@ConditionalOnClass(name = {"cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC", "org.apache.dubbo.config.annotation.Reference"})
+public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
+
+    // ========== 拦截器相关 ==========
+
+
+}

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/account/AccountAuthInterceptor.java

@@ -0,0 +1,40 @@
+package cn.iocoder.mall.security.core.account;
+
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.common.framework.util.ServiceExceptionUtil;
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
+import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
+import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
+import org.apache.dubbo.config.annotation.Reference;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Reference(validation = "true", version = "${dubbo.consumer.OAuth2RPC.version}")
+    private OAuth2RPC oauth2RPC;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 执行认证
+        String accessToken = HttpUtil.obtainAuthorization(request);
+        OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
+                .setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
+        CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResponseResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
+        if (oauth2AccessTokenResponseResult.isError()) { // TODO 有一个问题点，假设 token 认证失败，但是该 url 是无需认证的，是不是一样能够执行过去？
+            throw ServiceExceptionUtil.exception(oauth2AccessTokenResponseResult);
+        }
+        // 设置账号编号
+        CommonWebUtil.setAccountId(request, oauth2AccessTokenResponseResult.getData().getAccountId());
+        return true;
+    }
+
+}

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/package-info.java

@@ -0,0 +1 @@
+package cn.iocoder.mall.security.core;

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/package-info.java

@@ -0,0 +1 @@
+package cn.iocoder.mall.security;

common/mall-spring-boot-starter-web/pom.xml

@@ -37,6 +37,7 @@
         <dependency>
             <groupId>org.apache.dubbo</groupId>
             <artifactId>dubbo</artifactId>
+            <optional>true</optional>
         </dependency>
     </dependencies>
 

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/config/CommonWebAutoConfiguration.java

@@ -1,8 +1,9 @@
 package cn.iocoder.mall.web.config;
 
-import cn.iocoder.mall.web.constant.CommonMallConstants;
+import cn.iocoder.mall.web.core.constant.CommonMallConstants;
-import cn.iocoder.mall.web.handler.GlobalResponseBodyHandler;
+import cn.iocoder.mall.web.core.handler.GlobalExceptionHandler;
-import cn.iocoder.mall.web.interceptor.AccessLogInterceptor;
+import cn.iocoder.mall.web.core.handler.GlobalResponseBodyHandler;
+import cn.iocoder.mall.web.core.interceptor.AccessLogInterceptor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -28,10 +29,16 @@ public class CommonWebAutoConfiguration implements WebMvcConfigurer {
         return new GlobalResponseBodyHandler();
     }
 
+    @Bean
+    @ConditionalOnMissingBean(GlobalExceptionHandler.class)
+    public GlobalExceptionHandler globalExceptionHandler() {
+        return new GlobalExceptionHandler();
+    }
+
     // ========== 拦截器相关 ==========
 
     @Bean
-    @ConditionalOnClass(name = "cn.iocoder.mall.system.rpc.api.SystemLogRPC")
+    @ConditionalOnClass(name = {"cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC", "org.apache.dubbo.config.annotation.Reference"})
     @ConditionalOnMissingBean(AccessLogInterceptor.class)
     public AccessLogInterceptor accessLogInterceptor() {
         return new AccessLogInterceptor();

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/core/constant/CommonMallConstants.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.web.constant;
+package cn.iocoder.mall.web.core.constant;
 
 public interface CommonMallConstants {
 

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/core/handler/GlobalExceptionHandler.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.spring.boot.web.handler;
+package cn.iocoder.mall.web.core.handler;
 
 import cn.iocoder.common.framework.constant.SysErrorCodeEnum;
 import cn.iocoder.common.framework.exception.ServiceException;
@@ -6,12 +6,10 @@ import cn.iocoder.common.framework.util.ExceptionUtil;
 import cn.iocoder.common.framework.util.HttpUtil;
 import cn.iocoder.common.framework.util.MallUtil;
 import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.system.api.SystemLogService;
+import cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC;
-import cn.iocoder.mall.system.api.dto.systemlog.AccessLogAddDTO;
+import cn.iocoder.mall.system.rpc.request.systemlog.ExceptionLogAddRequest;
-import cn.iocoder.mall.system.api.dto.systemlog.ExceptionLogAddDTO;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
 import com.alibaba.fastjson.JSON;
-import io.micrometer.core.instrument.Counter;
-import io.micrometer.core.instrument.Metrics;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.dubbo.config.annotation.Reference;
 import org.slf4j.Logger;
@@ -20,32 +18,37 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.MissingServletRequestParameterException;
-import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.ConstraintViolationException;
 import java.util.Date;
 
-@ControllerAdvice
+/**
+ * 全局异常处理器，将 Exception 翻译成 CommonResult + 对应的异常编号
+ */
+@RestControllerAdvice
 public class GlobalExceptionHandler {
 
-    /**
+    // TODO 芋艿，应该还有其它的异常，需要进行翻译
-     * 异常总数 Metrics
+
-     */
+
-    private static final Counter EXCEPTION_COUNTER = Metrics.counter("mall.exception.total");
+//    /**
+//     * 异常总数 Metrics
+//     */
+//    private static final Counter EXCEPTION_COUNTER = Metrics.counter("mall.exception.total");
 
     private Logger logger = LoggerFactory.getLogger(getClass());
 
     @Value("${spring.application.name}")
     private String applicationName;
 
-    @Reference(validation = "true", version = "${dubbo.consumer.AdminAccessLogService.version:1.0.0}")
+    // TODO 目前存在一个问题，如果未引入 system-rpc-api 依赖，GlobalExceptionHandler 会报类不存在。未来封装出 Repository 解决该问题
-    private SystemLogService systemLogService;
+    @Reference(validation = "true", version = "${dubbo.consumer.SystemLogRPC.version}")
+    private SystemLogRPC systemLogRPC;
 
     // 逻辑异常
-    @ResponseBody
     @ExceptionHandler(value = ServiceException.class)
     public CommonResult serviceExceptionHandler(HttpServletRequest req, ServiceException ex) {
         logger.debug("[serviceExceptionHandler]", ex);
@@ -53,14 +56,12 @@ public class GlobalExceptionHandler {
     }
 
     // Spring MVC 参数不正确
-    @ResponseBody
     @ExceptionHandler(value = MissingServletRequestParameterException.class)
     public CommonResult missingServletRequestParameterExceptionHandler(HttpServletRequest req, MissingServletRequestParameterException ex) {
         logger.warn("[missingServletRequestParameterExceptionHandler]", ex);
         return CommonResult.error(SysErrorCodeEnum.MISSING_REQUEST_PARAM_ERROR.getCode(), SysErrorCodeEnum.MISSING_REQUEST_PARAM_ERROR.getMessage() + ":" + ex.getMessage());
     }
 
-    @ResponseBody
     @ExceptionHandler(value = ConstraintViolationException.class)
     public CommonResult constraintViolationExceptionHandler(HttpServletRequest req, ConstraintViolationException ex) {
         logger.info("[constraintViolationExceptionHandler]", ex);
@@ -68,20 +69,18 @@ public class GlobalExceptionHandler {
         // 拼接详细报错
         StringBuilder detailMessage = new StringBuilder("\n\n详细错误如下：");
         ex.getConstraintViolations().forEach(constraintViolation -> detailMessage.append("\n").append(constraintViolation.getMessage()));
-        return CommonResult.error(SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getCode(), SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getMessage()
+        return CommonResult.error(SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getCode(),
-            + detailMessage.toString());
+                SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getMessage() + detailMessage.toString());
     }
 
