feat: 用户所属平台标识，限制用户平台只能访问指定前缀的模块地址

wfc-common/wfc-common-core/src/main/java/org/wfc/common/core/constant/SecurityConstants.java

@@ -17,6 +17,11 @@ public class SecurityConstants
      */
     public static final String DETAILS_USERNAME = "username";
 
+    /**
+     * 平台字段
+     */
+    public static final String DETAILS_PLATFORM = "platform";
+
     /**
      * 授权信息字段
      */

wfc-common/wfc-common-core/src/main/java/org/wfc/common/core/context/SecurityContextHolder.java

@@ -81,6 +81,16 @@ public class SecurityContextHolder
         set(SecurityConstants.USER_KEY, userKey);
     }
 
+    public static String getPlatform()
+    {
+        return get(SecurityConstants.DETAILS_PLATFORM);
+    }
+
+    public static void setPlatform(String platform)
+    {
+        set(SecurityConstants.DETAILS_PLATFORM, platform);
+    }
+
     public static String getPermission()
     {
         return get(SecurityConstants.ROLE_PERMISSION);

wfc-common/wfc-common-core/src/main/java/org/wfc/common/core/utils/JwtUtils.java

@@ -109,6 +109,29 @@ public class JwtUtils
         return getValue(claims, SecurityConstants.DETAILS_USERNAME);
     }
 
+    /**
+     * 根据令牌获取用户所属平台
+     *
+     * @param token 令牌
+     * @return 所属平台
+     */
+    public static String getUserPlatform(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.DETAILS_PLATFORM);
+    }
+
+    /**
+     * 根据身份信息获取用户所属平台
+     *
+     * @param claims 身份信息
+     * @return 所属平台
+     */
+    public static String getUserPlatform(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.DETAILS_PLATFORM);
+    }
+
     /**
      * 根据身份信息获取键值
      * 

wfc-common/wfc-common-security/src/main/java/org/wfc/common/security/feign/FeignRequestInterceptor.java

@@ -46,6 +46,10 @@ public class FeignRequestInterceptor implements RequestInterceptor
             {
                 requestTemplate.header(SecurityConstants.AUTHORIZATION_HEADER, authentication);
             }
+            String platform = headers.get(SecurityConstants.DETAILS_PLATFORM);
+            if (StringUtils.isNotEmpty(platform)) {
+                requestTemplate.header(SecurityConstants.DETAILS_PLATFORM, platform);
+            }
 
             // 配置客户端IP
             requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr());

wfc-common/wfc-common-security/src/main/java/org/wfc/common/security/interceptor/HeaderInterceptor.java

@@ -28,6 +28,7 @@ public class HeaderInterceptor implements AsyncHandlerInterceptor
             return true;
         }
 
+        SecurityContextHolder.setPlatform(ServletUtils.getHeader(request, SecurityConstants.DETAILS_PLATFORM));
         SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
         SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
         SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));

wfc-common/wfc-common-security/src/main/java/org/wfc/common/security/service/TokenService.java

@@ -52,15 +52,18 @@ public class TokenService
         String token = IdUtils.fastUUID();
         Long userId = 0L;
         String userName = "";
+        String platform = "";
         T user = loginUser.getUser();
         if (user instanceof SysUser) {
             SysUser sysUser = (SysUser) user;
             userId = sysUser.getUserId();
-              userName = sysUser.getUserName();
+            userName = sysUser.getUserName();
+            platform = "system";
         }else if (user instanceof UUser) {
             UUser uUser = (UUser) user;
             userId = uUser.getUserId();
             userName = uUser.getUserName();
+            platform = "user";
         }
         loginUser.setToken(token);
         loginUser.setUserid(userId);
@@ -73,6 +76,7 @@ public class TokenService
         claimsMap.put(SecurityConstants.USER_KEY, token);
         claimsMap.put(SecurityConstants.DETAILS_USER_ID, userId);
         claimsMap.put(SecurityConstants.DETAILS_USERNAME, userName);
+        claimsMap.put(SecurityConstants.DETAILS_PLATFORM, platform);
 
         // 接口返回信息
         Map<String, Object> rspMap = new HashMap<String, Object>();

wfc-gateway/src/main/java/org/wfc/gateway/filter/AuthFilter.java

@@ -73,11 +73,16 @@ public class AuthFilter implements GlobalFilter, Ordered
         {
             return unauthorizedResponse(exchange, "令牌验证失败");
         }
-
+        String platform = JwtUtils.getUserPlatform(claims);
+        if (StringUtils.isEmpty(platform) || !StringUtils.startsWith(url,"/u"))
+        {
+            return unauthorizedResponse(exchange, "用户平台禁止访问");
+        }
         // 设置用户信息到请求
         addHeader(mutate, SecurityConstants.USER_KEY, userkey);
         addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
         addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
+        addHeader(mutate, SecurityConstants.DETAILS_PLATFORM, platform);
         // 内部请求来源参数清除
         removeHeader(mutate, SecurityConstants.FROM_SOURCE);
         return chain.filter(exchange.mutate().request(mutate.build()).build());