更新对已登录 User 对象的获取

manager/src/main/java/cn/reghao/devops/manager/account/controller/AccountAuthController.java

@@ -3,7 +3,7 @@ package cn.reghao.devops.manager.account.controller;
 import cn.reghao.devops.manager.account.model.po.Menu;
 import cn.reghao.devops.manager.account.model.po.User;
 import cn.reghao.devops.manager.account.service.IndexService;
-import cn.reghao.devops.manager.util.UserContext;
+import cn.reghao.devops.manager.account.service.UserContext;
 import io.swagger.annotations.Api;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Controller;

manager/src/main/java/cn/reghao/devops/manager/account/controller/page/UserPageController.java

@@ -5,6 +5,7 @@ import cn.reghao.devops.manager.account.db.query.UserQuery;
 import cn.reghao.devops.manager.account.model.po.Role;
 import cn.reghao.devops.manager.account.model.po.User;
 import cn.reghao.devops.manager.account.model.vo.UserVO;
+import cn.reghao.devops.manager.account.service.UserContext;
 import cn.reghao.devops.manager.util.db.PageList;
 import cn.reghao.devops.manager.util.db.PageSort;
 import io.swagger.annotations.Api;
@@ -12,8 +13,6 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageImpl;
 import org.springframework.data.domain.PageRequest;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
@@ -32,8 +31,8 @@ import java.util.stream.Collectors;
 @RequestMapping("/rbac/user")
 @Controller
 public class UserPageController {
-    private UserQuery userQuery;
-    private RoleQuery roleQuery;
+    private final UserQuery userQuery;
+    private final RoleQuery roleQuery;
 
     public UserPageController(UserQuery userQuery, RoleQuery roleQuery) {
         this.userQuery = userQuery;
@@ -98,8 +97,7 @@ public class UserPageController {
 
     @GetMapping("/profile")
     public String userInfoPage(Model model) {
-        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
-        User user = (User) authToken.getDetails();
+        User user = UserContext.getUser();
         model.addAttribute("user", user);
         return "/rbac/user/userinfo";
     }

manager/src/main/java/cn/reghao/devops/manager/account/db/query/UserQueryImpl.java

@@ -68,7 +68,7 @@ public class UserQueryImpl implements UserQuery {
         List<String> roles = set.stream()
                 .map(UserAuthority::getAuthority)
                 .collect(Collectors.toList());
-        Specification<Role> spec = ((root, query, criteriaBuilder) -> root.get("title").in(roles));
+        Specification<Role> spec = ((root, query, criteriaBuilder) -> root.get("name").in(roles));
         return new HashSet<>(roleRepository.findAll(spec));
     }
 

manager/src/main/java/cn/reghao/devops/manager/account/model/dto/AccountAuthedToken.java

@@ -1,16 +0,0 @@
-package cn.reghao.devops.manager.account.model.dto;
-
-import lombok.AllArgsConstructor;
-import lombok.Getter;
-
-/**
- * @author reghao
- * @date 2023-10-19 13:56:02
- */
-@AllArgsConstructor
-@Getter
-public class AccountAuthedToken {
-    private Integer plat;
-    private String loginId;
-    private Integer userId;
-}

manager/src/main/java/cn/reghao/devops/manager/account/service/AccountTokenService.java

@@ -1,21 +0,0 @@
-package cn.reghao.devops.manager.account.service;
-
-
-import cn.reghao.devops.manager.account.model.dto.AccountAuthedToken;
-import cn.reghao.devops.manager.account.security.form.AccountAuthToken;
-
-/**
- * @author reghao
- * @date 2023-02-16 14:57:49
- */
-public interface AccountTokenService {
-    AccountAuthedToken getAuthedToken();
-    /**
-     * 从 cookie 或 token 中读取已认证用户的 AccountAuthToken
-     *
-     * @param
-     * @return
-     * @date 2023-10-19 18:38:43
-     */
-    AccountAuthToken getAuthToken(int tokenType, String userdata);
-}

manager/src/main/java/cn/reghao/devops/manager/util/UserContext.java → manager/src/main/java/cn/reghao/devops/manager/account/service/UserContext.java

@@ -1,4 +1,4 @@
-package cn.reghao.devops.manager.util;
+package cn.reghao.devops.manager.account.service;
 
 import cn.reghao.devops.manager.account.model.po.User;
 import cn.reghao.devops.manager.account.security.form.AccountAuthToken;
@@ -12,7 +12,6 @@ import java.util.Set;
  * @author reghao
  * @date 2023-12-01 10:31:52
  */
-@Deprecated
 public class UserContext {
     public static String getUsername() {
         User user = getUser();

manager/src/main/java/cn/reghao/devops/manager/account/service/impl/AccountAuthServiceImpl.java

