diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/enums/StorageProvider.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/enums/StorageProvider.java index 9ea064fc..3d8ae95d 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/enums/StorageProvider.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/enums/StorageProvider.java @@ -51,7 +51,11 @@ public enum StorageProvider implements Serializable { /** * minio */ - MINIO("minio", "minio", MinIoStorage.class); + MINIO("minio", "minio", MinIoStorage.class), + /** + * S3 + */ + S3("s3", "s3", S3Storage.class); /** * code diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/S3Storage.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/S3Storage.java index 45c04722..192d9445 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/S3Storage.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/S3Storage.java @@ -17,25 +17,36 @@ */ package cn.topiam.employee.common.storage.impl; +import java.io.InputStream; +import java.net.URI; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; +import java.time.Duration; + +import org.apache.commons.lang3.StringUtils; +import org.hibernate.validator.constraints.URL; +import org.jetbrains.annotations.NotNull; + +import cn.topiam.employee.common.jackjson.encrypt.JsonPropertyEncrypt; import cn.topiam.employee.common.storage.AbstractStorage; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; + +import lombok.Data; +import lombok.EqualsAndHashCode; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; + +import jakarta.validation.constraints.NotEmpty; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; import software.amazon.awssdk.core.sync.RequestBody; -import software.amazon.awssdk.core.waiters.WaiterResponse; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.*; -import software.amazon.awssdk.services.s3.waiters.S3Waiter; - -import java.io.InputStream; -import java.net.URI; -import java.net.URL; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; +import software.amazon.awssdk.services.s3.presigner.S3Presigner; +import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest; +import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest; +import static cn.topiam.employee.common.constant.StorageConstants.URL_REGEXP; /** * S3 协议实现 @@ -46,86 +57,55 @@ import java.nio.charset.StandardCharsets; @Slf4j public class S3Storage extends AbstractStorage { - private final S3Client s3Client; + private final S3Client s3Client; - private final StorageConfig.Config config; + private final S3Presigner s3Presigner; + + private final Config s3Config; public S3Storage(StorageConfig config) { super(config); - // 创建连接 - - // 凭证 - AwsBasicCredentials creds; - this.config = config.getConfig(); - try { - // 阿里云 - if (this.config instanceof AliYunOssStorage.Config) { - String accessKeyId = ((AliYunOssStorage.Config) this.config).getAccessKeyId(); - String accessKeySecret = ((AliYunOssStorage.Config) this.config) - .getAccessKeySecret(); - String endpoint = ((AliYunOssStorage.Config) this.config).getEndpoint(); - creds = AwsBasicCredentials.create(accessKeyId, accessKeySecret); - this.s3Client = S3Client.builder() - .serviceConfiguration(b -> b.checksumValidationEnabled(false)) - .credentialsProvider(StaticCredentialsProvider.create(creds)) - .endpointOverride(new URI(endpoint)).build(); - } - // MiniO - else if (this.config instanceof MinIoStorage.Config) { - String accessKey = ((MinIoStorage.Config) this.config).getAccessKey(); - String secretKey = ((MinIoStorage.Config) this.config).getSecretKey(); - String endpoint = ((MinIoStorage.Config) this.config).getEndpoint(); - creds = AwsBasicCredentials.create(accessKey, secretKey); - this.s3Client = S3Client.builder() - .serviceConfiguration(b -> b.checksumValidationEnabled(false)) - .credentialsProvider(StaticCredentialsProvider.create(creds)) - .endpointOverride(new URI(endpoint)).build(); - } - // 七牛云 - else if (this.config instanceof QiNiuKodoStorage.Config) { - String accessKey = ((QiNiuKodoStorage.Config) this.config).getAccessKey(); - String secretKey = ((QiNiuKodoStorage.Config) this.config).getSecretKey(); - String domain = this.config.getDomain(); - creds = AwsBasicCredentials.create(accessKey, secretKey); - this.s3Client = S3Client.builder() - .serviceConfiguration(b -> b.checksumValidationEnabled(false)) - .credentialsProvider(StaticCredentialsProvider.create(creds)) - .endpointOverride(new URI(domain)).build(); - } - // 腾讯云 - else if (this.config instanceof TencentCosStorage.Config) { - String secretId = ((TencentCosStorage.Config) this.config).getSecretId(); - String secretKey = ((TencentCosStorage.Config) this.config).getSecretKey(); - String domain = this.config.getDomain(); - String region = ((TencentCosStorage.Config) this.config).getRegion(); - creds = AwsBasicCredentials.create(secretId, secretKey); - this.s3Client = S3Client.builder() - .serviceConfiguration(b -> b.checksumValidationEnabled(false)) - .credentialsProvider(StaticCredentialsProvider.create(creds)) - .region(Region.of(region)).endpointOverride(new URI(domain)).build(); - } - // 错误 - else { - throw new StorageProviderException("s3Client initialize exception"); - } - createBucket(getBucket()); - } catch (Exception e) { - log.error("s3Client initialize exception: {}", e.getMessage(), e); - throw new StorageProviderException("s3Client initialize exception", e); - } + // 获取客户端 + this.s3Config = (Config) this.config.getConfig(); + this.s3Client = getS3Client(); + this.s3Presigner = getS3Presigner(); + createBucket(); } - private void createBucket(String bucket) throws Exception { + private S3Client getS3Client() { + return S3Client.builder().serviceConfiguration(b -> b.checksumValidationEnabled(false)) + .credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials + .create(s3Config.getAccessKeyId(), s3Config.getSecretAccessKey()))) + .region(getRegion()).endpointOverride(URI.create(s3Config.getEndpoint())).build(); + } + + private S3Presigner getS3Presigner() { + return S3Presigner.builder().region(getRegion()) + .endpointOverride(URI.create(s3Config.getEndpoint())) + .credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials + .create(s3Config.getAccessKeyId(), s3Config.getSecretAccessKey()))) + .build(); + } + + /** + * 创建Bucket + */ + protected void createBucket() { try { - // 创建bucket - S3Waiter s3Waiter = this.s3Client.waiter(); - CreateBucketRequest bucketRequest = CreateBucketRequest.builder().bucket(bucket).build(); // 获取bucket是否存在 - this.s3Client.createBucket(bucketRequest); - HeadBucketRequest bucketRequestWait = HeadBucketRequest.builder().bucket(bucket).build(); - WaiterResponse waiterResponse = s3Waiter - .waitUntilBucketExists(bucketRequestWait); - waiterResponse.matched().response().ifPresent(System.out::println); + HeadBucketRequest bucketRequestWait = HeadBucketRequest.builder() + .bucket(this.s3Config.getBucket()).build(); + s3Client.headBucket(bucketRequestWait); + } catch (S3Exception se) { + if (se.statusCode() == 404) { + // 创建bucket + CreateBucketRequest bucketRequest = CreateBucketRequest.builder() + .bucket(this.s3Config.getBucket()).build(); + this.s3Client.createBucket(bucketRequest); + } else { + log.error("查询bucket是否存在异常:[{}]", se.getMessage(), se); + throw se; + } } catch (Exception e) { log.error("create bucket exception: {}", e.getMessage(), e); throw new StorageProviderException("create bucket exception", e); @@ -136,57 +116,76 @@ public class S3Storage extends AbstractStorage { public String upload(@NotNull String fileName, InputStream inputStream) throws StorageProviderException { try { - super.upload(fileName, inputStream); - String bucket = getBucket(); - String key = this.config.getLocation() + SEPARATOR + getFileName(fileName); - // 写object - PutObjectRequest putOb = PutObjectRequest.builder().bucket(bucket).key(key).build(); - this.s3Client.putObject(putOb, - RequestBody.fromInputStream(inputStream, inputStream.readAllBytes().length)); - return this.config.getDomain() + SEPARATOR + bucket + SEPARATOR + String key = s3Config.getLocation() + SEPARATOR + getFileName(fileName); + PutObjectRequest putOb = PutObjectRequest.builder().bucket(s3Config.getBucket()) + .key(key).build(); + this.s3Client.putObject(putOb, RequestBody.fromBytes(inputStream.readAllBytes())); + return this.s3Config.getDomain() + SEPARATOR + URLEncoder.encode(key, StandardCharsets.UTF_8).replaceAll("\\+", "%20"); } catch (Exception e) { - log.error("s3Client upload exception: {}", e.getMessage(), e); - throw new StorageProviderException("s3Client upload exception", e); + log.error("[{}] upload exception: {}", this.config.getProvider(), e.getMessage(), e); + throw new StorageProviderException("upload exception", e); } } @Override public String download(String path) throws StorageProviderException { try { - super.download(path); - String bucket = getBucket(); - GetUrlRequest request = GetUrlRequest.builder().bucket(bucket).key(path).build(); - - URL url = this.s3Client.utilities().getUrl(request); - return url.toString(); + GetObjectRequest getObjectRequest = GetObjectRequest.builder() + .bucket(this.s3Config.getBucket()).key(path).build(); + GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder() + .signatureDuration(Duration.ofSeconds(EXPIRY_SECONDS)) + .getObjectRequest(getObjectRequest).build(); + PresignedGetObjectRequest presignedGetObjectRequest = s3Presigner + .presignGetObject(getObjectPresignRequest); + String downloadUrl = presignedGetObjectRequest.url().toString(); + return downloadUrl.replace(this.s3Config.getEndpoint(), this.s3Config.getDomain()); } catch (Exception e) { - log.error("s3Client download exception: {}", e.getMessage(), e); - throw new StorageProviderException("s3Client download exception", e); + log.error("[{}] download exception: {}", this.config.getProvider(), e.getMessage(), e); + throw new StorageProviderException("download exception", e); } } - private String getBucket() { - String bucket = ""; - if (this.config instanceof AliYunOssStorage.Config) { - bucket = ((AliYunOssStorage.Config) this.config).getBucket(); + private Region getRegion() { + if (StringUtils.isNotBlank(s3Config.getRegion())) { + return Region.of(s3Config.getRegion()); } - // MiniO - else if (this.config instanceof MinIoStorage.Config) { - bucket = ((MinIoStorage.Config) this.config).getBucket(); - } - // 七牛云 - else if (this.config instanceof QiNiuKodoStorage.Config) { - bucket = ((QiNiuKodoStorage.Config) this.config).getBucket(); - } - // 腾讯云 - else if (this.config instanceof TencentCosStorage.Config) { - bucket = ((TencentCosStorage.Config) this.config).getBucket(); - } - // 错误 - else { - throw new StorageProviderException("getBucket exception"); - } - return bucket; + return Region.AWS_GLOBAL; + } + + @EqualsAndHashCode(callSuper = true) + @Data + public static class Config extends StorageConfig.Config { + + /** + * AccessKeyId + */ + @NotEmpty(message = "AccessKeyId不能为空") + private String accessKeyId; + + /** + * SecretAccessKey + */ + @JsonPropertyEncrypt + @NotEmpty(message = "SecretAccessKey不能为空") + private String secretAccessKey; + + /** + * endpoint + */ + @URL(message = "Endpoint格式不正确", regexp = URL_REGEXP) + @NotEmpty(message = "Endpoint不能为空") + private String endpoint; + + /** + * bucket + */ + @NotEmpty(message = "Bucket不能为空") + private String bucket; + + /** + * Region + */ + private String region; } } diff --git a/eiam-console/src/main/console-fe/src/pages/setting/Storage/StorageProvider.tsx b/eiam-console/src/main/console-fe/src/pages/setting/Storage/StorageProvider.tsx index 67847f09..60519887 100644 --- a/eiam-console/src/main/console-fe/src/pages/setting/Storage/StorageProvider.tsx +++ b/eiam-console/src/main/console-fe/src/pages/setting/Storage/StorageProvider.tsx @@ -32,6 +32,7 @@ import AliCloudOss from './components/AliCloud'; import MinIO from './components/MinIo'; import QiQiuKodo from './components/QiNiu'; import TencentCos from './components/Tencent'; +import S3 from './components/S3'; import { Container } from '@/components/Container'; import { useIntl } from '@umijs/max'; @@ -239,12 +240,19 @@ const Storage = () => { id: 'pages.setting.storage_provider.provider.minio', }), }, + { + value: OssProvider.S3, + label: intl.formatMessage({ + id: 'pages.setting.storage_provider.provider.s3', + }), + }, ]} /> {provider === OssProvider.ALIYUN_OSS && } {provider === OssProvider.TENCENT_COS && } {provider === OssProvider.QINIU_KODO && } {provider === OssProvider.MINIO && } + {provider === OssProvider.S3 && } )} diff --git a/eiam-console/src/main/console-fe/src/pages/setting/Storage/components/S3/index.tsx b/eiam-console/src/main/console-fe/src/pages/setting/Storage/components/S3/index.tsx new file mode 100644 index 00000000..23580e02 --- /dev/null +++ b/eiam-console/src/main/console-fe/src/pages/setting/Storage/components/S3/index.tsx @@ -0,0 +1,120 @@ +/* + * eiam-console - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +import { ProFormText } from '@ant-design/pro-components'; +import { useIntl } from '@umijs/max'; + +export default () => { + const intl = useIntl(); + return ( + <> + + + + + + + + ); +}; diff --git a/eiam-console/src/main/console-fe/src/pages/setting/Storage/constant.ts b/eiam-console/src/main/console-fe/src/pages/setting/Storage/constant.ts index 041547e3..bee29a72 100644 --- a/eiam-console/src/main/console-fe/src/pages/setting/Storage/constant.ts +++ b/eiam-console/src/main/console-fe/src/pages/setting/Storage/constant.ts @@ -26,6 +26,7 @@ export enum OssProvider { QINIU_KODO = 'qiniu_kodo', LOCAL = 'local', MINIO = 'minio', + S3 = 's3', } export enum Language { ZH = 'zh', diff --git a/eiam-console/src/main/console-fe/src/pages/setting/Storage/locales/zh-CN.ts b/eiam-console/src/main/console-fe/src/pages/setting/Storage/locales/zh-CN.ts index 39699ffb..90318df8 100644 --- a/eiam-console/src/main/console-fe/src/pages/setting/Storage/locales/zh-CN.ts +++ b/eiam-console/src/main/console-fe/src/pages/setting/Storage/locales/zh-CN.ts @@ -97,4 +97,29 @@ export default { 'pages.setting.storage_provider.minio.endpoint.rule.0.message': 'MinIO Endpoint为必填项', 'pages.setting.storage_provider.minio.bucket.placeholder': '请输入MinIO Bucket', 'pages.setting.storage_provider.minio.bucket.rule.0.message': 'MinIO Bucket为必填项', + 'pages.setting.storage_provider.provider.s3': 'S3', + 'pages.setting.storage_provider.provider.s3.endpoint': 'S3 域名', + 'pages.setting.storage_provider.provider.s3.endpoint.placeholder': + '请输入 S3 域名', + 'pages.setting.storage_provider.provider.qiniu_kodo.endpoint.rule.0.message': + '七牛云Kodo S3 域名为必填项', + 'pages.setting.storage_provider.provider.s3.domain': '外链域名', + 'pages.setting.storage_provider.provider.s3.domain.placeholder': + '请输入S3 外链域名', + 'pages.setting.storage_provider.provider.s3.domain.rule.0.message': + 'S3 外链域名为必填项', + 'pages.setting.storage_provider.provider.s3.access_key_id.placeholder': + '请输入S3 AccessKeyId', + 'pages.setting.storage_provider.provider.s3.access_key_id.rule.0.message': + 'S3 AccessKeyId为必填项', + 'pages.setting.storage_provider.provider.s3.secret_access_key.placeholder': + '请输入S3 SecretAccessKey', + 'pages.setting.storage_provider.provider.s3.secret_access_key.rule.0.message': + 'S3 SecretAccessKey为必填项', + 'pages.setting.storage_provider.provider.s3.region.placeholder': + '请输入S3 Region', + 'pages.setting.storage_provider.provider.s3.bucket.placeholder': + '请输入S3 Bucket', + 'pages.setting.storage_provider.provider.s3.bucket.rule.0.message': + 'S3 Bucket为必填项', }; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java index f934ed0a..273d247f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java @@ -33,10 +33,7 @@ import cn.topiam.employee.common.jackjson.encrypt.EncryptionModule; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; import cn.topiam.employee.common.storage.enums.StorageProvider; -import cn.topiam.employee.common.storage.impl.AliYunOssStorage; -import cn.topiam.employee.common.storage.impl.MinIoStorage; -import cn.topiam.employee.common.storage.impl.QiNiuKodoStorage; -import cn.topiam.employee.common.storage.impl.TencentCosStorage; +import cn.topiam.employee.common.storage.impl.