WFC/be.wfc
2
0
Fork 0
Code Activity

feat: License由网关控制

Browse Source
This commit is contained in:
caiyuchao
2025-04-14 17:47:07 +08:00
parent 62d510ccdd
commit 9f398a03d9
18 changed files with 210 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wfc-auth/pom.xml
View File

@@ -62,11 +62,6 @@
<groupId>org.wfc</groupId> <groupId>org.wfc</groupId>
<artifactId>wfc-api-user</artifactId> <artifactId>wfc-api-user</artifactId>
</dependency> </dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>

5
wfc-common/wfc-common-license/pom.xml
View File

@@ -17,11 +17,6 @@
<groupId>org.wfc</groupId> <groupId>org.wfc</groupId>
<artifactId>wfc-common-core</artifactId> <artifactId>wfc-common-core</artifactId>
</dependency> </dependency>
<!-- Spring Web -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<!-- License --> <!-- License -->
<dependency> <dependency>
<groupId>de.schlichtherle.truelicense</groupId> <groupId>de.schlichtherle.truelicense</groupId>

6
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/CustomKeyStoreParam.java
View File

@@ -10,7 +10,6 @@ import java.io.InputStream;
/** /**
* 自定义KeyStoreParam用于将公私钥存储文件存放到其他磁盘位置而不是项目中 * 自定义KeyStoreParam用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*
*/ */
public class CustomKeyStoreParam extends AbstractKeyStoreParam { public class CustomKeyStoreParam extends AbstractKeyStoreParam {
@@ -22,7 +21,7 @@ public class CustomKeyStoreParam extends AbstractKeyStoreParam {
private String storePwd; private String storePwd;
private String keyPwd; private String keyPwd;
public CustomKeyStoreParam(Class clazz, String resource,String alias,String storePwd,String keyPwd) { public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
super(clazz, resource); super(clazz, resource);
this.storePath = resource; this.storePath = resource;
this.alias = alias; this.alias = alias;
@@ -49,13 +48,14 @@ public class CustomKeyStoreParam extends AbstractKeyStoreParam {
/** /**
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/> * 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/>
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中 * 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*
* @param * @param
* @return java.io.InputStream * @return java.io.InputStream
*/ */
@Override @Override
public InputStream getStream() throws IOException { public InputStream getStream() throws IOException {
final InputStream in = new FileInputStream(new File(storePath)); final InputStream in = new FileInputStream(new File(storePath));
if (null == in){ if (null == in) {
throw new FileNotFoundException(storePath); throw new FileNotFoundException(storePath);
} }

73
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/CustomLicenseManager.java
View File