-    // TODO 芋艿，应该还有其它的异常，需要进行翻译
-    @ResponseBody
     @ExceptionHandler(value = Exception.class)
     public CommonResult exceptionHandler(HttpServletRequest req, Exception e) {
         logger.error("[exceptionHandler]", e);
         // 插入异常日志
-        ExceptionLogAddDTO exceptionLog = new ExceptionLogAddDTO();
+        ExceptionLogAddRequest exceptionLog = new ExceptionLogAddRequest();
         try {
-            // 增加异常计数 metrics
+            // 增加异常计数 metrics TODO 暂时去掉
-            EXCEPTION_COUNTER.increment();
+//            EXCEPTION_COUNTER.increment();
             // 初始化 exceptionLog
             initExceptionLog(exceptionLog, req, e);
             // 执行插入 exceptionLog
@@ -93,13 +92,9 @@ public class GlobalExceptionHandler {
         return CommonResult.error(SysErrorCodeEnum.SYS_ERROR.getCode(), SysErrorCodeEnum.SYS_ERROR.getMessage());
     }
 
-    private void initExceptionLog(ExceptionLogAddDTO exceptionLog, HttpServletRequest request,  Exception e) {
+    private void initExceptionLog(ExceptionLogAddRequest exceptionLog, HttpServletRequest request,  Exception e) {
-        // 设置用户编号
+        // 设置账号编号
-        exceptionLog.setUserId(MallUtil.getUserId(request));
+        exceptionLog.setAccountId(CommonWebUtil.getAccountId(request));
-        if (exceptionLog.getUserId() == null) {
-            exceptionLog.setUserId(AccessLogAddDTO.USER_ID_NULL);
-        }
-        exceptionLog.setUserType(MallUtil.getUserType(request));
         // 设置异常字段
         exceptionLog.setExceptionName(e.getClass().getName());
         exceptionLog.setExceptionMessage(ExceptionUtil.getMessage(e));
@@ -124,8 +119,13 @@ public class GlobalExceptionHandler {
     }
 
     @Async
-    public void addExceptionLog(ExceptionLogAddDTO exceptionLog) {
+    public void addExceptionLog(ExceptionLogAddRequest exceptionLog) {
-        systemLogService.addExceptionLog(exceptionLog);
+        try {
+            systemLogRPC.addExceptionLog(exceptionLog);
+        } catch (Throwable th) {
+            logger.error("[addAccessLog][插入异常日志({}) 发生异常({})", JSON.toJSONString(exceptionLog), ExceptionUtils.getRootCauseMessage(th));
+        }
+
     }
 
 }

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/core/handler/GlobalResponseBodyHandler.java

@@ -1,7 +1,7 @@
-package cn.iocoder.mall.web.handler;
+package cn.iocoder.mall.web.core.handler;
 
 import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.web.util.CommonWebUtil;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
 import org.springframework.core.MethodParameter;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.ServerHttpRequest;
@@ -18,7 +18,7 @@ import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
  * 原因是，GlobalResponseBodyHandler 本质上是 AOP，它不应该改变 Controller 返回的数据结构
  *
  * 目前，GlobalResponseBodyHandler 的主要作用是，记录 Controller 的返回结果，
- * 方便 {@link cn.iocoder.mall.web.interceptor.AccessLogInterceptor} 记录访问日志
+ * 方便 {@link cn.iocoder.mall.web.core.interceptor.AccessLogInterceptor} 记录访问日志
  */
 @ControllerAdvice
 public class GlobalResponseBodyHandler implements ResponseBodyAdvice {

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/core/interceptor/AccessLogInterceptor.java

@@ -1,11 +1,11 @@
-package cn.iocoder.mall.web.interceptor;
+package cn.iocoder.mall.web.core.interceptor;
 
 import cn.iocoder.common.framework.util.HttpUtil;
 import cn.iocoder.common.framework.util.MallUtil;
 import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.system.rpc.api.SystemLogRPC;
+import cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC;
-import cn.iocoder.mall.system.rpc.request.system.AccessLogAddRequest;
+import cn.iocoder.mall.system.rpc.request.systemlog.AccessLogAddRequest;
-import cn.iocoder.mall.web.util.CommonWebUtil;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
 import com.alibaba.fastjson.JSON;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.dubbo.config.annotation.Reference;
@@ -55,7 +55,7 @@ public class AccessLogInterceptor extends HandlerInterceptorAdapter {
     }
 
     private void initAccessLog(AccessLogAddRequest accessLog, HttpServletRequest request) {
-        // 设置用户编号
+        // 设置账号编号
         accessLog.setAccountId(CommonWebUtil.getAccountId(request));
         // 设置访问结果
         CommonResult result = CommonWebUtil.getCommonResult(request);

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/core/util/CommonWebUtil.java

@@ -1,7 +1,7 @@
-package cn.iocoder.mall.web.util;
+package cn.iocoder.mall.web.core.util;
 
 import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.web.constant.CommonMallConstants;
+import cn.iocoder.mall.web.core.constant.CommonMallConstants;
 
 import javax.servlet.ServletRequest;
 import java.util.Date;

common/mall-spring-boot-starter-web/src/main/java/cn/iocoder/mall/web/handler/GlobalExceptionHandler.java

