4 years ago · e5a6adaa99
--- a/src/main/kotlin/jit/xms/qrscan/service/AuthService.kt
+++ b/src/main/kotlin/jit/xms/qrscan/service/AuthService.kt
@@ -8,19 +8,15 @@ import io.jsonwebtoken.Claims
 
				 import io.jsonwebtoken.ExpiredJwtException
			
 
				 import io.jsonwebtoken.Jwts
			
 
				 import io.jsonwebtoken.SignatureAlgorithm
			
 
				-import jit.xms.auth.api.domain.AuthInfo
			
 
				 import jit.xms.auth.api.support.config.MultiFactorConfigure
			
 
				 import jit.xms.core.services.agent.domain.AuthToken
			
 
				-import jit.xms.core.services.app.infos.service.AppInfoService
			
 
				-import jit.xms.core.services.bff.service.BffAcctRoleService
			
 
				-import jit.xms.core.services.user.accts.service.UserAcctService
			
 
				-import jit.xms.core.services.user.infos.entity.XmsUserInfo
			
 
				 import jit.xms.core.services.user.infos.entity.XmsUserSimple
			
 
				-import jit.xms.core.services.user.infos.service.UserInfoService
			
 
				 import jit.xms.qrscan.QRScanAuthConfigure
			
 
				 import jit.xms.qrscan.domain.AuthForm
			
 
				 import jit.xms.qrscan.domain.TicketResult
			
 
				 import jit.xms.qrscan.support.WebSocketSender
			
 
				+import org.slf4j.Logger
			
 
				+import org.slf4j.LoggerFactory
			
 
				 import org.springframework.beans.factory.annotation.Autowired
			
 
				 import org.springframework.beans.factory.annotation.Qualifier
			
 
				 import org.springframework.beans.factory.annotation.Value
			
@@ -50,13 +46,17 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
 
				      * 生成Ticket并发送WebSocketMessage
			
 
				      */
			
 
				     fun ticket(id: String, userId: String, token: String) {
			
 
				+        logger.debug("调用ticket接口...")
			
 
				         val webSocketSender = senderMap[id] ?: throw BusinessError(ERR_BUSINESS, "该二维码所属客户端不存在")
			
 
				         val realToken = token.removePrefix("Bearer ")
			
 
				         val gafKeyBytes = gafSecretKey.toByteArray().copyOf(32)
			
 
				         val gafKey = SecretKeySpec(gafKeyBytes, SignatureAlgorithm.HS256.jcaName)
			
 
				         val claims = parseJwt(realToken, gafKey)
			
 
				+        logger.debug("token解析完成,生成Ticket...")
			
 
				         val authResult = TicketResult(0, "认证成功", ticket = createTicket(claims))
			
 
				+        logger.debug("向id=${id} 的登录页面发送WebSocket信息...")
			
 
				         webSocketSender.send(JSON.toJSONString(authResult))
			
 
				+        logger.debug("发送完毕，移除id=${id} 的WebSocket")
			
 
				         senderMap.remove(id)
			
 
				     }
			
 
				 
			
@@ -65,19 +65,23 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
 
				      */
			
 
				     @Suppress("UNCHECKED_CAST")
			
 
				     fun auth(form: AuthForm): AuthToken {
			
 
				+        logger.debug("调用认证接口...")
			
 
				         if (form.type.isNullOrEmpty() || !form.type.equals("qrcode", ignoreCase = true)) throw BusinessError(ERR_BUSINESS, "凭证类型不合法")
			
 
				         if (form.data.isNullOrEmpty()) throw BusinessError(ERR_BUSINESS, "凭证数据不合法")
			
 
				         val provider = runCatching {
			
 
				+            logger.debug("凭证类型${form.type},获取Provider...")
			
 
				             multiFactorConfigure.getProvider(form.type!!)
			
 
				         }.getOrElse {
			
 
				             throw BusinessError(ERR_PROV_NOT_SUPPORT, "凭证类型不支持")
			
 
				         }
			
 
				         val result = kotlin.runCatching {
			
 
				+            logger.debug("Provider获取成功，开始认证...")
			
 
				             provider.auth(null, form.data, null)
			
 
				         }.getOrElse {
			
 
				             throw BusinessError(ERR_CRED_NOT_MATCH, "认证接口调用失败")
			
 
				         }
			
 
				         if (!result) throw BusinessError(ERR_CRED_NOT_MATCH, "凭证数据校验失败")
			
 
				+        logger.debug("凭证数据校验通过，解析ticket数据...")
			
 
				         // 解析ticket数据
			
 
				         val parse = parseJwt(form.data!!, jwtSigningKey)
			
 
				         val userId = parse["userId"] as String? ?: throw BusinessError("解析Ticket中用户信息为空")
			
@@ -86,10 +90,12 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
 
				             this.userId = userId
			
 
				             name = parse["name"] as String? ?: "用户"
			
 
				         }
			
 
				+        logger.debug("解析ticket成功，生成登录Token信息...")
			
 
				         val gafToken = gafAuth.createJwt(subject = "admin",
			
 
				                 userId = user.userId!!,
			
 
				                 name = user.name!!,
			
 
				                 roles = roles.toTypedArray())
			
 
				+        logger.debug("Token生成完毕，登录成功...")
			
 
				         return AuthToken(userinfo = user, token = gafToken, roles = roles.toTypedArray())
			
 
				     }
			
 
				 
			
@@ -114,13 +120,14 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
 
				      * 解析Jwt
			
 
				      */
			
 
				     fun parseJwt(jwt: String, key: Key): Claims {
			
 
				+        logger.debug("开始解析JWT...")
			
 
				         try {
			
 
				             val jws = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt)
			
 
				             return jws.body
			
 
				         } catch (ex: ExpiredJwtException) {
			
 
				-            throw BusinessError(ERR_TICKET_EXPIRED, "Ticket已过期")
			
 
				+            throw BusinessError(ERR_TICKET_EXPIRED, "Jwt已过期")
			
 
				         } catch (ex: Throwable) {
			
 
				-            throw BusinessError(ERR_TICKET_INVALID, "Ticket无效")
			
 
				+            throw BusinessError(ERR_TICKET_INVALID, "Jwt无效")
			
 
				         }
			
 
				     }
			
 
				 
			
@@ -129,5 +136,6 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
 
				         const val ERR_TICKET_EXPIRED = ERR_BUSINESS - 6
			
 
				         const val ERR_TICKET_INVALID = ERR_BUSINESS - 7
			
 
				         const val ERR_PROV_NOT_SUPPORT = ERR_BUSINESS - 8
			
 
				+        val logger: Logger = LoggerFactory.getLogger(AuthService::class.java)
			
 
				     }
			
 
				 }