@@ -25,7 +25,7 @@ import java.util.List;
* 自定义LicenseManager用于增加额外的服务器硬件信息校验 * 自定义LicenseManager用于增加额外的服务器硬件信息校验
*/ */
@Slf4j @Slf4j
public class CustomLicenseManager extends LicenseManager{ public class CustomLicenseManager extends LicenseManager {
//XML编码 //XML编码
private static final String XML_CHARSET = "UTF-8"; private static final String XML_CHARSET = "UTF-8";
@@ -42,6 +42,7 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 复写create方法 * 复写create方法
*
* @return byte[] * @return byte[]
*/ */
@Override @Override
@@ -57,6 +58,7 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 复写install方法其中validate方法调用本类中的validate方法校验IP地址、Mac地址等其他信息 * 复写install方法其中validate方法调用本类中的validate方法校验IP地址、Mac地址等其他信息
*
* @param * @param
* @return de.schlichtherle.license.LicenseContent * @return de.schlichtherle.license.LicenseContent
*/ */
@@ -68,7 +70,7 @@ public class CustomLicenseManager extends LicenseManager{
final GenericCertificate certificate = getPrivacyGuard().key2cert(key); final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate); notary.verify(certificate);
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded()); final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content); this.validate(content);
setLicenseKey(key); setLicenseKey(key);
setCertificate(certificate); setCertificate(certificate);
@@ -78,6 +80,7 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 复写verify方法调用本类中的validate方法校验IP地址、Mac地址等其他信息 * 复写verify方法调用本类中的validate方法校验IP地址、Mac地址等其他信息
*
* @param * @param
* @return de.schlichtherle.license.LicenseContent * @return de.schlichtherle.license.LicenseContent
*/ */
@@ -88,13 +91,13 @@ public class CustomLicenseManager extends LicenseManager{
// Load license key from preferences, // Load license key from preferences,
final byte[] key = getLicenseKey(); final byte[] key = getLicenseKey();
if (null == key){ if (null == key) {
throw new NoLicenseInstalledException(getLicenseParam().getSubject()); throw new NoLicenseInstalledException(getLicenseParam().getSubject());
} }
certificate = getPrivacyGuard().key2cert(key); certificate = getPrivacyGuard().key2cert(key);
notary.verify(certificate); notary.verify(certificate);
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded()); final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
this.validate(content); this.validate(content);
setCertificate(certificate); setCertificate(certificate);
@@ -103,6 +106,7 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 校验生成证书的参数信息 * 校验生成证书的参数信息
*
* @param content 证书正文 * @param content 证书正文
*/ */
protected synchronized void validateCreate(final LicenseContent content) protected synchronized void validateCreate(final LicenseContent content)
@@ -112,14 +116,14 @@ public class CustomLicenseManager extends LicenseManager{
final Date now = new Date(); final Date now = new Date();
final Date notBefore = content.getNotBefore(); final Date notBefore = content.getNotBefore();
final Date notAfter = content.getNotAfter(); final Date notAfter = content.getNotAfter();
if (null != notAfter && now.after(notAfter)){ if (null != notAfter && now.after(notAfter)) {
throw new LicenseContentException("证书失效时间不能早于当前时间"); throw new LicenseContentException("证书失效时间不能早于当前时间");
} }
if (null != notBefore && null != notAfter && notAfter.before(notBefore)){ if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
throw new LicenseContentException("证书生效时间不能晚于证书失效时间"); throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
} }
final String consumerType = content.getConsumerType(); final String consumerType = content.getConsumerType();
if (null == consumerType){ if (null == consumerType) {
throw new LicenseContentException("用户类型不能为空"); throw new LicenseContentException("用户类型不能为空");
} }
} }
@@ -127,6 +131,7 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 复写validate方法增加IP地址、Mac地址等其他信息校验 * 复写validate方法增加IP地址、Mac地址等其他信息校验
*
* @param content LicenseContent * @param content LicenseContent
*/ */
@Override @Override
@@ -138,31 +143,31 @@ public class CustomLicenseManager extends LicenseManager{
//2. 然后校验自定义的License参数 //2. 然后校验自定义的License参数
//License中可被允许的参数信息 //License中可被允许的参数信息
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra(); LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
if(expectedCheckModel != null){ if (expectedCheckModel != null) {
//当前服务器真实的参数信息 //当前服务器真实的参数信息
LicenseCheckModel serverCheckModel = getServerInfos(); LicenseCheckModel serverCheckModel = getServerInfos();
if(serverCheckModel != null){ if (serverCheckModel != null) {
//校验IP地址 //校验IP地址
if(!checkIpAddress(expectedCheckModel.getIpAddress(),serverCheckModel.getIpAddress())){ if (!checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
throw new LicenseContentException("当前服务器的IP没在授权范围内"); throw new LicenseContentException("当前服务器的IP没在授权范围内");
} }
//校验Mac地址 //校验Mac地址
if(!checkIpAddress(expectedCheckModel.getMacAddress(),serverCheckModel.getMacAddress())){ if (!checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
throw new LicenseContentException("当前服务器的Mac地址没在授权范围内"); throw new LicenseContentException("当前服务器的Mac地址没在授权范围内");
} }
//校验主板序列号 //校验主板序列号
if(!checkSerial(expectedCheckModel.getMainBoardSerial(),serverCheckModel.getMainBoardSerial())){ if (!checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
throw new LicenseContentException("当前服务器的主板序列号没在授权范围内"); throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
} }
//校验CPU序列号 //校验CPU序列号
if(!checkSerial(expectedCheckModel.getCpuSerial(),serverCheckModel.getCpuSerial())){ if (!checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内"); throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
} }
}else{ } else {
throw new LicenseContentException("不能获取服务器硬件信息"); throw new LicenseContentException("不能获取服务器硬件信息");
} }
} }
@@ -171,30 +176,31 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 重写XMLDecoder解析XML * 重写XMLDecoder解析XML
*
* @param encoded XML类型字符串 * @param encoded XML类型字符串
* @return java.lang.Object * @return java.lang.Object
*/ */
private Object load(String encoded){ private Object load(String encoded) {
BufferedInputStream inputStream = null; BufferedInputStream inputStream = null;
XMLDecoder decoder = null; XMLDecoder decoder = null;
try { try {
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET))); inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE),null,null); decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
return decoder.readObject(); return decoder.readObject();
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
e.printStackTrace(); e.printStackTrace();
} finally { } finally {
try { try {
if(decoder != null){ if (decoder != null) {
decoder.close(); decoder.close();
} }
if(inputStream != null){ if (inputStream != null) {
inputStream.close(); inputStream.close();
} }
} catch (Exception e) { } catch (Exception e) {
log.error("XMLDecoder解析XML失败",e); log.error("XMLDecoder解析XML失败", e);
} }
} }
@@ -203,9 +209,10 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 获取当前服务器需要额外校验的License参数 * 获取当前服务器需要额外校验的License参数
*
* @return demo.LicenseCheckModel * @return demo.LicenseCheckModel
*/ */
private LicenseCheckModel getServerInfos(){ private LicenseCheckModel getServerInfos() {
//操作系统类型 //操作系统类型
String osName = System.getProperty("os.name").toLowerCase(); String osName = System.getProperty("os.name").toLowerCase();
AbstractServerInfos abstractServerInfos = null; AbstractServerInfos abstractServerInfos = null;
@@ -215,7 +222,7 @@ public class CustomLicenseManager extends LicenseManager{
abstractServerInfos = new WindowsServerInfos(); abstractServerInfos = new WindowsServerInfos();
} else if (osName.startsWith("linux")) { } else if (osName.startsWith("linux")) {
abstractServerInfos = new LinuxServerInfos(); abstractServerInfos = new LinuxServerInfos();
}else{//其他服务器类型 } else {//其他服务器类型
abstractServerInfos = new LinuxServerInfos(); abstractServerInfos = new LinuxServerInfos();
} }
@@ -225,39 +232,41 @@ public class CustomLicenseManager extends LicenseManager{
/** /**
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/> * 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/>
* 如果存在IP在可被允许的IP/Mac地址范围内则返回true * 如果存在IP在可被允许的IP/Mac地址范围内则返回true
*
* @return boolean * @return boolean
*/ */
private boolean checkIpAddress(List<String> expectedList,List<String> serverList){ private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
if(expectedList != null && expectedList.size() > 0){ if (expectedList != null && expectedList.size() > 0) {
if(serverList != null && serverList.size() > 0){ if (serverList != null && serverList.size() > 0) {
for(String expected : expectedList){ for (String expected : expectedList) {
if(serverList.contains(expected.trim())){ if (serverList.contains(expected.trim())) {
return true; return true;
} }
} }
} }
return false; return false;
}else { } else {
return true; return true;
} }
} }
/** /**
* 校验当前服务器硬件主板、CPU等序列号是否在可允许范围内 * 校验当前服务器硬件主板、CPU等序列号是否在可允许范围内
*
* @param * @param
* @return boolean * @return boolean
*/ */
private boolean checkSerial(String expectedSerial,String serverSerial){ private boolean checkSerial(String expectedSerial, String serverSerial) {
if(StringUtils.isNotBlank(expectedSerial)){ if (StringUtils.isNotBlank(expectedSerial)) {
if(StringUtils.isNotBlank(serverSerial)){ if (StringUtils.isNotBlank(serverSerial)) {
if(expectedSerial.equals(serverSerial)){ if (expectedSerial.equals(serverSerial)) {
return true; return true;
} }
} }
return false; return false;
}else{ } else {
return true; return true;
} }
} }

