|
@@ -8,19 +8,15 @@ import io.jsonwebtoken.Claims
|
|
|
import io.jsonwebtoken.ExpiredJwtException
|
|
import io.jsonwebtoken.ExpiredJwtException
|
|
|
import io.jsonwebtoken.Jwts
|
|
import io.jsonwebtoken.Jwts
|
|
|
import io.jsonwebtoken.SignatureAlgorithm
|
|
import io.jsonwebtoken.SignatureAlgorithm
|
|
|
-import jit.xms.auth.api.domain.AuthInfo
|
|
|
|
|
import jit.xms.auth.api.support.config.MultiFactorConfigure
|
|
import jit.xms.auth.api.support.config.MultiFactorConfigure
|
|
|
import jit.xms.core.services.agent.domain.AuthToken
|
|
import jit.xms.core.services.agent.domain.AuthToken
|
|
|
-import jit.xms.core.services.app.infos.service.AppInfoService
|
|
|
|
|
-import jit.xms.core.services.bff.service.BffAcctRoleService
|
|
|
|
|
-import jit.xms.core.services.user.accts.service.UserAcctService
|
|
|
|
|
-import jit.xms.core.services.user.infos.entity.XmsUserInfo
|
|
|
|
|
import jit.xms.core.services.user.infos.entity.XmsUserSimple
|
|
import jit.xms.core.services.user.infos.entity.XmsUserSimple
|
|
|
-import jit.xms.core.services.user.infos.service.UserInfoService
|
|
|
|
|
import jit.xms.qrscan.QRScanAuthConfigure
|
|
import jit.xms.qrscan.QRScanAuthConfigure
|
|
|
import jit.xms.qrscan.domain.AuthForm
|
|
import jit.xms.qrscan.domain.AuthForm
|
|
|
import jit.xms.qrscan.domain.TicketResult
|
|
import jit.xms.qrscan.domain.TicketResult
|
|
|
import jit.xms.qrscan.support.WebSocketSender
|
|
import jit.xms.qrscan.support.WebSocketSender
|
|
|
|
|
+import org.slf4j.Logger
|
|
|
|
|
+import org.slf4j.LoggerFactory
|
|
|
import org.springframework.beans.factory.annotation.Autowired
|
|
import org.springframework.beans.factory.annotation.Autowired
|
|
|
import org.springframework.beans.factory.annotation.Qualifier
|
|
import org.springframework.beans.factory.annotation.Qualifier
|
|
|
import org.springframework.beans.factory.annotation.Value
|
|
import org.springframework.beans.factory.annotation.Value
|
|
@@ -50,13 +46,17 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
|
|
|
* 生成Ticket并发送WebSocketMessage
|
|
* 生成Ticket并发送WebSocketMessage
|
|
|
*/
|
|
*/
|
|
|
fun ticket(id: String, userId: String, token: String) {
|
|
fun ticket(id: String, userId: String, token: String) {
|
|
|
|
|
+ logger.debug("调用ticket接口...")
|
|
|
val webSocketSender = senderMap[id] ?: throw BusinessError(ERR_BUSINESS, "该二维码所属客户端不存在")
|
|
val webSocketSender = senderMap[id] ?: throw BusinessError(ERR_BUSINESS, "该二维码所属客户端不存在")
|
|
|
val realToken = token.removePrefix("Bearer ")
|
|
val realToken = token.removePrefix("Bearer ")
|
|
|
val gafKeyBytes = gafSecretKey.toByteArray().copyOf(32)
|
|
val gafKeyBytes = gafSecretKey.toByteArray().copyOf(32)
|
|
|
val gafKey = SecretKeySpec(gafKeyBytes, SignatureAlgorithm.HS256.jcaName)
|
|
val gafKey = SecretKeySpec(gafKeyBytes, SignatureAlgorithm.HS256.jcaName)
|
|
|
val claims = parseJwt(realToken, gafKey)
|
|
val claims = parseJwt(realToken, gafKey)
|
|
|
|
|
+ logger.debug("token解析完成,生成Ticket...")
|
|
|
val authResult = TicketResult(0, "认证成功", ticket = createTicket(claims))
|
|
val authResult = TicketResult(0, "认证成功", ticket = createTicket(claims))
|
|
|
|
|
+ logger.debug("向id=${id} 的登录页面发送WebSocket信息...")
|
|
|
webSocketSender.send(JSON.toJSONString(authResult))
|
|
webSocketSender.send(JSON.toJSONString(authResult))
|
|
|
|
|
+ logger.debug("发送完毕,移除id=${id} 的WebSocket")
|
|
|
senderMap.remove(id)
|
|
senderMap.remove(id)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -65,19 +65,23 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
|
|
|
*/
|
|
*/
|
|
|
@Suppress("UNCHECKED_CAST")
|
|
@Suppress("UNCHECKED_CAST")
|
|
|
fun auth(form: AuthForm): AuthToken {
|
|
fun auth(form: AuthForm): AuthToken {
|
|
|
|
|
+ logger.debug("调用认证接口...")
