Merge remote-tracking branch 'origin/bug/BUG-7071' into dev

2023-11-13 17:19:32 +08:00 · 2023-11-13 17:19:32 +08:00 · 9a0cb573e3
commit 9a0cb573e3
parent c7260e39f0 666b9344b7
4 changed files with 46 additions and 35 deletions
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java
@ -1,5 +1,6 @@
 package cn.axzo.tyr.server.config;

+import cn.hutool.core.thread.NamedThreadFactory;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -24,11 +25,9 @@ public class ExecutorConfig {
    @Bean
    public ExecutorService authExecutor() {
        new ThreadPoolExecutor.CallerRunsPolicy();
-        int coreSize = Runtime.getRuntime()
-                .availableProcessors() < 4  ? Runtime.getRuntime().availableProcessors() * 4
-                : Runtime.getRuntime().availableProcessors();
-        ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, coreSize * 4, 60, TimeUnit.SECONDS,
-                new ArrayBlockingQueue<>(1), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new  ThreadPoolExecutor.CallerRunsPolicy() {
+        int coreSize = 5;
+        ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 30, 60, TimeUnit.SECONDS,
+                new ArrayBlockingQueue<>(50), new NamedThreadFactory("TYR-AUTH-EXECUTOR-", false), new  ThreadPoolExecutor.CallerRunsPolicy() {
            @Override
            public void rejectedExecution(Runnable r, ThreadPoolExecutor executor) {
                log.warn("auth executor rejected , use caller runs");
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
@ -568,7 +568,7 @@ public class PermissionPointServiceImpl implements PermissionPointService {
        List<SaasFeature> currentFeatrureList = saasFeatureDao.list(new LambdaQueryWrapper<SaasFeature>()
                .eq(SaasFeature::getFeatureCode, featureCode)
                .eq(StrUtil.isNotBlank(terminal), SaasFeature::getTerminal, terminal));
-        //button过滤减少查询
+        //button过滤-如果全是按钮则不查子级
        Set<String> pathsWithoutButton = currentFeatrureList.stream()
                .filter(f -> !BUTTON.sameCode(f.getFeatureType()))
                .map(SaasFeature::getPath)
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@ -4,6 +4,7 @@ import cn.axzo.basics.common.BeanMapper;
 import cn.axzo.basics.common.util.AssertUtil;
 import cn.axzo.framework.domain.ServiceException;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.pokonyan.util.TraceSupplier;
 import cn.axzo.thrones.client.saas.ServicePkgClient;
 import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
 import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
@ -15,25 +16,12 @@ import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
 import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
 import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
 import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
-import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
-import cn.axzo.tyr.client.model.req.IdentityAuthReq;
-import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
-import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
-import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
-import cn.axzo.tyr.client.model.req.OUWorkspacePair;
-import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
+import cn.axzo.tyr.client.model.req.*;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
 import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
-import cn.axzo.tyr.server.repository.entity.ProductFeatureInfo;
-import cn.axzo.tyr.server.repository.entity.ProductFeatureQuery;
-import cn.axzo.tyr.server.repository.entity.RolePermission;
-import cn.axzo.tyr.server.repository.entity.SaasFeature;
-import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
-import cn.axzo.tyr.server.repository.entity.SaasRole;
-import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
-import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
+import cn.axzo.tyr.server.repository.entity.*;
 import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
 import cn.axzo.tyr.server.service.PermissionPointService;
 import cn.axzo.tyr.server.service.ProductFeatureRelationService;
@ -48,7 +36,6 @@ import cn.hutool.core.date.StopWatch;
 import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
-import com.alibaba.fastjson.JSON;
 import com.google.common.collect.Lists;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
@ -57,16 +44,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;

-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
@ -533,12 +511,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
        result.setOuId(req.getOuId());
        result.setWorkspaceId(req.getWorkspaceId());

+        StopWatch watch = StopWatch.create("listIdentityFromPermission");
        //code查询权限点信息
+        watch.start("listNodeWithChildrenByCode");
        List<SaasFeature> features = permissionPointService.listNodeWithChildrenByCode(req.getFeatureCode(), req.getTerminal());
+        watch.stop();
+        if (CollectionUtil.isEmpty(features)) {
+            log.warn("------trace-L-I-F-P----> no features found for:{}", req.getFeatureCode());
+            return result;
+        }
        Set<Long> featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet());
        log.info("------trace-L-I-F-P----> features need to check:{}", featureIds);
        //权限匹配 - 工作台是否有指定权限
+        watch.start("matchWorkspaceFeature");
        Set<Long> matchedFeatureIds = matchWorkspaceFeature(req.getWorkspaceId(), req.getWorkspaceJoinType(), featureIds);
+        watch.stop();
        if (CollectionUtil.isEmpty(matchedFeatureIds)) {
            log.warn("------trace-L-I-F-P----> no matched feature in workspace");
            return result;
@ -557,7 +544,10 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
        }

