添加统一鉴权

authorize-api-cloud/src/main/java/com/xy/consts/AuthorizeConsts.java

@@ -0,0 +1,9 @@
+package com.xy.consts;
+
+public class AuthorizeConsts {
+
+    /**
+     * 授权服务名
+     */
+    public static final String serviceName = "authorize";
+}

authorize-api-cloud/src/main/java/com/xy/feign/AuthorizeFeign.java

@@ -1,10 +1,13 @@
 package com.xy.feign;
 
 import com.xy.FeignInterceptor;
+import com.xy.consts.AuthorizeConsts;
 import com.xy.service.AuthorizeService;
 import org.springframework.cloud.openfeign.FeignClient;
 
-@FeignClient(value = "authorize", configuration = FeignInterceptor.class)
+/**
+ * 权限校验 feign
+ */
+@FeignClient(value = AuthorizeConsts.serviceName, configuration = FeignInterceptor.class)
 public interface AuthorizeFeign extends AuthorizeService {
-
 }

authorize-api-cloud/src/main/java/com/xy/service/AuthorizeServiceImpl.java

@@ -1,9 +1,16 @@
 package com.xy.service;
 
+import com.xy.dto.LoginDto;
+import com.xy.dto.SatokenAuthorizeDto;
 import com.xy.feign.AuthorizeFeign;
+import com.xy.utils.R;
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RequestBody;
 
+/**
+ * 权限校验 feign实现
+ */
 @Service
 @AllArgsConstructor
 public class AuthorizeServiceImpl implements AuthorizeService {
@@ -11,7 +18,12 @@ public class AuthorizeServiceImpl implements AuthorizeService {
     private AuthorizeFeign authorizeFeign;
 
     @Override
-    public void authorizeTest() {
-        authorizeFeign.authorizeTest();
+    public R<Boolean> satokenAuthorize(@RequestBody SatokenAuthorizeDto satokenAuthorizeDto) {
+        return authorizeFeign.satokenAuthorize(satokenAuthorizeDto);
+    }
+
+    @Override
+    public R<String> login(@RequestBody LoginDto loginDto) {
+        return authorizeFeign.login(loginDto);
     }
 }

authorize-api-service/pom.xml

@@ -23,6 +23,17 @@
             <artifactId>authorize-api</artifactId>
             <version>1.0</version>
         </dependency>
+        <!-- sa-token -->
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-spring-boot-starter</artifactId>
+            <version>1.32.0</version>
+        </dependency>
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-dao-redis-jackson</artifactId>
+            <version>1.32.0</version>
+        </dependency>
 
         <dependency>
             <groupId>com.xy</groupId>

authorize-api-service/src/main/java/com/xy/AuthorizeServiceImpl.java

@@ -1,17 +0,0 @@
-package com.xy;
-
-import com.xy.service.AuthorizeService;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import org.springframework.stereotype.Service;
-
-@Service
-@Api(tags = "测试")
-public class AuthorizeServiceImpl implements AuthorizeService {
-
-    @Override
-    @ApiOperation("测试接口")
-    public void authorizeTest() {
-        System.out.println("authorizeTest");
-    }
-}

