111

pom.xml

@@ -215,6 +215,15 @@
             <version>0.2.21</version>
         </dependency>
 
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>sts</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>secretsmanager</artifactId>
+        </dependency>
+
 <!--        <dependency>-->
 <!--            <groupId>com.aliyun</groupId>-->
 <!--            <artifactId>chatbot20220408</artifactId>-->
@@ -325,6 +334,14 @@
                 <version>2.17.0</version>
             </dependency>
 
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>bom</artifactId>
+                <version>2.21.20</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 

src/main/java/com/fdkankan/cloud/acl/aop/CheckSignatureAspect.java

@@ -53,22 +53,22 @@ public class CheckSignatureAspect {
 		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
 		String signature = request.getHeader("signature");
 		if(StrUtil.isEmpty(signature)){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "请求头必须携带签名");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "signature cannot be empty");
 		}
 		String appCode = request.getParameter("appCode");
 		if(StrUtil.isEmpty(appCode)){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "appCode不能为空");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "appCode cannot be empty");
 		}
 		String timestamp = request.getParameter("timestamp");
 		if(StrUtil.isEmpty(timestamp)){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "timestamp不能为空");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "timestamp cannot be empty");
 		}
 		//时间戳有效时间是10秒
 		Instant now = Instant.now();
 		long epochSecond = now.getEpochSecond();
 		long expiraSecond = Long.valueOf(timestamp) + 10 * 60L;
 		if(expiraSecond < epochSecond){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "签名已失效");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "signature expired");
 		}
 
 		AppConfig appConfig = appConfigService.getByAppCode(appCode);
@@ -86,14 +86,21 @@ public class CheckSignatureAspect {
 		log.info("解密:{}", signature);
 		String[] split = signature.split("-");
 		if(split.length != 2){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "签名不匹配");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "signature mismatch");
 		}
 		String signatureAppCode = split[0];
 		String signatureTimestamp = split[1];
 		if(!appCode.equals(signatureAppCode) || !timestamp.equals(signatureTimestamp)){
-			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "签名不匹配");
+			throw new BusinessException(ErrorCode.FAILURE_CODE_3003.code(), "signature mismatch");
 		}
 
 	}
 
+	public static void main(String[] args) {
+		String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHmJkGNg0N0tKroJAbqdO6ndgdEgJBnClW3KhzUCQSLVYhBvewjlXRmc1KQbI7QHpcdbuhvGT/RVVu4npVRPnQilGSyOxLbDI4TKaM6ZMSYQ1RS5vTj2HbvJ2s21AjEhhRcDYvSEDs4KsZaOmta/Cfok8jfG46o3UB6LkwzCMHtQIDAQAB";
+		String test = "af9c663f3fd744c6bf40dbcd1c9aada3-" +  "1719828816";
+		String s = RsaUtil.create(null, publicKey).encryptByPublicKey(test);
+		System.out.println(s);
+	}
+
 }

src/main/java/com/fdkankan/cloud/acl/config/AliyunConfig.java

@@ -3,19 +3,21 @@ package com.fdkankan.cloud.acl.config;
 import com.fdkankan.cloud.acl.service.IAppConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+@ConditionalOnProperty(name = "cloud.type", havingValue = "aliyun")
 @Configuration
 public class AliyunConfig {
 
-    @Value("${aliyun.cloud.sts.accessKeyId}")
+    @Value("${cloud.sts.accessKeyId}")
     private String accessKeyId;
 
-    @Value("${aliyun.cloud.sts.accessKeySecret}")
+    @Value("${cloud.sts.accessKeySecret}")
     private String accessKeySecret;
 
-    @Value("${aliyun.cloud.sts.endpoint}")
+    @Value("${cloud.sts.endpoint}")
     private String endpoint;
 