@@ -1,103 +0,0 @@
-package cn.iocoder.mall.web.handler;
-
-//@ControllerAdvice
-//public class GlobalExceptionHandler {
-//
-////    /**
-////     * 异常总数 Metrics
-////     */
-////    private static final Counter EXCEPTION_COUNTER = Metrics.counter("mall.exception.total");
-//
-//    private Logger logger = LoggerFactory.getLogger(getClass());
-//
-//    @Value("${spring.application.name}")
-//    private String applicationName;
-//
-//    @Reference(validation = "true", version = "${dubbo.consumer.AdminAccessLogService.version:1.0.0}")
-//    private SystemLogService systemLogService;
-//
-//    // 逻辑异常
-//    @ResponseBody
-//    @ExceptionHandler(value = ServiceException.class)
-//    public CommonResult serviceExceptionHandler(HttpServletRequest req, ServiceException ex) {
-//        logger.debug("[serviceExceptionHandler]", ex);
-//        return CommonResult.error(ex.getCode(), ex.getMessage());
-//    }
-//
-//    // Spring MVC 参数不正确
-//    @ResponseBody
-//    @ExceptionHandler(value = MissingServletRequestParameterException.class)
-//    public CommonResult missingServletRequestParameterExceptionHandler(HttpServletRequest req, MissingServletRequestParameterException ex) {
-//        logger.warn("[missingServletRequestParameterExceptionHandler]", ex);
-//        return CommonResult.error(SysErrorCodeEnum.MISSING_REQUEST_PARAM_ERROR.getCode(), SysErrorCodeEnum.MISSING_REQUEST_PARAM_ERROR.getMessage() + ":" + ex.getMessage());
-//    }
-//
-//    @ResponseBody
-//    @ExceptionHandler(value = ConstraintViolationException.class)
-//    public CommonResult constraintViolationExceptionHandler(HttpServletRequest req, ConstraintViolationException ex) {
-//        logger.info("[constraintViolationExceptionHandler]", ex);
-//        // TODO 芋艿，后续要想一个更好的方式。
-//        // 拼接详细报错
-//        StringBuilder detailMessage = new StringBuilder("\n\n详细错误如下：");
-//        ex.getConstraintViolations().forEach(constraintViolation -> detailMessage.append("\n").append(constraintViolation.getMessage()));
-//        return CommonResult.error(SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getCode(), SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getMessage()
-//            + detailMessage.toString());
-//    }
-//
-//    // TODO 芋艿，应该还有其它的异常，需要进行翻译
-//    @ResponseBody
-//    @ExceptionHandler(value = Exception.class)
-//    public CommonResult exceptionHandler(HttpServletRequest req, Exception e) {
-//        logger.error("[exceptionHandler]", e);
-//        // 插入异常日志
-//        ExceptionLogAddDTO exceptionLog = new ExceptionLogAddDTO();
-//        try {
-//            // 增加异常计数 metrics
-//            EXCEPTION_COUNTER.increment();
-//            // 初始化 exceptionLog
-//            initExceptionLog(exceptionLog, req, e);
-//            // 执行插入 exceptionLog
-//            addExceptionLog(exceptionLog);
-//        } catch (Throwable th) {
-//            logger.error("[exceptionHandler][插入访问日志({}) 发生异常({})", JSON.toJSONString(exceptionLog), ExceptionUtils.getRootCauseMessage(th));
-//        }
-//        // 返回 ERROR CommonResult
-//        return CommonResult.error(SysErrorCodeEnum.SYS_ERROR.getCode(), SysErrorCodeEnum.SYS_ERROR.getMessage());
-//    }
-//
-//    private void initExceptionLog(ExceptionLogAddDTO exceptionLog, HttpServletRequest request,  Exception e) {
-//        // 设置用户编号
-//        exceptionLog.setUserId(MallUtil.getUserId(request));
-//        if (exceptionLog.getUserId() == null) {
-//            exceptionLog.setUserId(AccessLogAddDTO.USER_ID_NULL);
-//        }
-//        exceptionLog.setUserType(MallUtil.getUserType(request));
-//        // 设置异常字段
-//        exceptionLog.setExceptionName(e.getClass().getName());
-//        exceptionLog.setExceptionMessage(ExceptionUtil.getMessage(e));
-//        exceptionLog.setExceptionRootCauseMessage(ExceptionUtil.getRootCauseMessage(e));
-//        exceptionLog.setExceptionStackTrace(ExceptionUtil.getStackTrace(e));
-//        StackTraceElement[] stackTraceElements = e.getStackTrace();
-//        Assert.notEmpty(stackTraceElements, "异常 stackTraceElements 不能为空");
-//        StackTraceElement stackTraceElement = stackTraceElements[0];
-//        exceptionLog.setExceptionClassName(stackTraceElement.getClassName());
-//        exceptionLog.setExceptionFileName(stackTraceElement.getFileName());
-//        exceptionLog.setExceptionMethodName(stackTraceElement.getMethodName());
-//        exceptionLog.setExceptionLineNumber(stackTraceElement.getLineNumber());
-//        // 设置其它字段
-//        exceptionLog.setTraceId(MallUtil.getTraceId())
-//                .setApplicationName(applicationName)
-//                .setUri(request.getRequestURI()) // TODO 提升：如果想要优化，可以使用 Swagger 的 @ApiOperation 注解。
-//                .setQueryString(HttpUtil.buildQueryString(request))
-//                .setMethod(request.getMethod())
-//                .setUserAgent(HttpUtil.getUserAgent(request))
-//                .setIp(HttpUtil.getIp(request))
-//                .setExceptionTime(new Date());
-//    }
-//
-//    @Async
-//    public void addExceptionLog(ExceptionLogAddDTO exceptionLog) {
-//        systemLogService.addExceptionLog(exceptionLog);
-//    }
-//
-//}

common/mall-spring-boot/src/main/java/cn/iocoder/mall/spring/boot/web/AdminMVCAutoConfiguration.java

@@ -27,12 +27,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 }) // 有引入 system-sdk
 public class AdminMVCAutoConfiguration implements WebMvcConfigurer {
 
-    @Bean
-//    @ConditionalOnMissingBean(AccessLogInterceptor.class)
-    public AccessLogInterceptor adminAccessLogInterceptor() {
-        return new AccessLogInterceptor();
-    }
-
     @Bean
     @ConditionalOnMissingBean(AdminSecurityInterceptor.class)
     public AdminSecurityInterceptor adminSecurityInterceptor() {
@@ -45,18 +39,6 @@ public class AdminMVCAutoConfiguration implements WebMvcConfigurer {
         return new AdminDemoInterceptor();
     }
 
-    @Bean
-    @ConditionalOnMissingBean(GlobalResponseBodyHandler.class)
-    public GlobalResponseBodyHandler globalReturnValueHandler() {
-        return new GlobalResponseBodyHandler();
-    }
-
-    @Bean
-    @ConditionalOnMissingBean(GlobalExceptionHandler.class)
-    public GlobalExceptionHandler globalExceptionHandler() {
-        return new GlobalExceptionHandler();
-    }
-
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(adminAccessLogInterceptor()).addPathPatterns(MallConstants.ROOT_PATH_ADMIN + "/**");

common/pom.xml

@@ -17,6 +17,7 @@
         <module>common-dependencies</module>
         <module>mall-spring-boot-starter-swagger</module>
         <module>mall-spring-boot-starter-web</module>
+        <module>mall-spring-boot-starter-security</module>
     </modules>
 
     <dependencyManagement>

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/config/ServiceExceptionConfiguration.java

@@ -1,7 +1,7 @@
 package cn.iocoder.mall.system.biz.config;
 
 import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.mall.system.biz.constant.SystemErrorCodeEnum;
+import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
 import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.event.EventListener;

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/convert/systemlog/SystemLogConvert.java

@@ -1,7 +1,9 @@
 package cn.iocoder.mall.system.biz.convert.systemlog;
 
-import cn.iocoder.mall.system.biz.dataobject.system.AccessLogDO;
+import cn.iocoder.mall.system.biz.dataobject.systemlog.AccessLogDO;
+import cn.iocoder.mall.system.biz.dataobject.systemlog.ExceptionLogDO;
 import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
+import cn.iocoder.mall.system.biz.dto.system.ExceptionLogAddDTO;
 import org.mapstruct.Mapper;
 import org.mapstruct.factory.Mappers;
 
@@ -12,4 +14,6 @@ public interface SystemLogConvert {
 
     AccessLogDO convert(AccessLogAddDTO accessLogAddDTO);
 
+    ExceptionLogDO convert(ExceptionLogAddDTO exceptionLogAddDTO);
+
 }

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dao/system/AccessLogMapper.java

@@ -1,6 +1,6 @@
 package cn.iocoder.mall.system.biz.dao.system;
 
-import cn.iocoder.mall.system.biz.dataobject.system.AccessLogDO;
+import cn.iocoder.mall.system.biz.dataobject.systemlog.AccessLogDO;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import org.springframework.stereotype.Repository;
 

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dao/system/ExceptionLogMapper.java

