union query user.

src/main/java/cn/quantgroup/xyqb/Constants.java

@@ -37,6 +37,7 @@ public interface Constants {
     String X_AUTH_APP_ID = "qg-app-id";
 
     String X_AUTH_FROM = "qg-registered-from";
+    String X_STMS_TOKEN = "qg-stms-token";
 
     String X_BEHAVIOR_TYPE = "qg-behavior-type";
     String X_BEHAVIOR_ID = "qg-behavior-id";

src/main/java/cn/quantgroup/xyqb/config/http/MyWebMvcConfigurer.java

 package cn.quantgroup.xyqb.config.http;
 
 import cn.quantgroup.xyqb.filter.BehaviorInterceptor;
+import cn.quantgroup.xyqb.filter.InnerInterceptor;
 import cn.quantgroup.xyqb.filter.TokenInterceptor;
-import cn.quantgroup.xyqb.service.captcha.IQuantgroupCaptchaService;
+import cn.quantgroup.xyqb.remote.StmsRemoteService;
 import cn.quantgroup.xyqb.service.session.ISessionService;
 import cn.quantgroup.xyqb.service.v2.BehaviorContext;
-import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
 import org.hibernate.validator.HibernateValidator;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.format.FormatterRegistry;
 import org.springframework.stereotype.Component;
@@ -27,6 +26,8 @@ public class MyWebMvcConfigurer extends WebMvcConfigurerAdapter {
     private ISessionService sessionService;
     @Autowired
     private BehaviorContext behaviorContext;
+    @Autowired
+    private StmsRemoteService stmsRemoteService;
 
     @Override
     public void addFormatters(FormatterRegistry registry) {
@@ -53,9 +54,12 @@ public class MyWebMvcConfigurer extends WebMvcConfigurerAdapter {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
+
         registry.addInterceptor(new TokenInterceptor(sessionService)).addPathPatterns("/v2/**")
                 .excludePathPatterns("/v2/behavior/code");
-      registry.addInterceptor(new BehaviorInterceptor(behaviorContext)).addPathPatterns("/v2/**","/api/v2")
+        registry.addInterceptor(new BehaviorInterceptor(behaviorContext)).addPathPatterns("/v2/**", "/api/v2/**")
                 .excludePathPatterns("/v2/behavior/code");
+
+        registry.addInterceptor(new InnerInterceptor(sessionService, stmsRemoteService)).addPathPatterns("/api/v2/**");
     }
 }
\ No newline at end of file

src/main/java/cn/quantgroup/xyqb/exception/BizExceptionEnum.java

@@ -21,6 +21,10 @@ public enum BizExceptionEnum {
     ERROR_WECHAT_LOGIN("1010","微信登录失败"),
     ERROR_INTERNAL_LOGIN("1011","公开接口不能调用内部登录方式"),
     ERROR_LOGIN_PARAM("1012","登录参数异常，请按接口文档对接"),
+    UN_EXIT_STMS_TOKEN("1013","stms的token不存在"),
+    UN_VALID_STMS_TOKEN("1014","无效的stms的token"),
+    UN_PERMISSION_STMS("1015","没有内部接口访问权限"),
+
 
 
 

src/main/java/cn/quantgroup/xyqb/filter/InnerInterceptor.java

+package cn.quantgroup.xyqb.filter;
+
+import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.exception.BizException;
+import cn.quantgroup.xyqb.exception.BizExceptionEnum;
+import cn.quantgroup.xyqb.model.OauthResult;
+import cn.quantgroup.xyqb.model.session.SessionStruct;
+import cn.quantgroup.xyqb.remote.StmsRemoteService;
+import cn.quantgroup.xyqb.service.session.ISessionService;
+import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
+import cn.quantgroup.xyqb.util.StringUtils;
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class InnerInterceptor implements HandlerInterceptor {
+    private final ISessionService sessionService;
+    private final StmsRemoteService stmsRemoteService;
+
+    public InnerInterceptor(ISessionService sessionService, StmsRemoteService stmsRemoteService) {
+        this.sessionService = sessionService;
+        this.stmsRemoteService = stmsRemoteService;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        //所有开放出去的外部接口，都需要验证租户id和注册来源
+        String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
+        String registeredFrom = request.getHeader(Constants.X_AUTH_FROM);
+        String stmsToken = request.getHeader(Constants.X_AUTH_TOKEN);
+        if (StringUtils.isEmpty(tenantId)) {
+            throw new BizException(BizExceptionEnum.UN_EXIT_TENANT_ID);
+        }
+        if (StringUtils.isEmpty(registeredFrom)) {
+            throw new BizException(BizExceptionEnum.UN_EXIT_REGISTERED_FROM);
+        }
+        if (StringUtils.isEmpty(stmsToken)) {
+            throw new BizException(BizExceptionEnum.UN_EXIT_STMS_TOKEN);
+        }
+
+        SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(stmsToken);
+
+        if (sessionStruct == null) {
+            OauthResult oauthResult = stmsRemoteService.checkToken(stmsToken);
+            if (oauthResult != null && 2000 == oauthResult.getCode()) {
+                OauthResult permissionResult = stmsRemoteService.checkPermission(stmsToken,
+                        request.getRequestURI(), tenantId);
+                if (permissionResult != null && 2000 == permissionResult.getCode()) {
+                    JSONObject jsonObject = JSONObject.parseObject((String)permissionResult.getData());
+                    String userId = jsonObject.getString("id");
+                    String userName = jsonObject.getString("name");
+                    sessionStruct = XyqbSessionContextHolder.initSTMSSession(stmsToken,userId,userName);
+                    sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues(), sessionStruct.getTenantId());
+                } else {
+                    throw new BizException(BizExceptionEnum.UN_PERMISSION_STMS);
+                }
+
+            } else {
+                throw new BizException(BizExceptionEnum.UN_VALID_STMS_TOKEN);
+            }
+
+
+        } else {
+            //session续期
+            sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues(), sessionStruct.getTenantId());
+        }
+
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        XyqbSessionContextHolder.releaseSession();
+    }
+}

