接口访问鉴权

src/main/java/day/gitlab/dolphin/magic/constants/BizConstants.java

@@ -25,7 +25,18 @@ public class BizConstants {
     public static final String AUTH_0104 = AUTH_01 + "04";
 
     /** 业务：鉴权 */
-    public static final String AUTH_02 = "010200";
+    public static final String AUTH_02 = "0102";
     /** 错误：鉴权-无权限 */
     public static final String AUTH_0201 = AUTH_02 + "01";
+
+    /** 业务：登录 */
+    public static final String AUTH_03 = "0103";
+    /** 错误：登录-参数 */
+    public static final String AUTH_0301 = AUTH_03 + "01";
+    /** 错误：认证-用户名或密码错误 */
+    public static final String AUTH_0302 = AUTH_03 + "02";
+    /** 错误：认证-用户锁定 */
+    public static final String AUTH_0303 = AUTH_03 + "03";
+    /** 错误：认证-用户禁用 */
+    public static final String AUTH_0304 = AUTH_03 + "04";
 }

src/main/java/day/gitlab/dolphin/magic/interceptor/AuthorizeInterceptor.java

@@ -0,0 +1,78 @@
+package day.gitlab.dolphin.magic.interceptor;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import day.gitlab.dolphin.magic.constants.BizConstants;
+import day.gitlab.dolphin.magic.model.AccessTokenInfo;
+import day.gitlab.dolphin.magic.model.UserDetails;
+import day.gitlab.dolphin.magic.util.Result;
+import org.dromara.hutool.core.text.StrUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+import org.ssssssss.magicapi.core.interceptor.RequestInterceptor;
+import org.ssssssss.magicapi.core.model.ApiInfo;
+import org.ssssssss.magicapi.core.model.Options;
+import org.ssssssss.magicapi.core.servlet.MagicHttpServletRequest;
+import org.ssssssss.magicapi.core.servlet.MagicHttpServletResponse;
+import org.ssssssss.script.MagicScriptContext;
+
+import java.io.Serializable;
+import java.util.List;
+
+@Component
+public class AuthorizeInterceptor implements RequestInterceptor {
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @Override
+    public Object preHandle(ApiInfo info, MagicScriptContext context, MagicHttpServletRequest request, MagicHttpServletResponse response) throws Exception {
+        // 不需要登录的方法
+        String requireLogin = info.getOptionValue(Options.REQUIRE_LOGIN);
+        if (!"true".equals(requireLogin)) {
+            return null;
+        }
+        // 验证登录-获取accessToken
+        String accessToken = request.getHeader("Access-Token");
+        if (StrUtil.isBlank(accessToken)) {
+            return Result.biz(BizConstants.AUTH_0101, null);
+        }
+        // 验证accessToken是否有效
+        String accessTokenInfoStr = stringRedisTemplate.opsForValue().get("dolphin:authorize:access_token:" + accessToken);
+        if (StrUtil.isBlank(accessTokenInfoStr)) {
+            return Result.biz(BizConstants.AUTH_0101, null);
+        }
+        AccessTokenInfo accessTokenInfo = objectMapper.readValue(accessTokenInfoStr, AccessTokenInfo.class);
+        Serializable userId = accessTokenInfo.getId();
+        String userDetailsStr = stringRedisTemplate.opsForValue().get("dolphin:authorize:user:" + userId);
+        if (StrUtil.isBlank(userDetailsStr)) {
+            return Result.biz(BizConstants.AUTH_0101, null);
+        }
+        UserDetails userDetails = objectMapper.readValue(userDetailsStr, UserDetails.class);
+        // 验证角色
+        String role = info.getOptionValue(Options.ROLE);
+        if (!StrUtil.isBlank(role)) {
+            role = role.trim();
+
+            List<String> userRoles = userDetails.getRoles();
+            if (userRoles == null || !userRoles.contains(role)) {
+                return Result.biz(BizConstants.AUTH_0201, null);
+            }
+        }
+        // 验证权限
+        String permission = info.getOptionValue(Options.PERMISSION);
+        if (!StrUtil.isBlank(permission)) {
+            permission = permission.trim();
+
+            List<String> userPermissions = userDetails.getPermissions();
+            if (userPermissions == null || !userPermissions.contains(permission)) {
+                return Result.biz(BizConstants.AUTH_0201, null);
+            }
+        }
+
+        return null;
+    }
+}

src/main/java/day/gitlab/dolphin/magic/model/AccessTokenInfo.java

@@ -0,0 +1,15 @@
+package day.gitlab.dolphin.magic.model;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+@Data
+public class AccessTokenInfo {
+
+    /** 用户ID */
+    private Serializable id;
+
+    /** 用户名 */
+    private String username;
+}

src/main/java/day/gitlab/dolphin/magic/model/RefreshTokenInfo.java

@@ -0,0 +1,16 @@
+package day.gitlab.dolphin.magic.model;
+
+import lombok.Data;
+
+@Data
+public class RefreshTokenInfo {
+
+    /** 访问令牌 */
+    private String accessToken;
+
+    /** 刷新令牌 */
+    private String refreshToken;
+
+    /** 客户端ID */
+    private String clientId;
+}

src/main/java/day/gitlab/dolphin/magic/model/UserDetails.java

@@ -0,0 +1,22 @@
+package day.gitlab.dolphin.magic.model;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.List;
+
+@Data
+public class UserDetails {
+
+    private Serializable id;
+
+    private String username;
+
+    private String nickname;
+
+    private String password;
+
+    private List<String> roles;
+
+    private List<String> permissions;
+}

src/main/resources/lang/messages.properties

@@ -19,3 +19,11 @@ biz.010103=Invalid token
 biz.010104=Token refresh failed
 # 业务：认证授权-鉴权失败
 biz.010201=Forbidden
+# 业务：登录-用户名或密码不能为空
+biz.010301=Username or password cannot be empty
+# 业务：登录-用户名或密码错误
+biz.010302=Username or password error
+# 业务：登录-用户被锁定，请稍后重试
+biz.010303=User is locked, please try again later
+# 业务：登录-用户被禁用
+biz.010304=User is disabled

src/main/resources/lang/messages_zh_CN.properties

@@ -19,3 +19,11 @@ biz.010103=令牌无效
 biz.010104=令牌刷新失败
 # 业务：认证授权-鉴权失败
 biz.010201=无权限
+# 业务：登录-用户名或密码不能为空
+biz.010301=用户名或密码不能为空
+# 业务：登录-用户名或密码错误
+biz.010302=用户名或密码错误
+# 业务：登录-用户被锁定，请稍后重试
+biz.010303=用户被锁定，请稍后重试
+# 业务：登录-用户被禁用
+biz.010304=用户被禁用