 

src/main/java/com/fdkankan/cloud/acl/config/AwsConfig.java

@@ -0,0 +1,43 @@
+package com.fdkankan.cloud.acl.config;
+
+import com.amazonaws.auth.AWSCredentials;
+import com.amazonaws.auth.BasicAWSCredentials;
+import com.amazonaws.auth.SystemPropertiesCredentialsProvider;
+import com.amazonaws.client.builder.AwsClientBuilder;
+import com.amazonaws.services.s3.AmazonS3ClientBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import software.amazon.awssdk.auth.credentials.*;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.sts.StsClient;
+import software.amazon.awssdk.services.sts.StsClientBuilder;
+
+@ConditionalOnProperty(name = "cloud.type", havingValue = "aws")
+@Configuration
+public class AwsConfig {
+
+    @Value("${cloud.sts.accessKeyId}")
+    private String accessKeyId;
+
+    @Value("${cloud.sts.accessKeySecret}")
+    private String accessKeySecret;
+
+
+    /**
+     * 使用AK&SK初始化账号Client
+     * @return Client
+     * @throws Exception
+     */
+    @Bean("stsClient")
+    public StsClient initClient(){
+        AwsBasicCredentials awsBasicCredentials = AwsBasicCredentials.create(accessKeyId, accessKeySecret);
+        return StsClient.builder()
+                .region(Region.EU_WEST_2)
+                .credentialsProvider(StaticCredentialsProvider.create(awsBasicCredentials))
+                .build();
+    }
+
+
+}

src/main/java/com/fdkankan/cloud/acl/controller/AssumeRole.java

@@ -0,0 +1,97 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package com.fdkankan.cloud.acl.controller;
+
+// snippet-start:[sts.java2.assume_role.main]
+// snippet-start:[sts.java2.assume_role.import]
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.sts.StsClient;
+import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
+import software.amazon.awssdk.services.sts.model.StsException;
+import software.amazon.awssdk.services.sts.model.AssumeRoleResponse;
+import software.amazon.awssdk.services.sts.model.Credentials;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.time.format.FormatStyle;
+import java.util.Locale;
+// snippet-end:[sts.java2.assume_role.import]
+
+/**
+ * To make this code example work, create a Role that you want to assume.
+ * Then define a Trust Relationship in the AWS Console. You can use this as an
+ * example:
+ *
+ * {
+ * "Version": "2012-10-17",
+ * "Statement": [
+ * {
+ * "Effect": "Allow",
+ * "Principal": {
+ * "AWS": "<Specify the ARN of your IAM user you are using in this code
+ * example>"
+ * },
+ * "Action": "sts:AssumeRole"
+ * }
+ * ]
+ * }
+ *
+ * For more information, see "Editing the Trust Relationship for an Existing
+ * Role" in the AWS Directory Service guide.
+ *
+ * Also, set up your development environment, including your credentials.
+ *
+ * For information, see this documentation topic:
+ *
+ * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
+ */
+public class AssumeRole {
+    public static void main(String[] args) {
+        final String usage = "";
+
+        if (args.length != 2) {
+            System.out.println(usage);
+            System.exit(1);
+        }
+
+        String roleArn = args[0];
+        String roleSessionName = args[1];
+        Region region = Region.EU_WEST_2;
+        StsClient stsClient = StsClient.builder()
+                .region(region)
+                .build();
+
+        assumeGivenRole(stsClient, roleArn, roleSessionName);
+        stsClient.close();
+    }
+
+    public static void assumeGivenRole(StsClient stsClient, String roleArn, String roleSessionName) {
+        try {
+            AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
+                    .roleArn(roleArn)
+                    .roleSessionName(roleSessionName)
+                    .build();
+
+            AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest);
+            Credentials myCreds = roleResponse.credentials();
+
+            // Display the time when the temp creds expire.
+            Instant exTime = myCreds.expiration();
+            String tokenInfo = myCreds.sessionToken();
+
+            // Convert the Instant to readable date.
+            DateTimeFormatter formatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.SHORT)
+                    .withLocale(Locale.US)
+                    .withZone(ZoneId.systemDefault());
+
+            formatter.format(exTime);
+            System.out.println("The token " + tokenInfo + "  expires on " + exTime);
+
+        } catch (StsException e) {
+            System.err.println(e.getMessage());
+            System.exit(1);
+        }
+    }
+}
+// snippet-end:[sts.java2.assume_role.main]