src/main/java/cn/quantgroup/xyqb/filter/TokenInterceptor.java

@@ -26,7 +26,7 @@ public class TokenInterceptor implements HandlerInterceptor {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        //所有开放出去的外部接口，都不需要验证租户id和注册来源
+        //所有开放出去的外部接口，都需要验证租户id和注册来源
         String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
         String registered_from = request.getHeader(Constants.X_AUTH_FROM);
         if (StringUtils.isEmpty(tenantId)) {
@@ -48,7 +48,9 @@ public class TokenInterceptor implements HandlerInterceptor {
         } else {
             //如果是排除的接口，同时sessionStruct为空，这时候初始化租户和来源字段
             if (sessionStruct == null) {
-                XyqbSessionContextHolder.initXSession();
+                sessionStruct = XyqbSessionContextHolder.initXSession();
+                sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues(), sessionStruct.getTenantId());
+
             }
         }
 

src/main/java/cn/quantgroup/xyqb/model/session/SessionStruct.java

@@ -28,6 +28,9 @@ public class SessionStruct implements Serializable {
     private String scDeviceId;
     private String terminal;
 
+    private String stmsUserId;
+    private String stmsUserName;
+
 
     public void setAttribute(String key, String value) {
         if (value == null) {

src/main/java/cn/quantgroup/xyqb/remote/StmsRemoteService.java

@@ -2,11 +2,18 @@ package cn.quantgroup.xyqb.remote;
 
 import cn.quantgroup.xyqb.model.OauthResult;
 import org.springframework.cloud.netflix.feign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestParam;
 
 @FeignClient(name = "stms", url = "${stms.https}")
 public interface StmsRemoteService {
   @PostMapping("/v2/oauth/currentuserinfo")
   OauthResult checkToken(@RequestHeader("Access-Token") String accessToken);
+
+  @GetMapping(value = "/v2/oauth/permission")
+  OauthResult checkPermission(@RequestHeader("Access-Token") String accessToken,
+                              @RequestHeader("Referer") String referer, @RequestParam("tenantId") String tenantId);
+
 }

src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java

@@ -37,9 +37,9 @@ public class XyqbSessionContextHolder {
         return sessionStruct;
     }
 
-    public static void initXSession() {
-        SessionStruct sessionStruct;
-        if (threadSession.get() == null) {
+    public static SessionStruct initXSession() {
+        SessionStruct sessionStruct =threadSession.get();
+        if (sessionStruct == null) {
 
             sessionStruct = new SessionStruct();
             HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
@@ -56,9 +56,43 @@ public class XyqbSessionContextHolder {
                 sessionStruct.setGeetestId(geetestId);
             }
             sessionStruct.setScDeviceId(request.getHeader("scDeviceId"));
-            sessionStruct.setTerminal( request.getHeader("terminal"));
+            sessionStruct.setTerminal(request.getHeader("terminal"));
+            threadSession.set(sessionStruct);
+        }else{
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+
+            //如果是极验，那赋值
+            if (request.getHeader(Constants.X_BEHAVIOR_TYPE) != null && "1".equals(request.getHeader(Constants.X_BEHAVIOR_TYPE))) {
+                String geetestId = request.getHeader(Constants.X_BEHAVIOR_ID);
+                sessionStruct.setGeetestId(geetestId);
+            }
+        }
+        return sessionStruct;
+    }
+
+    public static SessionStruct initSTMSSession(String token,String userId, String userName) {
+        SessionStruct sessionStruct = threadSession.get();
+        if (sessionStruct == null) {
+
+            sessionStruct = new SessionStruct();
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+            String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
+            String registered_from = request.getHeader(Constants.X_AUTH_FROM);
+            String ip = IpUtil.getRemoteIP(request);
+            sessionStruct.setTenantId(Integer.valueOf(tenantId));
+            sessionStruct.setRegisteredFrom(Long.valueOf(registered_from));
+            sessionStruct.setIp(ip);
+            sessionStruct.setScDeviceId(request.getHeader("scDeviceId"));
+            sessionStruct.setTerminal(request.getHeader("terminal"));
+            sessionStruct.setSid(token);
+            sessionStruct.setStmsUserId(userId);
+            sessionStruct.setStmsUserName(userName);
             threadSession.set(sessionStruct);
+        } else {
+            sessionStruct.setStmsUserId(userId);
+            sessionStruct.setStmsUserName(userName);
         }
+        return sessionStruct;
     }
 
     public static SessionStruct getXSessionFromRedis() {