mirrors/pig
1
0
Fork 0
mirror of https://gitee.com/log4j/pig.git synced 2025-01-03 23:42:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

♻️ Refactoring code. 重构网关filter 判断逻辑,非密码模式直接跳过 PasswordDecoderFilter

Browse Source
This commit is contained in:
lbw 2024-01-10 16:37:23 +08:00
parent 9f95e927b4
commit 51dc2a5d5a
3 changed files with 98 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/PigDaoAuthenticationProvider.java
View File

@ -20,6 +20,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.www.BasicAuthenticationConverter; import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -67,9 +68,9 @@ public class PigDaoAuthenticationProvider extends AbstractUserDetailsAuthenticat
protected void additionalAuthenticationChecks(UserDetails userDetails, protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
// app 模式不用校验密码 // 只有密码模式需要校验密码
String grantType = WebUtils.getRequest().get().getParameter(OAuth2ParameterNames.GRANT_TYPE); String grantType = WebUtils.getRequest().get().getParameter(OAuth2ParameterNames.GRANT_TYPE);
if (StrUtil.equals(SecurityConstants.MOBILE, grantType)) { if (!StrUtil.equals(AuthorizationGrantType.PASSWORD.getValue(), grantType)) {
return; return;
} }

5
pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/SecurityConstants.java
View File

@ -62,6 +62,11 @@ public interface SecurityConstants {
*/ */
String REFRESH_TOKEN = "refresh_token"; String REFRESH_TOKEN = "refresh_token";
/**
* password 模式
*/
String PASSWORD = "password";
/** /**
* 手机号登录 * 手机号登录
*/ */

18
pig-gateway/src/main/java/com/pig4cloud/pig/gateway/filter/PasswordDecoderFilter.java
View File

@ -20,6 +20,7 @@ import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.Mode; import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding; import cn.hutool.crypto.Padding;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.symmetric.AES; import cn.hutool.crypto.symmetric.AES;
import cn.hutool.http.HttpUtil; import cn.hutool.http.HttpUtil;
import com.pig4cloud.pig.common.core.constant.SecurityConstants; import com.pig4cloud.pig.common.core.constant.SecurityConstants;
@ -67,6 +68,11 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
private final GatewayConfigProperties gatewayConfig; private final GatewayConfigProperties gatewayConfig;
static {
// 关闭hutool 强制关闭Bouncy Castle库的依赖
SecureUtil.disableBouncyCastle();
}
@Override @Override
public GatewayFilter apply(Object config) { public GatewayFilter apply(Object config) {
return (exchange, chain) -> { return (exchange, chain) -> {
@ -76,9 +82,9 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
return chain.filter(exchange); return chain.filter(exchange);
} }
// 2. 刷新token类型直接向下执行 // 2. 不是密码登录模式直接跳过
String grantType = request.getQueryParams().getFirst("grant_type"); String grantType = request.getQueryParams().getFirst("grant_type");
if (StrUtil.equals(SecurityConstants.REFRESH_TOKEN, grantType)) { if (!StrUtil.equals(SecurityConstants.PASSWORD, grantType)) {
return chain.filter(exchange); return chain.filter(exchange);
} }
@ -106,6 +112,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
/** /**
* 原文解密 * 原文解密
*
* @return * @return
*/ */
private Function decryptAES() { private Function decryptAES() {
@ -121,8 +128,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
String password = aes.decryptStr(inParamsMap.get(PASSWORD)); String password = aes.decryptStr(inParamsMap.get(PASSWORD));
// 返回修改后报文字符 // 返回修改后报文字符
inParamsMap.put(PASSWORD, password); inParamsMap.put(PASSWORD, password);
} } else {
else {
log.error("非法请求数据:{}", s); log.error("非法请求数据:{}", s);
} }
return Mono.just(HttpUtil.toParams(inParamsMap, Charset.defaultCharset(), true)); return Mono.just(HttpUtil.toParams(inParamsMap, Charset.defaultCharset(), true));
@ -131,6 +137,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
/** /**
* 报文转换 * 报文转换
*
* @return * @return
*/ */
private ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers, private ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers,
@ -143,8 +150,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
httpHeaders.putAll(super.getHeaders()); httpHeaders.putAll(super.getHeaders());
if (contentLength > 0) { if (contentLength > 0) {
httpHeaders.setContentLength(contentLength); httpHeaders.setContentLength(contentLength);
} } else {
else {
httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked"); httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
} }
return httpHeaders; return httpHeaders;