From 1e7f7580fd882fdadd4a345585fcdf1168471e69 Mon Sep 17 00:00:00 2001
From: zzs <hi@lnbiuc.copm>
Date: Thu, 31 Oct 2024 14:16:48 +0800
Subject: [PATCH] fix:gateway ready

---
 .../ensigngateway/conf/ProxyFilter.java       | 30 +++++----
 .../src/main/resources/application.yml        |  8 ++-
 .../controller/crm/AuthAuthController.java    | 25 ++++++--
 .../crm/controller/crm/ProxyController.java   | 61 ++++++++++---------
 4 files changed, 76 insertions(+), 48 deletions(-)

diff --git a/ensign-gateway/src/main/java/com/ensign/ensigngateway/conf/ProxyFilter.java b/ensign-gateway/src/main/java/com/ensign/ensigngateway/conf/ProxyFilter.java
index 6038fdb..295d07b 100644
--- a/ensign-gateway/src/main/java/com/ensign/ensigngateway/conf/ProxyFilter.java
+++ b/ensign-gateway/src/main/java/com/ensign/ensigngateway/conf/ProxyFilter.java
@@ -1,8 +1,7 @@
 package com.ensign.ensigngateway.conf;
 
-import com.alibaba.fastjson2.JSON;
-import com.alibaba.fastjson2.JSONObject;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
@@ -14,6 +13,9 @@ import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
+import java.util.Arrays;
+import java.util.List;
+
 /**
  * @Description: TODO
  * @Date: 2024/10/28 15:20
@@ -37,7 +39,16 @@ public class ProxyFilter implements GlobalFilter {
         String userId = exchange.getRequest().getHeaders().getFirst("userid");
         if (path.startsWith("/ierp/kapi/")) {
             log.info("userId: {}", userId);
+            List<String> unauthorizedPaths = Arrays.asList(
+                    "/ierp/kapi/v2/yem/yem_receipt/yem_crm_marketactivity/getMarketactivities",
+                    "/ierp/kapi/v2/yem/yem_crmbasic/yem_crm_region/CRM_yem_crm_region",
+                    "/ierp/kapi/v2/yem/yem_receipt/api/MarketQRCodeAdd"
+            );
+            if (StringUtils.isEmpty(userId)&& unauthorizedPaths.stream().anyMatch(unPath -> unPath.equals(path))) {
+                userId = "1";
+            }
 
+            String finalUserId = userId;
             return webClient.get()
                     .uri(authUrl + "/crm-api/auth")  // 替换为实际的 API 地址
                     .header("userId", userId)
@@ -50,16 +61,11 @@ public class ProxyFilter implements GlobalFilter {
                     .bodyToMono(String.class)
                     .flatMap(responseBody -> {
                         log.info("Authorization response: {}", responseBody);
-                        JSONObject respJson = JSON.parseObject(responseBody);
-                        Integer code = respJson.getInteger("code");
-                        if (code == 0) {
-                            String token = respJson.getString("data");
-                            exchange.getRequest().mutate()
-                                    .header("access_token", token)
-                                    .header("userid", userId)
-                                    .build();
-                            log.info("token: {}", token);
-                        }
+                        exchange.getRequest().mutate()
+                                .header("access_token", responseBody)
+                                .header("userid", finalUserId)
+                                .build();
+                        log.info("token: {}", responseBody);
                         return chain.filter(exchange);
                     })
                     .onErrorResume(e -> {
diff --git a/ensign-gateway/src/main/resources/application.yml b/ensign-gateway/src/main/resources/application.yml
index df8c290..ecd2503 100644
--- a/ensign-gateway/src/main/resources/application.yml
+++ b/ensign-gateway/src/main/resources/application.yml
@@ -6,18 +6,22 @@ spring:
     gateway:
 
       routes:
-        - id: proxy_route
+        - id: proxy_route # ??????
           uri: ${kingdee.test-inner-end-point}
           predicates:
             - Path=/crm-api/proxy/do/**
           filters:
             - RewritePath=/crm-api/proxy/do/(?<segment>.*), /${segment}
 
-        - id: system-app-api
+        - id: system-app-api # ??CRM????
           uri: http://127.0.0.1:38080
           predicates:
             - Path=/admin-api/**
 
+        - id: crm-api-proxy # ????????
+          uri: http://127.0.0.1:38080
+          predicates:
+            - Path=/crm-api/proxy/file/**
   servlet:
     multipart:
       max-file-size: 20MB
diff --git a/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/AuthAuthController.java b/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/AuthAuthController.java
index e8b0a5d..7832307 100644
--- a/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/AuthAuthController.java
+++ b/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/AuthAuthController.java
@@ -1,14 +1,18 @@
 package com.ensign.crm.module.crm.controller.crm;
 
-import com.ensign.crm.framework.common.pojo.CommonResult;
 import com.ensign.crm.module.crm.service.ProxyService;
+import com.ensign.crm.module.system.service.permission.PermissionService;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.security.PermitAll;
+import javax.servlet.http.HttpServletRequest;
 
