后端：增加用户访问日志

user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/interceptor/UserAccessLogInterceptor.java

@@ -0,0 +1,78 @@
+package cn.iocoder.mall.user.sdk.interceptor;
+
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.mall.user.service.api.UserAccessLogService;
+import cn.iocoder.mall.user.service.api.dto.UserAccessLogAddDTO;
+import com.alibaba.dubbo.config.annotation.Reference;
+import com.alibaba.fastjson.JSON;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Date;
+
+/**
+ * 访问日志拦截器
+ */
+@Component
+public class UserAccessLogInterceptor extends HandlerInterceptorAdapter {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    /**
+     * 开始时间
+     */
+    private static final ThreadLocal<Date> START_TIME = new ThreadLocal<>();
+    /**
+     * 管理员编号
+     */
+    private static final ThreadLocal<Integer> USER_ID = new ThreadLocal<>();
+
+    @Reference
+    private UserAccessLogService userAccessLogService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 记录当前时间
+        START_TIME.set(new Date());
+        return true;
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
+        UserAccessLogAddDTO accessLog = new UserAccessLogAddDTO();
+        try {
+            accessLog.setUserId(USER_ID.get());
+            if (accessLog.getUserId() == null) {
+                accessLog.setUserId(UserAccessLogAddDTO.USER_ID_NULL);
+            }
+            accessLog.setUri(request.getRequestURI()); // TODO 提升：如果想要优化，可以使用 Swagger 的 @ApiOperation 注解。
+            accessLog.setQueryString(HttpUtil.buildQueryString(request));
+            accessLog.setMethod(request.getMethod());
+            accessLog.setUserAgent(HttpUtil.getUserAgent(request));
+            accessLog.setIp(HttpUtil.getIp(request));
+            accessLog.setStartTime(START_TIME.get());
+            accessLog.setResponseTime((int) (System.currentTimeMillis() - accessLog.getStartTime().getTime()));// 默认响应时间设为0
+            userAccessLogService.addUserAccessLog(accessLog);
+            // TODO 提升：暂时不考虑 ELK 的方案。而是基于 MySQL 存储。如果访问日志比较多，需要定期归档。
+        } catch (Throwable th) {
+            logger.error("[afterCompletion][插入管理员访问日志({}) 发生异常({})", JSON.toJSONString(accessLog), ExceptionUtils.getRootCauseMessage(th));
+        } finally {
+            clear();
+        }
+    }
+
+    public static void setUserId(Integer userId) {
+        USER_ID.set(userId);
+    }
+
+    public static void clear() {
+        START_TIME.remove();
+        USER_ID.remove();
+    }
+
+}

user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/interceptor/UserSecurityInterceptor.java

@@ -40,6 +40,13 @@ public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
             // 添加到 SecurityContext
             UserSecurityContext context = new UserSecurityContext(authentication.getUserId());
             UserSecurityContextHolder.setContext(context);
+            // 同时也记录管理员编号到 AdminAccessLogInterceptor 中。因为：
+            // AdminAccessLogInterceptor 需要在 AdminSecurityInterceptor 之前执行，这样记录的访问日志才健全
+            // AdminSecurityInterceptor 执行后，会移除 AdminSecurityContext 信息，这就导致 AdminAccessLogInterceptor 无法获得管理员编号
+            // 因此，这里需要进行记录
+            if (authentication.getUserId() != null) {
+                UserAccessLogInterceptor.setUserId(authentication.getUserId());
+            }
         }
         // 校验是否需要已授权
         HandlerMethod method = (HandlerMethod) handler;