添加统一鉴权

authorize-api-service/src/main/java/com/xy/satoken/SaTokenAuthorizeConfig.java

@@ -21,9 +21,4 @@ public class SaTokenAuthorizeConfig {
      */
     private List<String> excludePaths;
 
-    /**
-     * 运行方式 微服务=cloud 单体=boot
-     */
-    private String runWay;
-
 }

authorize-api-service/src/main/java/com/xy/satoken/SaTokenWebMvcConfigurer.java

@@ -1,7 +1,10 @@
 package com.xy.satoken;
 
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.xy.swagger.Knife4jConfig;
 import lombok.AllArgsConstructor;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import lombok.SneakyThrows;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -10,7 +13,8 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Arrays;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
 import java.util.List;
 
 /**
@@ -18,7 +22,6 @@ import java.util.List;
  */
 @Component
 @AllArgsConstructor
-@ConditionalOnExpression("'${sa-token.run-way}'.equals('boot')")
 public class SaTokenWebMvcConfigurer extends HandlerInterceptorAdapter implements WebMvcConfigurer {
 
     private SaTokenAuthorizeConfig saTokenAuthorizeConfig;
@@ -26,27 +29,34 @@ public class SaTokenWebMvcConfigurer extends HandlerInterceptorAdapter implement
     private SaTokenAuthorize saTokenAuthorize;
 
     @Override
+    @SneakyThrows
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        String permission = request.getRequestURI();
-        String satoken = request.getHeader(saTokenAuthorizeConfig.getTokenName());
+        String permission;
+        String satoken;
+        if (request.getRequestURI().equals("/authorize/satokenAuthorize")) {
+            //接口形式鉴权（如网关调用），从请求参数获取权限信息
+            BufferedReader streamReader = new BufferedReader(new InputStreamReader(request.getInputStream(), "UTF-8"));
+            StringBuilder sb = new StringBuilder();
+            String inputStr;
+            while ((inputStr = streamReader.readLine()) != null) {
+                sb.append(inputStr);
+            }
+            JSONObject jsonObject = JSONUtil.parseObj(sb);
+            permission = jsonObject.getStr("permission");
+            satoken = jsonObject.getStr("satoken");
+        } else {
+            //其他调用，从请求地址和请求头获取权限信息
+            permission = request.getRequestURI();
+            satoken = request.getHeader(saTokenAuthorizeConfig.getTokenName());
+        }
         return saTokenAuthorize.check(satoken, permission);
     }
 
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        List<String> swaggerExcludes = Arrays.asList(
-                "/swagger/**",
-                "/v2/**",
-                "/doc.html/**",
-                "/v3/**",
-                "/swagger-resources/**",
-                "/webjars/**",
-                "/swagger-ui/**",
-                "/favicon.ico"
-        );
         InterceptorRegistration interceptorRegistration = registry.addInterceptor(this)
-                .excludePathPatterns(swaggerExcludes)
+                .excludePathPatterns(Knife4jConfig.swaggerExcludes)
                 .addPathPatterns("/**");
         List<String> excludePaths = saTokenAuthorizeConfig.getExcludePaths();
         if (excludePaths != null) {

authorize-api-service/src/main/java/com/xy/service/AuthorizeServiceImpl.java

@@ -3,36 +3,23 @@ package com.xy.service;
 import cn.dev33.satoken.stp.StpUtil;
 import com.xy.dto.LoginDto;
 import com.xy.dto.SatokenAuthorizeDto;
-import com.xy.satoken.SaTokenAuthorize;
-import com.xy.satoken.SaTokenAuthorizeConfig;
 import com.xy.utils.R;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
-import java.util.List;
-
 @Service
 @AllArgsConstructor
 @Api(tags = "权限校验")
 public class AuthorizeServiceImpl implements AuthorizeService {
 
-    private SaTokenAuthorize saTokenAuthorize;
-
-    private SaTokenAuthorizeConfig saTokenAuthorizeConfig;
-
     @Override
-    @ApiOperation("微服务鉴权")
-    public R<Boolean> satokenAuthorize(@RequestBody SatokenAuthorizeDto satokenAuthorizeDto) {
-        List<String> excludePaths = saTokenAuthorizeConfig.getExcludePaths();
-        String permission = satokenAuthorizeDto.getPermission();
-        if (excludePaths.contains(permission)) {
-            return R.ok(true);
-        }
-        boolean check = saTokenAuthorize.check(satokenAuthorizeDto.getSatoken(), permission);
-        return R.ok(check);
+    @ApiOperation("接口形式鉴权")
+    public R<Boolean> satokenAuthorize(SatokenAuthorizeDto satokenAuthorizeDto) {
+        return R.ok(true);
     }
 
     @Override
@@ -41,5 +28,4 @@ public class AuthorizeServiceImpl implements AuthorizeService {
         StpUtil.login(loginDto.getAccount());
         return R.ok(StpUtil.getTokenValue());
     }
-
 }

authorize-api/src/main/java/com/xy/service/AuthorizeService.java

@@ -13,7 +13,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 public interface AuthorizeService {
 
     /**
-     * 微服务鉴权
+     * 接口形式鉴权
      *
      * @return
      */

authorize-start/src/main/resources/bootstrap.yml

@@ -10,27 +10,6 @@ cloud:
   center:
     url: 119.96.213.127:9007
     config:
-      shared-configs: redis.yaml,mysql.yaml
+      shared-configs: redis.yaml,mysql.yaml,sa-token.yaml
   service:
-    name: authorize
-
-sa-token:
-  # token名称 (同时也是cookie名称)
-  token-name: satoken
-  # token有效期，单位s 默认30天, -1代表永不过期
-  timeout: 86400
-  # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒, -1代表永不过期
-  activity-timeout: 3600
-  # 是否允许同一账号并发登录 (为true时允许一起登录, 为false时新登录挤掉旧登录)
-  is-concurrent: true
-  # 在多人登录同一账号时，是否共用一个token (为true时所有登录共用一个token, 为false时每次登录新建一个token)
-  is-share: true
-  # token风格
-  token-style: random-64
-  # 是否输出操作日志
-  is-log: false
-  # 运行方式 微服务=cloud 单体=boot
-  run-way: cloud
-  # 需要过滤的url
-  exclude-paths:
-    - /authorize/login
+    name: authorize