diff --git a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java index 02d3389f..7cf3d6be 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java +++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java @@ -1,5 +1,11 @@ package io.renren.modules.security.oauth2; +import cn.hutool.core.date.DateField; +import cn.hutool.core.date.DateUnit; +import cn.hutool.core.date.DateUtil; +import cn.hutool.core.net.url.UrlBuilder; +import cn.hutool.core.util.CharsetUtil; +import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.google.gson.Gson; @@ -9,14 +15,17 @@ import io.renren.modules.security.service.SysUserTokenService; import io.renren.modules.security.user.SecurityUser; import io.renren.modules.sys.dao.SysUserDao; import io.renren.modules.sys.entity.SysUserEntity; +import lombok.Data; import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpStatus; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.web.filter.authc.AuthenticatingFilter; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; @@ -24,6 +33,8 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Date; +import java.util.HashMap; import java.util.Map; /** @@ -43,6 +54,29 @@ public class Oauth2Filter extends AuthenticatingFilter { @Autowired(required = false) private SSOValidator ssoValidator; + + @Value("${shangdongtong.enable}") + private boolean sdtEnable; + + @Value("${shangdongtong.corpid}") + private String corpid; + @Value("${shangdongtong.agentId}") + private String agentId; + @Value("${shangdongtong.secret}") + private String secret; + @Value("${shangdongtong.url}") + private String apiUrl; + + @Autowired + private RestTemplate restTemplate; + + static class SDTToken{ + private String accessToken; + private Date expiresIn; + } + + static private SDTToken sdtToken; + @Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { //获取请求token @@ -157,6 +191,66 @@ public class Oauth2Filter extends AuthenticatingFilter { requestUri = request.getRequestURI(); } + //先在这里直接处理山东通逻辑,有时间再重构 + if (sdtEnable && requestUri.contains("code=") && requestUri.contains("state=")) { + if (sdtToken == null || sdtToken.expiresIn.before(new Date()) || sdtToken.accessToken == null) { + synchronized (this.getClass()){ + if (sdtToken == null || sdtToken.expiresIn.before(new Date()) || sdtToken.accessToken == null) { + String sdtApiUrl = String.format("%s/cgi-bin/gettoken?corpid=%s&corpsecret=%s",apiUrl, corpid, secret); + JSONObject tokenObj = restTemplate.getForObject(sdtApiUrl, JSONObject.class); + if (tokenObj.getIntValue("errcode") == 0) { + SDTToken token = new SDTToken(); + token.accessToken = tokenObj.getString("access_token"); + Integer expiresIn = tokenObj.getInteger("expires_in"); + //提前5分钟,防止误差 + Integer expiresOffset = 60 * 5; + expiresIn = expiresIn < expiresOffset ? expiresIn / 2 : expiresIn -expiresOffset; + token.expiresIn = DateUtil.offset(new Date(), DateField.SECOND, expiresIn); + sdtToken = token; + } + } + } + } + UrlBuilder urlBuilder = UrlBuilder.ofHttp(requestUri, CharsetUtil.CHARSET_UTF_8); + CharSequence code = urlBuilder.getQuery().get("code"); + String userInfoUrl = String.format("%s/cgi-bin/user/getuserinfo?access_token=%s&code=%s", + apiUrl, + sdtToken.accessToken, + code); + JSONObject userInfoObj = restTemplate.getForObject(userInfoUrl, JSONObject.class); + String userId = userInfoObj.getString("UserId"); + //还要再经过另一个接口拿手机号 + if (StringUtils.isNotBlank(userId)) { + String userUrl = String.format("%s/cgi-bin/user/get?access_token=%s&userid=%s", + apiUrl, + sdtToken.accessToken, + userId); + JSONObject userObj = restTemplate.getForObject(userUrl, JSONObject.class); + String mobile = userObj.getString("mobile"); + if (StringUtils.isNotBlank(mobile)) { + //认证通过 + LambdaQueryWrapper queryWrapper = new QueryWrapper().lambda() + .eq(SysUserEntity::getMobile, mobile); + SysUserEntity sysUserEntity = sysUserDao.selectOne(queryWrapper); + if (sysUserEntity != null) { + + Result result = sysUserTokenService.createToken(sysUserEntity.getId()); + Object token = result.getData().get(Constant.TOKEN_HEADER); + String currentToken = (String) token; + Cookie cookie = new Cookie(Constant.TOKEN_HEADER, currentToken); + cookie.setPath("/"); + response.addCookie(cookie); + response.addHeader(Constant.TOKEN_HEADER, currentToken); + //回调不涉及其他页面回调,先写死回调首页 + String removeCreditParame = "http://" + urlBuilder.getHost() + ":" + urlBuilder.getPort() + "/#/home"; + response.addHeader("REDIRECT", removeCreditParame); + request.setAttribute(Constant.TOKEN_HEADER, currentToken); + return executeLogin(request, response); + } + } + } + } + if (!ssoValidator.hasCrediteInCallBackUrl(requestUri)) { redirectToUrl(ssoValidator.getLoginUrl(requestUri), response); return false; diff --git a/renren-admin/src/main/resources/application.yml b/renren-admin/src/main/resources/application.yml index 36c6353d..aae389fa 100644 --- a/renren-admin/src/main/resources/application.yml +++ b/renren-admin/src/main/resources/application.yml @@ -159,3 +159,11 @@ infrastructure: # 是否发亚微消息 notice: yawei: true + +shangdongtong: + enable: true + corpid: wwafa1a3005a15a672 + agentId: 1001129 + secret: fCcaNBVkCosL_O3cnQVQ0brqUUBZu3ruXuISj5k8FP8 + url: http://15.72.183.90:7008/sdt +