@@ -0,0 +1,10 @@
+package cn.iocoder.mall.system.biz.dao.system;
+
+import cn.iocoder.mall.system.biz.dataobject.systemlog.ExceptionLogDO;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface ExceptionLogMapper extends BaseMapper<ExceptionLogDO> {
+
+}

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dataobject/systemlog/AccessLogDO.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.system.biz.dataobject.system;
+package cn.iocoder.mall.system.biz.dataobject.systemlog;
 
 import cn.iocoder.common.framework.dataobject.BaseDO;
 import cn.iocoder.common.framework.vo.CommonResult;
@@ -27,12 +27,6 @@ public class AccessLogDO extends BaseDO {
      * 编号
      */
     private Integer id;
-    /**
-     * 链路追踪编号
-     *
-     * 一般来说，通过链路追踪编号，可以将访问日志，错误日志，链路追踪日志，logger 打印日志等，结合在一起，从而进行排错。
-     */
-    private String traceId;
     /**
      * 账号编号
      *
@@ -40,9 +34,11 @@ public class AccessLogDO extends BaseDO {
      */
     private Integer accountId;
     /**
-     * 用户类型
+     * 链路追踪编号
+     *
+     * 一般来说，通过链路追踪编号，可以将访问日志，错误日志，链路追踪日志，logger 打印日志等，结合在一起，从而进行排错。
      */
-    private Integer userType;
+    private String traceId;
     /**
      * 应用名
      *

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dataobject/systemlog/ExceptionLogDO.java

@@ -0,0 +1,120 @@
+package cn.iocoder.mall.system.biz.dataobject.systemlog;
+
+import cn.iocoder.common.framework.dataobject.BaseDO;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.Accessors;
+
+import java.util.Date;
+
+/**
+ * 异常日志 DO
+ */
+@Data
+@EqualsAndHashCode(callSuper = true)
+@Accessors(chain = true)
+@TableName("exception_log")
+public class ExceptionLogDO extends BaseDO {
+
+    /**
+     * 账号编号 - 空
+     */
+    public static final Integer ACCOUNT_ID_NULL = 0;
+
+    /**
+     * 编号
+     */
+    private Integer id;
+    /**
+     * 账号编号
+     *
+     * 空值 {@link #ACCOUNT_ID_NULL}
+     */
+    private Integer accountId;
+    /**
+     * 链路追踪编号
+     *
+     * 一般来说，通过链路追踪编号，可以将访问日志，错误日志，链路追踪日志，logger 打印日志等，结合在一起，从而进行排错。
+     */
+    private String traceId;
+    /**
+     * 应用名
+     *
+     * 目前读取 spring.application.name
+     */
+    private String applicationName;
+    /**
+     * 访问地址
+     */
+    private String uri;
+    /**
+     * 参数
+     */
+    private String queryString;
+    /**
+     * http 方法
+     */
+    private String method;
+    /**
+     * userAgent
+     */
+    private String userAgent;
+    /**
+     * ip
+     */
+    private String ip;
+    /**
+     * 异常发生时间
+     */
+    private Date exceptionTime;
+    /**
+     * 异常名
+     *
+     * {@link Throwable#getClass()} 的类全名
+     */
+    private String exceptionName;
+    /**
+     * 异常导致的消息
+     *
+     * {@link cn.iocoder.common.framework.util.ExceptionUtil#getMessage(Throwable)}
+     */
+    private String exceptionMessage;
+    /**
+     * 异常导致的根消息
+     *
+     * {@link cn.iocoder.common.framework.util.ExceptionUtil#getRootCauseMessage(Throwable)}
+     */
+    private String exceptionRootCauseMessage;
+    /**
+     * 异常的栈轨迹
+     *
+     * {@link cn.iocoder.common.framework.util.ExceptionUtil#getServiceException(Exception)}
+     */
+    private String exceptionStackTrace;
+    /**
+     * 异常发生的类全名
+     *
+     * {@link StackTraceElement#getClassName()}
+     */
+    private String exceptionClassName;
+    /**
+     * 异常发生的类文件
+     *
+     * {@link StackTraceElement#getFileName()}
+     */
+    private String exceptionFileName;
+    /**
+     * 异常发生的方法名
+     *
+     * {@link StackTraceElement#getMethodName()}
+     */
+    private String exceptionMethodName;
+    /**
+     * 异常发生的方法所在行
+     *
+     * {@link StackTraceElement#getLineNumber()}
+     */
+    private Integer exceptionLineNumber;
+
+}

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dto/oatuh2/OAuth2AccessTokenAuthenticateDTO.java

@@ -0,0 +1,18 @@
+package cn.iocoder.mall.system.biz.dto.oatuh2;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotNull;
+
+// TODO 注释
+@Data
+@Accessors(chain = true)
+public class OAuth2AccessTokenAuthenticateDTO {
+
+    @NotNull(message = "访问令牌不能为空")
+    private String accessToken;
+    @NotNull(message = "IP 不能为空")
+    private String ip;
+
+}

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dto/system/AccessLogAddDTO.java

@@ -18,12 +18,14 @@ public class AccessLogAddDTO {
      */
     public static final Integer ACCOUNT_ID_NULL = 0;
 
-    @NotNull(message = "链路追踪编号不能为空")
-    private String traceId;
     /**
      * 账号编号
      */
     private Integer accountId;
+    /**
+     * 链路编号
+     */
+    private String traceId;
     @NotNull(message = "应用名不能为空")
     private String applicationName;
     @NotNull(message = "访问地址不能为空")

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/dto/system/ExceptionLogAddDTO.java

@@ -1,10 +1,9 @@
-package cn.iocoder.mall.system.api.dto.systemlog;
+package cn.iocoder.mall.system.biz.dto.system;
 
 import lombok.Data;
 import lombok.experimental.Accessors;
 
 import javax.validation.constraints.NotNull;
-import java.io.Serializable;
 import java.util.Date;
 
 /**
@@ -12,19 +11,16 @@ import java.util.Date;
  */
 @Data
 @Accessors(chain = true)
-public class ExceptionLogAddDTO implements Serializable {
+public class ExceptionLogAddDTO {
 
     /**
-     * 用户编号 - 空
+     * 账号编号
+     */
+    private Integer accountId;
+    /**
+     * 链路编号
      */
-    public static final Integer USER_ID_NULL = 0;
-
-    @NotNull(message = "链路追踪编号不能为空")
     private String traceId;
-    @NotNull(message = "用户编号不能为空")
-    private Integer userId;
-    @NotNull(message = "用户类型不能为空")
-    private Integer userType;
     @NotNull(message = "应用名不能为空")
     private String applicationName;
     @NotNull(message = "访问地址不能为空")

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/enums/AdminErrorCodeEnum.java

@@ -5,6 +5,7 @@ package cn.iocoder.mall.system.biz.enums;
  *
  * 管理员系统，使用 1-002-000-000 段
  */
+@Deprecated
 public enum AdminErrorCodeEnum {
 
     // ========== OAUTH2 模块 ==========

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/enums/SystemErrorCodeEnum.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.system.biz.constant;
+package cn.iocoder.mall.system.biz.enums;
 
 import cn.iocoder.common.framework.util.ServiceExceptionUtil;
 
