Merge pull request #44 from CJP2004/dev

Dev

Author: CJP2004

auth-service/pom.xml

@@ -62,6 +62,11 @@
       <artifactId>poi-ooxml</artifactId>
       <version>5.2.5</version>
     </dependency>
+    <dependency>
+      <groupId>com.github.xingfudeshi</groupId>
+      <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
+      <version>4.6.0</version>
+    </dependency>
 
     <dependency>
       <groupId>org.springframework.boot</groupId>

auth-service/src/main/java/com/servicegovernance/auth/controller/ApiReverseAuthorizationController.java

@@ -0,0 +1,45 @@
+package com.servicegovernance.auth.controller;
+
+import com.servicegovernance.auth.common.core.ApiResponse;
+import com.servicegovernance.auth.service.ApiReverseAuthorizationService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import java.util.Map;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Tag(name = "API 反向授权")
+@RestController
+@RequestMapping("/api/authorization")
+public class ApiReverseAuthorizationController {
+
+  private final ApiReverseAuthorizationService apiReverseAuthorizationService;
+
+  public ApiReverseAuthorizationController(ApiReverseAuthorizationService apiReverseAuthorizationService) {
+    this.apiReverseAuthorizationService = apiReverseAuthorizationService;
+  }
+
+  /** 查询 API 反向授权列表。 */
+  @Operation(summary = "查询反向授权列表", description = "按被调用方、调用方和授权状态等条件查询反向授权列表。")
+  @PostMapping("/reverse/list")
+  public ApiResponse<Map<String, Object>> reverseList(@RequestBody Map<String, Object> query) {
+    return ApiResponse.success(apiReverseAuthorizationService.reverseList(query));
+  }
+
+  /** 查询 API 反向授权详情。 */
+  @Operation(summary = "查询反向授权详情", description = "根据请求参数查询反向授权详情及其关联 API 配置。")
+  @PostMapping("/reverse/detail")
+  public ApiResponse<Map<String, Object>> reverseDetail(@RequestBody Map<String, Object> payload) {
+    return ApiResponse.success(apiReverseAuthorizationService.reverseDetail(payload));
+  }
+
+  /** 保存 API 反向授权配置。 */
+  @Operation(summary = "保存反向授权配置", description = "保存反向授权关系和对应的 API 权限配置。")
+  @PostMapping("/reverse/save")
+  public ApiResponse<Boolean> saveReverse(@RequestBody Map<String, Object> payload) {
+    apiReverseAuthorizationService.saveReverse(payload);
+    return ApiResponse.success(true);
+  }
+}

auth-service/src/main/java/com/servicegovernance/auth/controller/AuthorizationAccessController.java

@@ -0,0 +1,40 @@
+package com.servicegovernance.auth.controller;
+
+import com.servicegovernance.auth.common.core.ApiResponse;
+import com.servicegovernance.auth.service.AuthorizationAccessService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import java.util.Map;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Tag(name = "授权访问校验")
+@RestController
+@RequestMapping("/api/authorization")
+public class AuthorizationAccessController {
+
+  private final AuthorizationAccessService authorizationAccessService;
+
+  public AuthorizationAccessController(AuthorizationAccessService authorizationAccessService) {
+    this.authorizationAccessService = authorizationAccessService;
+  }
+
+  /** 供远程服务调用，校验服务身份和授权关系。 */
+  @Operation(summary = "校验授权关系", description = "根据调用关系和接口信息校验当前授权配置是否满足访问要求。")
+  @PostMapping("/check")
+  public ApiResponse<Map<String, Object>> check(@RequestBody Map<String, Object> payload) {
+    return ApiResponse.success(authorizationAccessService.check(payload));
+  }
+
+  /** 供远程服务按 Basic 认证查询可访问资源。 */
+  @Operation(summary = "查询资源权限列表", description = "结合请求头中的 Authorization 信息和查询条件，返回当前资源权限列表。")
+  @PostMapping("/resource/list")
+  public ApiResponse<Map<String, Object>> resourceList(
+      @RequestHeader(value = "Authorization", required = false) String authorization,
+      @RequestBody Map<String, Object> payload) {
+    return ApiResponse.success(authorizationAccessService.resourceList(authorization, payload));
+  }
+}

auth-service/src/main/java/com/servicegovernance/auth/controller/AuthorizationController.java

