From e1c13aab3c532a9c09cd8ddf1b01079aa817bfca Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 23 Oct 2023 11:28:07 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E8=93=9D=E7=9B=BEAPP=20Oauth2?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E7=99=BB=E5=BD=95=E5=AE=9E=E7=8E=B0=20#9353?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/api/service/ServiceDeptResource.kt | 9 ++++++ .../devops/auth/constant/AuthMessageCode.kt | 3 ++ .../auth/pojo/dto/SecOpsWaterMarkDTO.kt | 12 ++++++++ .../auth/pojo/vo/SecOpsWaterMarkInfoVo.kt | 12 ++++++++ .../devops/auth/pojo/vo/UserAndDeptInfoVo.kt | 4 ++- .../common/MockAuthCoreAutoConfiguration.kt | 6 ++++ .../service/ServiceDeptResourceImpl.kt | 4 +++ .../auth/service/AuthDeptServiceImpl.kt | 29 +++++++++++++++++-- .../auth/service/DefaultDeptServiceImpl.kt | 6 ++++ .../devops/auth/service/DeptService.kt | 2 ++ .../secops/DefaultSecOpsServiceImpl.kt | 12 ++++++++ .../auth/service/secops/SecOpsService.kt | 13 +++++++++ .../v4/ApigwUserManagementResourceV4Impl.kt | 5 ++-- 13 files changed, 110 insertions(+), 7 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/SecOpsWaterMarkDTO.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/SecOpsWaterMarkInfoVo.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/DefaultSecOpsServiceImpl.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/SecOpsService.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceDeptResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceDeptResource.kt index 885c02b876b..e170c248c50 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceDeptResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceDeptResource.kt @@ -79,4 +79,13 @@ interface ServiceDeptResource { @ApiParam("用户名称", required = true) name: String ): Result + + @GET + @Path("/getUserInfoAndWaterMark") + @ApiOperation("获取单个用户信息和水印信息") + fun getUserInfoAndWaterMark( + @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID) + @ApiParam("用户ID", required = true) + userId: String + ): Result } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt index eb96bde3c5b..87d970799c4 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/constant/AuthMessageCode.kt @@ -127,4 +127,7 @@ object AuthMessageCode { const val ERROR_MONITOR_SPACE_NOT_EXIST = "2121077" // 监控空间不存在 const val ERROR_MONITOR_READ_ONLY_ACTIONS_NOT_EXIST = "2121078" // 业务只读组不存在 const val ERROR_MONITOR_OPS_ACTIONS_NOT_EXIST = "2121079" // 业务运维组不存在 + + const val ERROR_WATER_MARK_NOT_EXIST = "2121080" // 水印信息不存在 + const val ERROR_USER_NOT_EXIST = "2121081" // 用户不存在 } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/SecOpsWaterMarkDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/SecOpsWaterMarkDTO.kt new file mode 100644 index 00000000000..164f5a5d57b --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/SecOpsWaterMarkDTO.kt @@ -0,0 +1,12 @@ +package com.tencent.devops.auth.pojo.dto + +import io.swagger.annotations.ApiModel +import io.swagger.annotations.ApiModelProperty + +@ApiModel("安全水印") +data class SecOpsWaterMarkDTO( + @ApiModelProperty("场景token") + val token: String, + @ApiModelProperty("用户名称") + val username: String +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/SecOpsWaterMarkInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/SecOpsWaterMarkInfoVo.kt new file mode 100644 index 00000000000..f2afd72d017 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/SecOpsWaterMarkInfoVo.kt @@ -0,0 +1,12 @@ +package com.tencent.devops.auth.pojo.vo + +import io.swagger.annotations.ApiModel +import io.swagger.annotations.ApiModelProperty + +@ApiModel("用户水印信息") +data class SecOpsWaterMarkInfoVo( + @ApiModelProperty("类型") + val type: String, + @ApiModelProperty("水印信息") + val data: String +) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/UserAndDeptInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/UserAndDeptInfoVo.kt index 46be04f353d..ad9802e7a07 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/UserAndDeptInfoVo.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/UserAndDeptInfoVo.kt @@ -19,5 +19,7 @@ data class UserAndDeptInfoVo( @ApiModelProperty("用户部门详细信息") val deptInfo: List? = null, @ApiModelProperty("用户额外详细信息") - val extras: BkUserExtras? = null + val extras: BkUserExtras? = null, + @ApiModelProperty("水印信息") + val waterMark: String? = null ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/MockAuthCoreAutoConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/MockAuthCoreAutoConfiguration.kt index f43ca622130..9f7c38fca9f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/MockAuthCoreAutoConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/MockAuthCoreAutoConfiguration.kt @@ -44,6 +44,8 @@ import com.tencent.devops.auth.service.sample.SamplePermissionRoleMemberService import com.tencent.devops.auth.service.sample.SamplePermissionRoleService import com.tencent.devops.auth.service.sample.SamplePermissionSuperManagerService import com.tencent.devops.auth.service.sample.SamplePermissionUrlServiceImpl +import com.tencent.devops.auth.service.secops.DefaultSecOpsServiceImpl +import com.tencent.devops.auth.service.secops.SecOpsService import com.tencent.devops.common.client.Client import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.context.annotation.Bean @@ -141,4 +143,8 @@ class MockAuthCoreAutoConfiguration { @Bean @ConditionalOnMissingBean(AuthMonitorSpaceService::class) fun sampleAuthMonitorSpaceService() = SampleAuthMonitorSpaceService() + + @Bean + @ConditionalOnMissingBean(SecOpsService::class) + fun