authorize-api-service/src/main/java/com/xy/satoken/SaTokenAuthorize.java

@@ -0,0 +1,108 @@
+package com.xy.satoken;
+
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.exception.NotPermissionException;
+import cn.dev33.satoken.exception.NotRoleException;
+import cn.dev33.satoken.stp.StpInterface;
+import cn.dev33.satoken.stp.StpUtil;
+import com.xy.utils.R;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 权限校验
+ */
+@Service
+@RestControllerAdvice
+public class SaTokenAuthorize implements StpInterface {
+
+    /**
+     * 校验权限
+     *
+     * @param satoken    token值
+     * @param permission 菜单权限标识
+     * @return
+     */
+    public boolean check(String satoken, String permission) {
+        //校验登录
+        if (StringUtils.isEmpty(satoken)) {
+            throw new NotLoginException(null, null, null);
+        }
+        Object byId = StpUtil.getLoginIdByToken(satoken);
+        if (byId == null) {
+            throw new NotLoginException(null, null, null);
+        }
+        //菜单权限
+        List<String> permissionList = StpUtil.getPermissionList(byId);
+        if (!permissionList.contains(permission.substring(1).replaceAll("/", "."))) {
+            throw new NotPermissionException(null);
+        }
+        //角色权限
+        return true;
+    }
+
+    /**
+     * 给予用户菜单权限
+     *
+     * @param loginId
+     * @param loginType
+     * @return
+     */
+    @Override
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        List<String> list = new ArrayList<>();
+        return list;
+    }
+
+    /**
+     * 给予用户角色权限
+     *
+     * @param loginId
+     * @param loginType
+     * @return
+     */
+    @Override
+    public List<String> getRoleList(Object loginId, String loginType) {
+        List<String> list = new ArrayList<>();
+        return list;
+    }
+
+
+    /**
+     * 无token异常
+     *
+     * @param e
+     * @return
+     */
+    @ExceptionHandler(NotLoginException.class)
+    public R notLoginException(NotLoginException e) {
+        return R.fail(501, "未登录");
+    }
+
+    /**
+     * 无菜单权限异常
+     *
+     * @param e
+     * @return
+     */
+    @ExceptionHandler(NotPermissionException.class)
+    public R notPermissionException(NotPermissionException e) {
+        return R.fail(502, "无权限");
+    }
+
+    /**
+     * 无角色权限异常
+     *
+     * @param e
+     * @return
+     */
+    @ExceptionHandler(NotRoleException.class)
+    public R notRoleException(NotRoleException e) {
+        return R.fail(502, "无权限");
+    }
+}

authorize-api-service/src/main/java/com/xy/satoken/SaTokenAuthorizeConfig.java

@@ -0,0 +1,29 @@
+package com.xy.satoken;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+@Data
+@Component
+@ConfigurationProperties(prefix = "sa-token")
+public class SaTokenAuthorizeConfig {
+
+    /**
+     * token名称
+     */
+    private String tokenName;
+
+    /**
+     * 需要过滤的url
+     */
+    private List<String> excludePaths;
+
+    /**
+     * 运行方式 微服务=cloud 单体=boot
+     */
+    private String runWay;
+
+}

authorize-api-service/src/main/java/com/xy/satoken/SaTokenWebMvcConfigurer.java

@@ -0,0 +1,57 @@
+package com.xy.satoken;
+
+import lombok.AllArgsConstructor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 单体boot鉴权
+ */
+@Component
+@AllArgsConstructor
+@ConditionalOnExpression("'${sa-token.run-way}'.equals('boot')")
+public class SaTokenWebMvcConfigurer extends HandlerInterceptorAdapter implements WebMvcConfigurer {
+
+    private SaTokenAuthorizeConfig saTokenAuthorizeConfig;
+
+    private SaTokenAuthorize saTokenAuthorize;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        String permission = request.getRequestURI();
+        String satoken = request.getHeader(saTokenAuthorizeConfig.getTokenName());
+        return saTokenAuthorize.check(satoken, permission);
+    }
+
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        List<String> swaggerExcludes = Arrays.asList(
+                "/swagger/**",
+                "/v2/**",
+                "/doc.html/**",
+                "/v3/**",
+                "/swagger-resources/**",
+                "/webjars/**",
+                "/swagger-ui/**",
+                "/favicon.ico"
+        );
+        InterceptorRegistration interceptorRegistration = registry.addInterceptor(this)
+                .excludePathPatterns(swaggerExcludes)
+                .addPathPatterns("/**");
+        List<String> excludePaths = saTokenAuthorizeConfig.getExcludePaths();
+        if (excludePaths != null) {
+            excludePaths.forEach(excludePath -> interceptorRegistration.excludePathPatterns("/**" + excludePath));
+        }
+    }
+
+}