@@ -0,0 +1,52 @@
+package com.servicegovernance.auth.controller;
+
+import com.servicegovernance.auth.common.core.ApiResponse;
+import com.servicegovernance.auth.service.SingleAppAuthorizationService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletResponse;
+import java.util.Map;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Tag(name = "单应用授权")
+@RestController
+@RequestMapping("/api/authorization")
+public class SingleAppAuthorizationController {
+
+  private final SingleAppAuthorizationService singleAppAuthorizationService;
+
+  public SingleAppAuthorizationController(SingleAppAuthorizationService singleAppAuthorizationService) {
+    this.singleAppAuthorizationService = singleAppAuthorizationService;
+  }
+
+  /** 查询单应用授权列表。 */
+  @Operation(summary = "查询单应用授权列表", description = "按调用方、被调用方和授权状态等条件查询单应用授权列表。")
+  @PostMapping("/single-app/list")
+  public ApiResponse<Map<String, Object>> singleAppList(@RequestBody Map<String, Object> query) {
+    return ApiResponse.success(singleAppAuthorizationService.singleAppList(query));
+  }
+
+  /** 查询单应用授权详情和可配置 API。 */
+  @Operation(summary = "查询单应用授权详情", description = "根据请求参数查询单应用授权详情及其关联 API 配置。")
+  @PostMapping("/single-app/detail")
+  public ApiResponse<Map<String, Object>> singleAppDetail(@RequestBody Map<String, Object> payload) {
+    return ApiResponse.success(singleAppAuthorizationService.singleAppDetail(payload));
+  }
+
+  /** 保存单应用授权配置。 */
+  @Operation(summary = "保存单应用授权配置", description = "保存单应用授权关系和对应的 API 权限配置。")
+  @PostMapping("/single-app/save")
+  public ApiResponse<Boolean> saveSingleApp(@RequestBody Map<String, Object> payload) {
+    return ApiResponse.success(singleAppAuthorizationService.saveSingleApp(payload));
+  }
+
+  /** 导出单应用授权数据为 Excel。 */
+  @Operation(summary = "导出单应用授权 Excel", description = "根据搜索条件查询全量授权数据，生成 .xlsx 文件通过 HTTP 文件流返回。")
+  @PostMapping("/single-app/export")
+  public void exportExcel(@RequestBody Map<String, Object> query, HttpServletResponse response) {
+    singleAppAuthorizationService.exportExcel(query, response);
+  }
+}

auth-service/src/main/java/com/servicegovernance/auth/controller/SingleAppAuthorizationController.java

@@ -0,0 +1,40 @@
+package com.servicegovernance.auth.mapper;
+
+import java.util.List;
+import java.util.Map;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+@Mapper
+public interface ApiReverseAuthorizationMapper {
+
+  List<Map<String, Object>> selectReverseList(@Param("query") Map<String, Object> query);
+
+  Long countReverseList(@Param("query") Map<String, Object> query);
+
+  List<Map<String, Object>> selectReverseSelectedApis(@Param("apiIds") List<Long> apiIds);
+
+  List<Map<String, Object>> selectReverseCheckedApps(@Param("apiIds") List<Long> apiIds,
+      @Param("apiCount") int apiCount);
+
+  List<Map<String, Object>> selectReverseDetailApps(@Param("apiId") Long apiId);
+
+  Long selectAppIdByCode(@Param("appCode") String appCode);
+
+  int insertAuth(@Param("callerAppId") Long callerAppId, @Param("calleeAppId") Long calleeAppId,
+      @Param("apiId") Long apiId);
+
+  Long nextAuthLogId();
+
+  Map<String, Object> selectAuthLogDetail(@Param("callerAppId") Long callerAppId,
+      @Param("calleeAppId") Long calleeAppId, @Param("apiId") Long apiId);
+
+  int insertAuthLog(@Param("logId") Long logId, @Param("detail") Map<String, Object> detail,
+      @Param("operationType") int operationType);
+
+  Long countActiveAuth(@Param("callerAppId") Long callerAppId, @Param("calleeAppId") Long calleeAppId,
+      @Param("apiId") Long apiId);
+
+  int revokeOne(@Param("callerAppId") Long callerAppId, @Param("calleeAppId") Long calleeAppId,
+      @Param("apiId") Long apiId);
+}

auth-service/src/main/java/com/servicegovernance/auth/mapper/ApiReverseAuthorizationMapper.java

@@ -0,0 +1,27 @@
+package com.servicegovernance.auth.mapper;
+
+import java.util.List;
+import java.util.Map;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+@Mapper
+public interface AuthorizationAccessMapper {
+
+  Long selectAppIdByCode(@Param("appCode") String appCode);
+
+  Map<String, Object> selectAppCredentialByCode(@Param("appCode") String appCode);
+
+  Long countAnyActiveAuth(@Param("callerAppId") Long callerAppId, @Param("calleeAppId") Long calleeAppId);
+
+  Long nextCallDecisionLogId();
+
+  int insertCallDecisionLog(@Param("logId") Long logId, @Param("caller") Map<String, Object> caller,
+      @Param("callee") Map<String, Object> callee, @Param("decisionResult") int decisionResult,
+      @Param("decisionReason") String decisionReason);
+
+  List<String> selectAuthorizedUrls(@Param("callerAppId") Long callerAppId,
+      @Param("calleeAppId") Long calleeAppId);
+
+  Long selectResourceVersion(@Param("calleeAppId") Long calleeAppId);
+}