WFC/be.wfc
2
0
Fork 0
Code Activity

feat: License由网关控制

Browse Source
This commit is contained in:
caiyuchao
2025-04-14 17:47:07 +08:00
parent 62d510ccdd
commit 9f398a03d9
18 changed files with 210 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wfc-auth/pom.xml
View File

@@ -62,11 +62,6 @@
<groupId>org.wfc</groupId>
<artifactId>wfc-api-user</artifactId>
</dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies>
<build>

5
wfc-common/wfc-common-license/pom.xml
View File

@@ -17,11 +17,6 @@
<groupId>org.wfc</groupId>
<artifactId>wfc-common-core</artifactId>
</dependency>
<!-- Spring Web -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<!-- License -->
<dependency>
<groupId>de.schlichtherle.truelicense</groupId>

2
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/CustomKeyStoreParam.java
View File

@@ -10,7 +10,6 @@ import java.io.InputStream;
/**
* 自定义KeyStoreParam用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*
*/
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
@@ -49,6 +48,7 @@ public class CustomKeyStoreParam extends AbstractKeyStoreParam {
/**
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/>
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
*
* @param
* @return java.io.InputStream
*/

9
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/CustomLicenseManager.java
View File

@@ -42,6 +42,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 复写create方法
*
* @return byte[]
*/
@Override
@@ -57,6 +58,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 复写install方法其中validate方法调用本类中的validate方法校验IP地址、Mac地址等其他信息
*
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@@ -78,6 +80,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 复写verify方法调用本类中的validate方法校验IP地址、Mac地址等其他信息
*
* @param
* @return de.schlichtherle.license.LicenseContent
*/
@@ -103,6 +106,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 校验生成证书的参数信息
*
* @param content 证书正文
*/
protected synchronized void validateCreate(final LicenseContent content)
@@ -127,6 +131,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 复写validate方法增加IP地址、Mac地址等其他信息校验
*
* @param content LicenseContent
*/
@Override
@@ -171,6 +176,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 重写XMLDecoder解析XML
*
* @param encoded XML类型字符串
* @return java.lang.Object
*/
@@ -203,6 +209,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 获取当前服务器需要额外校验的License参数
*
* @return demo.LicenseCheckModel
*/
private LicenseCheckModel getServerInfos() {
@@ -225,6 +232,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/>
* 如果存在IP在可被允许的IP/Mac地址范围内则返回true
*
* @return boolean
*/
private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
@@ -245,6 +253,7 @@ public class CustomLicenseManager extends LicenseManager{
/**
* 校验当前服务器硬件主板、CPU等序列号是否在可允许范围内
*
* @param
* @return boolean
*/

6
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/LicenseVerify.java
View File

@@ -44,6 +44,7 @@ public class LicenseVerify {
/**
* 校验License证书
*
* @return boolean
*/
public boolean verify() {
@@ -53,9 +54,7 @@ public class LicenseVerify {
//2. 校验证书
try {
LicenseContent licenseContent = licenseManager.verify();
// System.out.println(licenseContent.getSubject());
log.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}",format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter())));
log.debug(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()), format.format(licenseContent.getNotAfter())));
return true;
} catch (Exception e) {
log.error("证书校验失败!", e);
@@ -65,6 +64,7 @@ public class LicenseVerify {
/**
* 初始化证书生成参数
*
* @param param License校验类需要的参数
* @return de.schlichtherle.license.LicenseParam
*/

62
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/interceptor/LicenseCheckInterceptor.java
View File

@@ -1,62 +0,0 @@
package org.wfc.common.license.interceptor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.wfc.common.license.LicenseVerify;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
/**
* 使用拦截器拦截请求,验证证书的可用性
*
*/
@Slf4j
@Component
public class LicenseCheckInterceptor implements HandlerInterceptor {
/**
* 进入controller层之前拦截请求
* @param request
* @param response
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
LicenseVerify licenseVerify = new LicenseVerify();
//校验证书是否有效
boolean verifyResult = licenseVerify.verify();
if(verifyResult){
log.info("验证成功,证书可用");
return true;
}else{
log.info("验证失败,证书无效");
response.setCharacterEncoding("utf-8");
Map<String,String> result = new HashMap<>(1);
result.put("result","您的证书无效,请核查服务器是否取得授权或重新申请证书!");
outputError(response, "Your License is invalid");
return false;
}
}
// 输出错误信息
private void outputError(HttpServletResponse response, String errorMsg) throws IOException {
response.setContentType("application/json;charset=UTF-8");
PrintWriter out = response.getWriter();
out.write("{\"msg\": \"" + errorMsg + "\", \"code\": 500}");
out.flush();
out.close();
}
}

28
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/interceptor/LicenseInterceptorConfig.java
View File

