登录鉴权按照Source判断id来自于何处

2026-05-13 09:40:32 +08:00
parent 912d5efee7
commit daf40ab224
6 changed files with 120 additions and 20 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -25,14 +25,14 @@
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

        <mybatis-plus.version>3.5.7</mybatis-plus.version>
-        <minio.version>8.5.7</minio.version>
+        <minio.version>8.0.3</minio.version>
        <jwt.version>0.12.3</jwt.version>
-        <hutool.version>5.8.26</hutool.version>
+        <hutool.version>5.8.23</hutool.version>
        <commons-lang3.version>3.13.0</commons-lang3.version>
-        <knife4j.version>4.5.0</knife4j.version>
+        <knife4j.version>4.4.0</knife4j.version>

-        <spring-cloud-alibaba.version>2023.0.1.0</spring-cloud-alibaba.version>
-        <spring-cloud.version>2023.0.0</spring-cloud.version>
+        <spring-cloud-alibaba.version>2023.0.3.4</spring-cloud-alibaba.version>
+        <spring-cloud.version>2023.0.4</spring-cloud.version>
    </properties>

    <dependencyManagement>
@@ -92,7 +92,6 @@
        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
-            <version>8.2.0</version>
        </dependency>

        <!-- MinIO -->
--- a/src/main/java/com/aida/seller/common/context/UserContext.java
+++ b/src/main/java/com/aida/seller/common/context/UserContext.java
@@ -1,24 +1,55 @@
 package com.aida.seller.common.context;

+import com.aida.seller.common.exception.UnauthorizedException;
 import com.aida.seller.model.vo.AuthPrincipalVo;

 public class UserContext {
    private static final ThreadLocal<AuthPrincipalVo> userHolder = new ThreadLocal<>();
-
-    public static AuthPrincipalVo getUserHolder() {
-        return userHolder.get();
-    }
-
-    public static void delete() {
-        userHolder.remove();
-    }
+    private static final ThreadLocal<Boolean> optionalAuth = ThreadLocal.withInitial(() -> false);

    public static void setUserHolder(AuthPrincipalVo authPrincipalVo) {
        userHolder.set(authPrincipalVo);
    }

-    public static Long getUserId() {
+    public static void setOptionalAuth(boolean value) {
+        optionalAuth.set(value);
+    }
+
+    public static AuthPrincipalVo getUserHolder() {
        AuthPrincipalVo holder = userHolder.get();
-        return holder != null ? holder.getId() : null;
+        if (holder == null) {
+            if (optionalAuth.get()) {
+                return null;
+            }
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        if (!"AIDA".equals(holder.getSource())) {
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        return holder;
+    }
+
+    public static void delete() {
+        userHolder.remove();
+        optionalAuth.remove();
+    }
+
+    public static Long getUserId() {
+        return getUserHolder() == null ? null : getUserHolder().getId();
+    }
+
+    //买家端请求需要调用此方法获取买家id
+    public static Long getBuyerId() {
+        AuthPrincipalVo holder = userHolder.get();
+        if (holder == null) {
+            if (optionalAuth.get()) {
+                return null;
+            }
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        if (!"BUYER".equals(holder.getSource())) {
+            throw new UnauthorizedException("Gateway token verification failed");
+        }
+        return holder.getId();
    }
 }
--- a/src/main/java/com/aida/seller/common/exception/GlobalExceptionHandler.java
+++ b/src/main/java/com/aida/seller/common/exception/GlobalExceptionHandler.java
@@ -18,6 +18,15 @@ import java.util.stream.Collectors;
@RestControllerAdvice
 public class GlobalExceptionHandler {

