Merge remote-tracking branch 'origin/master'

pom.xml

@@ -115,6 +115,20 @@
             <version>2.3.1</version>
         </dependency>
 
+        <!-- Sa-Token 权限认证（Reactor响应式集成）, 在线文档：http://sa-token.dev33.cn/ -->
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-reactor-spring-boot-starter</artifactId>
+            <version>1.30.0</version>
+        </dependency>
+
+        <!-- Sa-Token 整合 jwt -->
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-jwt</artifactId>
+            <version>1.30.0</version>
+        </dependency>
+
     </dependencies>
 
     <dependencyManagement>

src/main/java/com/fdkankan/gateway/config/SaTokenConfigure.java

@@ -0,0 +1,69 @@
+package com.fdkankan.gateway.config;
+
+import cn.dev33.satoken.jwt.StpLogicJwtForMixin;
+import cn.dev33.satoken.reactor.filter.SaReactorFilter;
+import cn.dev33.satoken.router.SaRouter;
+import cn.dev33.satoken.stp.StpLogic;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.fdkankan.common.response.ResultData;
+import com.fdkankan.redis.util.RedisUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SaTokenConfigure {
+
+    @Autowired
+    RedisUtil redisUtil;
+
+    // 注册 Sa-Token全局过滤器
+    @Bean
+    public SaReactorFilter getSaReactorFilter() {
+        return new SaReactorFilter()
+                // 拦截地址 管理后台地址
+                .addInclude("/service/manage/**")
+                // 开放地址
+                .addExclude("/favicon.ico")
+                // 鉴权方法：每次访问进入
+                .setAuth(obj -> {
+                    // 登录校验 -- 拦截所有路由
+                    SaRouter.match("/**",  r -> StpUtil.checkLogin());
+                    //从redis中获取路由对应 权限
+                    String menu = redisUtil.get("manage_perm_menu");
+                    if(StringUtils.isBlank(menu)){
+                        SaRouter.match("/**", r -> StpUtil.checkRole("super-admin"));
+                    }
+                    JSONArray menuArray = JSONObject.parseArray(menu);
+                    for (Object o : menuArray) {
+                        JSONObject jsonObject = (JSONObject)  o;
+                        String url = jsonObject.getString("url");
+                        String perm = jsonObject.getString("perms");
+                        SaRouter.match(url, r -> StpUtil.checkPermission(perm));
+                    }
+
+                    // 权限认证 -- 不同模块, 校验不同权限
+                   // SaRouter.match("/admin/**", r -> StpUtil.checkPermission("admin"));
+                    // ...
+                })
+                // 异常处理方法：每次setAuth函数出现异常时进入
+//                .setError(e -> {
+//                    return SaResult.error(e.getMessage());
+//                })
+                ;
+    }
+
+    // Sa-Token 整合 jwt
+    //Stateless 无状态模式 纯jwt
+    //Mixin 混入模式 jwt 与 Redis 逻辑混合
+    //Simple 简单模式   Token风格替换
+    @Bean
+    public StpLogic getStpLogicJwt() {
+        return new StpLogicJwtForMixin();
+    }
+}
+

src/main/java/com/fdkankan/gateway/config/StpInterfaceImpl.java

@@ -0,0 +1,46 @@
+package com.fdkankan.gateway.config;
+
+import cn.dev33.satoken.stp.StpInterface;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.fdkankan.common.constant.ErrorCode;
+import com.fdkankan.common.exception.BusinessException;
+import com.fdkankan.redis.util.RedisUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Component
+public class StpInterfaceImpl implements StpInterface {
+
+    @Autowired
+    RedisUtil redisUtil;
+
+    @Override
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        String permString = redisUtil.get("manage_perm_user:" + loginId);
+        if(StringUtils.isBlank(permString)){
+            throw new BusinessException(ErrorCode.USER_NOT_LOGIN);
+        }
+        JSONArray jsonArray = JSONObject.parseArray(permString);
+        List<String> permList = jsonArray.toJavaList(String.class);
+        //从redis 中获取登录用户权限
+        return permList;
+    }
+
+    @Override
+    public List<String> getRoleList(Object loginId, String loginType) {
+        //从redis 中获取登录用户角色
+        String roleString = redisUtil.get("manage_role_user:" + loginId);
+        if(StringUtils.isBlank(roleString)){
+            throw new BusinessException(ErrorCode.USER_NOT_LOGIN);
+        }
+        JSONArray jsonArray = JSONObject.parseArray(roleString);
+        List<String> roleList = jsonArray.toJavaList(String.class);
+        return roleList;
+    }
+}