@@ -1,28 +0,0 @@
package org.wfc.common.license.interceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;
/**
* @Description: 拦截器配置
*/
@Configuration
public class LicenseInterceptorConfig implements WebMvcConfigurer {
@Resource
private LicenseCheckInterceptor licenseCheckInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
//添加要拦截的url
registry.addInterceptor(licenseCheckInterceptor)
// 拦截的路径
.addPathPatterns("/**");
// 放行的路径
// .excludePathPatterns("/admin/login");
}
}

4
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/runner/LicenseCheckRunner.java
View File

@@ -34,14 +34,16 @@ public class LicenseCheckRunner implements ApplicationRunner {
// 启动定时任务
public void startTimer() {
scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 60, TimeUnit.SECONDS);
scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 30, TimeUnit.SECONDS);
}
// 停止定时任务
public void stopTimer() {
if (scheduledFuture != null) {
scheduledFuture.cancel(false);
}
}
/**
* 文件唯一身份标识 == 相当于人类的指纹一样
*/

9
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/serverinfo/AbstractServerInfos.java
View File

@@ -18,6 +18,7 @@ public abstract class AbstractServerInfos {
/**
* 组装需要额外校验的License参数
*
* @return demo.LicenseCheckModel
*/
public LicenseCheckModel getServerInfos() {
@@ -29,7 +30,7 @@ public abstract class AbstractServerInfos {
result.setCpuSerial(this.getCPUSerial());
result.setMainBoardSerial(this.getMainBoardSerial());
} catch (Exception e) {
log.error("获取服务器硬件信息失败",e);
log.error("获取服务器硬件信息失败 {}", e.getMessage());
}
return result;
@@ -37,30 +38,35 @@ public abstract class AbstractServerInfos {
/**
* 获取IP地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getIpAddress() throws Exception;
/**
* 获取Mac地址
*
* @return java.util.List<java.lang.String>
*/
protected abstract List<String> getMacAddress() throws Exception;
/**
* 获取CPU序列号
*
* @return java.lang.String
*/
protected abstract String getCPUSerial() throws Exception;
/**
* 获取主板序列号
*
* @return java.lang.String
*/
protected abstract String getMainBoardSerial() throws Exception;
/**
* 获取当前服务器所有符合条件的InetAddress
*
* @return java.util.List<java.net.InetAddress>
*/
protected List<InetAddress> getLocalAllInetAddress() throws Exception {
@@ -86,6 +92,7 @@ public abstract class AbstractServerInfos {
/**
* 获取某个网络接口的Mac地址
*
* @param
* @return void
*/

65
wfc-common/wfc-common-license/src/main/java/org/wfc/common/license/serverinfo/WindowsServerInfos.java
View File

@@ -1,5 +1,9 @@
package org.wfc.common.license.serverinfo;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileWriter;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.util.List;
import java.util.Scanner;
@@ -39,8 +43,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
return result;
}
@Override
protected String getCPUSerial() throws Exception {
private String getCPUSerial2() throws Exception {
//序列号
String serialNumber = "";
@@ -62,7 +65,34 @@ public class WindowsServerInfos extends AbstractServerInfos{
}
@Override
protected String getMainBoardSerial() throws Exception {
protected String getCPUSerial() throws Exception {
String result = "";
try {
File file = File.createTempFile("tmp", ".vbs");
file.deleteOnExit();
FileWriter fw = new FileWriter(file);
String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
+ "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_Processor\") \n"
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.ProcessorId \n"
+ " exit for ' do the first cpu only! \n" + "Next \n";
fw.write(vbs);
fw.close();
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = input.readLine()) != null) {
result += line;
}
input.close();
file.delete();
} catch (Exception e) {
return getCPUSerial2();
}
return result.trim();
}
private String getMainBoardSerial2() throws Exception {
//序列号
String serialNumber = "";
@@ -82,4 +112,33 @@ public class WindowsServerInfos extends AbstractServerInfos{
scanner.close();
return serialNumber;
}
@Override
protected String getMainBoardSerial() throws Exception {
String result = "";
try {
File file = File.createTempFile("realhowto", ".vbs");
file.deleteOnExit();
FileWriter fw = new FileWriter(file);
String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
+ "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_BaseBoard\") \n"
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.SerialNumber \n"
+ " exit for ' do the first cpu only! \n" + "Next \n";
fw.write(vbs);
fw.close();
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = input.readLine()) != null) {
result += line;
}
input.close();
} catch (Exception e) {
return getMainBoardSerial2();
}
return result.trim();
}
}

2
wfc-common/wfc-common-license/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
View File

