topdog/supersonic
1
0
Fork 0
mirror of https://github.com/tencentmusic/supersonic.git synced 2025-12-11 03:58:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[improvement][project] global refactor , code format , support llm , support fuzzy detect ,support query filter and so on.

Browse Source
This commit is contained in:
lexluo
2023-07-08 15:00:03 +08:00
parent 5ffd617431
commit 404163f391
329 changed files with 21050 additions and 5036 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
auth/authorization/pom.xml
View File

@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>auth</artifactId>

118
auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthApplicationService.java
View File

@@ -1,118 +0,0 @@
package com.tencent.supersonic.auth.authorization.application;
import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthRes;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthResGrp;
import com.tencent.supersonic.auth.api.authorization.pojo.DimensionFilter;
import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
import com.tencent.supersonic.auth.authorization.domain.pojo.AuthGroup;
import com.tencent.supersonic.auth.authorization.domain.pojo.AuthRule;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
@Component
@Slf4j
public class AuthApplicationService {
@Autowired
private JdbcTemplate jdbcTemplate;
private List<AuthGroup> load() {
List<String> rows = jdbcTemplate.queryForList("select config from s2_auth_groups", String.class);
Gson g = new Gson();
return rows.stream().map(row -> g.fromJson(row, AuthGroup.class)).collect(Collectors.toList());
}
public List<AuthGroup> queryAuthGroups(String domainId, Integer groupId) {
return load().stream()
.filter(group -> (Objects.isNull(groupId) || groupId.equals(group.getGroupId()))
&& domainId.equals(group.getDomainId()))
.collect(Collectors.toList());
}
public void updateAuthGroup(AuthGroup group) {
Gson g = new Gson();
if (group.getGroupId() == null) {
int nextGroupId = 1;
String sql = "select max(group_id) as group_id from s2_auth_groups";
Integer obj = jdbcTemplate.queryForObject(sql, Integer.class);
if (obj != null) {
nextGroupId = obj + 1;
}
group.setGroupId(nextGroupId);
jdbcTemplate.update("insert into s2_auth_groups (group_id, config) values (?, ?);", nextGroupId,
g.toJson(group));
} else {
jdbcTemplate.update("update s2_auth_groups set config = ? where group_id = ?;", g.toJson(group),
group.getGroupId());
}
}
public AuthorizedResourceResp queryAuthorizedResources(QueryAuthResReq req, HttpServletRequest request) {
List<AuthGroup> groups = load().stream().
filter(group -> group.getAuthorizedUsers().contains(req.getUser()) && req.getDomainId()
.equals(group.getDomainId())).
collect(Collectors.toList());
AuthorizedResourceResp resource = new AuthorizedResourceResp();
Map<String, List<AuthGroup>> authGroupsByDomainId = groups.stream()
.collect(Collectors.groupingBy(AuthGroup::getDomainId));
Map<String, List<AuthRes>> reqAuthRes = req.getResources().stream()
.collect(Collectors.groupingBy(AuthRes::getDomainId));
for (String domainId : reqAuthRes.keySet()) {
List<AuthRes> reqResourcesList = reqAuthRes.get(domainId);
AuthResGrp rg = new AuthResGrp();
if (authGroupsByDomainId.containsKey(domainId)) {
List<AuthGroup> authGroups = authGroupsByDomainId.get(domainId);
for (AuthRes reqRes : reqResourcesList) {
for (AuthGroup authRuleGroup : authGroups) {
List<AuthRule> authRules = authRuleGroup.getAuthRules();
List<String> allAuthItems = new ArrayList<>();
authRules.stream().forEach(authRule -> allAuthItems.addAll(authRule.resourceNames()));
if (allAuthItems.contains(reqRes.getName())) {
rg.getGroup().add(reqRes);
}
}
}
}
if (Objects.nonNull(rg) && !CollectionUtils.isEmpty(rg.getGroup())) {
resource.getResources().add(rg);
}
}
if (StringUtils.isNotEmpty(req.getDomainId())) {
List<AuthGroup> authGroups = authGroupsByDomainId.get(req.getDomainId());
if (!CollectionUtils.isEmpty(authGroups)) {
for (AuthGroup group : authGroups) {
if (group.getDimensionFilters() != null
&& group.getDimensionFilters().stream().anyMatch(expr -> !Strings.isNullOrEmpty(expr))) {
DimensionFilter df = new DimensionFilter();
df.setDescription(group.getDimensionFilterDescription());
df.setExpressions(group.getDimensionFilters());
resource.getFilters().add(df);
}
}
}
}
return resource;
}
public void removeAuthGroup(AuthGroup group) {
jdbcTemplate.update("delete from s2_auth_groups where group_id = ?", group.getGroupId());
}
}