src/main/java/com/fdkankan/gateway/exception/JsonErrorWebExceptionHandler.java

@@ -1,6 +1,8 @@
 package com.fdkankan.gateway.exception;
 
 
+import cn.dev33.satoken.exception.*;
+import com.fdkankan.common.constant.ErrorCode;
 import com.fdkankan.common.constant.ServerCode;
 import com.fdkankan.common.exception.BusinessException;
 import org.springframework.boot.autoconfigure.web.ErrorProperties;
@@ -11,6 +13,7 @@ import org.springframework.boot.web.reactive.error.ErrorAttributes;
 import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.reactive.function.server.*;
+import sun.nio.cs.ext.MS874;
 
 import java.util.Calendar;
 import java.util.HashMap;
@@ -29,16 +32,30 @@ public class JsonErrorWebExceptionHandler extends DefaultErrorWebExceptionHandle
     protected Map<String, Object> getErrorAttributes(ServerRequest request, ErrorAttributeOptions options) {
 
         // 这里其实可以根据异常类型进行定制化逻辑
-        Throwable error = super.getError(request);
+        Throwable error = super.getError(request).getCause();
         Map<String, Object> errorAttributes = new HashMap<>(8);
 
-        if(error instanceof BusinessException){
-            errorAttributes.put("code", ((BusinessException) error).getCode());
-            errorAttributes.put("message", ((BusinessException) error).getMessage());
-        }else{
-            errorAttributes.put("code", ServerCode.SYSTEM_ERROR.code());
-            errorAttributes.put("message", ServerCode.SYSTEM_ERROR.message());
+        Integer code = ServerCode.SYSTEM_ERROR.code();
+        String message = ServerCode.SYSTEM_ERROR.message();
+        if(error instanceof NotLoginException){
+            code = 201;
+            message = "请重新登录";
+        }else if(error instanceof NotRoleException){
+            code = 202;
+            message = "无此角色：" + ((NotRoleException) error).getRole();
+        }else if(error instanceof NotPermissionException){
+            code = 201;
+            message = "无此权限：" + ((NotPermissionException) error).getPermission();
+        }else if(error instanceof DisableLoginException){
+            code = 201;
+            message = "账号被封禁：" + ((DisableLoginException) error).getDisableTime() + "秒后解封";
+        } else if(error instanceof BusinessException){
+           code = ((BusinessException) error).getCode();
+           message = error.getMessage();
         }
+
+        errorAttributes.put("code", code);
+        errorAttributes.put("message", message);
         errorAttributes.put("method", request.methodName());
         errorAttributes.put("path", request.path());
         errorAttributes.put("timestamp", Calendar.getInstance().getTimeInMillis());

src/main/resources/bootstrap-dev.yml

@@ -4,7 +4,7 @@ spring:
   cloud:
     nacos:
       config:
-        server-addr: 192.168.0.47:8848
+        server-addr: 120.24.144.164:8848
         file-extension: yaml
         namespace: 4dkankan-dev
         extension-configs:
@@ -19,8 +19,12 @@ spring:
           - data-id: common-mongodb-config.yaml
             group: DEFAULT_GROUP
             refresh: true
+
+          - data-id: common-satoken-config.yaml
+            group: DEFAULT_GROUP
+            refresh: true
       discovery:
-        server-addr: 192.168.0.47:8848
+        server-addr: 120.24.144.164:8848
         namespace: 4dkankan-dev
 
 management: