first commit

2025-12-11 12:07:42 +00:00 · 2023-06-12 18:44:01 +08:00
commit dc4fc69b57
879 changed files with 573090 additions and 0 deletions
--- a/auth/authorization/pom.xml
+++ b/auth/authorization/pom.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>auth</artifactId>
+        <groupId>com.tencent.supersonic</groupId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>auth-authorization</artifactId>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>com.tencent.supersonic</groupId>
+            <artifactId>auth-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.tencent.supersonic</groupId>
+            <artifactId>auth-authentication</artifactId>
+            <version>1.0.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthApplicationService.java
+++ b/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthApplicationService.java
@@ -0,0 +1,118 @@
+package com.tencent.supersonic.auth.authorization.application;
+
+import com.google.common.base.Strings;
+import com.google.gson.Gson;
+import com.tencent.supersonic.auth.api.authorization.pojo.AuthRes;
+import com.tencent.supersonic.auth.api.authorization.pojo.AuthResGrp;
+import com.tencent.supersonic.auth.api.authorization.pojo.DimensionFilter;
+import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
+import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
+import com.tencent.supersonic.auth.authorization.domain.pojo.AuthGroup;
+import com.tencent.supersonic.auth.authorization.domain.pojo.AuthRule;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+
+@Component
+@Slf4j
+public class AuthApplicationService {
+
+    @Autowired
+    private JdbcTemplate jdbcTemplate;
+
+    private List<AuthGroup> load() {
+        List<String> rows = jdbcTemplate.queryForList("select config from s2_auth_groups", String.class);
+        Gson g = new Gson();
+        return rows.stream().map(row -> g.fromJson(row, AuthGroup.class)).collect(Collectors.toList());
+    }
+
+    public List<AuthGroup> queryAuthGroups(String domainId, Integer groupId) {
+        return load().stream()
+                .filter(group -> (Objects.isNull(groupId) || groupId.equals(group.getGroupId()))
+                        && domainId.equals(group.getDomainId()))
+                .collect(Collectors.toList());
+    }
+
+    public void updateAuthGroup(AuthGroup group) {
+        Gson g = new Gson();
+        if (group.getGroupId() == null) {
+            int nextGroupId = 1;
+            String sql = "select max(group_id) as group_id from s2_auth_groups";
+            Integer obj = jdbcTemplate.queryForObject(sql, Integer.class);
+            if (obj != null) {
+                nextGroupId = obj + 1;
+            }
+            group.setGroupId(nextGroupId);
+            jdbcTemplate.update("insert into s2_auth_groups (group_id, config) values (?, ?);", nextGroupId,
+                    g.toJson(group));
+        } else {
+            jdbcTemplate.update("update s2_auth_groups set config = ? where group_id = ?;", g.toJson(group),
+                    group.getGroupId());
+        }
+    }
+
+    public AuthorizedResourceResp queryAuthorizedResources(QueryAuthResReq req, HttpServletRequest request) {
+        List<AuthGroup> groups = load().stream().
+                filter(group -> group.getAuthorizedUsers().contains(req.getUser()) && req.getDomainId()
+                        .equals(group.getDomainId())).
+                collect(Collectors.toList());
+        AuthorizedResourceResp resource = new AuthorizedResourceResp();
+        Map<String, List<AuthGroup>> authGroupsByDomainId = groups.stream()
+                .collect(Collectors.groupingBy(AuthGroup::getDomainId));
+        Map<String, List<AuthRes>> reqAuthRes = req.getResources().stream()
+                .collect(Collectors.groupingBy(AuthRes::getDomainId));
+
+        for (String domainId : reqAuthRes.keySet()) {
+            List<AuthRes> reqResourcesList = reqAuthRes.get(domainId);
+            AuthResGrp rg = new AuthResGrp();
+            if (authGroupsByDomainId.containsKey(domainId)) {
+                List<AuthGroup> authGroups = authGroupsByDomainId.get(domainId);
+                for (AuthRes reqRes : reqResourcesList) {
+                    for (AuthGroup authRuleGroup : authGroups) {
+                        List<AuthRule> authRules = authRuleGroup.getAuthRules();
+                        List<String> allAuthItems = new ArrayList<>();
+                        authRules.stream().forEach(authRule -> allAuthItems.addAll(authRule.resourceNames()));
+
+                        if (allAuthItems.contains(reqRes.getName())) {
+                            rg.getGroup().add(reqRes);
+                        }
+
+                    }
+                }
+            }
+            if (Objects.nonNull(rg) && !CollectionUtils.isEmpty(rg.getGroup())) {
+                resource.getResources().add(rg);
+            }
+        }
+
+        if (StringUtils.isNotEmpty(req.getDomainId())) {
+            List<AuthGroup> authGroups = authGroupsByDomainId.get(req.getDomainId());
+            if (!CollectionUtils.isEmpty(authGroups)) {
+                for (AuthGroup group : authGroups) {
+                    if (group.getDimensionFilters() != null
+                            && group.getDimensionFilters().stream().anyMatch(expr -> !Strings.isNullOrEmpty(expr))) {
