Compare commits
14 Commits
a5c0695488
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
0eb6426a99 | ||
|
|
743b2bbda9 | ||
|
|
9fc17d2940 | ||
|
|
41bb344e97 | ||
|
|
cddd74db2a | ||
|
|
69dba26b73 | ||
|
|
206431ccb0 | ||
| 62f8219d30 | |||
|
|
2daec6b123 | ||
|
|
7e19ba4d06 | ||
|
|
58951ff9b6 | ||
|
|
9124256f01 | ||
|
|
7f69eebedf | ||
|
|
e00e7f3e5e |
@@ -50,7 +50,7 @@ jobs:
|
||||
VOLUME /tmp
|
||||
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
|
||||
RUN echo 'Asia/Shanghai' > /etc/timezone
|
||||
ADD ./*.jar /app.jar
|
||||
ADD ./target/*.jar /app.jar
|
||||
ENTRYPOINT ["java","-jar","/app.jar"]
|
||||
EOF
|
||||
echo "Dockerfile内容:"
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,2 +1,3 @@
|
||||
/.idea/
|
||||
/target/
|
||||
/log/
|
||||
|
||||
18
pom.xml
18
pom.xml
@@ -62,17 +62,11 @@
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- Jackson -->
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
<artifactId>jackson-databind</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Hutool (aligned with aida_seller 5.8.26) -->
|
||||
<!-- Hutool -->
|
||||
<dependency>
|
||||
<groupId>cn.hutool</groupId>
|
||||
<artifactId>hutool-all</artifactId>
|
||||
<version>5.8.26</version>
|
||||
<version>5.8.23</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Redis (for token blacklist) -->
|
||||
@@ -100,6 +94,12 @@
|
||||
<artifactId>spring-boot-starter-actuator</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Spring Boot Logging(显式引入,确保 logback 正确初始化) -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-logging</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Knife4j Gateway Aggregation -->
|
||||
<dependency>
|
||||
<groupId>com.github.xiaoymin</groupId>
|
||||
@@ -145,6 +145,8 @@
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<!-- 强制工作目录为模块根目录,确保 ./log 指向项目目录而非 Maven 安装目录 -->
|
||||
<workingDirectory>${project.basedir}</workingDirectory>
|
||||
<excludes>
|
||||
<exclude>
|
||||
<groupId>org.projectlombok</groupId>
|
||||
|
||||
@@ -19,5 +19,13 @@ public class GatewayAuthProperties {
|
||||
|
||||
private List<String> ignorePaths;
|
||||
|
||||
/**
|
||||
* 可选认证路径:token 有则解析并写入下游请求头,无则放行。
|
||||
* 与 ignorePaths 的区别:ignorePaths 完全跳过认证逻辑;
|
||||
* optionalAuthPaths 仍然尝试解析 token,有 token 时正常写入 X-User-Id / X-User-Info,
|
||||
* 无 token 时才放行,确保已登录用户的信息能正确传递。
|
||||
*/
|
||||
private List<String> optionalAuthPaths;
|
||||
|
||||
private boolean blacklistEnabled = true;
|
||||
}
|
||||
|
||||
@@ -65,24 +65,43 @@ public class GlobalAuthWebFilter implements WebFilter, Ordered {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
|
||||
// 2. 白名单直接放行
|
||||
// 2. 白名单直接放行(完全跳过认证)
|
||||
if (isIgnoredPath(path)) {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
|
||||
// 3. 提取 token
|
||||
// 3. 可选认证路径:token 有则解析,无则放行
|
||||
if (isOptionalAuthPath(path)) {
|
||||
String rawHeader = exchange.getRequest().getHeaders()
|
||||
.getFirst(authProperties.getJwtTokenHeader());
|
||||
if (StrUtil.isBlank(rawHeader)) {
|
||||
// 无 token,直接放行,不写任何 header
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
// 有 token,正常走解析流程(复用下面的验证逻辑)
|
||||
return processTokenWithAuthCheck(exchange, chain, rawHeader);