defaultSecOpsServiceImpl() = DefaultSecOpsServiceImpl() } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceDeptResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceDeptResourceImpl.kt index 5905d7483ae..4d9a93508e2 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceDeptResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceDeptResourceImpl.kt @@ -50,4 +50,8 @@ class ServiceDeptResourceImpl @Autowired constructor( override fun getUserInfo(userId: String, name: String): Result { return Result(deptService.getUserInfo(userId, name)) } + + override fun getUserInfoAndWaterMark(userId: String): Result { + return Result(deptService.getUserInfoAndWaterMark(userId)) + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt index e7b5042486a..ced85823649 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt @@ -48,24 +48,27 @@ import com.tencent.devops.auth.entity.UserDeptTreeInfo import com.tencent.devops.auth.pojo.vo.BkUserInfoVo import com.tencent.devops.auth.pojo.vo.DeptInfoVo import com.tencent.devops.auth.pojo.vo.UserAndDeptInfoVo +import com.tencent.devops.auth.service.secops.SecOpsService +import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.OkhttpUtils import com.tencent.devops.common.auth.api.pojo.EsbBaseReq import com.tencent.devops.common.redis.RedisOperation import com.tencent.devops.common.web.utils.I18nUtil -import java.util.Optional -import java.util.concurrent.TimeUnit import okhttp3.MediaType.Companion.toMediaTypeOrNull import okhttp3.Request import okhttp3.RequestBody import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value +import java.util.Optional +import java.util.concurrent.TimeUnit class AuthDeptServiceImpl @Autowired constructor( val redisOperation: RedisOperation, - val objectMapper: ObjectMapper + val objectMapper: ObjectMapper, + val secOpsService: SecOpsService ) : DeptService { @Value("\${esb.code:#{null}}") @@ -263,6 +266,26 @@ class AuthDeptServiceImpl @Autowired constructor( return userInfoCache.getIfPresent(name)?.get() ?: getUserAndPutInCache(userId, name) } + override fun getUserInfoAndWaterMark(userId: String): UserAndDeptInfoVo? { + val userInfo = getUserInfo( + userId = userId, + name = userId + ) ?: throw ErrorCodeException( + errorCode = AuthMessageCode.ERROR_USER_NOT_EXIST, + defaultMessage = "user not exist!$userId" + ) + val userWaterMark = secOpsService.getUserWaterMark(userId = userId) + return UserAndDeptInfoVo( + id = userInfo.id, + name = userInfo.name, + type = userInfo.type, + hasChild = userInfo.hasChild, + deptInfo = userInfo.deptInfo, + extras = userInfo.extras, + waterMark = userWaterMark.data + ) + } + private fun getUserAndPutInCache(userId: String, name: String): UserAndDeptInfoVo? { return getUserAndDeptByName( name = name, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DefaultDeptServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DefaultDeptServiceImpl.kt index df5bb01fddd..7719e5867e0 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DefaultDeptServiceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DefaultDeptServiceImpl.kt @@ -73,4 +73,10 @@ class DefaultDeptServiceImpl : DeptService { name = name, type = ManagerScopesEnum.USER ) + + override fun getUserInfoAndWaterMark(userId: String): UserAndDeptInfoVo? = UserAndDeptInfoVo( + id = 0, + name = name, + type = ManagerScopesEnum.USER + ) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DeptService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DeptService.kt index ac49979a436..71d342e9ee7 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DeptService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/DeptService.kt @@ -55,4 +55,6 @@ interface DeptService { // 获取单个用户信息 fun getUserInfo(userId: String, name: String): UserAndDeptInfoVo? + + fun getUserInfoAndWaterMark(userId: String): UserAndDeptInfoVo? } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/DefaultSecOpsServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/DefaultSecOpsServiceImpl.kt new file mode 100644 index 00000000000..7e77d55b5e6 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/DefaultSecOpsServiceImpl.kt @@ -0,0 +1,12 @@ +package com.tencent.devops.auth.service.secops + +import com.tencent.devops.auth.pojo.vo.SecOpsWaterMarkInfoVo + +class DefaultSecOpsServiceImpl : SecOpsService { + override fun getUserWaterMark(userId: String): SecOpsWaterMarkInfoVo { + return SecOpsWaterMarkInfoVo( + type = "", + data = "" + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/SecOpsService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/SecOpsService.kt new file mode 100644 index 00000000000..40344251a78 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/secops/SecOpsService.kt @@ -0,0 +1,13 @@ +package com.tencent.devops.auth.service.secops + +import com.tencent.devops.auth.pojo.vo.SecOpsWaterMarkInfoVo + +/** + * 安全相关接口 + */ +interface SecOpsService { + /** + * 获取用户水印信息 + */ + fun getUserWaterMark(userId: String): SecOpsWaterMarkInfoVo +} diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwUserManagementResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwUserManagementResourceV4Impl.kt index bc6695132f4..51041eb473b 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwUserManagementResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwUserManagementResourceV4Impl.kt @@ -20,9 +20,8 @@ class ApigwUserManagementResourceV4Impl @Autowired constructor( userId: String ): Result { logger.info("OPENAPI_GET_USER_INFO_V4|$appCode|$userId") - return client.get(ServiceDeptResource::class).getUserInfo( - userId = userId, - name = userId + return client.get(ServiceDeptResource::class).getUserInfoAndWaterMark( + userId = userId ) }