8
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/LicenseManagerHolder.java
View File

@@ -10,10 +10,10 @@ public class LicenseManagerHolder {
private static volatile LicenseManager LICENSE_MANAGER; private static volatile LicenseManager LICENSE_MANAGER;
public static LicenseManager getInstance(LicenseParam param){ public static LicenseManager getInstance(LicenseParam param) {
if(LICENSE_MANAGER == null){ if (LICENSE_MANAGER == null) {
synchronized (LicenseManagerHolder.class){ synchronized (LicenseManagerHolder.class) {
if(LICENSE_MANAGER == null){ if (LICENSE_MANAGER == null) {
LICENSE_MANAGER = new CustomLicenseManager(param); LICENSE_MANAGER = new CustomLicenseManager(param);
} }
} }

38
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/LicenseVerify.java
View File

@@ -24,19 +24,19 @@ public class LicenseVerify {
/** /**
* 安装License证书 * 安装License证书
*/ */
public synchronized LicenseContent install(LicenseVerifyParam param){ public synchronized LicenseContent install(LicenseVerifyParam param) {
LicenseContent result = null; LicenseContent result = null;
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//1. 安装证书 //1. 安装证书
try{ try {
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param)); LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
licenseManager.uninstall(); licenseManager.uninstall();
result = licenseManager.install(new File(param.getLicensePath())); result = licenseManager.install(new File(param.getLicensePath()));
log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter()))); log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}", format.format(result.getNotBefore()), format.format(result.getNotAfter())));
}catch (Exception e){ } catch (Exception e) {
log.error("证书安装失败!",e); log.error("证书安装失败!", e);
} }
return result; return result;
@@ -44,45 +44,45 @@ public class LicenseVerify {
/** /**
* 校验License证书 * 校验License证书
*
* @return boolean * @return boolean
*/ */
public boolean verify(){ public boolean verify() {
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null); LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
//2. 校验证书 //2. 校验证书
try { try {
LicenseContent licenseContent = licenseManager.verify(); LicenseContent licenseContent = licenseManager.verify();
// System.out.println(licenseContent.getSubject()); log.debug(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()), format.format(licenseContent.getNotAfter())));
log.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}",format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter())));
return true; return true;
}catch (Exception e){ } catch (Exception e) {
log.error("证书校验失败!",e); log.error("证书校验失败!", e);
return false; return false;
} }
} }
/** /**
* 初始化证书生成参数 * 初始化证书生成参数
*
* @param param License校验类需要的参数 * @param param License校验类需要的参数
* @return de.schlichtherle.license.LicenseParam * @return de.schlichtherle.license.LicenseParam
*/ */
private LicenseParam initLicenseParam(LicenseVerifyParam param){ private LicenseParam initLicenseParam(LicenseVerifyParam param) {
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class); Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass()); CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
,param.getPublicKeysStorePath() , param.getPublicKeysStorePath()
,param.getPublicAlias() , param.getPublicAlias()
,param.getStorePass() , param.getStorePass()
,null); , null);
return new DefaultLicenseParam(param.getSubject() return new DefaultLicenseParam(param.getSubject()
,preferences , preferences
,publicStoreParam , publicStoreParam
,cipherParam); , cipherParam);
} }
} }

2
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/domain/LicenseCheckModel.java
View File

@@ -6,7 +6,7 @@ import java.util.List;
/** /**
* 自定义需要校验的License参数 * 自定义需要校验的License参数
*/ */
public class LicenseCheckModel implements Serializable{ public class LicenseCheckModel implements Serializable {
private static final long serialVersionUID = 8600137500316662317L; private static final long serialVersionUID = 8600137500316662317L;
/** /**

62
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/interceptor/LicenseCheckInterceptor.java
View File

@@ -1,62 +0,0 @@
package org.wfc.common.license.interceptor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.wfc.common.license.LicenseVerify;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* 使用拦截器拦截请求,验证证书的可用性
*
*/
@Slf4j
@Component
public class LicenseCheckInterceptor implements HandlerInterceptor {
/**
* 进入controller层之前拦截请求
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
LicenseVerify licenseVerify = new LicenseVerify();
//校验证书是否有效
boolean verifyResult = licenseVerify.verify();
if(verifyResult){
log.info("验证成功,证书可用");
return true;
}else{
log.info("验证失败,证书无效");
response.setCharacterEncoding("utf-8");
Map<String,String> result = new HashMap<>(1);
result.put("result","您的证书无效,请核查服务器是否取得授权或重新申请证书!");
outputError(response, "Your License is invalid");
return false;
}
}
// 输出错误信息
private void outputError(HttpServletResponse response, String errorMsg) throws IOException {
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
out.write("{\"msg\": \"" + errorMsg + "\", \"code\": 500}");
out.flush();
out.close();
}
}

28
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/interceptor/LicenseInterceptorConfig.java
View File

@@ -1,28 +0,0 @@
package org.wfc.common.license.interceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;
/**
* @Description: 拦截器配置
*/
@Configuration
public class LicenseInterceptorConfig implements WebMvcConfigurer {
@Resource
private LicenseCheckInterceptor licenseCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
//添加要拦截的url
registry.addInterceptor(licenseCheckInterceptor)
// 拦截的路径
.addPathPatterns("/**");
// 放行的路径
// .excludePathPatterns("/admin/login");
}
}

6
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/runner/LicenseCheckRunner.java
View File

