org.openea.eap.module.system.service.oauth2.OAuth2ApproveServiceImpl Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of eap-module-system-biz Show documentation
Show all versions of eap-module-system-biz Show documentation
system 模块下,我们放通用业务,支撑上层的核心业务。
例如说:用户、部门、权限、数据字典等等
The newest version!
package org.openea.eap.module.system.service.oauth2;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Assert;
import org.openea.eap.framework.common.util.date.DateUtils;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2ApproveDO;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
import org.openea.eap.module.system.dal.mysql.oauth2.OAuth2ApproveMapper;
import com.google.common.annotations.VisibleForTesting;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated;
import javax.annotation.Resource;
import java.time.LocalDateTime;
import java.util.*;
import static org.openea.eap.framework.common.util.collection.CollectionUtils.convertSet;
/**
* OAuth2 批准 Service 实现类
*
*/
@Service
@Validated
public class OAuth2ApproveServiceImpl implements OAuth2ApproveService {
/**
* 批准的过期时间,默认 30 天
*/
private static final Integer TIMEOUT = 30 * 24 * 60 * 60; // 单位:秒
@Resource
private OAuth2ClientService oauth2ClientService;
@Resource
private OAuth2ApproveMapper oauth2ApproveMapper;
@Override
@Transactional
public boolean checkForPreApproval(Long userId, Integer userType, String clientId, Collection requestedScopes) {
// 第一步,基于 Client 的自动授权计算,如果 scopes 都在自动授权中,则返回 true 通过
OAuth2ClientDO clientDO = oauth2ClientService.validOAuthClientFromCache(clientId);
Assert.notNull(clientDO, "客户端不能为空"); // 防御性编程
if (CollUtil.containsAll(clientDO.getAutoApproveScopes(), requestedScopes)) {
// gh-877 - if all scopes are auto approved, approvals still need to be added to the approval store.
LocalDateTime expireTime = LocalDateTime.now().plusSeconds(TIMEOUT);
for (String scope : requestedScopes) {
saveApprove(userId, userType, clientId, scope, true, expireTime);
}
return true;
}
// 第二步,算上用户已经批准的授权。如果 scopes 都包含,则返回 true
List approveDOs = getApproveList(userId, userType, clientId);
Set scopes = convertSet(approveDOs, OAuth2ApproveDO::getScope,
OAuth2ApproveDO::getApproved); // 只保留未过期的 + 同意的
return CollUtil.containsAll(scopes, requestedScopes);
}
@Override
@Transactional
public boolean updateAfterApproval(Long userId, Integer userType, String clientId, Map requestedScopes) {
// 如果 requestedScopes 为空,说明没有要求,则返回 true 通过
if (CollUtil.isEmpty(requestedScopes)) {
return true;
}
// 更新批准的信息
boolean success = false; // 需要至少有一个同意
LocalDateTime expireTime = LocalDateTime.now().plusSeconds(TIMEOUT);
for (Map.Entry entry : requestedScopes.entrySet()) {
if (entry.getValue()) {
success = true;
}
saveApprove(userId, userType, clientId, entry.getKey(), entry.getValue(), expireTime);
}
return success;
}
@Override
public List getApproveList(Long userId, Integer userType, String clientId) {
List approveDOs = oauth2ApproveMapper.selectListByUserIdAndUserTypeAndClientId(
userId, userType, clientId);
approveDOs.removeIf(o -> DateUtils.isExpired(o.getExpiresTime()));
return approveDOs;
}
@VisibleForTesting
void saveApprove(Long userId, Integer userType, String clientId,
String scope, Boolean approved, LocalDateTime expireTime) {
// 先更新
OAuth2ApproveDO approveDO = new OAuth2ApproveDO().setUserId(userId).setUserType(userType)
.setClientId(clientId).setScope(scope).setApproved(approved).setExpiresTime(expireTime);
if (oauth2ApproveMapper.update(approveDO) == 1) {
return;
}
// 失败,则说明不存在,进行更新
oauth2ApproveMapper.insert(approveDO);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy