1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package com.iailab.sdk.auth.client;
 
import com.fasterxml.jackson.databind.ObjectMapper;
import com.iailab.sdk.auth.client.vo.AuthLoginReqVO;
import com.iailab.sdk.auth.config.AuthProperties;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.*;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;
import org.springframework.util.ObjectUtils;
import org.springframework.web.client.RestTemplate;
 
import java.nio.charset.StandardCharsets;
import java.util.*;
 
import static com.iailab.framework.common.exception.enums.GlobalErrorCodeConstants.BAD_REQUEST;
import static com.iailab.framework.common.exception.util.ServiceExceptionUtil.exception;
import static com.iailab.sdk.auth.enums.ErrorCodeConstants.*;
 
/**
 * @author Houzhongjian
 * @Description
 * @createTime 2025年02月18日
 */
@Component
@Service
public class IailabAuthClient {
 
    private static final RestTemplate restTemplate = new RestTemplate();
 
    private static AuthProperties authProperties;
 
    public static void setAuthProperties(AuthProperties properties) {
        authProperties = properties;
    }
 
    private static final String GRAND_TYPE = "password";
 
    private static final String SCOPE = "user.read user.write";
 
    // 鉴权token
    public static String accessToken;
    // 刷新token
    public static String refreshToken;
    // 鉴权token过期时间
    public static Long expireTime;
 
    /**
     * 用户名密码方式获取平台token
     */
    public static synchronized void authenticate() throws Exception {
        System.out.println("登录获取平台token");
        // 1.1 构建请求头
        HttpHeaders headers = new HttpHeaders();
        addClientHeader(headers);
        headers.setContentType(MediaType.APPLICATION_JSON_UTF8);
        // 1.2 构建authenticate请求URL
        // 1.2 构建authenticate请求URL
        String authenticateUrl = authProperties.getBaseUrl() + "/system/oauth2/token?"
                // 密码模式的参数
                + "&grant_type=" + GRAND_TYPE
                + "&username=" + authProperties.getUsername()
                + "&password=" + authProperties.getPassword()
                + "&scope=" + SCOPE;
        // 2. 执行请求
        ResponseEntity<Map<String, Object>> exchange = restTemplate.exchange(
                authenticateUrl,
                HttpMethod.POST,
                new HttpEntity<>(headers),
                new ParameterizedTypeReference<Map<String, Object>>() {
                });
        Map<String, Object> authMap = exchange.getBody();
        if(AUTH_BAD_CREDENTIALS.getCode().equals(authMap.get("code"))) {
            throw exception(AUTH_BAD_CREDENTIALS);
        } else if(AUTH_LOGIN_BAD_CREDENTIALS.getCode().equals(authMap.get("code"))) {
            throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
        }
        Assert.isTrue(exchange.getStatusCode().is2xxSuccessful(), "响应必须是 200 成功");
        accessToken = authMap.get("access_token").toString();
        refreshToken = authMap.get("refresh_token").toString();
        expireTime = Long.valueOf(authMap.get("expires_time").toString());
    }
 
    public static synchronized void refreshToken() throws Exception {
        System.out.println("刷新token");
        // 1.1 构建请求头
        HttpHeaders headers = new HttpHeaders();
        addClientHeader(headers);
        // 1.2 构建authenticate请求URL
        String authenticateUrl = authProperties.getBaseUrl() + "/system/auth/client-refresh-token?refreshToken=" + refreshToken+ "&clientId=" + authProperties.getClientId();
        // 2. 执行请求
        ResponseEntity<Map<String, Object>> exchange = restTemplate.exchange(
                authenticateUrl,
                HttpMethod.POST,
                new HttpEntity<>(headers),
                new ParameterizedTypeReference<Map<String, Object>>() {
                });
        Assert.isTrue(exchange.getStatusCode().is2xxSuccessful(), "响应必须是 200 成功");
        Map<String, Object> authMap = exchange.getBody();
        //刷新token过期，重新获取token
        if (!ObjectUtils.isEmpty(authMap.get("code"))) {
            Integer code = Integer.valueOf(authMap.get("code").toString());
            if (code == 401) {
                authenticate();
            } else {
                throw exception(AUTH_REFRESH_TOKEN_ERROR);
            }
        } else {
            accessToken = authMap.get("access_token").toString();
            expireTime = Long.valueOf(authMap.get("expires_time").toString());
        }
    }
 
    private static void addClientHeader(HttpHeaders headers) {
        // client 拼接，需要 BASE64 编码
        String client = authProperties.getClientId() + ":" + authProperties.getClientSecret();
        client = Base64Utils.encodeToString(client.getBytes(StandardCharsets.UTF_8));
        headers.add("Authorization", "Basic " + client);
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        headers.set("tenant-id", authProperties.getTenantId());
    }
 
}