@@ -13,16 +13,13 @@ public enum SystemErrorCodeEnum implements ServiceExceptionUtil.Enumerable {
     OAUTH2_UNKNOWN(1001001000, "未知错误"), // 预留
     OAUTH2_ACCOUNT_NOT_FOUND(1001001001, "账号不存在"),
     OAUTH2_ACCOUNT_PASSWORD_ERROR(1001001002, "密码不正确"),
-////    OAUTH2_INVALID_GRANT_USERNAME_NOT_FOUND(1001001002, "账号不存在"), // 暂时没用到
+    OAUTH2_INVALID_TOKEN_NOT_FOUND(1002001011, "访问令牌不存在"),
-////    OAUTH2_INVALID_GRANT(1001001010, ""), // 预留
+    OAUTH2_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
-//    OAUTH2_INVALID_TOKEN_NOT_FOUND(1002001011, "访问令牌不存在"),
+    OAUTH2_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
-//    OAUTH2_INVALID_TOKEN_EXPIRED(1002001012, "访问令牌已过期"),
-//    OAUTH2_INVALID_TOKEN_INVALID(1002001013, "访问令牌已失效"),
 //    OAUTH2_NOT_LOGIN(1002001015, "账号未登陆"),
-//    OAUTH2_INVALID_TOKEN_ERROR_USER_TYPE(1002001016, "访问令牌用户类型不正确"),
 //    OAUTH_INVALID_REFRESH_TOKEN_NOT_FOUND(1002001017, "刷新令牌不存在"),
 //    OAUTH_INVALID_REFRESH_TOKEN_EXPIRED(1002001018, "访问令牌已过期"),
-//    OAUTH_INVALID_REFRESH_TOKEN_INVALID(1002001019, "刷新令牌已失效"),
+
 
     // ========== OAuth 手机验证码模块 ==========
     OAUTH2_MOBILE_CODE_NOT_FOUND(1001001100, "验证码不存在"),

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/enums/package-info.java

@@ -1,5 +0,0 @@
-/**
- * author: sin
- * time: 2020/4/20 10:12 上午
- */
-package cn.iocoder.mall.system.biz.enums;

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/oauth2/OAuth2MobileCodeServiceImpl.java

@@ -6,14 +6,13 @@ import cn.iocoder.common.framework.util.ValidationUtil;
 import cn.iocoder.mall.system.biz.dao.oauth2.OAuth2MobileCodeMapper;
 import cn.iocoder.mall.system.biz.dataobject.oauth2.OAuth2MobileCodeDO;
 import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2MobileCodeSendDTO;
-import cn.iocoder.mall.system.biz.service.oauth2.OAuth2MobileCodeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 import java.util.Date;
 
-import static cn.iocoder.mall.system.biz.constant.SystemErrorCodeEnum.*;
+import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.*;
 
 @Service
 public class OAuth2MobileCodeServiceImpl implements OAuth2MobileCodeService {

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/oauth2/OAuth2Service.java

@@ -1,6 +1,7 @@
 package cn.iocoder.mall.system.biz.service.oauth2;
 
 import cn.iocoder.mall.system.biz.bo.ouath2.OAuth2AccessTokenBO;
+import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2AccessTokenAuthenticateDTO;
 import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2MobileCodeAuthenticateDTO;
 import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2UsernameAuthenticateDTO;
 
@@ -13,4 +14,6 @@ public interface OAuth2Service {
 
     OAuth2AccessTokenBO authenticate(OAuth2MobileCodeAuthenticateDTO authenticateDTO);
 
+    OAuth2AccessTokenBO authenticate(OAuth2AccessTokenAuthenticateDTO authenticateDTO);
+
 }

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/oauth2/OAuth2ServiceImpl.java

@@ -11,8 +11,10 @@ import cn.iocoder.mall.system.biz.dao.oauth2.OAuth2RefreshTokenMapper;
 import cn.iocoder.mall.system.biz.dataobject.oauth2.OAuth2AccessTokenDO;
 import cn.iocoder.mall.system.biz.dataobject.oauth2.OAuth2RefreshTokenDO;
 import cn.iocoder.mall.system.biz.dto.account.AccountCreateDTO;
+import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2AccessTokenAuthenticateDTO;
 import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2MobileCodeAuthenticateDTO;
 import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2UsernameAuthenticateDTO;
+import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
 import cn.iocoder.mall.system.biz.service.account.AccountService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -22,8 +24,8 @@ import org.springframework.transaction.annotation.Transactional;
 import java.util.Date;
 import java.util.UUID;
 
-import static cn.iocoder.mall.system.biz.constant.SystemErrorCodeEnum.OAUTH2_ACCOUNT_NOT_FOUND;
+import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.OAUTH2_ACCOUNT_NOT_FOUND;
-import static cn.iocoder.mall.system.biz.constant.SystemErrorCodeEnum.OAUTH2_ACCOUNT_PASSWORD_ERROR;
+import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.OAUTH2_ACCOUNT_PASSWORD_ERROR;
 
 @Service
 public class OAuth2ServiceImpl implements OAuth2Service {
@@ -95,6 +97,22 @@ public class OAuth2ServiceImpl implements OAuth2Service {
         return OAuth2Convert.INSTANCE.convert(oauth2AccessTokenDO);
     }
 
+    @Override
+    public OAuth2AccessTokenBO authenticate(OAuth2AccessTokenAuthenticateDTO authenticateDTO) {
+        OAuth2AccessTokenDO oauth2AccessTokenDO = oauth2AccessTokenMapper.selectById(authenticateDTO.getAccessToken());
+        if (oauth2AccessTokenDO == null) { // 不存在
+            throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_NOT_FOUND.getCode());
+        }
+        if (oauth2AccessTokenDO.getExpiresTime().getTime() < System.currentTimeMillis()) { // 已过期
+            throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_EXPIRED.getCode());
+        }
+        if (!oauth2AccessTokenDO.getValid()) { // 无效
+            throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_INVALID_TOKEN_INVALID.getCode());
+        }
+        // 转换返回
+        return OAuth2Convert.INSTANCE.convert(oauth2AccessTokenDO);
+    }
+
     private OAuth2AccessTokenDO createOAuth2AccessToken(Integer accountId, String refreshToken) {
         OAuth2AccessTokenDO accessToken = new OAuth2AccessTokenDO()
                 .setId(generateAccessToken())

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/system/SystemLogService.java

@@ -1,9 +0,0 @@
-package cn.iocoder.mall.system.biz.service.system;
-
-import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
-
-public interface SystemLogService {
-
-    void addAccessLog(AccessLogAddDTO accessLogAddDTO);
-
-}

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/systemlog/SystemLogService.java

@@ -0,0 +1,12 @@
+package cn.iocoder.mall.system.biz.service.systemlog;
+
+import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
+import cn.iocoder.mall.system.biz.dto.system.ExceptionLogAddDTO;
+
+public interface SystemLogService {
+
+    void addAccessLog(AccessLogAddDTO accessLogAddDTO);
+
+    void addExceptionLog(ExceptionLogAddDTO exceptionLogAddDTO);
+
+}

system/system-biz/src/main/java/cn/iocoder/mall/system/biz/service/systemlog/SystemLogServiceImpl.java

