将 onemall 老代码，统一到归档目录，后续不断迁移移除

归档/common/mall-spring-boot-starter-security-admin/pom.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>common</artifactId>
+        <groupId>cn.iocoder.mall</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>mall-spring-boot-starter-security-admin</artifactId>
+
+    <dependencies>
+        <!-- Mall 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>system-service-api</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+        <!-- Spring 核心 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Web 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-spring-boot-starter-web</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-security-annotations</artifactId>
+        </dependency>
+
+        <!-- RPC 相关 -->
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java

@@ -0,0 +1,60 @@
+package cn.iocoder.mall.security.admin.config;
+
+import cn.iocoder.mall.security.admin.core.interceptor.AdminDemoInterceptor;
+import cn.iocoder.mall.security.admin.core.interceptor.AdminSecurityInterceptor;
+import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@AutoConfigureAfter(CommonWebAutoConfiguration.class) // 在 CommonWebAutoConfiguration 之后自动配置，保证过滤器的顺序
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+@EnableConfigurationProperties(AdminSecurityProperties.class)
+public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Bean
+    @ConditionalOnMissingBean
+    public AdminSecurityProperties adminSecurityProperties() {
+        return new AdminSecurityProperties();
+    }
+
+    // ========== 拦截器相关 ==========
+
+    @Bean
+    public AdminSecurityInterceptor adminSecurityInterceptor() {
+        return new AdminSecurityInterceptor();
+    }
+
+    @Bean
+    public AdminDemoInterceptor adminDemoInterceptor() {
+        return new AdminDemoInterceptor();
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        AdminSecurityProperties properties = this.adminSecurityProperties();
+        // AdminSecurityInterceptor 拦截器
+        registry.addInterceptor(this.adminSecurityInterceptor())
+                .excludePathPatterns(properties.getIgnorePaths())
+                .excludePathPatterns(properties.getDefaultIgnorePaths());
+        logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
+        // AdminDemoInterceptor 拦截器
+        if (Boolean.TRUE.equals(properties.getDemo())) {
+            registry.addInterceptor(this.adminDemoInterceptor())
+                    .excludePathPatterns(properties.getIgnorePaths())
+                    .excludePathPatterns(properties.getDefaultIgnorePaths());
+            logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
+        }
+    }
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java

@@ -0,0 +1,59 @@
+package cn.iocoder.mall.security.admin.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@ConfigurationProperties("mall.security.admin")
+public class AdminSecurityProperties {
+
+    private static final String[] DEFAULT_IGNORE_PATHS = new String[]{
+            // Swagger 相关
+            "/doc.html", "/swagger-resources",  "/swagger-resources/**", "/webjars/**",
+            // Actuator 相关
+    };
+
+    /**
+     * 演示模式 - 默认值（关闭）
+     */
+    private static final Boolean DEFAULT_DEMO = false;
+
+    /**
+     * 自定义忽略 Path
+     */
+    private String[] ignorePaths = new String[0];
+    /**
+     * 默认忽略 Path
+     */
+    private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
+    /**
+     * 是否开启演示模式
+     */
+    private Boolean demo = DEFAULT_DEMO;
+
+    public String[] getIgnorePaths() {
+        return ignorePaths;
+    }
+
+    public AdminSecurityProperties setIgnorePaths(String[] ignorePaths) {
+        this.ignorePaths = ignorePaths;
+        return this;
+    }
+
+    public String[] getDefaultIgnorePaths() {
+        return defaultIgnorePaths;
+    }
+
+    public AdminSecurityProperties setDefaultIgnorePaths(String[] defaultIgnorePaths) {
+        this.defaultIgnorePaths = defaultIgnorePaths;
+        return this;
+    }
+
+    public Boolean getDemo() {
+        return demo;
+    }
+
+    public AdminSecurityProperties setDemo(Boolean demo) {
+        this.demo = demo;
+        return this;
+    }
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContext.java

@@ -0,0 +1,18 @@
+package cn.iocoder.mall.security.admin.core.context;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+/**
+ * Admin Security 上下文
+ */
+@Data
+@Accessors(chain = true)
+public class AdminSecurityContext {
+
+    /**
+     * 管理员编号
+     */
+    private Integer adminId;
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContextHolder.java

@@ -0,0 +1,34 @@
+package cn.iocoder.mall.security.admin.core.context;
+
+/**
+ * {@link AdminSecurityContext} Holder
+ *
+ * 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类，简单实现。
+ */
+public class AdminSecurityContextHolder {
+
+    private static final ThreadLocal<AdminSecurityContext> SECURITY_CONTEXT = new ThreadLocal<>();
+
+    public static void setContext(AdminSecurityContext context) {
+        SECURITY_CONTEXT.set(context);
+    }
+
+    public static AdminSecurityContext getContext() {
+        AdminSecurityContext ctx = SECURITY_CONTEXT.get();
+        // 为空时，设置一个空的进去
+        if (ctx == null) {
+            ctx = new AdminSecurityContext();
+            SECURITY_CONTEXT.set(ctx);
+        }
+        return ctx;
+    }
+
+    public static void clear() {
+        SECURITY_CONTEXT.remove();
+    }
+
+    public static Integer getAdminId() {
+        return getContext().getAdminId();
+    }
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java

