♻️ Refactoring code. 重构网关filter 判断逻辑，非密码模式直接跳过 PasswordDecoderFilter

2024-12-31 08:14:18 +08:00 · 2024-01-10 16:37:23 +08:00 · 2024-01-10 16:37:23 +08:00 · 51dc2a5d5a
commit 51dc2a5d5a
parent 9f95e927b4
3 changed files with 98 additions and 86 deletions
--- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/PigDaoAuthenticationProvider.java
+++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/support/core/PigDaoAuthenticationProvider.java
@ -20,6 +20,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
 import org.springframework.util.Assert;
@ -67,9 +68,9 @@ public class PigDaoAuthenticationProvider extends AbstractUserDetailsAuthenticat
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {

-		// app 模式不用校验密码
+		// 只有密码模式需要校验密码
 		String grantType = WebUtils.getRequest().get().getParameter(OAuth2ParameterNames.GRANT_TYPE);
-		if (StrUtil.equals(SecurityConstants.MOBILE, grantType)) {
+		if (!StrUtil.equals(AuthorizationGrantType.PASSWORD.getValue(), grantType)) {
 			return;
 		}

--- a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/SecurityConstants.java
+++ b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/SecurityConstants.java
@ -62,6 +62,11 @@ public interface SecurityConstants {
 	 */
 	String REFRESH_TOKEN = "refresh_token";

+	/**
+	 * password 模式
+	 */
+	String PASSWORD = "password";
+
 	/**
 	 * 手机号登录
 	 */
--- a/pig-gateway/src/main/java/com/pig4cloud/pig/gateway/filter/PasswordDecoderFilter.java
+++ b/pig-gateway/src/main/java/com/pig4cloud/pig/gateway/filter/PasswordDecoderFilter.java
@ -20,6 +20,7 @@ import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.crypto.Mode;
 import cn.hutool.crypto.Padding;
+import cn.hutool.crypto.SecureUtil;
 import cn.hutool.crypto.symmetric.AES;
 import cn.hutool.http.HttpUtil;
 import com.pig4cloud.pig.common.core.constant.SecurityConstants;
@ -67,6 +68,11 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {

    private final GatewayConfigProperties gatewayConfig;

+    static {
+        // 关闭hutool 强制关闭Bouncy Castle库的依赖
+        SecureUtil.disableBouncyCastle();
+    }
+
    @Override
    public GatewayFilter apply(Object config) {
        return (exchange, chain) -> {
@ -76,9 +82,9 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
                return chain.filter(exchange);
            }

-			// 2. 刷新token类型，直接向下执行
+            // 2. 不是密码登录模式直接跳过
            String grantType = request.getQueryParams().getFirst("grant_type");
-			if (StrUtil.equals(SecurityConstants.REFRESH_TOKEN, grantType)) {
+            if (!StrUtil.equals(SecurityConstants.PASSWORD, grantType)) {
                return chain.filter(exchange);
            }

@ -106,6 +112,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {

    /**
     * 原文解密
+     *
     * @return
     */
    private Function decryptAES() {
@ -121,8 +128,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
                String password = aes.decryptStr(inParamsMap.get(PASSWORD));
                // 返回修改后报文字符
                inParamsMap.put(PASSWORD, password);
-			}
-			else {
+            } else {
                log.error("非法请求数据:{}", s);
            }
            return Mono.just(HttpUtil.toParams(inParamsMap, Charset.defaultCharset(), true));
@ -131,6 +137,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {

    /**
     * 报文转换
+     *
     * @return
     */
    private ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers,
@ -143,8 +150,7 @@ public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
                httpHeaders.putAll(super.getHeaders());
                if (contentLength > 0) {
                    httpHeaders.setContentLength(contentLength);
-				}
-				else {
+                } else {
                    httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
                }
                return httpHeaders;