@@ -1,4 +1,2 @@
org.wfc.common.license.runner.LicenseProperties
org.wfc.common.license.runner.LicenseCheckRunner
org.wfc.common.license.interceptor.LicenseCheckInterceptor
org.wfc.common.license.interceptor.LicenseInterceptorConfig

6
wfc-gateway/pom.xml
View File

@@ -88,6 +88,12 @@
<version>${springdoc.version}</version>
</dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies>
<build>

58
wfc-gateway/src/main/java/org/wfc/gateway/filter/AuthFilter.java
View File

@@ -18,6 +18,7 @@ import org.wfc.common.core.utils.JwtUtils;
import org.wfc.common.core.utils.MessageUtils;
import org.wfc.common.core.utils.ServletUtils;
import org.wfc.common.core.utils.StringUtils;
import org.wfc.common.license.LicenseVerify;
import org.wfc.common.redis.service.RedisService;
import org.wfc.gateway.config.properties.IgnoreWhiteProperties;
import reactor.core.publisher.Mono;
@@ -28,8 +29,7 @@ import reactor.core.publisher.Mono;
* @author wfc
*/
@Component
public class AuthFilter implements GlobalFilter, Ordered
{
public class AuthFilter implements GlobalFilter, Ordered {
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
// 排除过滤的 uri 地址nacos自行添加
@@ -40,42 +40,44 @@ public class AuthFilter implements GlobalFilter, Ordered
private RedisService redisService;
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
{
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpRequest.Builder mutate = request.mutate();
LicenseVerify licenseVerify = new LicenseVerify();
// 校验license证书是否有效
boolean verifyResult = licenseVerify.verify();
if (!verifyResult) {
log.error("验证失败,证书无效");
return unauthorizedResponse(exchange, MessageUtils.message("Your License is invalid"));
}
String url = request.getURI().getPath();
// 跳过不需要验证的路径
if (StringUtils.matches(url, ignoreWhite.getWhites()))
{
if (StringUtils.matches(url, ignoreWhite.getWhites())) {
return chain.filter(exchange);
}
String token = getToken(request);
if (StringUtils.isEmpty(token))
{
if (StringUtils.isEmpty(token)) {
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.not.blank"));
}
Claims claims = JwtUtils.parseToken(token);
if (claims == null)
{
if (claims == null) {
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.expired"));
}
String userkey = JwtUtils.getUserKey(claims);
boolean islogin = redisService.hasKey(getTokenKey(userkey));
if (!islogin)
{
if (!islogin) {
return unauthorizedResponse(exchange, MessageUtils.message("gateway.status.expired"));
}
String userid = JwtUtils.getUserId(claims);
String username = JwtUtils.getUserName(claims);
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
{
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.error"));
}
String platform = JwtUtils.getUserPlatform(claims);
if ("user".equals(platform) && StringUtils.startsWith(url,"/system"))
{
if ("user".equals(platform) && StringUtils.startsWith(url, "/system")) {
return unauthorizedResponse(exchange, MessageUtils.message("gateway.user.portal.forbidden"));
}
// 设置用户信息到请求
@@ -88,10 +90,8 @@ public class AuthFilter implements GlobalFilter, Ordered
return chain.filter(exchange.mutate().request(mutate.build()).build());
}
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)
{
if (value == null)
{
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
if (value == null) {
return;
}
String valueStr = value.toString();
@@ -99,13 +99,11 @@ public class AuthFilter implements GlobalFilter, Ordered
mutate.header(name, valueEncode);
}
private void removeHeader(ServerHttpRequest.Builder mutate, String name)
{
private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
}
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg)
{
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
log.error("[Authentication exception handling]Request path:{}, error message:{}", exchange.getRequest().getPath(), msg);
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
}
@@ -113,28 +111,24 @@ public class AuthFilter implements GlobalFilter, Ordered
/**
* 获取缓存key
*/
private String getTokenKey(String token)
{
private String getTokenKey(String token) {
return CacheConstants.LOGIN_TOKEN_KEY + token;
}
/**
* 获取请求token
*/
private String getToken(ServerHttpRequest request)
{
private String getToken(ServerHttpRequest request) {
String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER);
// 如果前端设置了令牌前缀,则裁剪掉前缀
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
{
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
}
return token;
}
@Override
public int getOrder()
{
public int getOrder() {
return -200;
}
}

5
wfc-modules/wfc-system/pom.xml
View File

@@ -89,11 +89,6 @@
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct</artifactId>
</dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies>

5
wfc-modules/wfc-user/pom.xml
View File

@@ -103,11 +103,6 @@
<groupId>org.wfc</groupId>
<artifactId>wfc-common-mail</artifactId>
</dependency>
<!-- License -->
<dependency>
<groupId>org.wfc</groupId>
<artifactId>wfc-common-license</artifactId>
</dependency>
</dependencies>
<build>