authorize-api-service/src/main/java/com/xy/service/AuthorizeServiceImpl.java

@@ -0,0 +1,45 @@
+package com.xy.service;
+
+import cn.dev33.satoken.stp.StpUtil;
+import com.xy.dto.LoginDto;
+import com.xy.dto.SatokenAuthorizeDto;
+import com.xy.satoken.SaTokenAuthorize;
+import com.xy.satoken.SaTokenAuthorizeConfig;
+import com.xy.utils.R;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+
+@Service
+@AllArgsConstructor
+@Api(tags = "权限校验")
+public class AuthorizeServiceImpl implements AuthorizeService {
+
+    private SaTokenAuthorize saTokenAuthorize;
+
+    private SaTokenAuthorizeConfig saTokenAuthorizeConfig;
+
+    @Override
+    @ApiOperation("微服务鉴权")
+    public R<Boolean> satokenAuthorize(@RequestBody SatokenAuthorizeDto satokenAuthorizeDto) {
+        List<String> excludePaths = saTokenAuthorizeConfig.getExcludePaths();
+        String permission = satokenAuthorizeDto.getPermission();
+        if (excludePaths.contains(permission)) {
+            return R.ok(true);
+        }
+        boolean check = saTokenAuthorize.check(satokenAuthorizeDto.getSatoken(), permission);
+        return R.ok(check);
+    }
+
+    @Override
+    @ApiOperation("登录")
+    public R<String> login(@RequestBody LoginDto loginDto) {
+        StpUtil.login(loginDto.getAccount());
+        return R.ok(StpUtil.getTokenValue());
+    }
+
+}

authorize-api/src/main/java/com/xy/dto/LoginDto.java

@@ -0,0 +1,19 @@
+package com.xy.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+@Data
+@Accessors(chain = true)
+@ApiModel("登录交互类")
+public class LoginDto {
+
+    @ApiModelProperty("账号")
+    private String account;
+
+    @ApiModelProperty("密码")
+    private String password;
+
+}

authorize-api/src/main/java/com/xy/dto/SatokenAuthorizeDto.java

@@ -0,0 +1,19 @@
+package com.xy.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+@Data
+@Accessors(chain = true)
+@ApiModel("权限校验交互类")
+public class SatokenAuthorizeDto {
+
+    @ApiModelProperty("token值")
+    private String satoken;
+
+    @ApiModelProperty("菜单权限标志")
+    private String permission;
+
+}

authorize-api/src/main/java/com/xy/service/AuthorizeService.java

@@ -1,11 +1,31 @@
 package com.xy.service;
 
 import com.xy.annotate.RestMappingController;
-import org.springframework.web.bind.annotation.GetMapping;
+import com.xy.dto.LoginDto;
+import com.xy.dto.SatokenAuthorizeDto;
+import com.xy.utils.R;
+import org.springframework.web.bind.annotation.PostMapping;
 
+/**
+ * 权限校验 接口路由
+ */
 @RestMappingController("authorize")
 public interface AuthorizeService {
 
-    @GetMapping("authorizeTest")
-    void authorizeTest();
+    /**
+     * 微服务鉴权
+     *
+     * @return
+     */
+    @PostMapping("satokenAuthorize")
+    R<Boolean> satokenAuthorize(SatokenAuthorizeDto satokenAuthorizeDto);
+
+    /**
+     * 登录
+     *
+     * @return
+     */
+    @PostMapping("login")
+    R<String> login(LoginDto loginDto);
+
 }

authorize-start/src/main/resources/bootstrap.yml

@@ -13,3 +13,24 @@ cloud:
       shared-configs: redis.yaml,mysql.yaml
   service:
     name: authorize
+
+sa-token:
+  # token名称 (同时也是cookie名称)
+  token-name: satoken
+  # token有效期，单位s 默认30天, -1代表永不过期
+  timeout: 86400
+  # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒, -1代表永不过期
+  activity-timeout: 3600
+  # 是否允许同一账号并发登录 (为true时允许一起登录, 为false时新登录挤掉旧登录)
+  is-concurrent: true
+  # 在多人登录同一账号时，是否共用一个token (为true时所有登录共用一个token, 为false时每次登录新建一个token)
+  is-share: true
+  # token风格
+  token-style: random-64
+  # 是否输出操作日志
+  is-log: false
+  # 运行方式 微服务=cloud 单体=boot
+  run-way: cloud
+  # 需要过滤的url
+  exclude-paths:
+    - /authorize/login