WangHan
2024-09-12 d5855a4926926698b740bc6c7ba489de47adb68b
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package tech.powerjob.server.openapi;
 
import com.google.common.collect.Sets;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import tech.powerjob.common.OmsConstant;
import tech.powerjob.common.OpenAPIConstant;
import tech.powerjob.common.exception.PowerJobException;
import tech.powerjob.common.response.PowerResultDTO;
import tech.powerjob.common.serialize.JsonUtils;
import tech.powerjob.server.openapi.security.OpenApiSecurityService;
 
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.Set;
 
/**
 * OpenAPI 拦截器
 *
 * @author 程序帕鲁
 * @since 2024/2/19
 */
@Slf4j
@Component
public class OpenApiInterceptor implements HandlerInterceptor {
 
    @Resource
    private OpenApiSecurityService openApiSecurityService;
 
    /**
     * 4.x 及前序版本的 OpenAPI 均为携带 auth 的必要参数,直接开启鉴权功能会导致之前的服务全部报错
     * 因此提供功能开关给到使用者,若无安全影响,可展示关闭鉴权功能,等 client 升级完毕后再打开鉴权
     */
    @Value("${oms.auth.openapi.enable:false}")
    private boolean enableOpenApiAuth;
 
    private static final Set<String> IGNORE_OPEN_API_PATH = Sets.newHashSet(OpenAPIConstant.ASSERT, OpenAPIConstant.AUTH_APP);
 
    @Override
    public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) throws Exception {
 
        if (!enableOpenApiAuth) {
            return true;
        }
 
        // 鉴权类请求跳过拦截
        String requestURI = request.getRequestURI();
        for (String endPath : IGNORE_OPEN_API_PATH) {
            if (requestURI.endsWith(endPath)) {
                return true;
            }
        }
 
        try {
            openApiSecurityService.authAppByToken(request);
            response.addHeader(OpenAPIConstant.RESPONSE_HEADER_AUTH_STATUS, Boolean.TRUE.toString());
        } catch (PowerJobException pje) {
            response.addHeader(OpenAPIConstant.RESPONSE_HEADER_AUTH_STATUS, Boolean.FALSE.toString());
            writeResponse(PowerResultDTO.f(pje), response);
            return false;
        } catch (Exception e) {
            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            writeResponse(PowerResultDTO.f(e), response);
 
            log.error("[OpenApiInterceptor] unknown exception when auth app by token", e);
 
            return false;
        }
 
        return true;
    }
 
    @SneakyThrows
    private void writeResponse( PowerResultDTO<Object> powerResult, HttpServletResponse response) {
 
        // 设置响应的 Content-Type
        response.setContentType(OmsConstant.JSON_MEDIA_TYPE);
 
        // 将 JSON 写入响应
        PrintWriter writer = response.getWriter();
        writer.write(JsonUtils.toJSONString(powerResult));
        writer.flush();
    }
 
}