+                        DimensionFilter df = new DimensionFilter();
+                        df.setDescription(group.getDimensionFilterDescription());
+                        df.setExpressions(group.getDimensionFilters());
+                        resource.getFilters().add(df);
+                    }
+                }
+            }
+        }
+
+        return resource;
+    }
+
+    public void removeAuthGroup(AuthGroup group) {
+        jdbcTemplate.update("delete from s2_auth_groups where group_id = ?", group.getGroupId());
+    }
+}
--- a/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthServiceImpl.java
+++ b/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/application/AuthServiceImpl.java
@@ -0,0 +1,24 @@
+package com.tencent.supersonic.auth.authorization.application;
+
+import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
+import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
+import com.tencent.supersonic.auth.api.authorization.service.AuthService;
+import javax.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+@Service
+@Slf4j
+public class AuthServiceImpl implements AuthService {
+
+    private final AuthApplicationService authApplicationService;
+
+    public AuthServiceImpl(AuthApplicationService authApplicationService) {
+        this.authApplicationService = authApplicationService;
+    }
+
+    @Override
+    public AuthorizedResourceResp queryAuthorizedResources(HttpServletRequest request, QueryAuthResReq req) {
+        return authApplicationService.queryAuthorizedResources(req, request);
+    }
+}
--- a/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthGroup.java
+++ b/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthGroup.java
@@ -0,0 +1,27 @@
+package com.tencent.supersonic.auth.authorization.domain.pojo;
+
+import java.util.List;
+import lombok.Data;
+
+@Data
+public class AuthGroup {
+
+    private String domainId;
+    private String name;
+    private Integer groupId;
+    private List<AuthRule> authRules;
+    /**
+     * row permission expression
+     */
+    private List<String> dimensionFilters;
+    /**
+     * row permission expression description information
+     */
+    private String dimensionFilterDescription;
+
+    private List<String> authorizedUsers;
+    /**
+     * authorization Department Id
+     */
+    private List<String> authorizedDepartmentIds;
+}
--- a/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthRule.java
+++ b/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/domain/pojo/AuthRule.java
@@ -0,0 +1,28 @@
+package com.tencent.supersonic.auth.authorization.domain.pojo;
+
+import java.beans.Transient;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Data;
+
+@Data
+public class AuthRule {
+
+    private String name;
+    private String description;
+    private List<String> metrics;
+    private List<String> dimensions;
+
+    @Transient
+    public List<String> resourceNames() {
+        ArrayList<String> res = new ArrayList<>();
+        if (metrics != null) {
+            res.addAll(metrics);
+        }
+
+        if (dimensions != null) {
+            res.addAll(dimensions);
+        }
+        return res;
+    }
+}
--- a/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/rest/AuthController.java
+++ b/auth/authorization/src/main/java/com/tencent/supersonic/auth/authorization/rest/AuthController.java
@@ -0,0 +1,73 @@
+package com.tencent.supersonic.auth.authorization.rest;
+
+import com.tencent.supersonic.auth.api.authorization.request.QueryAuthResReq;
+import com.tencent.supersonic.auth.api.authorization.response.AuthorizedResourceResp;
+import com.tencent.supersonic.auth.authorization.application.AuthApplicationService;
+import com.tencent.supersonic.auth.authorization.domain.pojo.AuthGroup;
+import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/auth")
+@Slf4j
+public class AuthController {
+
+    private final AuthApplicationService service;
+
+    public AuthController(AuthApplicationService service) {
+        this.service = service;
+    }
+
+    @GetMapping("/queryGroup")
+    public List<AuthGroup> queryAuthGroup(@RequestParam("domainId") String domainId,
+            @RequestParam(value = "groupId", required = false) Integer groupId) {
+        return service.queryAuthGroups(domainId, groupId);
+    }
+
+    /**
+     * 新建权限组
+     */
+    @PostMapping("/createGroup")
+    public void newAuthGroup(@RequestBody AuthGroup group) {
+        group.setGroupId(null);
+        service.updateAuthGroup(group);
+    }
+
+    @PostMapping("/removeGroup")
+    public void removeAuthGroup(@RequestBody AuthGroup group) {
+        service.removeAuthGroup(group);
+    }
+
+    /**
+     * 更新权限组
+     *
+     * @param group
+     */
+    @PostMapping("/updateGroup")
+    public void updateAuthGroup(@RequestBody AuthGroup group) {
+        if (group.getGroupId() == null || group.getGroupId() == 0) {
+            throw new RuntimeException("groupId is empty");
+        }
+        service.updateAuthGroup(group);
+    }
+
+    /**
+     * 查询有权限访问的受限资源id
+     *
+     * @param req
+     * @param request
+     * @return
+     */
+    @PostMapping("/queryAuthorizedRes")
+    public AuthorizedResourceResp queryAuthorizedResources(@RequestBody QueryAuthResReq req,
+            HttpServletRequest request) {
+        return service.queryAuthorizedResources(req, request);
+    }
+}