@@ -34,14 +34,16 @@ public class LicenseCheckRunner implements ApplicationRunner {
// 启动定时任务 // 启动定时任务
public void startTimer() { public void startTimer() {
scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 60, TimeUnit.SECONDS); scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 30, TimeUnit.SECONDS);
} }
// 停止定时任务 // 停止定时任务
public void stopTimer() { public void stopTimer() {
if (scheduledFuture != null) { if (scheduledFuture != null) {
scheduledFuture.cancel(false); scheduledFuture.cancel(false);
} }
} }
/** /**
* 文件唯一身份标识 == 相当于人类的指纹一样 * 文件唯一身份标识 == 相当于人类的指纹一样
*/ */
@@ -73,7 +75,7 @@ public class LicenseCheckRunner implements ApplicationRunner {
/** /**
* 5秒检测一次不能太快也不能太慢 * 5秒检测一次不能太快也不能太慢
*/ */
protected void timer() { protected void timer() {
if (!isLoad) { if (!isLoad) {
return; return;
} }

27
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/serverinfo/AbstractServerInfos.java
View File

@@ -18,9 +18,10 @@ public abstract class AbstractServerInfos {
/** /**
* 组装需要额外校验的License参数 * 组装需要额外校验的License参数
*
* @return demo.LicenseCheckModel * @return demo.LicenseCheckModel
*/ */
public LicenseCheckModel getServerInfos(){ public LicenseCheckModel getServerInfos() {
LicenseCheckModel result = new LicenseCheckModel(); LicenseCheckModel result = new LicenseCheckModel();
try { try {
@@ -28,8 +29,8 @@ public abstract class AbstractServerInfos {
result.setMacAddress(this.getMacAddress()); result.setMacAddress(this.getMacAddress());
result.setCpuSerial(this.getCPUSerial()); result.setCpuSerial(this.getCPUSerial());
result.setMainBoardSerial(this.getMainBoardSerial()); result.setMainBoardSerial(this.getMainBoardSerial());
}catch (Exception e){ } catch (Exception e) {
log.error("获取服务器硬件信息失败",e); log.error("获取服务器硬件信息失败 {}", e.getMessage());
} }
return result; return result;
@@ -37,30 +38,35 @@ public abstract class AbstractServerInfos {
/** /**
* 获取IP地址 * 获取IP地址
*
* @return java.util.List<java.lang.String> * @return java.util.List<java.lang.String>
*/ */
protected abstract List<String> getIpAddress() throws Exception; protected abstract List<String> getIpAddress() throws Exception;
/** /**
* 获取Mac地址 * 获取Mac地址
*
* @return java.util.List<java.lang.String> * @return java.util.List<java.lang.String>
*/ */
protected abstract List<String> getMacAddress() throws Exception; protected abstract List<String> getMacAddress() throws Exception;
/** /**
* 获取CPU序列号 * 获取CPU序列号
*
* @return java.lang.String * @return java.lang.String
*/ */
protected abstract String getCPUSerial() throws Exception; protected abstract String getCPUSerial() throws Exception;
/** /**
* 获取主板序列号 * 获取主板序列号
*
* @return java.lang.String * @return java.lang.String
*/ */
protected abstract String getMainBoardSerial() throws Exception; protected abstract String getMainBoardSerial() throws Exception;
/** /**
* 获取当前服务器所有符合条件的InetAddress * 获取当前服务器所有符合条件的InetAddress
*
* @return java.util.List<java.net.InetAddress> * @return java.util.List<java.net.InetAddress>
*/ */
protected List<InetAddress> getLocalAllInetAddress() throws Exception { protected List<InetAddress> getLocalAllInetAddress() throws Exception {
@@ -74,8 +80,8 @@ public abstract class AbstractServerInfos {
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement(); InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址 //排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
if(!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/ if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()){ && !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) {
result.add(inetAddr); result.add(inetAddr);
} }
} }
@@ -86,24 +92,25 @@ public abstract class AbstractServerInfos {
/** /**
* 获取某个网络接口的Mac地址 * 获取某个网络接口的Mac地址
*
* @param * @param
* @return void * @return void
*/ */
protected String getMacByInetAddress(InetAddress inetAddr){ protected String getMacByInetAddress(InetAddress inetAddr) {
try { try {
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress(); byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
StringBuffer stringBuffer = new StringBuffer(); StringBuffer stringBuffer = new StringBuffer();
for(int i=0;i<mac.length;i++){ for (int i = 0; i < mac.length; i++) {
if(i != 0) { if (i != 0) {
stringBuffer.append("-"); stringBuffer.append("-");
} }
//将十六进制byte转化为字符串 //将十六进制byte转化为字符串
String temp = Integer.toHexString(mac[i] & 0xff); String temp = Integer.toHexString(mac[i] & 0xff);
if(temp.length() == 1){ if (temp.length() == 1) {
stringBuffer.append("0" + temp); stringBuffer.append("0" + temp);
}else{ } else {
stringBuffer.append(temp); stringBuffer.append(temp);
} }
} }

