增加 auth 认证拦截器

common/mall-spring-boot-starter-security/pom.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>common</artifactId>
+        <groupId>cn.iocoder.mall</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>mall-spring-boot-starter-security</artifactId>
+
+    <dependencies>
+        <!-- Mall 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>system-rpc-api</artifactId>
+            <version>1.0-SNAPSHOT</version>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Spring 核心 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Web 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-spring-boot-starter-web</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+        <!-- RPC 相关 -->
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo</artifactId>
+            <optional>true</optional>
+        </dependency>
+    </dependencies>
+
+</project>

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java

@@ -0,0 +1,16 @@
+package cn.iocoder.mall.security.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+@ConditionalOnClass(name = {"cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC", "org.apache.dubbo.config.annotation.Reference"})
+public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
+
+    // ========== 拦截器相关 ==========
+
+
+}

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/account/AccountAuthInterceptor.java

@@ -0,0 +1,40 @@
+package cn.iocoder.mall.security.core.account;
+
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.common.framework.util.ServiceExceptionUtil;
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
+import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
+import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
+import org.apache.dubbo.config.annotation.Reference;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Reference(validation = "true", version = "${dubbo.consumer.OAuth2RPC.version}")
+    private OAuth2RPC oauth2RPC;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 执行认证
+        String accessToken = HttpUtil.obtainAuthorization(request);
+        OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
+                .setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
+        CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResponseResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
+        if (oauth2AccessTokenResponseResult.isError()) { // TODO 有一个问题点，假设 token 认证失败，但是该 url 是无需认证的，是不是一样能够执行过去？
+            throw ServiceExceptionUtil.exception(oauth2AccessTokenResponseResult);
+        }
+        // 设置账号编号
+        CommonWebUtil.setAccountId(request, oauth2AccessTokenResponseResult.getData().getAccountId());
+        return true;
+    }
+
+}

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/package-info.java

@@ -0,0 +1 @@
+package cn.iocoder.mall.security.core;

common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/package-info.java

@@ -0,0 +1 @@
+package cn.iocoder.mall.security;