wangli/axzo-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix pjp args injection

Browse Source
This commit is contained in:
Gao Wei 2022-06-11 20:44:18 +08:00
parent 0cf031c7da
commit 6829fc1429
1 changed files with 50 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
axzo-auth-spring-boot-starter/src/main/java/cn/axzo/framework/auth/service/ContextInfoBuilderAspect.java
View File

@ -67,15 +67,40 @@ public class ContextInfoBuilderAspect {
}
AuthException.error(Objects.nonNull(httpRequest), "httpRequest cant be null, this is error");
fillInContextInfoDetail(httpRequest, pjp);
Object[] args = parseContextInfoAndReturnArgs(httpRequest, pjp);
try {
return pjp.proceed();
return pjp.proceed(args);
} finally {
ContextInfoHolder.clear();
}
}
public void fillInContextInfoDetail(HttpServletRequest request, ProceedingJoinPoint pjp) {
public Object[] parseContextInfoAndReturnArgs(HttpServletRequest request, ProceedingJoinPoint pjp) {
// 把ContextInfo注入到函数的入参中
MethodSignature methodSignature = (MethodSignature) pjp.getSignature();
Method method = methodSignature.getMethod();
Class<?>[] parameterTypes = method.getParameterTypes();
Object[] pjpArgs = pjp.getArgs();
ContextInfo contextInfo = fillContextInfoByRequest(request);
if (contextInfo == null)
return pjpArgs;
for (int i = 0; i < parameterTypes.length; i++) {
if (parameterTypes[i].isAssignableFrom(ContextInfo.class)) {
pjpArgs[i] = contextInfo;
break;
}
}
return pjpArgs;
}
/**
*
* @param request
* @return 如果在本地环境junit测试状态下返回null
*/
private ContextInfo fillContextInfoByRequest(HttpServletRequest request) {
ContextInfo contextInfo = new ContextInfo();
fillContextInfoWithRequest(contextInfo, request);
@ -86,7 +111,7 @@ public class ContextInfoBuilderAspect {
// 如果本地环境 有两种如果是postman类型调用手动调用pudge
if (CharSequenceUtil.isEmpty(contextInfo.getToken())) {
// 硬逻辑 如果不携带token 可理解为junit测试 这里不覆盖 Userinfo的信息
return;
return null;
}
userinfoJson = getUserInfoFromPudge(contextInfo, request);
} else {
@ -106,18 +131,7 @@ public class ContextInfoBuilderAspect {
// 把ContextInfo放到ThreadLocal中
ContextInfoHolder.set(contextInfo);
// 把ContextInfo注入到函数的入参中
MethodSignature methodSignature = (MethodSignature) pjp.getSignature();
Method method = methodSignature.getMethod();
Class<?>[] parameterTypes = method.getParameterTypes();
Object[] pjpArgs = pjp.getArgs();
for (int i = 0; i < parameterTypes.length; i++) {
if (parameterTypes[i].isAssignableFrom(ContextInfo.class)) {
contextInfo = (ContextInfo) pjpArgs[i];
break;
}
}
return contextInfo;
}
public String getUserInfoFromPudge(ContextInfo contextInfo, HttpServletRequest originalRequest) {
@ -130,18 +144,18 @@ public class ContextInfoBuilderAspect {
try {
HttpRequest request = HttpRequest.get(url).header(AuthConstants.HEADER_TOKEN, contextInfo.getToken())
.header(AuthConstants.HEADER_TERMINAL, contextInfo.getTerminalInfo().getRawTerminalString())
.header(AuthConstants.HEADER_REQUEST_CODE, "") //本地调试传个空
.header(AuthConstants.HEADER_REQUEST_CODE, "") // 本地调试传个空
.header(AuthConstants.HEADER_SAAS_TENANT_ID, contextInfo.getSaasTenantId().toString());
//期待未来前端补齐header之后删掉这一行以及相关代码
request = request.header(LegacyGuessMissedReq.HEADER_LEGACY_GUESS, buildLegacyGuessMissedReqString(contextInfo, originalRequest));
//为什么会用HEADER_ORIGINAL_URI
//现在有一些项目级企业级我不确定是否能通过现有的terminal header能做清晰界定
//有的URI是归属于企业级的有的归属于项目级guess=newTerminalString
//有的URI缺少部分header是正常的我就没必要guess有的有必要
// 期待未来前端补齐header之后删掉这一行以及相关代码
request = request.header(LegacyGuessMissedReq.HEADER_LEGACY_GUESS,
buildLegacyGuessMissedReqString(contextInfo, originalRequest));
// 为什么会用HEADER_ORIGINAL_URI
// 现在有一些项目级企业级我不确定是否能通过现有的terminal header能做清晰界定
// 有的URI是归属于企业级的有的归属于项目级guess=newTerminalString
// 有的URI缺少部分header是正常的我就没必要guess有的有必要
String response = request.execute().body();
// 使用token获取用户信息
AuthException.error(CharSequenceUtil.isNotEmpty(response), "not find user by token from pudge");
@ -167,7 +181,7 @@ public class ContextInfoBuilderAspect {
req.setHeaderTenantId(contextInfo.getTenantId());
req.setHeaderWorkspaceId(contextInfo.getWorkspaceId());
req.setRequestParamProjectId(StrUtil.nullSafeParseLong(originalRequest.getParameter("projectId")));
return JSONUtil.toJsonStr(req);
}
@ -219,7 +233,7 @@ public class ContextInfoBuilderAspect {
BeanUtil.fillBeanWithMap(map, userInfo, false);
contextInfo.setUserInfo(userInfo);
fillLegacyGuess(contextInfo, map);
contextInfo.buildCustomInfoByUserInfo(new UserInfoMap(map));
@ -229,22 +243,23 @@ public class ContextInfoBuilderAspect {
* 期待着前端上线之后header都补齐这些代码可以全都删掉
*
* @param contextInfo
* @param map 整个userInfoMap里面放着一个legacy guess的结果
* @param map 整个userInfoMap里面放着一个legacy guess的结果
*/
@Deprecated
private void fillLegacyGuess(ContextInfo contextInfo, Map<String, Object> map) {
LegacyGuessMissedRsp rsp = new LegacyGuessMissedRsp();
BeanUtil.fillBeanWithMap((Map<?,?>) map.get(LegacyGuessMissedRsp.MAP_KEY_FOR_RSP), rsp, false);
if(LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessSaasTenant())) {
BeanUtil.fillBeanWithMap((Map<?, ?>) map.get(LegacyGuessMissedRsp.MAP_KEY_FOR_RSP), rsp, false);
if (LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessSaasTenant())) {
contextInfo.setSaasTenantId(rsp.getSaasTenantId());
}
if(LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessTerminal())) {
contextInfo.setTerminalInfo(new TerminalInfo(contextInfo.getTerminalInfo().getRawTerminalString(), rsp.getGuessTerminal()));
if (LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessTerminal())) {
contextInfo.setTerminalInfo(
new TerminalInfo(contextInfo.getTerminalInfo().getRawTerminalString(), rsp.getGuessTerminal()));
}
if(LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessWorkspace())) {
if (LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessWorkspace())) {
contextInfo.setWorkspaceId(rsp.getWorkspaceId());
}
if(LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessOU())) {
if (LegacyGuessMissedRsp.ST_GUESS_OK.equals(rsp.getGuessOU())) {
contextInfo.setOuId(rsp.getOuId());
}
}