        //从相关角色查询用户-超管和普通角色
+        watch.start("getUsersFromRole");
        List<ListIdentityFromPermissionResp.UserVO> users = getUsersFromRole(req, matchedFeatureIds);
+        watch.stop();
+        watch.prettyPrint(TimeUnit.MILLISECONDS);
        result.setUsers(users);
        return result;
    }
@ -585,9 +575,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
    private List<ListIdentityFromPermissionResp.UserVO> getUsersFromRole(ListIdentityFromPermissionReq req, Set<Long> featureIds) {
        Long ouId = req.getOuId();
        Long workspaceId = req.getWorkspaceId();
-
+        StopWatch watch = StopWatch.create("getUsersFromRole");
        //查询OU-工作台下的角色-含superAdmin
+        watch.start("listForOUWorkspace");
        List<SaasRole> roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType());
+        watch.stop();
        List<Long> roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList());
        log.info("------trace-L-I-F-P----> roles from ou-workspace:{}", roleIds);
        if (CollectionUtil.isEmpty(roleList)) {
@ -596,9 +588,12 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
        }

        //查询角色及权限
+        watch.start("roleService.getByIds");
        List<SaasRoleVO> rolePermissions = roleService.getByIds(roleIds,
                null, Lists.newArrayList(workspaceId), Lists.newArrayList(ouId), true);
+        watch.stop();
        //计算角色实际的权限 - 匹配请求的权限  --> 实际拥有权限的角色
+        watch.start("filterMatchFeature");
        List<SaasRoleVO> matchedRoleList = new ArrayList<>();
        for (SaasRoleVO rolePermission : rolePermissions) {
            List<PermissionPointTreeNode> filterFeature = rolePermission.getMatchFeature(workspaceId, ouId);
@ -609,8 +604,10 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                log.info("------trace-L-I-F-P----> not matched role:{}", rolePermission.getId());
            }
        }
+        watch.stop();

        //查询角色下用户
+        watch.start("roleUserService.listByRoleIds");
        List<Long> matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList());
        //追加工作台超管
        Set<Long> superAdmins = roleList
@ -626,6 +623,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
        }

        List<SaasRoleUserRelation> relationList = roleUserService.listByRoleIds(matchedRoleIds, ouId, workspaceId);
+        watch.stop();
        //构建用户-去重(identityId-identityType)
        List<ListIdentityFromPermissionResp.UserVO> users = new ArrayList<>();
        Set<String> filterSet = new HashSet<>();
@ -638,23 +636,34 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                users.add(user);
            }
        }
+        watch.prettyPrint(TimeUnit.MILLISECONDS);
        return users;
    }

    @Override
    public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> reqList) {
        //异步处理
+        StopWatch watch = StopWatch.create("batchListIdentityFromPermission");
+        watch.start("addFuture");
        List<CompletableFuture<ListIdentityFromPermissionResp>> futureList = new ArrayList<>();
        for (ListIdentityFromPermissionReq req : reqList) {
-            CompletableFuture<ListIdentityFromPermissionResp> future = CompletableFuture.supplyAsync(
-                    () -> this.listIdentityFromPermission(req), executor);
+            long start = System.currentTimeMillis();
+            CompletableFuture<ListIdentityFromPermissionResp> future = CompletableFuture.supplyAsync(TraceSupplier.create(() -> {
+                ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req);
+                log.info("------trace-B-L-I-F-P----> code:{},task cost:{}", req.getFeatureCode(), System.currentTimeMillis() - start);
+                return resp;
+            }), executor);
            futureList.add(future);
        }
+        watch.stop();

        List<ListIdentityFromPermissionResp> result = new ArrayList<>();
+        watch.start("collectResult");
        for (CompletableFuture<ListIdentityFromPermissionResp> future : futureList) {
            result.add(future.join());
        }
+        watch.stop();
+        watch.prettyPrint(TimeUnit.MILLISECONDS);

        return result;
    }
--- a/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java
+++ b/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java
@ -1,8 +1,11 @@
 package cn.axzo.tyr.server.permission;

 import cn.axzo.tyr.client.model.permission.PermissionPointVO;
+import cn.hutool.core.date.StopWatch;
 import org.junit.Test;

+import java.util.concurrent.TimeUnit;
+
 /**
 * @version V1.0
 * @author: ZhanSiHu