|
|
|
if (form.type.isNullOrEmpty() || !form.type.equals("qrcode", ignoreCase = true)) throw BusinessError(ERR_BUSINESS, "凭证类型不合法")
|
|
if (form.type.isNullOrEmpty() || !form.type.equals("qrcode", ignoreCase = true)) throw BusinessError(ERR_BUSINESS, "凭证类型不合法")
|
|
|
if (form.data.isNullOrEmpty()) throw BusinessError(ERR_BUSINESS, "凭证数据不合法")
|
|
if (form.data.isNullOrEmpty()) throw BusinessError(ERR_BUSINESS, "凭证数据不合法")
|
|
|
val provider = runCatching {
|
|
val provider = runCatching {
|
|
|
|
|
+ logger.debug("凭证类型${form.type},获取Provider...")
|
|
|
multiFactorConfigure.getProvider(form.type!!)
|
|
multiFactorConfigure.getProvider(form.type!!)
|
|
|
}.getOrElse {
|
|
}.getOrElse {
|
|
|
throw BusinessError(ERR_PROV_NOT_SUPPORT, "凭证类型不支持")
|
|
throw BusinessError(ERR_PROV_NOT_SUPPORT, "凭证类型不支持")
|
|
|
}
|
|
}
|
|
|
val result = kotlin.runCatching {
|
|
val result = kotlin.runCatching {
|
|
|
|
|
+ logger.debug("Provider获取成功,开始认证...")
|
|
|
provider.auth(null, form.data, null)
|
|
provider.auth(null, form.data, null)
|
|
|
}.getOrElse {
|
|
}.getOrElse {
|
|
|
throw BusinessError(ERR_CRED_NOT_MATCH, "认证接口调用失败")
|
|
throw BusinessError(ERR_CRED_NOT_MATCH, "认证接口调用失败")
|
|
|
}
|
|
}
|
|
|
if (!result) throw BusinessError(ERR_CRED_NOT_MATCH, "凭证数据校验失败")
|
|
if (!result) throw BusinessError(ERR_CRED_NOT_MATCH, "凭证数据校验失败")
|
|
|
|
|
+ logger.debug("凭证数据校验通过,解析ticket数据...")
|
|
|
// 解析ticket数据
|
|
// 解析ticket数据
|
|
|
val parse = parseJwt(form.data!!, jwtSigningKey)
|
|
val parse = parseJwt(form.data!!, jwtSigningKey)
|
|
|
val userId = parse["userId"] as String? ?: throw BusinessError("解析Ticket中用户信息为空")
|
|
val userId = parse["userId"] as String? ?: throw BusinessError("解析Ticket中用户信息为空")
|
|
@@ -86,10 +90,12 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
|
|
|
this.userId = userId
|
|
this.userId = userId
|
|
|
name = parse["name"] as String? ?: "用户"
|
|
name = parse["name"] as String? ?: "用户"
|
|
|
}
|
|
}
|
|
|
|
|
+ logger.debug("解析ticket成功,生成登录Token信息...")
|
|
|
val gafToken = gafAuth.createJwt(subject = "admin",
|
|
val gafToken = gafAuth.createJwt(subject = "admin",
|
|
|
userId = user.userId!!,
|
|
userId = user.userId!!,
|
|
|
name = user.name!!,
|
|
name = user.name!!,
|
|
|
roles = roles.toTypedArray())
|
|
roles = roles.toTypedArray())
|
|
|
|
|
+ logger.debug("Token生成完毕,登录成功...")
|
|
|
return AuthToken(userinfo = user, token = gafToken, roles = roles.toTypedArray())
|
|
return AuthToken(userinfo = user, token = gafToken, roles = roles.toTypedArray())
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -114,13 +120,14 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
|
|
|
* 解析Jwt
|
|
* 解析Jwt
|
|
|
*/
|
|
*/
|
|
|
fun parseJwt(jwt: String, key: Key): Claims {
|
|
fun parseJwt(jwt: String, key: Key): Claims {
|
|
|
|
|
+ logger.debug("开始解析JWT...")
|
|
|
try {
|
|
try {
|
|
|
val jws = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt)
|
|
val jws = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt)
|
|
|
return jws.body
|
|
return jws.body
|
|
|
} catch (ex: ExpiredJwtException) {
|
|
} catch (ex: ExpiredJwtException) {
|
|
|
- throw BusinessError(ERR_TICKET_EXPIRED, "Ticket已过期")
|
|
|
|
|
|
|
+ throw BusinessError(ERR_TICKET_EXPIRED, "Jwt已过期")
|
|
|
} catch (ex: Throwable) {
|
|
} catch (ex: Throwable) {
|
|
|
- throw BusinessError(ERR_TICKET_INVALID, "Ticket无效")
|
|
|
|
|
|
|
+ throw BusinessError(ERR_TICKET_INVALID, "Jwt无效")
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -129,5 +136,6 @@ class AuthService(@Qualifier("jwtSigningKey") val jwtSigningKey: Key, val authCo
|
|
|
const val ERR_TICKET_EXPIRED = ERR_BUSINESS - 6
|
|
const val ERR_TICKET_EXPIRED = ERR_BUSINESS - 6
|
|
|
const val ERR_TICKET_INVALID = ERR_BUSINESS - 7
|
|
const val ERR_TICKET_INVALID = ERR_BUSINESS - 7
|
|
|
const val ERR_PROV_NOT_SUPPORT = ERR_BUSINESS - 8
|
|
const val ERR_PROV_NOT_SUPPORT = ERR_BUSINESS - 8
|
|
|
|
|
+ val logger: Logger = LoggerFactory.getLogger(AuthService::class.java)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
