package com.bocloud.sms.service; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; import cn.hutool.http.HttpUtil; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.bocloud.sms.entity.AppEntity; import com.bocloud.sms.entity.Role; import com.bocloud.sms.entity.User; import com.bocloud.sms.enums.YkInf; import com.bocloud.sms.interfaces.TrxService; import com.bocloud.sms.model.*; import com.bocloud.sms.repository.RoleRepository; import com.bocloud.sms.repository.UserRepository; import com.bocloud.sms.service.utils.QxUtils; import com.bocloud.sms.service.utils.Sha256Util; import com.bocloud.sms.service.utils.YkUtils; import com.google.gson.Gson; import com.google.gson.reflect.TypeToken; import com.megatron.common.encrypt.AESEncryptor; import com.megatron.common.encrypt.Encryptor; import com.megatron.common.model.GeneralResult; import com.megatron.common.model.RequestContext; import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.stereotype.Service; import org.springframework.util.ObjectUtils; import java.lang.reflect.Type; import java.util.*; import java.util.stream.Collectors; @Slf4j @Service @RequiredArgsConstructor public class TrxServiceImpl implements TrxService { @Value("${trx.address:https://109.64.24.225}") private String trxUrl; @Autowired private UserServiceImpl userServiceImpl; @Autowired private UserRepository userRepository; private final YkUtils ykUtils; private final QxUtils qxUtils; @Autowired private RoleRepository roleRepository; private final StringRedisTemplate redisTemplate; // 获取天融信随机字符串 @Override public GeneralResult getRandomstr(String ngxCookie) { String url = trxUrl + "/getRandomStr"; Map paramsMap = new HashMap<>(); paramsMap.put("isToken", "false"); paramsMap.put("ngx_cookie", ngxCookie); JSONObject result = new JSONObject(); try { HttpRequest httpRequest = HttpRequest.get(url) .addHeaders(paramsMap); httpRequest.cookie("ngx_cookie=" + ngxCookie); log.info("调用天融信获取随机字符串接口, url:" + httpRequest.getUrl() + "请求头:" + JSONObject.toJSONString(httpRequest.headers())); log.info("调用天融信获取随机字符串接口, 请求信息:" + JSONObject.toJSONString(httpRequest)); HttpResponse response = httpRequest.execute(); result = JSONObject.parseObject(response.body()); if ("-1".equals(result.getString("result"))) { return new GeneralResult(false, "获取随机数失败" + result.getString("errmsg")); } } catch (Exception e) { log.error("调用天融信获取随机字符串失败", e); return new GeneralResult(false, "获取随机数失败" + e.getMessage()); } return new GeneralResult(true, result.getString("result"), "获取随机数成功"); } @Override public GeneralResult getSoftRandomstr(String ngxCookie, String account) { String url = trxUrl + "/getRandomStr"; Map paramsMap = new HashMap<>(); paramsMap.put("isToken", "false"); paramsMap.put("ngx_cookie", ngxCookie); JSONObject result; try { HttpRequest httpRequest = HttpRequest.get(url) .addHeaders(paramsMap); httpRequest.cookie("ngx_cookie=" + ngxCookie + ";account=" + account); log.info("调用天融信获取软随机字符串接口, url:" + httpRequest.getUrl() + "请求头:" + JSONObject.toJSONString(httpRequest.headers())); log.info("调用天融信获取随机字符串接口, 请求信息:" + JSONObject.toJSONString(httpRequest)); HttpResponse response = httpRequest.execute(); result = JSONObject.parseObject(response.body()); if ("-1".equals(result.getString("result"))) { return new GeneralResult(false, "获取随机数失败" + result.getString("errmsg")); } } catch (Exception e) { log.error("调用天融信获取随机字符串失败", e); return new GeneralResult(false, "获取随机数失败" + e.getMessage()); } return new GeneralResult(true, result.getString("result"), "获取随机数成功"); } @Override public GeneralResult getAuthToken(TrxAuthModel trxAuthModel) { String url = trxUrl + "/userAuthen"; Map paramsMap = new HashMap<>(); paramsMap.put("cookie", trxAuthModel.getClientHello()); List> authenList = new ArrayList<>(); Map userMap = new HashMap<>(); userMap.put("loginName", trxAuthModel.getLoginName()); userMap.put("passwd", trxAuthModel.getPassword()); authenList.add(userMap); Map md5Map = new