From caf0fd97468eb23f20d68622d2def234dcad7be8 Mon Sep 17 00:00:00 2001
From: fengshuonan <sn93@qq.com>
Date: Fri, 18 Dec 2020 11:04:25 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90auth=E3=80=91=E6=9B=B4=E6=96=B0?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C=E5=92=8Ctoken=E6=A0=A1?=
 =?UTF-8?q?=E9=AA=8C=E7=9A=84=E9=80=BB=E8=BE=91=EF=BC=8C=E4=B8=80=E9=83=A8?=
 =?UTF-8?q?=E5=88=86=E4=B8=9A=E5=8A=A1=E6=8A=BD=E5=87=BA=E6=9D=A5=E6=94=BE?=
 =?UTF-8?q?=E5=88=B0=E4=BA=86=E9=A1=B9=E7=9B=AE=E7=9A=84=E6=8B=A6=E6=88=AA?=
 =?UTF-8?q?=E5=99=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../roses/kernel/auth/api/AuthServiceApi.java |  2 +-
 .../kernel/auth/auth/AuthServiceImpl.java     | 27 ++++++----------
 .../permission/PermissionServiceImpl.java     | 31 +++++++------------
 3 files changed, 22 insertions(+), 38 deletions(-)

diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java
index d3d0535fd..1f4e1a87e 100644
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java
@@ -75,7 +75,7 @@ public interface AuthServiceApi {
      * <p>
      * 第一，校验用户的token是否过期
      * <p>
-     * 第二，校验用户的session是否失效，但是记住我的session失效后会自动创建session，之道jwt失效后
+     * 第二，校验用户的session是否失效，但是记住我的session失效后会自动创建session，直到jwt失效后
      *
      * @param token      用户登陆的token
      * @param requestUrl 被校验的url
diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
index af9634e2e..3bbc1c22e 100644
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@@ -15,8 +15,6 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.jwt.api.context.JwtContext;
 import cn.stylefeng.roses.kernel.jwt.api.exception.JwtException;
 import cn.stylefeng.roses.kernel.jwt.api.pojo.payload.DefaultJwtPayload;
-import cn.stylefeng.roses.kernel.resource.api.pojo.resource.ResourceDefinition;
-import cn.stylefeng.roses.kernel.resource.api.pojo.resource.ResourceUrlParam;
 import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
 import cn.stylefeng.roses.kernel.system.ResourceServiceApi;
 import cn.stylefeng.roses.kernel.system.UserServiceApi;
@@ -91,35 +89,28 @@ public class AuthServiceImpl implements AuthServiceApi {
     @Override
     public void checkAuth(String token, String requestUrl) {
 
-        // 1. 获取url对应的资源信息ResourceDefinition
-        ResourceUrlParam resourceUrlReq = new ResourceUrlParam();
-        resourceUrlReq.setUrl(requestUrl);
-        ResourceDefinition resourceDefinition = resourceServiceApi.getResourceByUrl(resourceUrlReq);
-
-        // 2. 如果此接口不需要权限校验或者查询到资源为空，则放开过滤
-        if (resourceDefinition == null || !resourceDefinition.getRequiredLogin()) {
-            return;
+        // 1. 校验token是否传参
+        if (StrUtil.isEmpty(token)) {
+            throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR);
         }
 
-        // 3. 如果当前接口需要鉴权，则校验用户token是否正确，校验失败会抛出异常
-        if (resourceDefinition.getRequiredLogin()) {
-            this.validateToken(token);
-        }
+        // 2. 校验用户token是否正确，校验失败会抛出异常
+        this.validateToken(token);
 
-        // 4. 如果token校验通过，获取token的payload，以及是否开启了记住我功能
+        // 3. 如果token校验通过，获取token的payload，以及是否开启了记住我功能
         DefaultJwtPayload defaultPayload = JwtContext.me().getDefaultPayload(token);
         Boolean rememberMe = defaultPayload.getRememberMe();
 
-        // 5. 获取用户的当前会话信息
+        // 4. 获取用户的当前会话信息
         LoginUser loginUser = sessionManagerApi.getSession(token);
 
-        // 6. 如果开了记住我，但是会话为空，则创建一次会话信息
+        // 5. 如果开了记住我，但是会话为空，则创建一次会话信息
         if (rememberMe && loginUser == null) {
             UserLoginInfoDTO userLoginInfo = userServiceApi.getUserLoginInfo(defaultPayload.getAccount());
             sessionManagerApi.createSession(token, userLoginInfo.getLoginUser());
         }
 
-        // 7. 如果会话信息为空，则判定此次校验失败
+        // 6. 如果会话信息为空，则判定此次校验失败
         if (loginUser == null) {
             throw new AuthException(AuthExceptionEnum.AUTH_ERROR);
         }
diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java
index 8da8db19a..6853a1677 100644
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/permission/PermissionServiceImpl.java
@@ -1,11 +1,11 @@
 package cn.stylefeng.roses.kernel.auth.permission;
 
+import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
+import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
-import cn.stylefeng.roses.kernel.resource.api.pojo.resource.ResourceDefinition;
-import cn.stylefeng.roses.kernel.resource.api.pojo.resource.ResourceUrlParam;
 import cn.stylefeng.roses.kernel.system.ResourceServiceApi;
 import org.springframework.stereotype.Service;
 
@@ -33,31 +33,24 @@ public class PermissionServiceImpl implements PermissionServiceApi {
     @Override
     public void checkPermission(String token, String requestUrl) {
 
-        // 1. 获取url对应的资源信息ResourceDefinition
-        ResourceUrlParam resourceUrlReq = new ResourceUrlParam();
-        resourceUrlReq.setUrl(requestUrl);
-        ResourceDefinition resourceDefinition = resourceServiceApi.getResourceByUrl(resourceUrlReq);
-
-        // 2. 如果此接口不需要权限校验或者查询到资源为空，则放开过滤
-        if (resourceDefinition == null || !resourceDefinition.getRequiredPermission()) {
-            return;
+        // 1. 校验token是否传参
+        if (StrUtil.isEmpty(token)) {
+            throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR);
         }
 
-        // 3. 获取token对应的用户信息
+        // 2. 获取token对应的用户信息
         LoginUser session = sessionManagerApi.getSession(token);
         if (session == null) {
             throw new AuthException(TOKEN_ERROR);
         }
 
-        // 4. 如果需要权限认证，验证用户有没有当前url的权限
-        if (resourceDefinition.getRequiredPermission()) {
-            Set<String> resourceUrls = session.getResourceUrls();
-            if (resourceUrls == null || resourceUrls.size() == 0) {
+        // 3. 验证用户有没有当前url的权限
+        Set<String> resourceUrls = session.getResourceUrls();
+        if (resourceUrls == null || resourceUrls.size() == 0) {
+            throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
+        } else {
+            if (!resourceUrls.contains(requestUrl)) {
                 throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
-            } else {
-                if (!resourceUrls.contains(requestUrl)) {
-                    throw new AuthException(PERMISSION_RES_VALIDATE_ERROR);
-                }
             }
         }
     }