🎉 2.5.1.RELEASE 更新网关动态鉴权

README.md

@@ -1,5 +1,5 @@
  <p align="center">
-      <img src="https://img.shields.io/badge/Release-V2.5.0-green.svg" alt="Downloads">
+      <img src="https://img.shields.io/badge/Release-V2.5.1-green.svg" alt="Downloads">
       <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" alt="Build Status">
   <img src="https://img.shields.io/badge/license-Apache%202-blue.svg" alt="Build Status">
    <img src="https://img.shields.io/badge/Spring%20Cloud-Greenwich.SR3-blue.svg" alt="Coverage Status">

blade-auth/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <artifactId>SpringBlade</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
 
     <artifactId>blade-auth</artifactId>

blade-common/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>SpringBlade</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-gateway/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>SpringBlade</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -77,6 +77,12 @@
             <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
             <version>${alibaba.cloud.version}</version>
         </dependency>
+        <!-- JWT -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.9.1</version>
+        </dependency>
         <!--Swagger-->
         <dependency>
             <groupId>io.springfox</groupId>

blade-gateway/src/main/java/org/springblade/gateway/config/RouterFunctionConfiguration.java

@@ -19,6 +19,7 @@ package org.springblade.gateway.config;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springblade.gateway.handler.SwaggerResourceHandler;
+import org.springblade.gateway.props.AuthProperties;
 import org.springblade.gateway.props.RouteProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@@ -40,7 +41,7 @@ import reactor.core.publisher.Mono;
 @Slf4j
 @Configuration
 @AllArgsConstructor
-@EnableConfigurationProperties(RouteProperties.class)
+@EnableConfigurationProperties({RouteProperties.class, AuthProperties.class})
 public class RouterFunctionConfiguration {
 
 	private final SwaggerResourceHandler swaggerResourceHandler;
@@ -48,7 +49,7 @@ public class RouterFunctionConfiguration {
 	@Bean
 	public RouterFunction routerFunction() {
 		return RouterFunctions.route(RequestPredicates.GET("/swagger-resources")
-				.and(RequestPredicates.accept(MediaType.ALL)), swaggerResourceHandler);
+			.and(RequestPredicates.accept(MediaType.ALL)), swaggerResourceHandler);
 
 	}
 

blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java

@@ -0,0 +1,97 @@
+/**
+ * Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springblade.gateway.filter;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jsonwebtoken.Claims;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springblade.gateway.props.AuthProperties;
+import org.springblade.gateway.provider.AuthProvider;
+import org.springblade.gateway.provider.ResponseProvider;
+import org.springblade.gateway.utils.JwtUtil;
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.core.Ordered;
+import org.springframework.core.io.buffer.DataBuffer;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+import java.nio.charset.StandardCharsets;
+
+/**
+ * 鉴权认证
+ *
+ * @author Chill
+ */
+@Slf4j
+@Component
+@AllArgsConstructor
+public class AuthFilter implements GlobalFilter, Ordered {
+	private AuthProperties authProperties;
+	private ObjectMapper objectMapper;
+
+	@Override
+	public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+		String path = exchange.getRequest().getURI().getPath();
+		if (isSkip(path)) {
+			return chain.filter(exchange);
+		}
+		ServerHttpResponse resp = exchange.getResponse();
+		String headerToken = exchange.getRequest().getHeaders().getFirst(AuthProvider.AUTH_KEY);
+		String paramToken = exchange.getRequest().getQueryParams().getFirst(AuthProvider.AUTH_KEY);
+		if (StringUtils.isAllBlank(headerToken, paramToken)) {
+			return unAuth(resp, "缺失令牌,鉴权失败");
+		}
+		String auth = StringUtils.isBlank(headerToken) ? paramToken : headerToken;
+		String token = JwtUtil.getToken(auth);
+		Claims claims = JwtUtil.parseJWT(token);
+		if (claims == null) {
+			return unAuth(resp, "请求未授权");
+		}
+		return chain.filter(exchange);
+	}
+
+	private boolean isSkip(String path) {
+		return AuthProvider.getDefaultSkipUrl().stream().map(url -> url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT)).anyMatch(path::contains)
+			|| authProperties.getSkipUrl().stream().map(url -> url.replace(AuthProvider.TARGET, AuthProvider.REPLACEMENT)).anyMatch(path::contains);
+	}
+
+	private Mono<Void> unAuth(ServerHttpResponse resp, String msg) {
+		resp.setStatusCode(HttpStatus.UNAUTHORIZED);
+		resp.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
+		String result = "";
+		try {
+			result = objectMapper.writeValueAsString(ResponseProvider.unAuth(msg));
+		} catch (JsonProcessingException e) {
+			log.error(e.getMessage(), e);
+		}
+		DataBuffer buffer = resp.bufferFactory().wrap(result.getBytes(StandardCharsets.UTF_8));
+		return resp.writeWith(Flux.just(buffer));
+	}
+
+	@Override
+	public int getOrder() {
+		return -100;
+	}
+
+}

blade-gateway/src/main/java/org/springblade/gateway/handler/ErrorExceptionHandler.java

