huangxingxing
/
adi-manager-server


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
							package com.miniframe.service;

import java.util.Date;
import java.util.Map;

import com.google.gson.Gson;
import com.miniframe.bisiness.service.LoginService;
import com.miniframe.config.Config;
import com.miniframe.core.ExecProcessFlow;
import com.miniframe.core.SearchExecProcess;
import com.miniframe.core.exception.BaseException;
import com.miniframe.core.exception.BusinessException;
import com.miniframe.core.ext.UtilTools;
import com.miniframe.tools.JwtManageUtil;
import io.jsonwebtoken.Claims;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpRequest;


//交易执行前处理流程调用
public class PreProcessFlow implements ExecProcessFlow{

	private static boolean isInit=false;
	private static String CLIENT_TOKEN="clientToken",TRANS_CODE="transCode",USERID="userId";

	static{
		///////////////////不需要做任何验证的部分/////////////////////////
		AccessCfg.addDirectTransCode("HM0000");
		AccessCfg.addDirectTransCode("HM0001");
		AccessCfg.addDirectTransCode("HM0002");
		/////////////////////////////////////////////////////////////////////////


		///////////////////设置访问都要通过令牌验证/////////////////////////
		AccessCfg.addTransCodeForUser("service","SYSUSER01");
		/////////////////////////////////////////////////////////////////////////

		///////////////////修改用户默认saltToken/////////////////////////
		AccessCfg.setUserSaltToken("service","12345678901234567890");
		/////////////////////////////////////////////////////////////////////////
	}

	private void init(){
		if(!isInit) {
			synchronized (this) {
				if (!isInit) {
					isInit = true;
					///////////////////默认所有数据库访问都要通过令牌验证/////////////////////////
					Map<String, String> execDbProcessMap = SearchExecProcess.execDbProcessMap;
					for (String dbKey : execDbProcessMap.keySet()) {
						AccessCfg.addTransCodeForUser("manager",dbKey);
					}
					/////////////////////////////////////////////////////////////////////////

					///////////////////根据需要去掉数据库某些表不开放访问/////////////////////////
					//...rmTransCodeUsers()
					/////////////////////////////////////////////////////////////////////////
				}
			}
		}
	}

	private Map checkJwt(Map map) throws BusinessException {
		String transCode=(String)map.get(TRANS_CODE);

		HttpRequest httpRequest=UtilTools.getHttpRequest();
		String authToken=httpRequest.headers().get("x-auth-token"); //从头里取
		String authUserId=httpRequest.headers().get("x-auth-user");
		String uri = UtilTools.getHttpRequest().uri();


		if(UtilTools.isNotNullAndBlank(authToken) &&  AccessCfg.accessUserMap.containsKey(authUserId)) {
			AccessCfg.AccessUser accessUser=AccessCfg.accessUserMap.get(authUserId);
			if(accessUser.hasTransCode(transCode)) {
				try {

					String saltToken = accessUser.getUserSaltToken();
					String serviceToClientSecret = accessUser.getUserSecret();

					Claims c = JwtManageUtil.parseJWT(serviceToClientSecret, authToken);
					String unidqueId = c.getId(); //唯一ID
					String issuer = c.getIssuer(); //颁发者
					String userJson = c.getSubject();  //客户身份信息

					Date issuedAt = c.getIssuedAt(); //token产生时间
					Date expiration = c.getExpiration(); //token到期时间

					//令牌过期,暂不判断
//					if(new Date().getTime()>expiration.getTime()){
//						throw new BusinessException("EB8000103");
//					}

					if (UtilTools.isNotNullAndBlank(unidqueId) && unidqueId.equals(Config.uniqueid)
							&& UtilTools.isNotNullAndBlank(issuer) && issuer.equals("XI-TECH")
							&& UtilTools.isNotNullAndBlank(saltToken)) {

						if (UtilTools.isNotNullAndBlank(userJson)) {
							JwtManageUtil.JwtUser clientUser = new Gson().fromJson(userJson, JwtManageUtil.JwtUser.class);

							if (clientUser != null && UtilTools.isNotNullAndBlank(clientUser.getUserId()) && UtilTools.isNotNullAndBlank(clientUser.getUserCrc())) {

								String computeClientUserCrc = JwtManageUtil.getMD5(authUserId + saltToken).toLowerCase();
								if (clientUser.getUserId().equals(authUserId) && clientUser.getUserCrc().toLowerCase().equals(computeClientUserCrc)) {
									return map;
								}
							}

						}
					}

				} catch (Exception e) {

				}
			}
		}
		throw new BusinessException("EB8000012");
	}
	
	//调用交易执行前处理
	@SuppressWarnings({ "rawtypes", "unchecked" })
	@Override
	public Map execute(Map map) throws Exception {
		String clientToken=(String)map.get(CLIENT_TOKEN);
		String transCode=(String)map.get(TRANS_CODE);
		String userId=(String)map.get(USERID);
		HttpRequest httpRequest=UtilTools.getHttpRequest();
		HttpHeaders headers=httpRequest.headers();
		String authToken=httpRequest.headers().get("x-auth-token");
		String authUserId=httpRequest.headers().get("x-auth-user");
		String uri = UtilTools.getHttpRequest().uri();

		//init();

		//不用验证的交易
		if(AccessCfg.filterMap.containsKey(transCode)){
			System.out.println(transCode);
			return map;
		}


		//需要验证令牌的交易，数据库交易必须在accessUserMap里添加
		if(UtilTools.isNotNullAndBlank(authUserId) && AccessCfg.accessUserMap.containsKey(authUserId)){
			System.out.println(transCode);
			return checkJwt(map);
		}

		//数据库交易这里全部不允许执行,只有在accessUserMap定义的用户和数据库交易码可以在上面验证通过执行
		//内管支持登录用户访问数据库
//		if(SearchExecProcess.execDbProcessMap.containsKey(transCode)){
//			throw new BusinessException("EB8000012");
//		}


		//验证DN ，如果不是DN ，验证用户登录
		boolean checkDn=false;
		if(UtilTools.isNotNullAndBlank(userId)){
			checkDn=LoginService.verflyDNToKen(userId,clientToken);
		}

		if(!checkDn){
			LoginService.checkSecurity(clientToken, transCode);
		}
		return map;
	}

}