 
 /**
@@ -25,16 +29,29 @@ public class AuthAuthController {
     @Autowired
     private ProxyService proxyService;
 
+    @Autowired
+    private PermissionService permissionService;
+
     @GetMapping("/auth")
     @PermitAll
-    public CommonResult<String> auth() {
+    public ResponseEntity<String> auth(HttpServletRequest request) {
         String accessToken = null;
+        String userid = request.getHeader("userid");
+        if (StringUtils.isBlank(userid)) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
+        if (!"1".equals(userid)) {
+            boolean hassed = permissionService.hasAnyPermissions(Long.valueOf(userid), "crm:proxy:all");
+            if (!hassed) {
+                return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+            }
+        }
         try {
             accessToken = proxyService.initAccessToken();
         } catch (Exception e) {
             log.error(e.getMessage(), e);
-            return CommonResult.error(500, e.getMessage());
+            return ResponseEntity.status(500).body(e.getMessage());
         }
-        return CommonResult.success(accessToken);
+        return ResponseEntity.ok(accessToken);
     }
 }
diff --git a/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/ProxyController.java b/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/ProxyController.java
index 5138b09..caf4421 100644
--- a/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/ProxyController.java
+++ b/ensign-module-crm/ensign-module-crm-biz/src/main/java/com/ensign/crm/module/crm/controller/crm/ProxyController.java
@@ -1,6 +1,5 @@
 package com.ensign.crm.module.crm.controller.crm;
 
-import com.ensign.crm.framework.common.pojo.CommonResult;
 import com.ensign.crm.module.crm.exception.AllKingdeeException;
 import com.ensign.crm.module.crm.service.ProxyService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -10,8 +9,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
-import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.security.PermitAll;
 import javax.servlet.http.HttpServletRequest;
@@ -42,12 +43,12 @@ public class ProxyController {
         proxyService.doProxy(request, response);
     }
 
-    @PostMapping(value = "/file/do/**")
-    @Operation(summary = "转发接口_文件")
-    @PreAuthorize("@ss.hasPermission('crm:proxy:all')")
-    public CommonResult<Object> proxyFile(HttpServletRequest request, MultipartFile file) throws IOException, URISyntaxException, AllKingdeeException {
-        return CommonResult.success(proxyService.doProxyFile(request, file));
-    }
+//    @PostMapping(value = "/file/do/**")
+//    @Operation(summary = "转发接口_文件")
+//    @PreAuthorize("@ss.hasPermission('crm:proxy:all')")
+//    public CommonResult<Object> proxyFile(HttpServletRequest request, MultipartFile file) throws IOException, URISyntaxException, AllKingdeeException {
+//        return CommonResult.success(proxyService.doProxyFile(request, file));
+//    }
 
     @GetMapping("/file/read/do")
     @PermitAll
@@ -56,27 +57,27 @@ public class ProxyController {
         proxyService.doGetImage(path, response);
     }
 
-    @RequestMapping(value = "/unauth/do/**", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-    @Operation(summary = "转发接口")
-    @PermitAll
-    public void proxyUnAuth(HttpServletRequest request, HttpServletResponse response) throws IOException, URISyntaxException {
-        String requestURI = request.getRequestURI();
-        String[] unAuthPath = new String[]{
-                // 市场活动详情
-                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_receipt/yem_crm_marketactivity/getMarketactivities",
-
-                // 获取机型
-                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_crmbasic/yem_crm_region/CRM_yem_crm_region",
-
-                // 活动登记
-                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_receipt/api/MarketQRCodeAdd"
-        };
-        if (isAuthorized(requestURI, unAuthPath)) {
-            proxyService.doProxy(request, response);
-        } else {
-            response.sendError(HttpServletResponse.SC_FORBIDDEN);
-        }
-    }
+//    @RequestMapping(value = "/unauth/do/**", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+//    @Operation(summary = "转发接口")
+//    @PermitAll
+//    public void proxyUnAuth(HttpServletRequest request, HttpServletResponse response) throws IOException, URISyntaxException {
+//        String requestURI = request.getRequestURI();
+//        String[] unAuthPath = new String[]{
+//                // 市场活动详情
+//                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_receipt/yem_crm_marketactivity/getMarketactivities",
+//
+//                // 获取机型
+//                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_crmbasic/yem_crm_region/CRM_yem_crm_region",
+//
+//                // 活动登记
+//                "/crm-api/proxy/unauth/do/ierp/kapi/v2/yem/yem_receipt/api/MarketQRCodeAdd"
+//        };
+//        if (isAuthorized(requestURI, unAuthPath)) {
+//            proxyService.doProxy(request, response);
+//        } else {
+//            response.sendError(HttpServletResponse.SC_FORBIDDEN);
+//        }
+//    }
 
     private boolean isAuthorized(String requestURI, String[] unAuthPath) {
         for (String path : unAuthPath) {