fix:Agent API 用户校验

844a579a · alex yao · d8d08355 · 844a579a
Commit 844a579a authored Jan 24, 2025 by alex yao
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

AgentApplicationApiServiceImpl.java ...expose/aggregate/impl/AgentApplicationApiServiceImpl.java +16 -0

No files found.
--- a/src/main/java/cn/com/poc/expose/aggregate/impl/AgentApplicationApiServiceImpl.java
+++ b/src/main/java/cn/com/poc/expose/aggregate/impl/AgentApplicationApiServiceImpl.java
@@ -17,12 +17,17 @@ import cn.com.poc.equity.constants.ModifyEventEnum;
 import cn.com.poc.equity.domain.modifyEquityInfo.AgentUseModifyEventInfo;
 import cn.com.poc.expose.aggregate.AgentApplicationApiService;
 import cn.com.poc.knowledge.aggregate.KnowledgeService;
+import cn.com.poc.support.security.oauth.constants.OauthConstants;
 import cn.com.poc.thirdparty.resource.demand.ai.constants.LLMRoleEnum;
 import cn.com.poc.thirdparty.resource.demand.ai.entity.dialogue.Message;
 import cn.com.poc.thirdparty.resource.demand.ai.entity.dialogue.Tool;
 import cn.com.yict.framemax.core.exception.BusinessException;
+import cn.com.yict.framemax.security.authentication.SecurityAuthenticationToken;
+import cn.com.yict.framemax.security.oauth.OauthUserManager;
 import cn.hutool.core.io.FileUtil;
 import org.apache.commons.collections4.CollectionUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.multipart.MultipartFile;

@@ -75,6 +80,8 @@ public class AgentApplicationApiServiceImpl implements AgentApplicationApiServic
    @Resource
    private DataAnalyzeReportService dataAnalyzeReportService;

+    @Resource
+    private OauthUserManager userManager;

    @Override
    public String conversation(String apiKey, String apiSecret, String agentId) throws Exception {
@@ -122,6 +129,8 @@ public class AgentApplicationApiServiceImpl implements AgentApplicationApiServic
        if (!infoEntity.getMemberId().equals(profileEntity.getMemberId().intValue())) {
            throw new BusinessException("无权限");
        }
+        //配置用户上下文信息
+        setAPIUserInfoContext(profileEntity);

        // 获取文件列表
        List<String> fileUrls = getFileUrls(conversationId, fileIds, agentId);
@@ -164,6 +173,13 @@ public class AgentApplicationApiServiceImpl implements AgentApplicationApiServic
        dataAnalyzeReportService.dataReport(agentId, DataAnalyzeChannelEnum.api, profileEntity.getMemberId(), deducted, pointDeductionNum);
    }

+    private void setAPIUserInfoContext(BizAgentApplicationApiProfileEntity profileEntity) {
+        SecurityAuthenticationToken securityAuthenticationToken = this.userManager.authUser(OauthConstants.TypePrefix.MEMBER_DOMAIN + profileEntity.getMemberId().toString(), null, null);
+        SecurityContext sc = SecurityContextHolder.getContext();
+        sc.setAuthentication(securityAuthenticationToken);
+        SecurityContextHolder.setContext(sc);
+    }
+
    private void saveRecord(String conversationId, String query, String agentId, BizAgentApplicationApiProfileEntity profileEntity, Long inputTimestamp, BizAgentApplicationPublishEntity infoEntity, String output) throws Exception {
        //保存对话记录
        BizAgentApplicationDialoguesRecordEntity inputRecord = new BizAgentApplicationDialoguesRecordEntity();