fix: modify gateway router

MoeexT · MoeexT · commit f5108f653db7 · 2026-03-28T18:15:48.000+08:00
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/ApiGatewayApplication.java b/backend/api-gateway/src/main/java/com/datamate/gateway/ApiGatewayApplication.java
@@ -79,7 +79,7 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
             // 网关内部服务（用户）
             // 使用 no-op 触发 GlobalFilter 执行，然后由本地 Controller 处理
             .route("gateway", r -> r.path("/api/user/**")
-                .uri("no-op"))
+                .uri("http://localhost:8080"))
 
             // 其他后端服务
             .route("default", r -> r.path("/api/**")
diff --git a/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/rest/UserController.java b/backend/api-gateway/src/main/java/com/datamate/gateway/interfaces/rest/UserController.java
@@ -5,6 +5,8 @@
 import com.datamate.common.infrastructure.exception.CommonErrorCode;
 import com.datamate.gateway.application.UserApplicationService;
 import com.datamate.gateway.domain.service.UserService;
+import com.datamate.gateway.infrastructure.client.OmsExtensionService;
+import com.datamate.gateway.infrastructure.client.OmsService;
 import com.datamate.gateway.interfaces.dto.LoginRequest;
 import com.datamate.gateway.interfaces.dto.LoginResponse;
 import com.datamate.gateway.interfaces.dto.RegisterRequest;
@@ -16,12 +18,14 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.util.MultiValueMap;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.http.HttpCookie;
 
 /**
  * UserController
@@ -36,6 +40,44 @@
 public class UserController {
     private final UserApplicationService userApplicationService;
     private final UserService userService;
+    private final OmsService omsService;
+    private final OmsExtensionService omsExtensionService;
+
+    private static final String AUTH_TOKEN_KEY = "__Host-X-Auth-Token";
+    private static final String CSRF_TOKEN_KEY = "__Host-X-Csrf-Token";
+
+    /**
+     * 从 cookies 中获取 token 值
+     */
+    private String getToken(MultiValueMap<String, HttpCookie> cookies, String tokenKey) {
+        if (cookies.containsKey(tokenKey)) {
+            return cookies.getFirst(tokenKey).getValue();
+        }
+        return "";
+    }
+
+    /**
+     * 获取真实 IP 地址
+     */
+    private String getRealIp(ServerHttpRequest request) {
+        String ip = request.getHeaders().getFirst("X-Real-IP");
+        if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeaders().getFirst("X-Forwarded-For");
+        }
+        if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeaders().getFirst("Proxy-Client-IP");
+        }
+        if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeaders().getFirst("WL-Proxy-Client-IP");
+        }
+        if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getRemoteAddress() != null ? request.getRemoteAddress().getAddress().getHostAddress() : "";
+        }
+        if (ip != null && ip.contains(",")) {
+            ip = ip.split(",")[0].trim();
+        }
+        return ip != null ? ip : "";
+    }
 
     @PostMapping("/login")
     @IgnoreResponseWrap
@@ -58,7 +100,7 @@ public ResponseEntity<Response<LoginResponse>> register(@Valid @RequestBody Regi
     /**
      * 获取当前登录用户信息（支持双模式）
      * 优先级：
-     * 1. SSO 模式：检查 OMS 请求头 (X-User-Name, X-User-Group-Id)
+     * 1. SSO 模式：从 cookies 读取 OMS token 并调用 OMS 服务验证
      * 2. JWT 模式：检查 Authorization Bearer Token
      * 3. 未登录：返回 authenticated=false
      *
@@ -67,18 +109,48 @@ public ResponseEntity<Response<LoginResponse>> register(@Valid @RequestBody Regi
      */
     @GetMapping("/me")
     public Response<UserResponse> getCurrentUser(ServerHttpRequest request) {
-        // 优先检查 SSO 模式（OMS 请求头）
-        String ssoUsername = request.getHeaders().getFirst("X-User-Name");
-        String ssoGroupId = request.getHeaders().getFirst("X-User-Group-Id");
-
-        if (StringUtils.isNotBlank(ssoUsername)) {
-            log.info("SSO mode: user={}, groupId={}", ssoUsername, ssoGroupId);
-            return Response.ok(UserResponse.builder()
-                    .username(ssoUsername)
-                    .groupId(ssoGroupId)
-                    .authenticated(true)
-                    .authMode("SSO")
-                    .build());
+        log.info("=== /api/user/me called ===");
+
+        // 优先检查 SSO 模式（从 cookies 读取 OMS token）
+        MultiValueMap<String, HttpCookie> cookies = request.getCookies();
+        String authToken = getToken(cookies, AUTH_TOKEN_KEY);
+        String csrfToken = getToken(cookies, CSRF_TOKEN_KEY);
+
+        log.info("Cookies present - __Host-X-Auth-Token: {}, __Host-X-Csrf-Token: {}",
+                StringUtils.isNotBlank(authToken), StringUtils.isNotBlank(csrfToken));
+
+        if (StringUtils.isNotBlank(authToken)) {
+            try {
+                // 获取真实 IP
+                String realIp = getRealIp(request);
+                log.info("Calling OMS service with realIp: {}", realIp);
+
+                // 调用 OMS 服务验证
+                String username = omsService.getUserNameFromOms(authToken, csrfToken, realIp);
+                if (StringUtils.isNotBlank(username)) {
+                    log.info("SSO mode: user={}", username);
+
+                    // 获取用户组 ID（可能为 null）
+                    String groupId = null;
+                    try {
+                        groupId = omsExtensionService.getUserGroupId(username);
+                        log.info("User groupId: {}", groupId);
+                    } catch (Exception e) {
+                        log.warn("Failed to get user group ID: {}", e.getMessage());
+                    }
+
+                    return Response.ok(UserResponse.builder()
+                            .username(username)
+                            .groupId(groupId)
+                            .authenticated(true)
+                            .authMode("SSO")
+                            .build());
+                } else {
+                    log.warn("OMS service returned null username");
+                }
+            } catch (Exception e) {
+                log.error("SSO authentication failed", e);
+            }
         }
 
         // 检查独立登录模式（JWT Token）