14
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/serverinfo/LinuxServerInfos.java
View File

@@ -11,7 +11,7 @@ import java.util.stream.Collectors;
/** /**
* 用于获取客户Linux服务器的基本信息 * 用于获取客户Linux服务器的基本信息
*/ */
public class LinuxServerInfos extends AbstractServerInfos{ public class LinuxServerInfos extends AbstractServerInfos {
@Override @Override
protected List<String> getIpAddress() throws Exception { protected List<String> getIpAddress() throws Exception {
@@ -20,7 +20,7 @@ public class LinuxServerInfos extends AbstractServerInfos{
//获取所有网络接口 //获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress(); List<InetAddress> inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){ if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
} }
@@ -34,7 +34,7 @@ public class LinuxServerInfos extends AbstractServerInfos{
//1. 获取所有网络接口 //1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress(); List<InetAddress> inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){ if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址 //2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
} }
@@ -48,14 +48,14 @@ public class LinuxServerInfos extends AbstractServerInfos{
String serialNumber = ""; String serialNumber = "";
//使用dmidecode命令获取CPU序列号 //使用dmidecode命令获取CPU序列号
String[] shell = {"/bin/bash","-c","dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"}; String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell); Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close(); process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim(); String line = reader.readLine().trim();
if(StringUtils.isNotBlank(line)){ if (StringUtils.isNotBlank(line)) {
serialNumber = line; serialNumber = line;
} }
@@ -69,14 +69,14 @@ public class LinuxServerInfos extends AbstractServerInfos{
String serialNumber = ""; String serialNumber = "";
//使用dmidecode命令获取主板序列号 //使用dmidecode命令获取主板序列号
String[] shell = {"/bin/bash","-c","dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"}; String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
Process process = Runtime.getRuntime().exec(shell); Process process = Runtime.getRuntime().exec(shell);
process.getOutputStream().close(); process.getOutputStream().close();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream())); BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line = reader.readLine().trim(); String line = reader.readLine().trim();
if(StringUtils.isNotBlank(line)){ if (StringUtils.isNotBlank(line)) {
serialNumber = line; serialNumber = line;
} }

103
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/serverinfo/WindowsServerInfos.java
View File

