sso

pdf-tech-core/src/main/java/cn/kdan/pdf/tech/core/constant/SSOConstant.java

@@ -5,6 +5,7 @@ package cn.kdan.pdf.tech.core.constant;
  */
 public interface SSOConstant {
     String DIRECTORY_NOT_EXIST = "Directory does not exist";
+    String DOMAIN_NOT_EXIST = "Domain does not exist";
     String DIRECTORY_EXIST = "Directory name already exists";
     String GRAPH_SCOPE = "https://graph.microsoft.com/.default";
     String EXCEPTION_MSG_MEMBER_NOT_EXIST = "用户未同步";

pdf-tech-core/src/main/java/cn/kdan/pdf/tech/core/service/impl/SyncServiceImpl.java

@@ -7,20 +7,21 @@ import cn.kdan.pdf.tech.core.enums.ScpoeEnum;
 import cn.kdan.pdf.tech.core.enums.SyncStatusEnum;
 import cn.kdan.pdf.tech.core.enums.SyncUserEnum;
 import cn.kdan.pdf.tech.core.model.*;
+import cn.kdan.pdf.tech.core.model.Directory;
+import cn.kdan.pdf.tech.core.model.Domain;
 import cn.kdan.pdf.tech.core.pojo.MSGroup;
 import cn.kdan.pdf.tech.core.pojo.dto.AddSyncDTO;
 import cn.kdan.pdf.tech.core.pojo.dto.CreateTeamDTO;
 import cn.kdan.pdf.tech.core.pojo.vo.VppTeamMemberVO;
 import cn.kdan.pdf.tech.core.service.*;
+import cn.kdan.pdf.tech.core.utils.ThreadPoolSingleUtil;
 import com.azure.identity.ClientSecretCredential;
 import com.azure.identity.ClientSecretCredentialBuilder;
-import com.microsoft.graph.models.Group;
-import com.microsoft.graph.models.GroupCollectionResponse;
-import com.microsoft.graph.models.User;
-import com.microsoft.graph.models.UserCollectionResponse;
+import com.microsoft.graph.models.*;
 import com.microsoft.graph.serviceclient.GraphServiceClient;
 
 import enums.ValidStatusEnum;
+import exception.BackendRuntimeException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -50,7 +51,8 @@ public class SyncServiceImpl implements SyncService {
     private VppRTeamMemberRoleService vppRTeamMemberRoleService;
     @Resource
     private DirectorySyncService directorySyncService;
-
+    @Resource
+    private DomainService domainService;
     @Override
     public void addSyncSettings(AddSyncDTO syncDTO) {
         //根据id获取目录
@@ -82,16 +84,27 @@ public class SyncServiceImpl implements SyncService {
             directory.setTeamId(teamId);
             directoryService.updateSelective(directory);
         }
+        ThreadPoolSingleUtil.getInstance().excute(() -> {
+            sync(syncDTO.getScope(), directory);
+        });
+    }
+
+    private void sync(String scope, Directory directory) {
         String syncId = startLog(directory);
-        if (syncDTO.getScope().equals(ScpoeEnum.ALL.value())) {
+        try {
+        if (scope.equals(ScpoeEnum.ALL.value())) {
             //同步全部
             syncMSUserAll(directory);
         }
-        if (syncDTO.getScope().equals(ScpoeEnum.SPECIFY.value())) {
+        if (scope.equals(ScpoeEnum.SPECIFY.value())) {
             //同步特定
             syncMSUserSpecifyGroup(directory);
         }
-        endLog(syncId);
+            endLog(syncId,SyncStatusEnum.SYNC_FINISHED);
+        } catch (Exception e) {
+            endLog(syncId,SyncStatusEnum.SYNC_FAILED);
+            log.error("SYNC_FAILED:{}", e.getMessage());
+        }
     }
 
     @Override
@@ -112,16 +125,9 @@ public class SyncServiceImpl implements SyncService {
             log.error("TEAM_NOT_EXIST:{}", teamId);
             throw new RuntimeException(VppTeamConstant.TEAM_NOT_EXIST);
         }
-        String syncId = startLog(directory);
-        if (directory.getScope().equals(ScpoeEnum.ALL.value())) {
-            //同步全部
-            syncMSUserAll(directory);
-        }
-        if (directory.getScope().equals(ScpoeEnum.SPECIFY.value())) {
-            //同步特定
-            syncMSUserSpecifyGroup(directory);
-        }
-        endLog(syncId);
+        ThreadPoolSingleUtil.getInstance().excute(() -> {
+            sync(directory.getScope(), directory);
+        });
     }
 
     /**
@@ -129,7 +135,7 @@ public class SyncServiceImpl implements SyncService {
      *
      * @param directory 目录对象
      */
-    public void syncMSUserAll(Directory directory) {
+    public void syncMSUserAll(Directory directory){
         String companyId = directory.getCompanyId();
         String teamId = directory.getTeamId();
         final String[] scopes = new String[]{SSOConstant.GRAPH_SCOPE};
@@ -139,7 +145,7 @@ public class SyncServiceImpl implements SyncService {
                 .clientSecret(directory.getClientSecrets())
                 .build();
         final GraphServiceClient graphClient = new GraphServiceClient(credential, scopes);
-
+        checkDomain(directory, graphClient);
         UserCollectionResponse userResponse = graphClient.users().get();
         List<User> users = userResponse.getValue();
         List<String> microsoftEmails = users.stream().map(User::getUserPrincipalName).collect(Collectors.toList());
@@ -147,9 +153,9 @@ public class SyncServiceImpl implements SyncService {
         handleUsersData(users, microsoftEmails, companyId, teamId, directory.getDirectoryId());
     }
 
-    private void endLog(String syncId) {
+    private void endLog(String syncId,SyncStatusEnum syncStatusEnum) {
         DirectorySync directorySync = new DirectorySync();
-        directorySync.setStatus(SyncStatusEnum.SYNC_FINISHED.value());
+        directorySync.setStatus(syncStatusEnum.value());
         directorySync.setSyncTime(new Date());
         directorySync.setDirectorySyncId(syncId);
         directorySyncService.create(directorySync);
@@ -171,7 +177,7 @@ public class SyncServiceImpl implements SyncService {
      *
      * @param directory 目录对象
      */
-    public void syncMSUserSpecifyGroup(Directory directory) {
+    public void syncMSUserSpecifyGroup(Directory directory){
         String companyId = directory.getCompanyId();
         String teamId = directory.getTeamId();
         List<String> groupIds = stringToList(directory.getMsGroupIds());
@@ -182,7 +188,7 @@ public class SyncServiceImpl implements SyncService {
                 .clientSecret(directory.getClientSecrets())
                 .build();
         final GraphServiceClient graphClient = new GraphServiceClient(credential, scopes);
-
+        checkDomain(directory, graphClient);
         List<User> users = new ArrayList<>();
         groupIds.forEach(groupId -> {
             Group group = graphClient.groups().byGroupId(groupId).get(requestConfiguration -> {
@@ -200,6 +206,18 @@ public class SyncServiceImpl implements SyncService {
         handleUsersData(users, microsoftEmails, companyId, teamId, directory.getDirectoryId());
     }
 
+    private void checkDomain(Directory directory, GraphServiceClient graphClient) {
+        List<Domain> list = domainService.listByDirectoryId(directory.getDirectoryId());
+        if(CollectionUtils.isEmpty(list)){
+            throw new BackendRuntimeException(SSOConstant.DOMAIN_NOT_EXIST);
+        }
+        DomainCollectionResponse domainCollectionResponse =  graphClient.domains().get();
+        List<String> domainList = domainCollectionResponse.getValue().stream().map(com.microsoft.graph.models.Domain::getId).collect(Collectors.toList());
+        if(!domainList.contains(list.get(0).getDomain())){
+            throw new BackendRuntimeException(SSOConstant.DOMAIN_NOT_EXIST);
+        }
+    }
+
     /**
      * 对比微软用户和我们指定组用户的差别，进行同步
      *