src/main/java/com/fdkankan/cloud/acl/factory/sts/AliyunStsHandler.java

@@ -0,0 +1,73 @@
+package com.fdkankan.cloud.acl.factory.sts;
+
+import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.thread.ThreadUtil;
+import cn.hutool.core.util.StrUtil;
+import com.aliyun.sts20150401.Client;
+import com.fdkankan.cloud.acl.bean.StsBean;
+import com.fdkankan.cloud.acl.config.AliyunConfig;
+import com.fdkankan.cloud.acl.config.AwsConfig;
+import com.fdkankan.cloud.acl.entity.AppConfig;
+import com.fdkankan.cloud.acl.util.TimeUtil;
+import com.fdkankan.common.constant.ErrorCode;
+import com.fdkankan.common.exception.BusinessException;
+import com.fdkankan.common.util.DateExtUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import java.util.Objects;
+
+/**
+ * 初始化空间模型
+ */
+@Slf4j
+@ConditionalOnBean(value =AliyunConfig.class)
+@Component
+public class AliyunStsHandler implements StsHandler {
+
+    @Resource
+    private Client aliyunStsClient;
+
+    @Override
+    public StsBean init(AppConfig appConfig) {
+        com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest()
+                .setRoleArn(appConfig.getRoleArn())
+                .setRoleSessionName(appConfig.getRoleSessionName());
+        //设置权限，如果为空，则默认跟随rolearn的权限
+        if(StrUtil.isNotEmpty(appConfig.getPolicy())){
+            assumeRoleRequest.setPolicy(appConfig.getPolicy());
+        }
+        if(Objects.nonNull(appConfig.getDurationSeconds())){
+            assumeRoleRequest.setDurationSeconds(appConfig.getDurationSeconds());
+        }
+
+        com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
+        com.aliyun.sts20150401.models.AssumeRoleResponse resp = null;
+        int index = 1;
+        while (Objects.isNull(resp)){
+            try {
+                resp = aliyunStsClient.assumeRoleWithOptions(assumeRoleRequest, runtime);
+            } catch (Exception e) {
+                log.error("请求阿里云sts接口失败", e);
+            }
+            if(++index > 10 || Objects.nonNull(resp)){
+                break;
+            }
+            ThreadUtil.sleep(200L);
+        }
+        if(Objects.isNull(resp)){
+            throw new BusinessException(ErrorCode.SYSTEM_BUSY.code(), "The system is busy, please try again later");
+        }
+
+        String accessKeyId = resp.getBody().getCredentials().getAccessKeyId();
+        String accessKeySecret = resp.getBody().getCredentials().getAccessKeySecret();
+        String securityToken = resp.getBody().getCredentials().getSecurityToken();
+        String expiration =  TimeUtil.converToBjTime(resp.getBody().getCredentials().getExpiration());
+        long expirTimestamp = DateUtil.parse(expiration, DateExtUtil.dateStyle).getTime()/1000;
+
+        return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(expirTimestamp).build();
+    }
+}

src/main/java/com/fdkankan/cloud/acl/factory/sts/AwsStsHandler.java

@@ -0,0 +1,58 @@
+package com.fdkankan.cloud.acl.factory.sts;
+
+import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.thread.ThreadUtil;
+import cn.hutool.core.util.StrUtil;
+import com.fdkankan.cloud.acl.bean.StsBean;
+import com.fdkankan.cloud.acl.config.AwsConfig;
+import com.fdkankan.cloud.acl.entity.AppConfig;
+import com.fdkankan.cloud.acl.util.TimeUtil;
+import com.fdkankan.common.constant.ErrorCode;
+import com.fdkankan.common.exception.BusinessException;
+import com.fdkankan.common.util.DateExtUtil;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
+import software.amazon.awssdk.services.sts.StsClient;
+import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
+import software.amazon.awssdk.services.sts.model.AssumeRoleResponse;
+import software.amazon.awssdk.services.sts.model.Credentials;
+import software.amazon.awssdk.services.sts.model.StsException;
+
+import javax.annotation.Resource;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.time.format.FormatStyle;
+import java.util.Locale;
+import java.util.Objects;
+
+/**
+ * 初始化空间模型
+ */
+@ConditionalOnBean(value = AwsConfig.class)
+@Component
+public class AwsStsHandler implements StsHandler {
+
+    @Resource
+    private StsClient awsStsClient;
+
+    @Override
+    public StsBean init(AppConfig appConfig) {
+        AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
+                .roleArn(appConfig.getRoleArn())
+                .roleSessionName(appConfig.getRoleSessionName())
+                .durationSeconds(appConfig.getDurationSeconds().intValue())
+                .build();
+        AssumeRoleResponse roleResponse = awsStsClient.assumeRole(roleRequest);
+        Credentials myCreds = roleResponse.credentials();
+        String accessKeyId = myCreds.accessKeyId();
+        String accessKeySecret = myCreds.secretAccessKey();
+        String securityToken = myCreds.sessionToken();
+        Instant exTime = myCreds.expiration();
+        DateTimeFormatter dateFormat = DateTimeFormatter.ofPattern(DateExtUtil.dateStyle).withZone(ZoneId.systemDefault());
+        String expiration = dateFormat.format(exTime);
+
+        return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(exTime.getEpochSecond()).build();
+    }
+}

