feat:新增项目初始化权限认证

ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/annotation/InitAuth.java

@@ -0,0 +1,20 @@
+package com.ruoyi.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 初始化认证:初始化项目时跳过权限认证
+ *
+ * @Author GuanTieLin
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface InitAuth {
+    /**
+     * 认证的url
+     */
+    String  value() default "";
+}

ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java

@@ -1,5 +1,8 @@
 package com.ruoyi.common.security.aspect;
 
+import com.ruoyi.common.security.service.InitAuthService;
+import com.ruoyi.common.core.utils.ServletUtils;
+import com.ruoyi.common.security.annotation.InitAuth;
 import com.ruoyi.common.security.annotation.RequiresLogin;
 import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.common.security.annotation.RequiresRoles;
@@ -9,8 +12,11 @@ import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
+import java.util.Objects;
 
 /**
  * 基于 Spring Aop 的注解鉴权
@@ -20,12 +26,17 @@ import java.lang.reflect.Method;
 @Aspect
 @Component
 public class PreAuthorizeAspect {
+
+    @Autowired
+    private InitAuthService initAuthService;
+
     /**
      * 定义AOP签名 (切入所有使用鉴权注解的方法)
      */
     public static final String POINTCUT_SIGN = " @annotation(com.ruoyi.common.security.annotation.RequiresLogin) || "
             + "@annotation(com.ruoyi.common.security.annotation.RequiresPermissions) || "
-            + "@annotation(com.ruoyi.common.security.annotation.RequiresRoles)";
+            + "@annotation(com.ruoyi.common.security.annotation.RequiresRoles) ||"
+            + "@annotation(com.ruoyi.common.security.annotation.InitAuth)";
 
     /**
      * 构建
@@ -51,13 +62,18 @@ public class PreAuthorizeAspect {
      */
     @Around("pointcut()")
     public Object around (ProceedingJoinPoint joinPoint) throws Throwable {
+        HttpServletRequest httpServletRequest = ServletUtils.getRequest();
+        String url=null;
+        if(Objects.nonNull(httpServletRequest)){
+            // 获取url
+            url = httpServletRequest.getHeader("Init-Auth-Url");
+        }
         // 注解鉴权
         MethodSignature signature = (MethodSignature) joinPoint.getSignature();
-        checkMethodAnnotation(signature.getMethod());
+        checkMethodAnnotation(signature.getMethod(),url);
         try {
             // 执行原有逻辑
-            Object obj = joinPoint.proceed();
-            return obj;
+            return joinPoint.proceed();
         } catch (Throwable e) {
             throw e;
         }
@@ -66,7 +82,22 @@ public class PreAuthorizeAspect {
     /**
      * 对一个Method对象进行注解检查
      */
-    public void checkMethodAnnotation (Method method) {
+    public void checkMethodAnnotation (Method method,String url) {
+        // 校验 @InitAuth 注解
+        InitAuth initAuth = method.getAnnotation(InitAuth.class);
+        // 有注解放行
+        if (initAuth != null) {
+            // 初始化访问权限
+            initAuthService.init(initAuth.value());
+            return;
+        }
+        // 有权限放行
+        if(url!=null&& initAuthService.auth(url)){
+            // 移除访问权限
+            initAuthService.remove(url);
+            return;
+        }
+
         // 校验 @RequiresLogin 注解
         RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
         if (requiresLogin != null) {

ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java

@@ -7,7 +7,6 @@ import com.ruoyi.common.core.utils.ip.IpUtils;
 import feign.RequestInterceptor;
 import feign.RequestTemplate;
 import org.springframework.stereotype.Component;
-
 import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 
@@ -40,9 +39,11 @@ public class FeignRequestInterceptor implements RequestInterceptor {
             if (StringUtils.isNotEmpty(authentication)) {
                 requestTemplate.header(SecurityConstants.AUTHORIZATION_HEADER, authentication);
             }
-
             // 配置客户端IP
             requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr());
         }
+        // 配置请求路径
+        String url = requestTemplate.feignTarget().url()+requestTemplate.url().split("\\?")[0];
+        requestTemplate.header("Init-Auth-Url",url);
     }
 }

ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/service/InitAuthService.java