HashMap<>(); md5Map.put("certMd5", trxAuthModel.getServerHello()); md5Map.put("value", ""); md5Map.put("hashType", ""); authenList.add(md5Map); Map passcodeMap = new HashMap<>(); passcodeMap.put("passcode", ""); authenList.add(passcodeMap); Map dfCodeMap = new HashMap<>(); dfCodeMap.put("df_code", ""); authenList.add(dfCodeMap); Map ipMap = new HashMap<>(); ipMap.put("client_ip", trxAuthModel.getClientIp()); authenList.add(ipMap); paramsMap.put("Authen", authenList); JSONObject result = new JSONObject(); GeneralResult> login = new GeneralResult<>(); try { HttpRequest httpRequest = HttpRequest.post(url) .header("isToken", "false") .body(JSONObject.toJSONString(paramsMap)); log.info("调用天融信用户登录接口, 请求信息:" + JSONObject.toJSONString(httpRequest)); HttpResponse response = httpRequest.execute(); result = JSONObject.parseObject(response.body()); if (!"0".equals(result.getString("result"))) { return new GeneralResult(false, "用户登录天融信失败" + result.getString("errmsg")); } String trxToken = result.getString("token"); String userId = result.getString("userId"); // 处理ukey登录用户 log.info("开始uKey登录用户入库, userId:" + userId); saveUserByTrx(userId); log.info("uKey登录用户入库结束"); // 登录 log.info("开始uKey登录用户登录云管平台"); User user = userRepository.getByUserId(userId); Encryptor encryptor = new AESEncryptor(); String password = encryptor.encrypt(userId + "CMP", null); login = userServiceImpl.login(user.getAccount(), password, null, null, true); login.getData().put("trxToken", trxToken); log.info("uKey登录用户登录云管平台结束"); } catch (Exception e) { log.error("用户登录失败:", e); return new GeneralResult(false, "用户登录失败" + e.getMessage()); } return login; } @Override public GeneralResult getpwdAuthen(TrxAuthModel trxAuthModel) { String url = trxUrl + "/pwdAuthen"; String s1 = Sha256Util.sha256(trxAuthModel.getPassword()); log.info("密码s1 sha256值:" + s1); String rs1 = Sha256Util.sha256(trxAuthModel.getRandoms() + s1); log.info("密码rs1 sha256值:" + rs1); Map paramsMap = new HashMap<>(); paramsMap.put("cookie", trxAuthModel.getClientHello()); paramsMap.put("confusn_pwd", rs1); paramsMap.put("client_ip", trxAuthModel.getClientIp()); JSONObject result = new JSONObject(); GeneralResult> login = new GeneralResult<>(); try { HttpRequest httpRequest = HttpRequest.post(url) .header("isToken", "false") .body(JSONObject.toJSONString(paramsMap)); log.info("调用天融信用户软key登录接口, 请求信息:" + JSONObject.toJSONString(httpRequest)); HttpResponse response = httpRequest.execute(); result = JSONObject.parseObject(response.body()); if (!"0".equals(result.getString("result"))) { return new GeneralResult(false, "用户登录天融信失败" + result.getString("errmsg")); } String trxToken = result.getString("token"); String userId = result.getString("user_id"); // 处理ukey登录用户 log.info("开始软Key登录用户入库, userId:" + userId); saveUserByTrx(userId); log.info("软Key登录用户入库结束"); // 登录 log.info("开始软Key登录用户登录云管平台"); User user = userRepository.getByUserId(userId); Encryptor encryptor = new AESEncryptor(); String password = encryptor.encrypt(userId + "CMP", null); login = userServiceImpl.login(user.getAccount(), password, null, null, true); login.getData().put("trxToken", trxToken); log.info("软Key登录用户登录云管平台结束"); } catch (Exception e) { log.error("用户登录失败:", e); return new GeneralResult(false, "用户登录失败" + e.getMessage()); } return login; } private void saveUserByTrx(String userId) { User user = userRepository.getByUserId(userId); // 根据userId获取运控系统用户信息 JSONObject params = new JSONObject(); params.put("userId", userId); //请求运控系统获取用户信息 YkUserModel ykUser = JSONArray.parseArray(ykUtils.call(YkInf.queryAllUser, params, String.class), YkUserModel.class).get(0); // 处理邮箱 Random random = new Random(); // 生成指定长度的随机数字字符串 StringBuilder emailStr = new StringBuilder(9); for (int i = 0; i < 9; i++) { emailStr.append(random.nextInt(10)); // 生成 0 到 9 之间的随机数字 } String email = emailStr.toString() + "@163.com"; if (ObjectUtils.isEmpty(user)) { log.info("开始新增天融信登录用户,userId: " + userId); // 新增 以userId作为account 并添加注释 UserBean userBean = new