|
||||
}
|
||||
|
||||
// 4. 其他路径:必须有 token
|
||||
String rawHeader = exchange.getRequest().getHeaders()
|
||||
.getFirst(authProperties.getJwtTokenHeader());
|
||||
if (StrUtil.isBlank(rawHeader)) {
|
||||
return writeUnauthorized(exchange, AuthConstants.MSG_MISSING_TOKEN);
|
||||
}
|
||||
return processTokenWithAuthCheck(exchange, chain, rawHeader);
|
||||
}
|
||||
|
||||
/**
|
||||
* 统一的 token 解析与认证流程:解析 JWT → 黑名单检查 → 写入下游 header。
|
||||
* 专供可选认证路径中有 token 的情况,以及普通路径的鉴权。
|
||||
*/
|
||||
private Mono<Void> processTokenWithAuthCheck(ServerWebExchange exchange, WebFilterChain chain, String rawHeader) {
|
||||
String token = rawHeader;
|
||||
if (rawHeader.startsWith(authProperties.getJwtTokenPrefix())) {
|
||||
token = rawHeader.substring(authProperties.getJwtTokenPrefix().length());
|
||||
}
|
||||
|
||||
// 4. JWT 签名验证
|
||||
// JWT 签名验证
|
||||
Claims claims;
|
||||
try {
|
||||
claims = parseToken(token);
|
||||
@@ -91,7 +110,7 @@ public class GlobalAuthWebFilter implements WebFilter, Ordered {
|
||||
return writeUnauthorized(exchange, AuthConstants.MSG_TOKEN_EXPIRED);
|
||||
}
|
||||
|
||||
// 5. 解析用户信息
|
||||
// 解析用户信息
|
||||
AuthPrincipalVo principal;
|
||||
try {
|
||||
principal = objectMapper.readValue(claims.getSubject(), AuthPrincipalVo.class);
|
||||
@@ -104,7 +123,7 @@ public class GlobalAuthWebFilter implements WebFilter, Ordered {
|
||||
return writeUnauthorized(exchange, AuthConstants.MSG_INVALID_TOKEN);
|
||||
}
|
||||
|
||||
// 6. 黑名单检查(仅当启用时)
|
||||
// 黑名单检查
|
||||
if (authProperties.isBlacklistEnabled()) {
|
||||
String blacklistKey = AuthConstants.BLACKLIST_PREFIX + principal.getId();
|
||||
return redisTemplate.hasKey(blacklistKey).flatMap(isBlacklisted -> {
|
||||
@@ -151,6 +170,18 @@ public class GlobalAuthWebFilter implements WebFilter, Ordered {
|
||||
return false;
|
||||
}
|
||||
|
||||
private boolean isOptionalAuthPath(String requestUri) {
|
||||
if (authProperties.getOptionalAuthPaths() == null) {
|
||||
return false;
|
||||
}
|
||||
for (String pattern : authProperties.getOptionalAuthPaths()) {
|
||||
if (pathMatcher.match(pattern, requestUri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private Claims parseToken(String token) {
|
||||
SecretKey key = buildSigningKey();
|
||||
return Jwts.parser()
|
||||
|
||||
@@ -50,6 +50,12 @@ spring:
|
||||
uri: http://18.167.251.121:9994
|
||||
predicates:
|
||||
- Path=/python/**
|
||||
- id: aida-buyer
|
||||
uri: lb://aida-buyer
|
||||
predicates:
|
||||
- Path=/buyer/**
|
||||
filters:
|
||||
- StripPrefix=1
|
||||
# ---------- Knife4j 网关聚合配置 ----------
|
||||
knife4j:
|
||||
gateway:
|
||||
@@ -67,6 +73,11 @@ knife4j:
|
||||
service-name: aida-seller
|
||||
context-path: /seller
|
||||
order: 2
|
||||
- name: 买家端服务 (Buyer)
|
||||
url: /buyer/v3/api-docs
|
||||
service-name: aida-buyer
|
||||
context-path: /buyer
|
||||
order: 3
|
||||
|
||||
# ---------- Gateway JWT 认证(gateway 独有) ----------
|
||||
gateway:
|
||||
@@ -144,5 +155,7 @@ gateway:
|
||||
- /aida/api/stripe/trade/notify
|
||||
# Notification
|
||||
- /notification/**
|
||||
|
||||
logging:
|
||||
# buyer
|
||||
- /buyer/account/**
|
||||