src/main/java/com/fdkankan/cloud/acl/factory/sts/StsFactory.java

@@ -0,0 +1,9 @@
+package com.fdkankan.cloud.acl.factory.sts;
+
+import cn.hutool.extra.spring.SpringUtil;
+
+public class StsFactory {
+    public static StsHandler getHandler(String name){
+        return SpringUtil.getBean(name);
+    }
+}

src/main/java/com/fdkankan/cloud/acl/factory/sts/StsHandler.java

@@ -0,0 +1,12 @@
+package com.fdkankan.cloud.acl.factory.sts;
+
+import com.fdkankan.cloud.acl.bean.StsBean;
+import com.fdkankan.cloud.acl.entity.AppConfig;
+
+import java.util.Map;
+
+public interface StsHandler {
+
+    StsBean init(AppConfig appConfig);
+
+}

src/main/java/com/fdkankan/cloud/acl/service/impl/StsServiceImpl.java

@@ -24,6 +24,8 @@ import com.aliyuncs.auth.EnvironmentVariableCredentialsProvider;
 import com.fdkankan.cloud.acl.bean.StsBean;
 import com.fdkankan.cloud.acl.constant.RedisKey;
 import com.fdkankan.cloud.acl.entity.AppConfig;
+import com.fdkankan.cloud.acl.factory.sts.StsFactory;
+import com.fdkankan.cloud.acl.factory.sts.StsHandler;
 import com.fdkankan.cloud.acl.service.IAppConfigService;
 import com.fdkankan.cloud.acl.service.IStsService;
 import com.fdkankan.common.constant.ErrorCode;
@@ -53,59 +55,14 @@ public class StsServiceImpl implements IStsService {
     @Autowired
     private IAppConfigService appConfigService;
     @Autowired
-    private Client stsClient;
-    @Autowired
     private RedisUtil redisUtil;
+    @Autowired
+    private StsHandler stsHandler;
 
     @Override
     public StsBean genAssumeRole(String appCode) {
-
         AppConfig appConfig = appConfigService.getByAppCode(appCode);
-
-        com.aliyun.sts20150401.models.AssumeRoleRequest assumeRoleRequest = new com.aliyun.sts20150401.models.AssumeRoleRequest()
-                .setRoleArn(appConfig.getRoleArn())
-                .setRoleSessionName(appConfig.getRoleSessionName());
-        //设置权限，如果为空，则默认跟随rolearn的权限
-        if(StrUtil.isNotEmpty(appConfig.getPolicy())){
-            assumeRoleRequest.setPolicy(appConfig.getPolicy());
-        }
-        if(Objects.nonNull(appConfig.getDurationSeconds())){
-            assumeRoleRequest.setDurationSeconds(appConfig.getDurationSeconds());
-        }
-
-        com.aliyun.teautil.models.RuntimeOptions runtime = new com.aliyun.teautil.models.RuntimeOptions();
-        com.aliyun.sts20150401.models.AssumeRoleResponse resp = null;
-        int index = 1;
-        while (Objects.isNull(resp)){
-            try {
-                resp = stsClient.assumeRoleWithOptions(assumeRoleRequest, runtime);
-            } catch (Exception e) {
-                log.error("请求阿里云sts接口失败", e);
-            }
-            if(++index > 10 || Objects.nonNull(resp)){
-                break;
-            }
-            ThreadUtil.sleep(200L);
-        }
-        if(Objects.isNull(resp)){
-            throw new BusinessException(ErrorCode.SYSTEM_BUSY);
-        }
-
-        String accessKeyId = resp.getBody().getCredentials().getAccessKeyId();
-        String accessKeySecret = resp.getBody().getCredentials().getAccessKeySecret();
-        String securityToken = resp.getBody().getCredentials().getSecurityToken();
-        String expiration =  this.converToBjTime(resp.getBody().getCredentials().getExpiration());
-        long expirTimestamp = DateUtil.parse(expiration, DateExtUtil.dateStyle).getTime()/1000;
-
-        return StsBean.builder().accessKeyId(accessKeyId).accessKeySecret(accessKeySecret).securityToken(securityToken).expiration(expiration).expirTimestamp(expirTimestamp).build();
-
-    }
-
-    public String converToBjTime(String dateStr) {
-        Instant utcTime = Instant.parse(dateStr);
-        ZoneId beijingZoneId = ZoneId.of("Asia/Shanghai");
-        ZonedDateTime beijingTime = utcTime.atZone(beijingZoneId);
-        return beijingTime.format(DateTimeFormatter.ofPattern(DateExtUtil.dateStyle));
+        return stsHandler.init(appConfig);
     }
 