*; import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult; import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam; import cn.topiam.employee.support.validation.ValidationUtils; @@ -120,6 +117,21 @@ public interface StorageSettingConverter { unencryptedConfig.setSecretKey(param.getConfig().getString("secretKey")); checkStorage(MinIoStorage::new, unencryptedConfig); } + //S3 + else if (provider.equals(StorageProvider.S3)) { + S3Storage.Config config = objectMapper.readValue(param.getConfig().toJSONString(), + S3Storage.Config.class); + config.setEndpoint(getUrl(config.getEndpoint())); + config.setDomain(getUrl(config.getDomain())); + builder.config(config); + validateEntity(ValidationUtils.validateEntity(config)); + + S3Storage.Config unencryptedConfig = new S3Storage.Config(); + BeanUtils.copyProperties(config, unencryptedConfig); + unencryptedConfig + .setSecretAccessKey(param.getConfig().getString("secretAccessKey")); + checkStorage(S3Storage::new, unencryptedConfig); + } entity.setName(STORAGE_PROVIDER_KEY); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java new file mode 100644 index 00000000..687503f4 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java @@ -0,0 +1,105 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.controller; + +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.audit.annotation.Audit; +import cn.topiam.employee.audit.event.type.EventType; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; +import cn.topiam.employee.portal.service.AppAccountService; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.preview.Preview; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.AllArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用账户资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 21:06 + */ +@Validated +@Tag(name = "应用账户") +@RestController +@AllArgsConstructor +@RequestMapping(value = APP_PATH + "/account", produces = MediaType.APPLICATION_JSON_VALUE) +public class AppAccountController { + + /** + * 获取应用账户列表 + * + * @param appId {@link String} + * @return {@link } + */ + @Operation(summary = "获取应用账户") + @GetMapping("/appId/{appId}") + public ApiRestResult getAppAccountList(@PathVariable String appId) { + AppAccount appAccount = appAccountService.getAppAccount(Long.valueOf(appId)); + return ApiRestResult.ok(appAccount); + } + + /** + * 创建应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "创建应用账户") + @Audit(type = EventType.ADD_APP_ACCOUNT) + @PostMapping(value = "/create") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult createAppAccount(@RequestBody @Validated AppAccountRequest param) { + return ApiRestResult. builder().result(appAccountService.createAppAccount(param)) + .build(); + } + + /** + * 删除应用账户 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "删除应用账户") + @Audit(type = EventType.DELETE_APP_ACCOUNT) + @DeleteMapping(value = "/delete/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult deleteAppAccount(@PathVariable(value = "id") String id) { + return ApiRestResult. builder().result(appAccountService.deleteAppAccount(id)) + .build(); + } + + /** + * AppAccountService + */ + private final AppAccountService appAccountService; + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java new file mode 100644 index 00000000..1c6b4598 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java @@ -0,0 +1,51 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.converter; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; + +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; + +/** + * 应用账户映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:08 + */ +@Mapper(componentModel = "spring") +public interface AppAccountConverter { + + /** + * 应用账户新增参数转换应用账户实体 + * + * @param param {@link AppAccountRequest} + * @return {@link AppAccountEntity} + */ + @Mapping(target = "userId", ignore = true) + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppAccountEntity appAccountRequestConvertToEntity(AppAccountRequest param); + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java new file mode 100644 index 00000000..120f91fe --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java @@ -0,0 +1,55 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.pojo.request; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * AppAccountRequest 应用账户新增入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 22:13 + */ +@Data +@Schema(description = "应用账户新增入参") +public class AppAccountRequest { + + /** + * 应用ID + */ + @Schema(description = "应用ID") + @NotNull(message = "应用ID不能为空") + private Long appId; + + /** + * 账户名称 + */ + @Schema(description = "账户名称") + @NotBlank(message = "账户名称不能为空") + private String account; + + /** + * 账户密码 + */ + @Schema(description = "账户密码") + private String password; +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java new file mode 100644 index 00000000..782085a0 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java @@ -0,0 +1,53 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.service; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:07 + */ +public interface AppAccountService { + + /** + * 新增应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + Boolean createAppAccount(AppAccountRequest param); + + /** + * 删除应用账户 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deleteAppAccount(String id); + + /** + * 获取应用账户 + * @param appId {@link Long} + * @return {@link AppAccount} + */ + AppAccount getAppAccount(Long appId); +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java new file mode 100644 index 00000000..b9f6488a --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java @@ -0,0 +1,134 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.service.impl; + +import java.nio.charset.StandardCharsets; +import java.util.Optional; + +import org.apache.commons.codec.binary.Base64; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.alibaba.excel.util.StringUtils; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.common.exception.app.AppAccountExistException; +import cn.topiam.employee.common.jackjson.encrypt.EncryptContextHelp; +import cn.topiam.employee.common.repository.app.AppAccountRepository; +import cn.topiam.employee.portal.converter.AppAccountConverter; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; +import cn.topiam.employee.portal.service.AppAccountService; +import cn.topiam.employee.support.exception.TopIamException; +import cn.topiam.employee.support.security.util.SecurityUtils; + +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:07 + */ +@Service +@Slf4j +@AllArgsConstructor +public class AppAccountServiceImpl implements AppAccountService { + + /** + * 新增应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createAppAccount(AppAccountRequest param) { + Optional optional = appAccountRepository + .findByAppIdAndUserId(param.getAppId(), Long.valueOf(SecurityUtils.getCurrentUserId())); + if (optional.isPresent()) { + throw new AppAccountExistException(); + } + AppAccountEntity entity = appAccountConverter.appAccountRequestConvertToEntity(param); + //密码不为空 + if (!StringUtils.isBlank(param.getPassword())) { + Base64 base64 = new Base64(); + String password = new String(base64.decode(param.getPassword()), + StandardCharsets.UTF_8); + entity.setPassword(EncryptContextHelp.encrypt(password)); + } + appAccountRepository.save(entity); + AuditContext.setTarget( + Target.builder().id(entity.getUserId().toString()).type(TargetType.USER).build(), + Target.builder().id(entity.getAccount()).type(TargetType.APPLICATION_ACCOUNT).build(), + Target.builder().id(entity.getAppId().toString()).type(TargetType.APPLICATION).build()); + return true; + } + + /** + * 删除应用账户 + * + * @param id {@link Long} + * @return {@link String} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deleteAppAccount(String id) { + Optional optional = appAccountRepository.findById(Long.valueOf(id)); + //管理员不存在 + if (optional.isEmpty()) { + AuditContext.setContent("删除失败,应用账户不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } + appAccountRepository.deleteById(Long.valueOf(id)); + AuditContext.setTarget( + Target.builder().id(optional.get().getId().toString()).type(TargetType.USER).build(), + Target.builder().id(optional.get().getAppId().toString()).type(TargetType.APPLICATION) + .build()); + return true; + } + + @Override + public AppAccount getAppAccount(Long appId) { + Optional optional = appAccountRepository.findByAppIdAndUserId(appId, + Long.valueOf(SecurityUtils.getCurrentUserId())); + if (optional.isPresent()) { + AppAccountEntity entity = optional.get(); + AppAccount account = new AppAccount(); + account.setAppId(entity.getAppId()); + account.setAccount(entity.getAccount()); + return account; + } + return null; + } + + /** + * AppAccountConverter + */ + private final AppAccountConverter appAccountConverter; + + /** + * AppAccountRepository + */ + private final AppAccountRepository appAccountRepository; +}