+    @ExceptionHandler(UnauthorizedException.class)
+    public ResponseEntity<Object> handleUnauthorizedException(UnauthorizedException e) {
+        log.error("Unauthorized: {}", e.getMessage());
+        return new ResponseEntity<>(
+                Response.fail(401, e.getMessage()),
+                HttpStatus.UNAUTHORIZED
+        );
+    }
+
    @ExceptionHandler(BusinessException.class)
    public Response<?> handleBusinessException(BusinessException e) {
        log.error("业务异常: code={}, msg={}", e.getCode(), e.getMsg());
--- a/src/main/java/com/aida/seller/common/exception/UnauthorizedException.java
+++ b/src/main/java/com/aida/seller/common/exception/UnauthorizedException.java
@@ -0,0 +1,15 @@
+package com.aida.seller.common.exception;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class UnauthorizedException extends RuntimeException {
+
+    public UnauthorizedException(String message) {
+        super(message);
+    }
+
+    public UnauthorizedException() {
+        super("Gateway token verification failed");
+    }
+}
--- a/src/main/java/com/aida/seller/common/interceptor/UserContextInterceptor.java
+++ b/src/main/java/com/aida/seller/common/interceptor/UserContextInterceptor.java
@@ -3,13 +3,18 @@ package com.aida.seller.common.interceptor;
 import com.aida.seller.common.context.UserContext;
 import com.aida.seller.model.vo.AuthPrincipalVo;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.servlet.HandlerInterceptor;

+import java.util.List;
+import java.util.stream.Collectors;
+
 /**
 * 从 Gateway 转发的请求头中读取已鉴权的用户身份，写入 UserContext。
 * <p>
@@ -18,13 +23,40 @@ import org.springframework.web.servlet.HandlerInterceptor;
 */
@Slf4j
@Component
-@RequiredArgsConstructor
 public class UserContextInterceptor implements HandlerInterceptor {

    private static final String USER_ID_HEADER = "X-User-Id";
    private static final String USER_INFO_HEADER = "X-User-Info";

-    private final ObjectMapper objectMapper;
+    private final ObjectMapper objectMapper = new ObjectMapper();
+    private final AntPathMatcher pathMatcher = new AntPathMatcher();
+
+    @Value("${gateway.auth.optional-auth-paths:}")
+    private List<String> optionalAuthPaths;
+
+    private List<String> localOptionalAuthPaths;
+
+    @PostConstruct
+    public void init() {
+        localOptionalAuthPaths = optionalAuthPaths.stream()
+                .map(this::toLocalPath)
+                .collect(Collectors.toList());
+        log.info("Local optional auth paths: {}", localOptionalAuthPaths);
+    }
+
+    /**
+     * 将 Gateway 前端路径（如 /seller/listing/shop）转换为服务本地路径（如 /listing/shop）。
+     */
+    private String toLocalPath(String gatewayPath) {
+        if (gatewayPath == null) {
+            return gatewayPath;
+        }
+        if (gatewayPath.startsWith("/seller")) {
+            String local = gatewayPath.substring("/seller".length());
+            return local.isEmpty() ? "/" : local;
+        }
+        return gatewayPath;
+    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
@@ -36,10 +68,24 @@ public class UserContextInterceptor implements HandlerInterceptor {
            } catch (Exception e) {
                log.warn("Failed to parse X-User-Info header: {}", e.getMessage());
            }
+        } else if (isOptionalAuthPath(request.getRequestURI())) {
+            UserContext.setOptionalAuth(true);
        }
        return true;
    }

+    private boolean isOptionalAuthPath(String requestUri) {
+        if (localOptionalAuthPaths == null || localOptionalAuthPaths.isEmpty()) {
+            return false;
+        }
+        for (String pattern : localOptionalAuthPaths) {
+            if (pathMatcher.match(pattern, requestUri)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
                                Object handler, Exception ex) {
--- a/src/main/java/com/aida/seller/module/listing/service/ListingServiceImpl.java
+++ b/src/main/java/com/aida/seller/module/listing/service/ListingServiceImpl.java
@@ -318,7 +318,7 @@ public class ListingServiceImpl extends ServiceImpl<ListingMapper, ListingEntity
        IPage<ListingEntity> page = this.page(pageParam, queryWrapper);

        Page<ListingPageVO> result = new Page<>(page.getCurrent(), page.getSize(), page.getTotal());
-        boolean loggedIn = UserContext.getUserId() != null;
+        boolean loggedIn = UserContext.getBuyerId() != null;
        result.setRecords(page.getRecords().stream().map(entity -> {
            ListingPageVO vo = new ListingPageVO();
            BeanUtils.copyProperties(entity, vo);