@@ -0,0 +1,44 @@
+package com.ruoyi.common.security.service;
+
+import com.ruoyi.common.redis.service.RedisService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 初始化认证服务
+ * @ClassName InitAuthService
+ * @Author GuanTieLin
+ * @Date 2024/5/15 12:44
+ */
+@Component
+public class InitAuthService {
+
+    @Autowired
+    private RedisService redisService;
+
+    private final String PREFIX="init-auth:";
+
+    /**
+     * 初始化权限3分钟
+     */
+    public void init(String url){
+        redisService.setCacheObject(PREFIX+url,"",3L,TimeUnit.MINUTES);
+    }
+
+    /**
+     * 验证权限
+     */
+    public boolean auth(String url){
+        return redisService.hasKey(PREFIX + url);
+    }
+
+    /**
+     * 移除权限
+     */
+    public void remove(String url){
+        if(redisService.hasKey(PREFIX + url)){
+            redisService.deleteObject(PREFIX + url);
+        }
+    }
+}

ruoyi-common/muyu-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1,5 +1,6 @@
 com.ruoyi.common.security.config.WebMvcConfig
 com.ruoyi.common.security.service.TokenService
+com.ruoyi.common.security.service.InitAuthService
 com.ruoyi.common.security.aspect.PreAuthorizeAspect
 com.ruoyi.common.security.aspect.InnerAuthAspect
 com.ruoyi.common.security.handler.GlobalExceptionHandler

ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-remote/src/main/java/com/ruoyi/dataAsset/remote/RemoteDataAssetService.java

@@ -3,6 +3,7 @@ package com.ruoyi.dataAsset.remote;
 import com.ruoyi.common.core.constant.ServiceNameConstants;
 import com.ruoyi.common.core.domain.Result;
 import com.ruoyi.common.core.web.page.TableDataInfo;
+import com.ruoyi.common.security.annotation.InitAuth;
 import com.ruoyi.dataAsset.domain.DataSource;
 import com.ruoyi.dataAsset.domain.req.DataSourceQueryReq;
 import com.ruoyi.dataAsset.remote.factory.RemoteDataAssetFactory;
@@ -27,5 +28,6 @@ public interface RemoteDataAssetService {
      * 查询数据接入列表
      */
     @GetMapping("/list")
+    @InitAuth("http://ruoyi-data-asset/source/list")
     public Result<TableDataInfo<DataSource>> list(@RequestParam("dataSourceQueryReq") DataSourceQueryReq dataSourceQueryReq);
 }

ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-server/src/main/java/com/ruoyi/dataAsset/controller/DataSourceController.java

@@ -4,9 +4,6 @@ import java.sql.SQLException;
 import java.util.List;
 import javax.servlet.http.HttpServletResponse;
 import com.ruoyi.common.security.utils.SecurityUtils;
-import com.ruoyi.dataAsset.service.AssetModelDataService;
-import com.ruoyi.dataAsset.service.ColumnInfoService;
-import com.ruoyi.dataAsset.service.TableInfoService;
 import io.swagger.annotations.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -47,7 +44,7 @@ public class DataSourceController extends BaseController {
      * 查询数据接入列表
      */
     @ApiOperation("获取数据接入列表")
-    //@RequiresPermissions("dataAsset:source:list")
+    @RequiresPermissions("dataAsset:source:list")
     @GetMapping("/list")
     public Result<TableDataInfo<DataSource>> list(DataSourceQueryReq dataSourceQueryReq) {
         startPage();

ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-remote/src/main/java/com/ruoyi/ruleEngine/remote/RemoteRuleEngineService.java

@@ -2,6 +2,7 @@ package com.ruoyi.ruleEngine.remote;
 
 import com.ruoyi.common.core.constant.ServiceNameConstants;
 import com.ruoyi.common.core.domain.Result;
+import com.ruoyi.common.security.annotation.InitAuth;
 import com.ruoyi.ruleEngine.domain.EngineVersion;
 import com.ruoyi.ruleEngine.domain.req.EngineVersionQueryReq;
 import com.ruoyi.ruleEngine.remote.factory.RemoteRuleEngineFactory;
@@ -29,6 +30,7 @@ public interface RemoteRuleEngineService {
      * 查询引擎规则版本列表
      */
     @GetMapping("/list")
+    @InitAuth("http://ruoyi-rule-engine/version/list")
     public Result<List<EngineVersion>> list(@RequestParam("engineConfigQueryReq") EngineVersionQueryReq engineConfigQueryReq);
 
     /**

ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-server/src/main/java/com/ruoyi/ruleEngine/controller/EngineVersionController.java

@@ -38,7 +38,7 @@ public class EngineVersionController extends BaseController {
      * 查询引擎规则版本列表
      */
     @ApiOperation("查询引擎规则版本列表")
-    //@RequiresPermissions("ruleEngine:version:list")
+    @RequiresPermissions("ruleEngine:version:list")
     @GetMapping("/list")
     public Result<List<EngineVersion>> list(EngineVersionQueryReq engineConfigQueryReq) {
         return Result.success(engineVersionService.list(EngineVersion.queryBuild(engineConfigQueryReq)));