- /buyer/designer/shop/**
|
||||
- /buyer/designer/search
|
||||
|
||||
@@ -2,11 +2,9 @@
|
||||
<configuration>
|
||||
<include resource="org/springframework/boot/logging/logback/defaults.xml" />
|
||||
|
||||
<!-- 日志存放路径(可通过环境变量覆盖) -->
|
||||
<property name="log.path" value="${LOG_PATH:-./log}" />
|
||||
<!-- 各服务独立文件名 -->
|
||||
<property name="log.file.name" value="aida-gateway" />
|
||||
|
||||
<!-- 日志存放路径 -->
|
||||
<property name="log.path" value="./log" />
|
||||
<!-- 日志输出格式 -->
|
||||
<property name="log.pattern.console" value="${CONSOLE_LOG_PATTERN:-%clr(%d{${LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}" />
|
||||
<property name="log.pattern.file" value="${FILE_LOG_PATTERN:-%d{${LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}} ${LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%15t] %-40.40logger{39} : %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}" />
|
||||
|
||||
@@ -19,26 +17,25 @@
|
||||
|
||||
<!-- Info 日志文件 -->
|
||||
<appender name="file_info" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
||||
<file>${log.path}/${log.file.name}-info.log</file>
|
||||
<file>${log.path}/aida-gateway-info.log</file>
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<fileNamePattern>${log.path}/${log.file.name}-info.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<fileNamePattern>${log.path}/aida-gateway-info.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>60</maxHistory>
|
||||
</rollingPolicy>
|
||||
<encoder>
|
||||
<pattern>${log.pattern.file}</pattern>
|
||||
</encoder>
|
||||
<filter class="ch.qos.logback.classic.filter.LevelFilter">
|
||||
<level>ERROR</level>
|
||||
<onMatch>DENY</onMatch>
|
||||
<onMismatch>ACCEPT</onMismatch>
|
||||
<onMatch>ACCEPT</onMatch>
|
||||
<onMismatch>DENY</onMismatch>
|
||||
</filter>
|
||||
</appender>
|
||||
|
||||
<!-- Error 日志文件 -->
|
||||
<appender name="file_error" class="ch.qos.logback.core.rolling.RollingFileAppender">
|
||||
<file>${log.path}/${log.file.name}-error.log</file>
|
||||
<file>${log.path}/aida-gateway-error.log</file>
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<fileNamePattern>${log.path}/${log.file.name}-error.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<fileNamePattern>${log.path}/aida-gateway-error.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>60</maxHistory>
|
||||
</rollingPolicy>
|
||||
<encoder>
|
||||
@@ -51,14 +48,16 @@
|
||||
</filter>
|
||||
</appender>
|
||||
|
||||
<!-- 服务日志级别控制(由 Nacos 的 logging.level 统一管理,此处仅作兜底) -->
|
||||
<logger name="com.aida.gateway" level="${LOG_LEVEL_GATEWAY:-info}" />
|
||||
<!-- Spring 框架日志 -->
|
||||
<!-- 服务模块日志级别控制 -->
|
||||
<logger name="com.aida.gateway" level="debug" />
|
||||
<!-- Spring 日志级别控制 -->
|
||||
<logger name="org.springframework" level="warn" />
|
||||
<logger name="org.springframework.cloud.gateway" level="warn" />
|
||||
|
||||
<root level="${LOG_LEVEL_ROOT:-info}">
|
||||
<root level="info">
|
||||
<appender-ref ref="console" />
|
||||
</root>
|
||||
|
||||
<root level="info">
|
||||
<appender-ref ref="file_info" />
|
||||
<appender-ref ref="file_error" />
|
||||
</root>
|
||||
|
||||
Reference in New Issue
Block a user