@@ -30,15 +30,15 @@ import javax.servlet.http.Cookie;
 public class AccountAuthServiceImpl implements AccountAuthService {
     private final String cookieName = "USERDATA";
     private final String domain = "";
-    private final Cache<String, Object> caffeineCache;
+    private final Cache<String, Object> cache;
     private final UserRepository userRepository;
     private final CodeService codeService;
     private final PubkeyService pubkeyService;
     private final PasswordEncoder passwordEncoder;
 
-    public AccountAuthServiceImpl(Cache<String, Object> caffeineCache, UserRepository userRepository,
+    public AccountAuthServiceImpl(Cache<String, Object> cache, UserRepository userRepository,
                                   CodeService codeService, PubkeyService pubkeyService, PasswordEncoder passwordEncoder) {
-        this.caffeineCache = caffeineCache;
+        this.cache = cache;
         this.userRepository = userRepository;
         this.codeService = codeService;
         this.pubkeyService = pubkeyService;
@@ -111,7 +111,7 @@ public class AccountAuthServiceImpl implements AccountAuthService {
         if (timeout == 0) {
             timeout = 3600*24*30;
         }
-        caffeineCache.put(loginSuccessKey, authToken);
+        cache.put(loginSuccessKey, authToken);
     }
 
     private Cookie generateCookie(String name, String value, long timeout) {
@@ -136,14 +136,6 @@ public class AccountAuthServiceImpl implements AccountAuthService {
 
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication instanceof AccountAuthToken) {
-            AccountAuthToken authToken = (AccountAuthToken) authentication;
-            int userId = authToken.getUserId();
-            String loginId = authToken.getLoginId();
-            clearCookie();
-
-            String userdata = String.format("%s:%s:%s", userId, 1, loginId);
-            deleteLoginData(userdata);
-
             SecurityContext context = SecurityContextHolder.getContext();
             context.setAuthentication(null);
             SecurityContextHolder.clearContext();
@@ -160,7 +152,4 @@ public class AccountAuthServiceImpl implements AccountAuthService {
         cookie2.setPath(path);
         ServletUtil.getResponse().addCookie(cookie2);
     }
-
-    private void deleteLoginData(String userdata) {
-    }
 }

manager/src/main/java/cn/reghao/devops/manager/app/controller/page/BuildDeployPageController.java

@@ -18,9 +18,6 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.data.domain.*;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
@@ -84,16 +81,6 @@ public class BuildDeployPageController {
         return "/app/bd/index";
     }
 
-    private Set<String> getRole() throws Exception {
-        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
-        if (authToken == null) {
-            throw new Exception("未登录");
-        }
-
-        return authToken.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
-    }
-
     @ApiOperation(value = "应用部署页面")
     @GetMapping("/deploy")
     public String deployPage(@RequestParam("appId") String appId,

manager/src/main/java/cn/reghao/devops/manager/app/service/PermissionCheck.java

@@ -0,0 +1,29 @@
+package cn.reghao.devops.manager.app.service;
+
+import cn.reghao.devops.common.build.model.constant.EnvType;
+import cn.reghao.devops.manager.account.model.constant.RoleType;
+import cn.reghao.devops.manager.account.model.po.User;
+import cn.reghao.devops.manager.account.service.UserContext;
+
+import java.util.Set;
+
+/**
+ * @author reghao
+ * @date 2024-02-04 15:15:38
+ */
+public class PermissionCheck {
+    public static User check(String env) throws Exception {
+        User user = UserContext.getUser();
+        if (user == null) {
+            throw new Exception("未登录");
+        } else {
+            Set<String> roles = user.getRole();
+            boolean isAdmin = roles.contains(RoleType.ROLE_ADMIN.name());
+            if (EnvType.prod.name().equals(env) && !isAdmin) {
+                throw new Exception("没有权限");
+            }
+        }
+
+        return user;
+    }
+}

manager/src/main/java/cn/reghao/devops/manager/app/service/bd/impl/AppStatImpl.java

@@ -1,23 +1,25 @@
 package cn.reghao.devops.manager.app.service.bd.impl;
 
 import cn.reghao.devops.common.agent.app.dto.AppInfo;
+import cn.reghao.devops.common.build.model.constant.EnvType;
 import cn.reghao.devops.common.msg.constant.AppStatOps;
 import cn.reghao.devops.common.msg.event.EvtAppStat;
+import cn.reghao.devops.manager.account.model.po.User;
+import cn.reghao.devops.manager.account.service.UserContext;
 import cn.reghao.devops.manager.app.db.repository.config.AppConfigRepository;
 import cn.reghao.devops.manager.app.model.po.config.AppConfig;
+import cn.reghao.devops.manager.app.service.PermissionCheck;
 import cn.reghao.devops.manager.app.service.bd.AppStat;
 import cn.reghao.devops.manager.ws.MessageSenders;
 import cn.reghao.devops.manager.machine.service.MachineService;
 import cn.reghao.devops.manager.account.model.constant.RoleType;
-import cn.reghao.devops.manager.account.model.po.UserAuthority;
 import cn.reghao.jutil.jdk.event.message.EventMessage;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Set;
 