@@ -1,9 +1,12 @@
-package cn.iocoder.mall.system.biz.service.system;
+package cn.iocoder.mall.system.biz.service.systemlog;
 
 import cn.iocoder.mall.system.biz.convert.systemlog.SystemLogConvert;
 import cn.iocoder.mall.system.biz.dao.system.AccessLogMapper;
-import cn.iocoder.mall.system.biz.dataobject.system.AccessLogDO;
+import cn.iocoder.mall.system.biz.dao.system.ExceptionLogMapper;
+import cn.iocoder.mall.system.biz.dataobject.systemlog.AccessLogDO;
+import cn.iocoder.mall.system.biz.dataobject.systemlog.ExceptionLogDO;
 import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
+import cn.iocoder.mall.system.biz.dto.system.ExceptionLogAddDTO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -14,6 +17,8 @@ public class SystemLogServiceImpl implements SystemLogService {
 
     @Autowired
     private AccessLogMapper accessLogMapper;
+    @Autowired
+    private ExceptionLogMapper exceptionLogMapper;
 
     @Override
     public void addAccessLog(AccessLogAddDTO accessLogAddDTO) {
@@ -25,4 +30,14 @@ public class SystemLogServiceImpl implements SystemLogService {
         accessLogMapper.insert(logDO);
     }
 
+    @Override
+    public void addExceptionLog(ExceptionLogAddDTO exceptionLogAddDTO) {
+        ExceptionLogDO logDO = SystemLogConvert.INSTANCE.convert(exceptionLogAddDTO);
+        if (logDO.getAccountId() == null) {
+            logDO.setAccountId(ExceptionLogDO.ACCOUNT_ID_NULL);
+        }
+        logDO.setCreateTime(new Date());
+        exceptionLogMapper.insert(logDO);
+    }
+
 }

system/system-rest/src/main/java/cn/iocoder/mall/system/rest/controller/oauth2/AdminsOAuth2Controller.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.system.rest.controller.admin;
+package cn.iocoder.mall.system.rest.controller.oauth2;
 
 import cn.iocoder.common.framework.constant.MallConstants;
 import cn.iocoder.common.framework.util.ServiceExceptionUtil;
@@ -18,7 +18,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static cn.iocoder.mall.system.biz.constant.SystemErrorCodeEnum.*;
+import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.*;
 
 @RestController
 @RequestMapping(MallConstants.ROOT_PATH_ADMIN + "/oauth2")
@@ -30,7 +30,7 @@ public class AdminsOAuth2Controller {
     @Autowired
     private AdminService adminService;
 
-    @PostMapping("/username_authenticate")
+    @PostMapping("/username-authenticate")
     @ApiOperation("用户名认证")
     public CommonResult<AdminsOAuth2AuthenticateResponse> usernameAuthenticate(AdminsOAuth2UsernameAuthenticateRequest request) {
         // 执行认证

system/system-rest/src/main/java/cn/iocoder/mall/system/rest/controller/oauth2/UsersOAuth2Controller.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.system.rest.controller.users;
+package cn.iocoder.mall.system.rest.controller.oauth2;
 
 import cn.iocoder.common.framework.constant.MallConstants;
 import cn.iocoder.common.framework.util.HttpUtil;
@@ -35,12 +35,10 @@ public class UsersOAuth2Controller {
     @Autowired
     private OAuth2MobileCodeService oauth2MobileCodeService;
 
-    @PostMapping("/mobile_code_authenticate")
+    @PostMapping("/mobile-code-authenticate")
     @ApiOperation("手机验证码认证")
-    public CommonResult<UsersOAuth2AuthenticateResponse> mobileCodeAuthenticate(
+    public CommonResult<UsersOAuth2AuthenticateResponse> mobileCodeAuthenticate(UsersOAuth2MobileCodeAuthenticateRequest request,
-            UsersOAuth2MobileCodeAuthenticateRequest request,
+            HttpServletRequest httpRequest) {
-            HttpServletRequest httpRequest
-    ) {
         // 执行认证
         OAuth2MobileCodeAuthenticateDTO authenticateDTO = UsersOAuth2Convert.INSTANCE.convert(request)
                 .setIp(HttpUtil.getIp(httpRequest));
@@ -51,10 +49,11 @@ public class UsersOAuth2Controller {
         );
     }
 
-    @PostMapping("/send_mobile_code")
+    @PostMapping("/send-mobile-code")
     @ApiOperation("发送手机验证码")
     @ApiImplicitParam(name = "mobile", value = "手机号", required = true, example = "15601691234")
-    public CommonResult<Boolean> sendMobileCode(@RequestParam("mobile") String mobile, HttpServletRequest request) {
+    public CommonResult<Boolean> sendMobileCode(@RequestParam("mobile") String mobile,
+                                                HttpServletRequest request) {
         // 执行发送验证码
         OAuth2MobileCodeSendDTO sendDTO = new OAuth2MobileCodeSendDTO()
                 .setMobile(mobile).setIp(HttpUtil.getIp(request));

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/api/SystemLogRPC.java

@@ -1,10 +0,0 @@
-package cn.iocoder.mall.system.rpc.api;
-
-import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.system.rpc.request.system.AccessLogAddRequest;
-
-public interface SystemLogRPC {
-
-    CommonResult<Boolean> addAccessLog(AccessLogAddRequest accessLogAddRequest);
-
-}

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/api/oauth2/OAuth2RPC.java

@@ -0,0 +1,11 @@
+package cn.iocoder.mall.system.rpc.api.oauth2;
+
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
+import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
+
+public interface OAuth2RPC {
+
+    CommonResult<OAuth2AccessTokenResponse> authenticate(OAuth2AccessTokenAuthenticateRequest request);
+
+}

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/api/systemlog/SystemLogRPC.java

@@ -0,0 +1,13 @@
+package cn.iocoder.mall.system.rpc.api.systemlog;
+
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.rpc.request.systemlog.AccessLogAddRequest;
+import cn.iocoder.mall.system.rpc.request.systemlog.ExceptionLogAddRequest;
+
+public interface SystemLogRPC {
+
+    CommonResult<Boolean> addAccessLog(AccessLogAddRequest accessLogAddRequest);
+
+    CommonResult<Boolean> addExceptionLog(ExceptionLogAddRequest exceptionLogAddRequest);
+
+}

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/request/oauth2/OAuth2AccessTokenAuthenticateRequest.java

@@ -0,0 +1,20 @@
+package cn.iocoder.mall.system.rpc.request.oauth2;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotNull;
+
+/**
+ * OAuth2 访问令牌认证 Request
+ */
+@Data
+@Accessors(chain = true)
+public class OAuth2AccessTokenAuthenticateRequest {
+
+    @NotNull(message = "访问令牌不能为空")
+    private String accessToken;
+    @NotNull(message = "IP 不能为空")
+    private String ip;
+
+}

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/request/package-info.java

@@ -1 +0,0 @@
-package cn.iocoder.mall.system.rpc.request;

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/request/systemlog/AccessLogAddRequest.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.system.rpc.request.system;
+package cn.iocoder.mall.system.rpc.request.systemlog;
 
 import lombok.Data;
 import lombok.experimental.Accessors;
@@ -7,7 +7,7 @@ import javax.validation.constraints.NotNull;
 import java.util.Date;
 
 /**
- * 访问日志添加请求
+ * 访问日志添加 Request
  */
 @Data
 @Accessors(chain = true)