@@ -15,6 +15,7 @@
  */
 package org.springblade.gateway.handler;
 
+import org.springblade.gateway.provider.ResponseProvider;
 import org.springframework.boot.autoconfigure.web.ErrorProperties;
 import org.springframework.boot.autoconfigure.web.ResourceProperties;
 import org.springframework.boot.autoconfigure.web.reactive.error.DefaultErrorWebExceptionHandler;
@@ -25,7 +26,6 @@ import org.springframework.http.HttpStatus;
 import org.springframework.web.reactive.function.server.*;
 import org.springframework.web.server.ResponseStatusException;
 
-import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -53,7 +53,7 @@ public class ErrorExceptionHandler extends DefaultErrorWebExceptionHandler {
 		if (error instanceof ResponseStatusException) {
 			code = ((ResponseStatusException) error).getStatus().value();
 		}
-		return response(code, this.buildMessage(request, error));
+		return ResponseProvider.response(code, this.buildMessage(request, error));
 	}
 
 	/**
@@ -97,19 +97,4 @@ public class ErrorExceptionHandler extends DefaultErrorWebExceptionHandler {
 		return message.toString();
 	}
 
-	/**
-	 * 构建返回的JSON数据格式
-	 *
-	 * @param status       状态码
-	 * @param errorMessage 异常信息
-	 * @return
-	 */
-	public static Map<String, Object> response(int status, String errorMessage) {
-		Map<String, Object> map = new HashMap<>(16);
-		map.put("code", status);
-		map.put("message", errorMessage);
-		map.put("data", null);
-		return map;
-	}
-
 }

blade-gateway/src/main/java/org/springblade/gateway/props/AuthProperties.java

@@ -0,0 +1,41 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.gateway.props;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 权限过滤
+ *
+ * @author Chill
+ */
+@Data
+@RefreshScope
+@ConfigurationProperties("blade.secure")
+public class AuthProperties {
+
+	/**
+	 * 放行API集合
+	 */
+	private final List<String> skipUrl = new ArrayList<>();
+
+}

blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java

@@ -0,0 +1,56 @@
+/**
+ * Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springblade.gateway.provider;
+
+import org.springblade.core.launch.constant.TokenConstant;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 鉴权配置
+ *
+ * @author Chill
+ */
+public class AuthProvider {
+
+	public static String TARGET = "/**";
+	public static String REPLACEMENT = "";
+	public static String AUTH_KEY = TokenConstant.HEADER;
+	private static List<String> defaultSkipUrl = new ArrayList<>();
+
+	static {
+		defaultSkipUrl.add("/example");
+		defaultSkipUrl.add("/token/**");
+		defaultSkipUrl.add("/actuator/health/**");
+		defaultSkipUrl.add("/v2/api-docs/**");
+		defaultSkipUrl.add("/v2/api-docs-ext/**");
+		defaultSkipUrl.add("/auth/**");
+		defaultSkipUrl.add("/log/**");
+		defaultSkipUrl.add("/menu/routes");
+		defaultSkipUrl.add("/menu/auth-routes");
+		defaultSkipUrl.add("/error/**");
+		defaultSkipUrl.add("/assets/**");
+	}
+
+	/**
+	 * 默认无需鉴权的API
+	 */
+	public static List<String> getDefaultSkipUrl() {
+		return defaultSkipUrl;
+	}
+
+}

blade-gateway/src/main/java/org/springblade/gateway/provider/ResponseProvider.java

@@ -0,0 +1,83 @@
+/**
+ * Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springblade.gateway.provider;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 请求响应返回
+ *
+ * @author Chill
+ */
+public class ResponseProvider {
+
+	/**
+	 * 成功
+	 *
+	 * @param message 信息
+	 * @return
+	 */
+	public static Map<String, Object> success(String message) {
+		return response(200, message);
+	}
+
+	/**
+	 * 失败
+	 *
+	 * @param message 信息
+	 * @return
+	 */
+	public static Map<String, Object> fail(String message) {
+		return response(400, message);
+	}
+
+	/**
+	 * 未授权
+	 *
+	 * @param message 信息
+	 * @return
+	 */
+	public static Map<String, Object> unAuth(String message) {
+		return response(401, message);
+	}
+
+	/**
+	 * 服务器异常
+	 *
+	 * @param message 信息
+	 * @return
+	 */
+	public static Map<String, Object> error(String message) {
+		return response(500, message);
+	}
+
+	/**
+	 * 构建返回的JSON数据格式
+	 *
+	 * @param status  状态码
+	 * @param message 信息
+	 * @return
+	 */
+	public static Map<String, Object> response(int status, String message) {
+		Map<String, Object> map = new HashMap<>(16);
+		map.put("code", status);
+		map.put("message", message);
+		map.put("data", null);
+		return map;
+	}
+
+}