134
auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthServiceImpl.java
View File

@@ -1,24 +1,148 @@
package com.tencent.supersonic.auth.authorization.application;
import com.google.common.base.Strings;
import com.google.gson.Gson;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthRes;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthResGrp;
import com.tencent.supersonic.auth.api.authorization.pojo.DimensionFilter;
import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
import com.tencent.supersonic.auth.api.authorization.service.AuthService;
import javax.servlet.http.HttpServletRequest;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthGroup;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthRule;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
@Service
@Slf4j
public class AuthServiceImpl implements AuthService {
private final AuthApplicationService authApplicationService;
private JdbcTemplate jdbcTemplate;
public AuthServiceImpl(AuthApplicationService authApplicationService) {
this.authApplicationService = authApplicationService;
public AuthServiceImpl(JdbcTemplate jdbcTemplate) {
this.jdbcTemplate = jdbcTemplate;
}
private List<AuthGroup> load() {
List<String> rows = jdbcTemplate.queryForList("select config from s2_auth_groups", String.class);
Gson g = new Gson();
return rows.stream().map(row -> g.fromJson(row, AuthGroup.class)).collect(Collectors.toList());
}
@Override
public AuthorizedResourceResp queryAuthorizedResources(HttpServletRequest request, QueryAuthResReq req) {
return authApplicationService.queryAuthorizedResources(req, request);
public List<AuthGroup> queryAuthGroups(String domainId, Integer groupId) {
return load().stream()
.filter(group -> (Objects.isNull(groupId) || groupId.equals(group.getGroupId()))
&& domainId.equals(group.getDomainId()))
.collect(Collectors.toList());
}
@Override
public void updateAuthGroup(AuthGroup group) {
Gson g = new Gson();
if (group.getGroupId() == null) {
int nextGroupId = 1;
String sql = "select max(group_id) as group_id from s2_auth_groups";
Integer obj = jdbcTemplate.queryForObject(sql, Integer.class);
if (obj != null) {
nextGroupId = obj + 1;
}
group.setGroupId(nextGroupId);
jdbcTemplate.update("insert into s2_auth_groups (group_id, config) values (?, ?);", nextGroupId,
g.toJson(group));
} else {
jdbcTemplate.update("update s2_auth_groups set config = ? where group_id = ?;", g.toJson(group),
group.getGroupId());
}
}
@Override
public void removeAuthGroup(AuthGroup group) {
jdbcTemplate.update("delete from s2_auth_groups where group_id = ?", group.getGroupId());
}
@Override
public AuthorizedResourceResp queryAuthorizedResources(QueryAuthResReq req, HttpServletRequest request) {
List<AuthGroup> groups = getAuthGroups(req);
AuthorizedResourceResp resource = new AuthorizedResourceResp();
Map<String, List<AuthGroup>> authGroupsByDomainId = groups.stream()
.collect(Collectors.groupingBy(AuthGroup::getDomainId));
Map<String, List<AuthRes>> reqAuthRes = req.getResources().stream()
.collect(Collectors.groupingBy(AuthRes::getDomainId));
for (String domainId : reqAuthRes.keySet()) {
List<AuthRes> reqResourcesList = reqAuthRes.get(domainId);
AuthResGrp rg = new AuthResGrp();
if (authGroupsByDomainId.containsKey(domainId)) {
List<AuthGroup> authGroups = authGroupsByDomainId.get(domainId);
for (AuthRes reqRes : reqResourcesList) {
for (AuthGroup authRuleGroup : authGroups) {
List<AuthRule> authRules = authRuleGroup.getAuthRules();
List<String> allAuthItems = new ArrayList<>();
authRules.forEach(authRule -> allAuthItems.addAll(authRule.resourceNames()));
if (allAuthItems.contains(reqRes.getName())) {
rg.getGroup().add(reqRes);
}
}
}
}
if (!CollectionUtils.isEmpty(rg.getGroup())) {
resource.getResources().add(rg);
}
}
if (StringUtils.isNotEmpty(req.getDomainId())) {
List<AuthGroup> authGroups = authGroupsByDomainId.get(req.getDomainId());
if (!CollectionUtils.isEmpty(authGroups)) {
for (AuthGroup group : authGroups) {
if (group.getDimensionFilters() != null
&& group.getDimensionFilters().stream().anyMatch(expr -> !Strings.isNullOrEmpty(expr))) {
DimensionFilter df = new DimensionFilter();
df.setDescription(group.getDimensionFilterDescription());
df.setExpressions(group.getDimensionFilters());
resource.getFilters().add(df);
}
}
}
}
return resource;
}
private List<AuthGroup> getAuthGroups(QueryAuthResReq req) {
List<AuthGroup> groups = load().stream().
filter(group -> {
if (!Objects.equals(group.getDomainId(), req.getDomainId())) {
return false;
}
if (!CollectionUtils.isEmpty(group.getAuthorizedUsers()) && group.getAuthorizedUsers()
.contains(req.getUser())) {
return true;
}
for (String deparmentId : req.getDepartmentIds()) {
if (!CollectionUtils.isEmpty(group.getAuthorizedDepartmentIds())
&& group.getAuthorizedDepartmentIds().contains(deparmentId)) {
return true;
}
}
return false;
}).collect(Collectors.toList());
log.info("user:{} department:{} authGroups:{}", req.getUser(), req.getDepartmentIds(), groups);
return groups;
}
}

27
auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthGroup.java
View File

@@ -1,27 +0,0 @@
package com.tencent.supersonic.auth.authorization.domain.pojo;
import java.util.List;
import lombok.Data;
@Data
public class AuthGroup {
private String domainId;
private String name;
private Integer groupId;
private List<AuthRule> authRules;
/**
* row permission expression
*/
private List<String> dimensionFilters;
/**
* row permission expression description information
*/
private String dimensionFilterDescription;
private List<String> authorizedUsers;
/**
* authorization Department Id
*/
private List<String> authorizedDepartmentIds;
}

28
auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthRule.java
View File

@@ -1,28 +0,0 @@
package com.tencent.supersonic.auth.authorization.domain.pojo;
import java.beans.Transient;
import java.util.ArrayList;
import java.util.List;
import lombok.Data;
@Data
public class AuthRule {
private String name;
private String description;
private List<String> metrics;
private List<String> dimensions;
@Transient
public List<String> resourceNames() {
ArrayList<String> res = new ArrayList<>();
if (metrics != null) {
res.addAll(metrics);
}
if (dimensions != null) {
res.addAll(dimensions);
}
return res;
}
}

20
auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/rest/AuthController.java
View File

@@ -2,8 +2,8 @@ package com.tencent.supersonic.auth.authorization.rest;
import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
import com.tencent.supersonic.auth.authorization.application.AuthApplicationService;
import com.tencent.supersonic.auth.authorization.domain.pojo.AuthGroup;
import com.tencent.supersonic.auth.api.authorization.service.AuthService;
import com.tencent.supersonic.auth.api.authorization.pojo.AuthGroup;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
@@ -19,16 +19,16 @@ import org.springframework.web.bind.annotation.RestController;
@Slf4j
public class AuthController {
private final AuthApplicationService service;
private final AuthService authService;
public AuthController(AuthApplicationService service) {
this.service = service;
public AuthController(AuthService authService) {
this.authService = authService;
}
@GetMapping("/queryGroup")
public List<AuthGroup> queryAuthGroup(@RequestParam("domainId") String domainId,
@RequestParam(value = "groupId", required = false) Integer groupId) {
return service.queryAuthGroups(domainId, groupId);
return authService.queryAuthGroups(domainId, groupId);
}
/**
@@ -37,12 +37,12 @@ public class AuthController {
@PostMapping("/createGroup")
public void newAuthGroup(@RequestBody AuthGroup group) {
group.setGroupId(null);
service.updateAuthGroup(group);
authService.updateAuthGroup(group);
}
@PostMapping("/removeGroup")
public void removeAuthGroup(@RequestBody AuthGroup group) {
service.removeAuthGroup(group);
authService.removeAuthGroup(group);
}
/**
@@ -55,7 +55,7 @@ public class AuthController {
if (group.getGroupId() == null || group.getGroupId() == 0) {
throw new RuntimeException("groupId is empty");
}
service.updateAuthGroup(group);
authService.updateAuthGroup(group);
}
/**
@@ -68,6 +68,6 @@ public class AuthController {
@PostMapping("/queryAuthorizedRes")
public AuthorizedResourceResp queryAuthorizedResources(@RequestBody QueryAuthResReq req,
HttpServletRequest request) {
return service.queryAuthorizedResources(req, request);
return authService.queryAuthorizedResources(req, request);
}
}