@@ -1,5 +1,9 @@
package org.wfc.common.license.serverinfo; package org.wfc.common.license.serverinfo;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileWriter;
import java.io.InputStreamReader;
import java.net.InetAddress; import java.net.InetAddress;
import java.util.List; import java.util.List;
import java.util.Scanner; import java.util.Scanner;
@@ -8,7 +12,7 @@ import java.util.stream.Collectors;
/** /**
* 用于获取客户Windows服务器的基本信息 * 用于获取客户Windows服务器的基本信息
*/ */
public class WindowsServerInfos extends AbstractServerInfos{ public class WindowsServerInfos extends AbstractServerInfos {
@Override @Override
protected List<String> getIpAddress() throws Exception { protected List<String> getIpAddress() throws Exception {
@@ -17,7 +21,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
//获取所有网络接口 //获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress(); List<InetAddress> inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){ if (inetAddresses != null && inetAddresses.size() > 0) {
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList()); result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
} }
@@ -31,7 +35,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
//1. 获取所有网络接口 //1. 获取所有网络接口
List<InetAddress> inetAddresses = getLocalAllInetAddress(); List<InetAddress> inetAddresses = getLocalAllInetAddress();
if(inetAddresses != null && inetAddresses.size() > 0){ if (inetAddresses != null && inetAddresses.size() > 0) {
//2. 获取所有网络接口的Mac地址 //2. 获取所有网络接口的Mac地址
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList()); result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
} }
@@ -39,8 +43,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
return result; return result;
} }
@Override private String getCPUSerial2() throws Exception {
protected String getCPUSerial() throws Exception {
//序列号 //序列号
String serialNumber = ""; String serialNumber = "";
@@ -49,11 +52,60 @@ public class WindowsServerInfos extends AbstractServerInfos{
process.getOutputStream().close(); process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream()); Scanner scanner = new Scanner(process.getInputStream());
if(scanner != null && scanner.hasNext()){ if (scanner != null && scanner.hasNext()) {
scanner.next(); scanner.next();
} }
if(scanner.hasNext()){ if (scanner.hasNext()) {
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
}
@Override
protected String getCPUSerial() throws Exception {
String result = "";
try {
File file = File.createTempFile("tmp", ".vbs");
file.deleteOnExit();
FileWriter fw = new FileWriter(file);
String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
+ "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_Processor\") \n"
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.ProcessorId \n"
+ " exit for ' do the first cpu only! \n" + "Next \n";
fw.write(vbs);
fw.close();
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = input.readLine()) != null) {
result += line;
}
input.close();
file.delete();
} catch (Exception e) {
return getCPUSerial2();
}
return result.trim();
}
private String getMainBoardSerial2() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取主板序列号
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
process.getOutputStream().close();
Scanner scanner = new Scanner(process.getInputStream());
if (scanner != null && scanner.hasNext()) {
scanner.next();
}
if (scanner.hasNext()) {
serialNumber = scanner.next().trim(); serialNumber = scanner.next().trim();
} }
@@ -63,23 +115,30 @@ public class WindowsServerInfos extends AbstractServerInfos{
@Override @Override
protected String getMainBoardSerial() throws Exception { protected String getMainBoardSerial() throws Exception {
//序列号
String serialNumber = "";
//使用WMIC获取主板序列号 String result = "";
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber"); try {
process.getOutputStream().close(); File file = File.createTempFile("realhowto", ".vbs");
Scanner scanner = new Scanner(process.getInputStream()); file.deleteOnExit();
FileWriter fw = new FileWriter(file);
if(scanner != null && scanner.hasNext()){ String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
scanner.next(); + "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_BaseBoard\") \n"
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.SerialNumber \n"
+ " exit for ' do the first cpu only! \n" + "Next \n";
fw.write(vbs);
fw.close();
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = input.readLine()) != null) {
result += line;
}
input.close();
} catch (Exception e) {
return getMainBoardSerial2();
} }
return result.trim();
if(scanner.hasNext()){
serialNumber = scanner.next().trim();
}
scanner.close();
return serialNumber;
} }
} }

2
wfc-common/wfc-common-license/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
View File

@@ -1,4 +1,2 @@
org.wfc.common.license.runner.LicenseProperties org.wfc.common.license.runner.LicenseProperties
org.wfc.common.license.runner.LicenseCheckRunner org.wfc.common.license.runner.LicenseCheckRunner
org.wfc.common.license.interceptor.LicenseCheckInterceptor
org.wfc.common.license.interceptor.LicenseInterceptorConfig

6
wfc-gateway/pom.xml
View File

@@ -88,6 +88,12 @@
<version>${springdoc.version}</version> <version>${springdoc.version}</version>
</dependency> </dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>

