[app-platform] x86环境北向接口不需要传递鉴权信息 (#365)

* [app-platform] x86环境北向接口不需要传递鉴权信息

* [app-platform] 检视意见修改

* [app-platform] 检视意见修改

---------

Co-authored-by: 陈潇文 <[email protected]>

Author: Msquittto

common/plugins/apikey-auth-default/pom.xml

@@ -23,10 +23,18 @@
             <artifactId>apikey-service</artifactId>
             <version>1.0.0-SNAPSHOT</version>
         </dependency>
+        <dependency>
+            <groupId>modelengine.fit.jade.service</groupId>
+            <artifactId>authentication-service</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.fitframework</groupId>
             <artifactId>fit-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.fitframework.service</groupId>
+            <artifactId>fit-http-classic</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>

…e/common/filter/support/NorthFilter.java …gine/jade/apikey/filter/NorthFilter.javacommon/plugins/http-interceptor/src/main/java/modelengine/jade/common/filter/support/NorthFilter.java renamed to common/plugins/apikey-auth-default/src/main/java/modelengine/jade/apikey/filter/NorthFilter.java common/plugins/http-interceptor/src/main/java/modelengine/jade/common/filter/support/NorthFilter.java renamed to common/plugins/apikey-auth-default/src/main/java/modelengine/jade/apikey/filter/NorthFilter.java

@@ -4,7 +4,7 @@
  * Licensed under the MIT License. See License.txt in the project root for license information.
  */
 
-package modelengine.jade.common.filter.support;
+package modelengine.jade.apikey.filter;
 
 import modelengine.fit.http.protocol.HttpResponseStatus;
 import modelengine.fit.http.server.HttpClassicServerRequest;
@@ -14,6 +14,7 @@
 import modelengine.fitframework.annotation.Component;
 import modelengine.fitframework.annotation.Order;
 import modelengine.fitframework.annotation.Scope;
+import modelengine.fitframework.annotation.Value;
 import modelengine.fitframework.inspection.Validation;
 import modelengine.fitframework.log.Logger;
 import modelengine.jade.apikey.ApikeyAuthService;
@@ -23,7 +24,6 @@
 
 import java.util.Collections;
 import java.util.List;
-import java.util.Optional;
 
 /**
  * 用于北向接口的过滤器类。
@@ -34,19 +34,23 @@
 @Component
 public class NorthFilter implements HttpServerFilter {
     private static final Logger log = Logger.get(NorthFilter.class);
-    private static final String USER_NAME_PREFIX = "sys_api_";
-    private static final int ME_SK_START_POS = 13;
-    private static final int ME_SK_END_POS = 21;
 
     private final ApikeyAuthService apikeyAuthService;
+    private final String apikey;
+    private final String userName;
 
     /**
      * 用 apikey 鉴权服务 {@link ApikeyAuthService} 构造 {@link NorthFilter}。
      *
      * @param apikeyAuthService 表示 apikey 鉴权服务的 {@link ApikeyAuthService}。
+     * @param apikey 表示默认 apikey 的 {@link String}。
+     * @param userName 表示默认用户名的 {@link String}。
      */
-    public NorthFilter(ApikeyAuthService apikeyAuthService) {
+    public NorthFilter(ApikeyAuthService apikeyAuthService, @Value("${apikey}") String apikey,
+            @Value("${userName}") String userName) {
         this.apikeyAuthService = Validation.notNull(apikeyAuthService, "The auth service cannot be null.");
+        this.apikey = apikey;
+        this.userName = userName;
     }
 
     @Override
@@ -72,20 +76,16 @@ public List<String> mismatchPatterns() {
     @Override
     public void doFilter(HttpClassicServerRequest request, HttpClassicServerResponse response,
             HttpServerFilterChain chain) {
-        Optional<String> token = request.headers().first("Authorization");
-        log.info("Received request with Authorization token.");
 
-        if (token.isEmpty() || !this.apikeyAuthService.authApikeyInfo(token.get())) {
+        if (!this.apikeyAuthService.authApikeyInfo(this.apikey)) {
             // 认证失败，返回 401 错误
             response.statusCode(HttpResponseStatus.UNAUTHORIZED.statusCode());
             log.error("Authentication failed: Token is null or invalid.");
             response.send();
             return;
         }
 
-        String userName = this.generateUniqueNameForApiKey(token.get());
-
-        UserContext operationContext = new UserContext(userName,
+        UserContext operationContext = new UserContext(this.userName,
                 HttpRequestUtils.getUserIp(request),
                 HttpRequestUtils.getAcceptLanguages(request));
         UserContextHolder.apply(operationContext, () -> chain.doFilter(request, response));
@@ -95,8 +95,4 @@ public void doFilter(HttpClassicServerRequest request, HttpClassicServerResponse
     public Scope scope() {
         return Scope.GLOBAL;
     }
-
-    private String generateUniqueNameForApiKey(String apiKey) {
-        return USER_NAME_PREFIX + apiKey.substring(ME_SK_START_POS, ME_SK_END_POS);
-    }
 }

common/plugins/apikey-auth-default/src/main/resources/application.yml

@@ -1,4 +1,7 @@
 fit:
   beans:
     packages:
-      - 'modelengine.jade.apikey.impl'
+      - 'modelengine.jade.apikey'
+
+apikey: 'Jade'
+userName: 'Jade'