UserBean(); userBean.setPassword(userId + "CMP"); userBean.setSex(true); userBean.setIsManager(true); userBean.setUserId(userId); userBean.setRemark("天融信登录添加用户"); // 设置运控用户信息 userBean.setAccount(ykUser.getLoginName()); userBean.setName(ykUser.getUserName()); userBean.setMobile(ykUser.getMobile()); userBean.setEmail(ykUser.getEmail() == null ? email : ykUser.getEmail()); userBean.setUserId(userId); RequestContext context = new RequestContext(); context.setTarget(1L); context.setCatalog(RequestContext.Catalog.Manager); userServiceImpl.create(userBean, context); /** * 云管授权当前用户全部角色 * 1,获取云管角色列表 * 2,授权 * */ User userByUserId = userRepository.getByUserId(userId); List roleIds = roleRepository.list().stream().map(Role::getId).collect(Collectors.toList()); userServiceImpl.accredit(userByUserId.getId(), roleIds, context); log.info("完成新增天融信登录用户,userId: " + userId); } else { // 修改 log.info("开始修改天融信登录用户,userId: " + userId); UserBean userBean = new UserBean(); userBean.setId(user.getId()); userBean.setSex(true); userBean.setIsManager(true); userBean.setUserId(userId); userBean.setRemark("天融信登录添加用户"); // 设置运控用户信息 userBean.setAccount(ykUser.getLoginName()); userBean.setName(ykUser.getUserName()); userBean.setMobile(ykUser.getMobile()); userBean.setEmail(ykUser.getEmail() == null ? email : ykUser.getEmail()); RequestContext context = new RequestContext(); context.setTarget(1L); context.setCatalog(RequestContext.Catalog.Manager); userServiceImpl.modify(user.getId(), userBean, context); log.info("完成修改天融信登录用户,userId: " + userId); } } //确认天融信token是否有效 public GeneralResult getTokenOnline(String trxToken) { try { String url = trxUrl + "/tokenOnline"; JSONObject result = JSONObject.parseObject(HttpUtil.post(url, trxToken, 10000)); log.info("确认天融信token是否有效接口返回信息:" + JSONObject.toJSONString(result)); if (!"0".equals(result.getString("result"))) { return new GeneralResult(false, "当前token无效" + result.getString("errmsg")); } } catch (Exception e) { log.error("获取天融信token状态失败:", e); return new GeneralResult(false, "获取天融信token状态失败" + e.getMessage()); } return new GeneralResult(true, "当前token有效"); } // 登出天融信 (下线) @Override public GeneralResult logout(TrxAuthModel trxAuthModel) { String url = trxUrl + "/offlineToken"; Map paramsMap = new HashMap<>(); paramsMap.put("token", trxAuthModel.getTrxToken()); paramsMap.put("client_ip", trxAuthModel.getClientIp()); HttpRequest httpRequest = HttpRequest.post(url) .header("isToken", "false") .body(JSONObject.toJSONString(paramsMap)); log.info("调用天融信下线接口, 请求信息:" + JSONObject.toJSONString(httpRequest)); HttpResponse response = httpRequest.execute(); JSONObject result = JSONObject.parseObject(response.body()); if (!"0".equals(result.getString("result"))) { return new GeneralResult(false, "下线失败" + result.getString("msg")); } return new GeneralResult(true, "下线成功"); } // 获取运控系统应用列表 public List queryAppList(String userToken, String userId) { // 获取运控系统应用列表 String sysAppList = redisTemplate.opsForValue().get("SYS_APP_LIST"); Gson gson = new Gson(); Type listType = new TypeToken>() { }.getType(); List appList = gson.fromJson(sysAppList, listType); List permList = JSONArray.parseArray(qxUtils.queryApp(userToken, userId), AppPerm.class); if (CollectionUtil.isEmpty(permList)) return appList; List appIds = new ArrayList<>(permList.size()); permList.stream().forEach(appPerm -> appIds.add(appPerm.getId())); appList.stream().forEach(app -> { if (appIds.contains(app.getAppId())) { app.setEnable(false); } }); return appList; } // 获取天融信用户在权限系统的门户应用的菜单 public List queryQxCategoryList(String userToken, String userId) { List appModules = JSONArray.parseArray(qxUtils.queryAppModules(userToken, userId), AppModule.class); log.info("获取用户在指定应用中可操作的功能模块信息结果:" + JSONObject.toJSONString(appModules)); return appModules; } public String getRequestIpAddress(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("X-Real-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } String[] parts = ip.split(":"); return parts[0]; } }