     @Override

src/main/java/com/fdkankan/cloud/acl/util/TimeUtil.java

@@ -0,0 +1,19 @@
+package com.fdkankan.cloud.acl.util;
+
+import com.fdkankan.common.util.DateExtUtil;
+
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+
+public class TimeUtil {
+
+    public static String converToBjTime(String dateStr) {
+        Instant utcTime = Instant.parse(dateStr);
+        ZoneId beijingZoneId = ZoneId.of("Asia/Shanghai");
+        ZonedDateTime beijingTime = utcTime.atZone(beijingZoneId);
+        return beijingTime.format(DateTimeFormatter.ofPattern(DateExtUtil.dateStyle));
+    }
+
+}

src/main/resources/bootstrap-dev.yml

@@ -0,0 +1,24 @@
+spring:
+  application:
+    name: 4dkankan-center-cloud-acl
+  cloud:
+    nacos:
+      server-addr: 120.24.144.164:8848
+      namespace: 4dkankan-v4-dev
+      config:
+        file-extension: yaml
+        namespace: ${spring.cloud.nacos.namespace}
+        shared-configs:
+          - data-id: common-redis-config.yaml
+            group: DEFAULT_GROUP
+            refresh: true
+#
+#          - data-id: common-db-config.yaml
+#            group: DEFAULT_GROUP
+#            refresh: true
+      discovery:
+        namespace: ${spring.cloud.nacos.namespace}
+
+
+
+

src/main/resources/bootstrap-prod-eur.yml

@@ -0,0 +1,24 @@
+spring:
+  application:
+    name: 4dkankan-center-cloud-acl
+  cloud:
+    nacos:
+      server-addr: 120.24.144.164:8848
+      namespace: 4dkankan-v4-prod
+      config:
+        file-extension: yaml
+        namespace: ${spring.cloud.nacos.namespace}
+        shared-configs:
+          - data-id: common-redis-config.yaml
+            group: DEFAULT_GROUP
+            refresh: true
+
+          - data-id: common-db-config.yaml
+            group: DEFAULT_GROUP
+            refresh: true
+      discovery:
+        namespace: ${spring.cloud.nacos.namespace}
+
+
+
+

src/main/resources/bootstrap-test-eur.yml

@@ -0,0 +1,24 @@
+spring:
+  application:
+    name: 4dkankan-center-cloud-acl
+  cloud:
+    nacos:
+      server-addr: 120.24.144.164:8848
+      namespace: 4dkankan-v4-test
+      config:
+        file-extension: yaml
+        namespace: ${spring.cloud.nacos.namespace}
+        shared-configs:
+          - data-id: common-redis-config.yaml
+            group: DEFAULT_GROUP
+            refresh: true
+#
+#          - data-id: common-db-config.yaml
+#            group: DEFAULT_GROUP
+#            refresh: true
+      discovery:
+        namespace: ${spring.cloud.nacos.namespace}
+
+
+
+