 /**
  * 应用状态管理
@@ -46,16 +48,7 @@ public class AppStatImpl implements AppStat {
         EvtAppStat evtAppStat = new EvtAppStat(packType, appId, appStatOps);
         EventMessage evtMsg = EventMessage.evt(evtAppStat);
 
-        // TODO 以后采用更好的权限处理方式
-        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
-        if (authToken == null) {
-            throw new Exception("未登录");
-        } else {
-            boolean isAdmin = authToken.getAuthorities().contains(new UserAuthority(RoleType.ROLE_ADMIN.name()));
-            if ("prod".equals(appConfig.getEnv()) && !isAdmin) {
-                throw new Exception("没有权限");
-            }
-        }
+        PermissionCheck.check(appConfig.getEnv());
         publish(machineId, evtMsg);
     }
 

manager/src/main/java/cn/reghao/devops/manager/app/service/bd/impl/BuildAppImpl.java

@@ -2,8 +2,11 @@ package cn.reghao.devops.manager.app.service.bd.impl;
 
 import cn.reghao.devops.common.build.chain.BuildHandlers;
 import cn.reghao.devops.common.build.model.AppDto;
+import cn.reghao.devops.common.build.model.constant.EnvType;
+import cn.reghao.devops.manager.account.service.UserContext;
 import cn.reghao.devops.manager.app.model.po.AppBuilding;
 import cn.reghao.devops.manager.app.model.po.config.AppConfig;
+import cn.reghao.devops.manager.app.service.PermissionCheck;
 import cn.reghao.devops.manager.app.service.bd.BuildDeployNotify;
 import cn.reghao.devops.manager.app.service.bd.DeployApp;
 import cn.reghao.devops.manager.app.service.bd.BuildStat;
@@ -15,17 +18,15 @@ import cn.reghao.devops.common.build.chain.Bootstrap;
 import cn.reghao.devops.common.build.chain.Handler;
 import cn.reghao.devops.manager.account.model.constant.RoleType;
 import cn.reghao.devops.manager.account.model.po.User;
-import cn.reghao.devops.manager.account.model.po.UserAuthority;
 import cn.reghao.jutil.jdk.result.Result;
 import cn.reghao.jutil.jdk.result.ResultStatus;
 import cn.reghao.jutil.jdk.thread.ThreadPoolWrapper;
 import cn.reghao.jutil.tool.id.IdGenerator;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
+import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
 
@@ -62,16 +63,7 @@ public class BuildAppImpl implements BuildApp {
             throw new Exception(appId + " 不存在");
         }
 
-        Authentication authToken = SecurityContextHolder.getContext().getAuthentication();
-        if (authToken == null) {
-            throw new Exception("未登录");
-        } else {
-            boolean isAdmin = authToken.getAuthorities().contains(new UserAuthority(RoleType.ROLE_ADMIN.name()));
-            if ("prod".equals(appConfig.getEnv()) && !isAdmin) {
-                throw new Exception("没有权限");
-            }
-        }
-        User user = (User) authToken.getDetails();
+        User user = PermissionCheck.check(appConfig.getEnv());
         String buildBy = user.getScreenName();
         AppDto appDto = appConfig.getAppDto();
         localBuild(appDto, buildBy, deploy);

manager/src/main/java/cn/reghao/devops/manager/util/DefaultSetting.java

@@ -1,6 +1,7 @@
 package cn.reghao.devops.manager.util;
 
 import cn.reghao.devops.common.build.model.constant.EnvType;
+import cn.reghao.devops.manager.account.service.UserContext;
 import cn.reghao.devops.manager.app.model.constant.AppType;
 import cn.reghao.devops.manager.app.model.vo.KeyValue;
 import cn.reghao.devops.manager.account.model.constant.RoleType;
@@ -43,16 +44,17 @@ public class DefaultSetting {
     }
 
     public static String getAppType() {
+        String defaultAppType = AppType.maven.getName();
         Set<String> roles = UserContext.getUserRoles();
-        if (roles.contains(RoleType.ROLE_BACKEND.name())) {
-            return AppType.dotnetCore.getName();
+        if (roles.contains(RoleType.ROLE_ADMIN.name())) {
+            defaultAppType = AppType.dotnetCore.getName();
+        } else if (roles.contains(RoleType.ROLE_BACKEND.name())) {
+            defaultAppType = AppType.dotnetCore.getName();
         } else if (roles.contains(RoleType.ROLE_FRONTEND.name())) {
-            return AppType.npm.getName();
-        } else if (roles.contains(RoleType.ROLE_ADMIN.name())) {
-            return AppType.maven.getName();
+            defaultAppType = AppType.npm.getName();
         }
 
-        return AppType.npm.getName();
+        return defaultAppType;
     }
 
     public static List<KeyValue> getAppTypes() {