@@ -0,0 +1,31 @@
+package cn.iocoder.mall.security.admin.core.interceptor;
+
+import cn.iocoder.common.framework.exception.util.ServiceExceptionUtil;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
+import cn.iocoder.mall.systemservice.enums.SystemErrorCodeConstants;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Objects;
+
+/**
+ * Admin 演示拦截器
+ *
+ * 这是个比较“奇怪”的拦截器，用于演示的管理员账号，禁止使用 POST 请求，从而实现即达到阉割版的演示的效果，又避免影响了数据
+ */
+public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 当 Admin 编号等于 1 时，约定为演示账号
+        // TODO 芋艿，后续去优化
+        if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1)
+            && request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
+            throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
+        }
+        return true;
+    }
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminSecurityInterceptor.java

@@ -0,0 +1,96 @@
+package cn.iocoder.mall.security.admin.core.interceptor;
+
+import cn.iocoder.common.framework.enums.UserTypeEnum;
+import cn.iocoder.common.framework.exception.GlobalException;
+import cn.iocoder.common.framework.exception.util.ServiceExceptionUtil;
+import cn.iocoder.common.framework.util.CollectionUtils;
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContext;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
+import cn.iocoder.mall.systemservice.rpc.oauth.OAuthFeign;
+import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
+import cn.iocoder.mall.systemservice.rpc.permission.PermissionFeign;
+import cn.iocoder.mall.systemservice.rpc.permission.dto.PermissionCheckDTO;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
+import cn.iocoder.security.annotations.RequiresNone;
+import cn.iocoder.security.annotations.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+
+import static cn.iocoder.common.framework.exception.enums.GlobalErrorCodeConstants.UNAUTHORIZED;
+import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeConstants.OAUTH_USER_TYPE_ERROR;
+
+public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
+
+
+    @Autowired
+    private OAuthFeign oAuthFeign;
+    @Autowired
+    private PermissionFeign permissionFeign;
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 获得访问令牌
+        Integer adminId = this.obtainAdminId(request);
+        // 校验认证
+        this.checkAuthentication((HandlerMethod) handler, adminId);
+        // 校验权限
+        this.checkPermission((HandlerMethod) handler, adminId);
+        return true;
+    }
+
+    private Integer obtainAdminId(HttpServletRequest request) {
+        String accessToken = HttpUtil.obtainAuthorization(request);
+        Integer adminId = null;
+        if (accessToken != null) {
+            CommonResult<OAuth2AccessTokenRespDTO> checkAccessTokenResult = oAuthFeign.checkAccessToken(accessToken);
+            checkAccessTokenResult.checkError();
+            // 校验用户类型正确
+            if (!UserTypeEnum.ADMIN.getValue().equals(checkAccessTokenResult.getData().getUserType())) {
+                throw ServiceExceptionUtil.exception(OAUTH_USER_TYPE_ERROR);
+            }
+            // 获得用户编号
+            adminId = checkAccessTokenResult.getData().getUserId();
+            // 设置到 Request 中
+            CommonWebUtil.setUserId(request, adminId);
+            CommonWebUtil.setUserType(request, UserTypeEnum.ADMIN.getValue());
+            // 设置到
+            AdminSecurityContext adminSecurityContext = new AdminSecurityContext().setAdminId(adminId);
+            AdminSecurityContextHolder.setContext(adminSecurityContext);
+        }
+        return adminId;
+    }
+
+    private void checkAuthentication(HandlerMethod handlerMethod, Integer adminId) {
+        boolean requiresAuthenticate = !handlerMethod.hasMethodAnnotation(RequiresNone.class); // 对于 ADMIN 来说，默认需登录
+        if (requiresAuthenticate && adminId == null) {
+            throw new GlobalException(UNAUTHORIZED);
+        }
+    }
+
+    private void checkPermission(HandlerMethod handlerMethod, Integer adminId) {
+        RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
+        if (requiresPermissions == null) {
+            return;
+        }
+        String[] permissions = requiresPermissions.value();
+        if (CollectionUtils.isEmpty(permissions)) {
+            return;
+        }
+        // 权限验证
+        permissionFeign.checkPermission(new PermissionCheckDTO().setAdminId(adminId).setPermissions(Arrays.asList(permissions)))
+                .checkError();
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
+        // 清空 SecurityContext
+        AdminSecurityContextHolder.clear();
+    }
+
+}

归档/common/mall-spring-boot-starter-security-admin/src/main/resources/META-INF/spring.factories

@@ -0,0 +1,2 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+  cn.iocoder.mall.security.admin.config.AdminSecurityAutoConfiguration