blade-gateway/src/main/java/org/springblade/gateway/utils/JwtUtil.java

@@ -0,0 +1,70 @@
+/**
+ * Copyright (c) 2018-2028, Chill Zhuang 庄骞 (smallchill@163.com).
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springblade.gateway.utils;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+
+/**
+ * JwtUtil
+ *
+ * @author Chill
+ */
+public class JwtUtil {
+
+	public static String SIGN_KEY = "BladeX";
+	public static String BEARER = "bearer";
+	public static Integer AUTH_LENGTH = 7;
+
+	public static String BASE64_SECURITY = Base64.getEncoder().encodeToString(SIGN_KEY.getBytes(StandardCharsets.UTF_8));
+
+	/**
+	 * 获取token串
+	 *
+	 * @param auth token
+	 * @return String
+	 */
+	public static String getToken(String auth) {
+		if ((auth != null) && (auth.length() > AUTH_LENGTH)) {
+			String headStr = auth.substring(0, 6).toLowerCase();
+			if (headStr.compareTo(BEARER) == 0) {
+				auth = auth.substring(7);
+				return auth;
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * 解析jsonWebToken
+	 *
+	 * @param jsonWebToken token串
+	 * @return Claims
+	 */
+	public static Claims parseJWT(String jsonWebToken) {
+		try {
+			return Jwts.parser()
+				.setSigningKey(Base64.getDecoder().decode(JwtUtil.BASE64_SECURITY))
+				.parseClaimsJws(jsonWebToken).getBody();
+		} catch (Exception ex) {
+			return null;
+		}
+	}
+
+}

blade-ops/blade-admin/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-ops</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-ops/blade-develop/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springblade</groupId>
         <artifactId>blade-ops</artifactId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

blade-ops/blade-resource/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-ops</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -29,6 +29,12 @@
             <groupId>org.springblade</groupId>
             <artifactId>blade-core-cloud</artifactId>
             <version>${blade.tool.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springblade</groupId>
+                    <artifactId>blade-core-secure</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springblade</groupId>

blade-ops/blade-seata-order/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-ops</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-ops/blade-seata-storage/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-ops</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-ops/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>SpringBlade</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service-api/blade-desk-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service-api</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service-api/blade-dict-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service-api</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service-api/blade-system-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service-api</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service-api/blade-user-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service-api</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service-api/pom.xml

@@ -5,13 +5,13 @@
     <parent>
         <artifactId>SpringBlade</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>blade-service-api</artifactId>
     <name>${project.artifactId}</name>
-    <version>2.5.0</version>
+    <version>2.5.1</version>
     <packaging>pom</packaging>
     <description>SpringBlade 微服务API集合</description>
 

blade-service/blade-desk/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springblade</groupId>
         <artifactId>blade-service</artifactId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

blade-service/blade-log/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service/blade-system/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

blade-service/blade-user/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>blade-service</artifactId>
         <groupId>org.springblade</groupId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

blade-service/pom.xml

@@ -7,12 +7,12 @@
     <parent>
         <groupId>org.springblade</groupId>
         <artifactId>SpringBlade</artifactId>
-        <version>2.5.0</version>
+        <version>2.5.1</version>
     </parent>
 
     <artifactId>blade-service</artifactId>
     <name>${project.artifactId}</name>
-    <version>2.5.0</version>
+    <version>2.5.1</version>
     <packaging>pom</packaging>
     <description>SpringBlade 微服务集合</description>
 

pom.xml

@@ -5,12 +5,12 @@
 
     <groupId>org.springblade</groupId>
     <artifactId>SpringBlade</artifactId>
-    <version>2.5.0</version>
+    <version>2.5.1</version>
     <packaging>pom</packaging>
 
     <properties>
-        <blade.tool.version>2.5.0</blade.tool.version>
-        <blade.project.version>2.5.0</blade.project.version>
+        <blade.tool.version>2.5.1</blade.tool.version>
+        <blade.project.version>2.5.1</blade.project.version>
 
         <java.version>1.8</java.version>
         <swagger.version>2.9.2</swagger.version>

script/docker/.env

@@ -1,2 +1,2 @@
 REGISTER=192.168.0.157/blade
-TAG=2.5.0
+TAG=2.5.1

script/docker/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 services:
   nacos:
-    image: nacos/nacos-server:0.9.0
+    image: nacos/nacos-server:1.1.3
     hostname: "nacos-standalone"
     environment:
       - MODE=standalone