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/request/systemlog/ExceptionLogAddRequest.java

@@ -0,0 +1,55 @@
+package cn.iocoder.mall.system.rpc.request.systemlog;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotNull;
+import java.util.Date;
+
+/**
+ * 异常日志添加 Request
+ */
+@Data
+@Accessors(chain = true)
+public class ExceptionLogAddRequest {
+
+    /**
+     * 账号编号
+     */
+    private Integer accountId;
+    /**
+     * 链路编号
+     */
+    private String traceId;
+    @NotNull(message = "应用名不能为空")
+    private String applicationName;
+    @NotNull(message = "访问地址不能为空")
+    private String uri;
+    @NotNull(message = "请求参数不能为空")
+    private String queryString;
+    @NotNull(message = "http 请求方法不能为空")
+    private String method;
+    @NotNull(message = "User-Agent 不能为空")
+    private String userAgent;
+    @NotNull(message = "ip 不能为空")
+    private String ip;
+    @NotNull(message = "异常时间不能为空")
+    private Date exceptionTime;
+    @NotNull(message = "异常名不能为空")
+    private String exceptionName;
+    @NotNull(message = "异常发生的类全名不能为空")
+    private String exceptionClassName;
+    @NotNull(message = "异常发生的类文件不能为空")
+    private String exceptionFileName;
+    @NotNull(message = "异常发生的方法名不能为空")
+    private String exceptionMethodName;
+    @NotNull(message = "异常发生的方法所在行不能为空")
+    private Integer exceptionLineNumber;
+    @NotNull(message = "异常的栈轨迹不能为空")
+    private String exceptionStackTrace;
+    @NotNull(message = "异常导致的根消息不能为空")
+    private String exceptionRootCauseMessage;
+    @NotNull(message = "异常导致的消息不能为空")
+    private String exceptionMessage;
+
+}

system/system-rpc-api/src/main/java/cn/iocoder/mall/system/rpc/response/oauth2/OAuth2AccessTokenResponse.java

@@ -1,13 +1,16 @@
-package cn.iocoder.mall.user.biz.dataobject;
+package cn.iocoder.mall.system.rpc.response.oauth2;
 
 import lombok.Data;
 import lombok.experimental.Accessors;
 
 import java.util.Date;
 
+/**
+ * OAuth2 认证 Response
+ */
 @Data
 @Accessors(chain = true)
-public class OAuth2AccessTokenDO {
+public class OAuth2AccessTokenResponse {
 
     /**
      * 访问令牌
@@ -18,20 +21,12 @@ public class OAuth2AccessTokenDO {
      */
     private String refreshToken;
     /**
-     * 用户编号
+     * 账号编号
      */
-    private Integer userId;
+    private Integer accountId;
     /**
      * 过期时间
      */
     private Date expiresTime;
-    /**
-     * 是否有效
-     */
-    private Boolean valid;
-    /**
-     * 创建时间
-     */
-    private Date createTime;
 
 }

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/convert/SystemLogConvert.java

@@ -1,15 +0,0 @@
-package cn.iocoder.mall.system.rpc.convert;
-
-import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
-import cn.iocoder.mall.system.rpc.request.system.AccessLogAddRequest;
-import org.mapstruct.Mapper;
-import org.mapstruct.factory.Mappers;
-
-@Mapper
-public interface SystemLogConvert {
-
-    SystemLogConvert INSTANCE = Mappers.getMapper(SystemLogConvert.class);
-
-    AccessLogAddDTO convert(AccessLogAddRequest accessLogAddRequest);
-
-}

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/convert/oauth2/OAuth2Convert.java

@@ -0,0 +1,19 @@
+package cn.iocoder.mall.system.rpc.convert.oauth2;
+
+import cn.iocoder.mall.system.biz.bo.ouath2.OAuth2AccessTokenBO;
+import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2AccessTokenAuthenticateDTO;
+import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
+import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
+import org.mapstruct.Mapper;
+import org.mapstruct.factory.Mappers;
+
+@Mapper
+public interface OAuth2Convert {
+
+    OAuth2Convert INSTANCE = Mappers.getMapper(OAuth2Convert.class);
+
+    OAuth2AccessTokenAuthenticateDTO convert(OAuth2AccessTokenAuthenticateRequest authenticateRequest);
+
+    OAuth2AccessTokenResponse convert(OAuth2AccessTokenBO accessTokenBO);
+
+}

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/convert/systemlog/SystemLogConvert.java

@@ -0,0 +1,19 @@
+package cn.iocoder.mall.system.rpc.convert.systemlog;
+
+import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
+import cn.iocoder.mall.system.biz.dto.system.ExceptionLogAddDTO;
+import cn.iocoder.mall.system.rpc.request.systemlog.AccessLogAddRequest;
+import cn.iocoder.mall.system.rpc.request.systemlog.ExceptionLogAddRequest;
+import org.mapstruct.Mapper;
+import org.mapstruct.factory.Mappers;
+
+@Mapper
+public interface SystemLogConvert {
+
+    SystemLogConvert INSTANCE = Mappers.getMapper(SystemLogConvert.class);
+
+    AccessLogAddDTO convert(AccessLogAddRequest accessLogAddRequest);
+
+    ExceptionLogAddDTO convert(ExceptionLogAddRequest exceptionLogAddRequest);
+
+}

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/rpc/SystemLogRPCImpl.java

@@ -1,25 +0,0 @@
-package cn.iocoder.mall.system.rpc.rpc;
-
-import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
-import cn.iocoder.mall.system.biz.service.system.SystemLogService;
-import cn.iocoder.mall.system.rpc.api.SystemLogRPC;
-import cn.iocoder.mall.system.rpc.convert.SystemLogConvert;
-import cn.iocoder.mall.system.rpc.request.system.AccessLogAddRequest;
-import org.apache.dubbo.config.annotation.Service;
-import org.springframework.beans.factory.annotation.Autowired;
-
-@Service(version = "${dubbo.provider.SystemLogRPC.version}", validation = "true")
-public class SystemLogRPCImpl implements SystemLogRPC {
-
-    @Autowired
-    private SystemLogService systemLogService;
-
-    @Override
-    public CommonResult<Boolean> addAccessLog(AccessLogAddRequest accessLogAddRequest) {
-        AccessLogAddDTO accessLogAddDTO = SystemLogConvert.INSTANCE.convert(accessLogAddRequest);
-        systemLogService.addAccessLog(accessLogAddDTO);
-        return CommonResult.success(true);
-    }
-
-}

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/rpc/oauth2/OAuth2RPCImpl.java