60
wfc-gateway/src/main/java/org/wfc/gateway/filter/AuthFilter.java
View File

@@ -18,18 +18,18 @@ import org.wfc.common.core.utils.JwtUtils;
import org.wfc.common.core.utils.MessageUtils; import org.wfc.common.core.utils.MessageUtils;
import org.wfc.common.core.utils.ServletUtils; import org.wfc.common.core.utils.ServletUtils;
import org.wfc.common.core.utils.StringUtils; import org.wfc.common.core.utils.StringUtils;
import org.wfc.common.license.LicenseVerify;
import org.wfc.common.redis.service.RedisService; import org.wfc.common.redis.service.RedisService;
import org.wfc.gateway.config.properties.IgnoreWhiteProperties; import org.wfc.gateway.config.properties.IgnoreWhiteProperties;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
/** /**
* 网关鉴权 * 网关鉴权
* *
* @author wfc * @author wfc
*/ */
@Component @Component
public class AuthFilter implements GlobalFilter, Ordered public class AuthFilter implements GlobalFilter, Ordered {
{
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class); private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
// 排除过滤的 uri 地址nacos自行添加 // 排除过滤的 uri 地址nacos自行添加
@@ -40,42 +40,44 @@ public class AuthFilter implements GlobalFilter, Ordered
private RedisService redisService; private RedisService redisService;
@Override @Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
{
ServerHttpRequest request = exchange.getRequest(); ServerHttpRequest request = exchange.getRequest();
ServerHttpRequest.Builder mutate = request.mutate(); ServerHttpRequest.Builder mutate = request.mutate();
LicenseVerify licenseVerify = new LicenseVerify();
// 校验license证书是否有效
boolean verifyResult = licenseVerify.verify();
if (!verifyResult) {
log.error("验证失败,证书无效");
return unauthorizedResponse(exchange, MessageUtils.message("Your License is invalid"));
}
String url = request.getURI().getPath(); String url = request.getURI().getPath();
// 跳过不需要验证的路径 // 跳过不需要验证的路径
if (StringUtils.matches(url, ignoreWhite.getWhites())) if (StringUtils.matches(url, ignoreWhite.getWhites())) {
{
return chain.filter(exchange); return chain.filter(exchange);
} }
String token = getToken(request); String token = getToken(request);
if (StringUtils.isEmpty(token)) if (StringUtils.isEmpty(token)) {
{
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.not.blank")); return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.not.blank"));
} }
Claims claims = JwtUtils.parseToken(token); Claims claims = JwtUtils.parseToken(token);
if (claims == null) if (claims == null) {
{
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.expired")); return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.expired"));
} }
String userkey = JwtUtils.getUserKey(claims); String userkey = JwtUtils.getUserKey(claims);
boolean islogin = redisService.hasKey(getTokenKey(userkey)); boolean islogin = redisService.hasKey(getTokenKey(userkey));
if (!islogin) if (!islogin) {
{
return unauthorizedResponse(exchange, MessageUtils.message("gateway.status.expired")); return unauthorizedResponse(exchange, MessageUtils.message("gateway.status.expired"));
} }
String userid = JwtUtils.getUserId(claims); String userid = JwtUtils.getUserId(claims);
String username = JwtUtils.getUserName(claims); String username = JwtUtils.getUserName(claims);
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
{
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.error")); return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.error"));
} }
String platform = JwtUtils.getUserPlatform(claims); String platform = JwtUtils.getUserPlatform(claims);
if ("user".equals(platform) && StringUtils.startsWith(url,"/system")) if ("user".equals(platform) && StringUtils.startsWith(url, "/system")) {
{
return unauthorizedResponse(exchange, MessageUtils.message("gateway.user.portal.forbidden")); return unauthorizedResponse(exchange, MessageUtils.message("gateway.user.portal.forbidden"));
} }
// 设置用户信息到请求 // 设置用户信息到请求
@@ -88,10 +90,8 @@ public class AuthFilter implements GlobalFilter, Ordered
return chain.filter(exchange.mutate().request(mutate.build()).build()); return chain.filter(exchange.mutate().request(mutate.build()).build());
} }
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
{ if (value == null) {
if (value == null)
{
return; return;
} }
String valueStr = value.toString(); String valueStr = value.toString();
@@ -99,13 +99,11 @@ public class AuthFilter implements GlobalFilter, Ordered
mutate.header(name, valueEncode); mutate.header(name, valueEncode);
} }
private void removeHeader(ServerHttpRequest.Builder mutate, String name) private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
{
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build(); mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
} }
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
{
log.error("[Authentication exception handling]Request path:{}, error message:{}", exchange.getRequest().getPath(), msg); log.error("[Authentication exception handling]Request path:{}, error message:{}", exchange.getRequest().getPath(), msg);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED); return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
} }
@@ -113,28 +111,24 @@ public class AuthFilter implements GlobalFilter, Ordered
/** /**
* 获取缓存key * 获取缓存key
*/ */
private String getTokenKey(String token) private String getTokenKey(String token) {
{
return CacheConstants.LOGIN_TOKEN_KEY + token; return CacheConstants.LOGIN_TOKEN_KEY + token;
} }
/** /**
* 获取请求token * 获取请求token
*/ */
private String getToken(ServerHttpRequest request) private String getToken(ServerHttpRequest request) {
{
String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER); String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER);
// 如果前端设置了令牌前缀,则裁剪掉前缀 // 如果前端设置了令牌前缀,则裁剪掉前缀
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
{
token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY); token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
} }
return token; return token;
} }
@Override @Override
public int getOrder() public int getOrder() {
{
return -200; return -200;
} }
} }

5
wfc-modules/wfc-system/pom.xml
View File

@@ -89,11 +89,6 @@
<groupId>org.mapstruct</groupId> <groupId>org.mapstruct</groupId>
<artifactId>mapstruct</artifactId> <artifactId>mapstruct</artifactId>
</dependency> </dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies> </dependencies>

5
wfc-modules/wfc-user/pom.xml
View File

@@ -103,11 +103,6 @@
<groupId>org.wfc</groupId> <groupId>org.wfc</groupId>
<artifactId>wfc-common-mail</artifactId> <artifactId>wfc-common-mail</artifactId>
</dependency> </dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies> </dependencies>
<build> <build>