@@ -0,0 +1,30 @@
+package cn.iocoder.mall.system.rpc.rpc.oauth2;
+
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.biz.bo.ouath2.OAuth2AccessTokenBO;
+import cn.iocoder.mall.system.biz.dto.oatuh2.OAuth2AccessTokenAuthenticateDTO;
+import cn.iocoder.mall.system.biz.service.oauth2.OAuth2Service;
+import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
+import cn.iocoder.mall.system.rpc.convert.oauth2.OAuth2Convert;
+import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
+import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
+import org.apache.dubbo.config.annotation.Service;
+import org.springframework.beans.factory.annotation.Autowired;
+
+@Service(version = "${dubbo.provider.OAuth2RPC.version}", validation = "true")
+public class OAuth2RPCImpl implements OAuth2RPC {
+
+    @Autowired
+    private OAuth2Service oauth2Service;
+
+    @Override
+    public CommonResult<OAuth2AccessTokenResponse> authenticate(OAuth2AccessTokenAuthenticateRequest authenticateRequest) {
+        // 执行认证
+        OAuth2AccessTokenAuthenticateDTO authenticateDTO = OAuth2Convert.INSTANCE.convert(authenticateRequest);
+        OAuth2AccessTokenBO accessTokenBO = oauth2Service.authenticate(authenticateDTO);
+        // 返回结果
+        OAuth2AccessTokenResponse accessTokenResponse = OAuth2Convert.INSTANCE.convert(accessTokenBO);
+        return CommonResult.success(accessTokenResponse);
+    }
+
+}

system/system-rpc/src/main/java/cn/iocoder/mall/system/rpc/rpc/systemlog/SystemLogRPCImpl.java

@@ -0,0 +1,34 @@
+package cn.iocoder.mall.system.rpc.rpc.systemlog;
+
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.biz.dto.system.AccessLogAddDTO;
+import cn.iocoder.mall.system.biz.dto.system.ExceptionLogAddDTO;
+import cn.iocoder.mall.system.biz.service.systemlog.SystemLogService;
+import cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC;
+import cn.iocoder.mall.system.rpc.convert.systemlog.SystemLogConvert;
+import cn.iocoder.mall.system.rpc.request.systemlog.AccessLogAddRequest;
+import cn.iocoder.mall.system.rpc.request.systemlog.ExceptionLogAddRequest;
+import org.apache.dubbo.config.annotation.Service;
+import org.springframework.beans.factory.annotation.Autowired;
+
+@Service(version = "${dubbo.provider.SystemLogRPC.version}", validation = "true")
+public class SystemLogRPCImpl implements SystemLogRPC {
+
+    @Autowired
+    private SystemLogService systemLogService;
+
+    @Override
+    public CommonResult<Boolean> addAccessLog(AccessLogAddRequest accessLogAddRequest) {
+        AccessLogAddDTO accessLogAddDTO = SystemLogConvert.INSTANCE.convert(accessLogAddRequest);
+        systemLogService.addAccessLog(accessLogAddDTO);
+        return CommonResult.success(true);
+    }
+
+    @Override
+    public CommonResult<Boolean> addExceptionLog(ExceptionLogAddRequest exceptionLogAddRequest) {
+        ExceptionLogAddDTO exceptionLogAddDTO = SystemLogConvert.INSTANCE.convert(exceptionLogAddRequest);
+        systemLogService.addExceptionLog(exceptionLogAddDTO);
+        return CommonResult.success(true);
+    }
+
+}

system/system-rpc/src/main/resources/rpc.yaml

@@ -15,6 +15,8 @@ dubbo:
     filter: -exception
     SystemLogRPC:
       version: 1.0.0
+    OAuth2RPC:
+      version: 1.0.0
   # Dubbo 服务消费者的配置
   consumer:
     SystemLogRPC: # 用于 AccessLogInterceptor 等拦截器，记录 HTTP API 请求的访问日志

system/system-service-api/src/main/java/cn/iocoder/mall/system/api/SystemLogService.java

@@ -12,9 +12,6 @@ import cn.iocoder.mall.system.api.dto.systemlog.ExceptionLogAddDTO;
  */
 public interface SystemLogService {
 
-    void addAccessLog(AccessLogAddDTO accessLogAddDTO);
-
-    void addExceptionLog(ExceptionLogAddDTO exceptionLogAddDTO);
-
     AccessLogPageBO getAccessLogPage(AccessLogPageDTO accessLogPageDTO);
+
 }

system/system-service-api/src/main/java/cn/iocoder/mall/system/api/dto/systemlog/AccessLogAddDTO.java

@@ -1,52 +0,0 @@
-package cn.iocoder.mall.system.api.dto.systemlog;
-
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import javax.validation.constraints.NotNull;
-import java.io.Serializable;
-import java.util.Date;
-
-/**
- * 访问日志添加 DTO
- */
-@Data
-@Accessors(chain = true)
-public class AccessLogAddDTO implements Serializable {
-
-    /**
-     * 用户编号 - 空
-     */
-    public static final Integer USER_ID_NULL = 0;
-
-    @NotNull(message = "链路追踪编号不能为空")
-    private String traceId;
-    @NotNull(message = "用户编号不能为空")
-    private Integer userId;
-    @NotNull(message = "用户类型不能为空")
-    private Integer userType;
-    @NotNull(message = "应用名不能为空")
-    private String applicationName;
-    @NotNull(message = "访问地址不能为空")
-    private String uri;
-    @NotNull(message = "请求参数不能为空")
-    private String queryString;
-    @NotNull(message = "http 请求方法不能为空")
-    private String method;
-    @NotNull(message = "User-Agent 不能为空")
-    private String userAgent;
-    @NotNull(message = "ip 不能为空")
-    private String ip;
-    @NotNull(message = "请求时间不能为空")
-    private Date startTime;
-    @NotNull(message = "响应时长不能为空")
-    private Integer responseTime;
-    @NotNull(message = "错误码不能为空")
-    private Integer errorCode;
-    /**
-     * 错误提示
-     */
-    private String errorMessage;
-
-}

user/user-rest/src/main/java/cn/iocoder/mall/user/rest/controller/TestController.java

@@ -1,7 +1,7 @@
 package cn.iocoder.mall.user.rest.controller;
 
 import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.web.constant.CommonMallConstants;
+import cn.iocoder.mall.web.core.constant.CommonMallConstants;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/MobileCodeDO.java

@@ -1,45 +0,0 @@
-package cn.iocoder.mall.user.biz.dataobject;
-
-import cn.iocoder.common.framework.dataobject.BaseDO;
-import com.baomidou.mybatisplus.annotation.TableName;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import java.util.Date;
-
-// TODO 优化，IP
-@TableName("mobile_code")
-@Data
-@Accessors(chain = true)
-public class MobileCodeDO extends BaseDO {
-
-    /**
-     * 编号
-     */
-    private Integer id;
-    /**
-     * 手机号
-     */
-    private String mobile;
-    /**
-     * 验证码
-     */
-    private String code;
-    /**
-     * 今日发送的第几条
-     */
-    private Integer todayIndex;
-    /**
-     * 是否使用
-     */
-    private Boolean used;
-    /**
-     * 注册的用户编号
-     */
-    private Integer usedUserId;
-    /**
-     * 使用时间
-     */
-    private Date usedTime;
-
-}

user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/OAuth2RefreshTokenDO.java

@@ -1,38 +0,0 @@
-package cn.iocoder.mall.user.biz.dataobject;
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import java.util.Date;
-
-/**
- * 刷新令牌
- *
- * idx_uid
- */
-@Data
-@Accessors(chain = true)
-public class OAuth2RefreshTokenDO {
-
-    /**
-     * 刷新令牌
-     */
-    private String id;
-    /**
-     * 用户编号
-     */
-    private Integer userId;
-    /**
-     * 是否有效
-     */
-    private Boolean valid;
-    /**
-     * 过期时间
-     */
-    private Date expiresTime;
-    /**
-     * 创建时间
-     */
-    private Date createTime;
-
-}