优雅的实现SpringCloud内部RPC调用鉴权方案

webchat-act/src/main/java/com/webchat/act/WebchatActApplication.java

@@ -1,5 +1,7 @@
 package com.webchat.act;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@@ -10,6 +12,8 @@ import org.springframework.context.annotation.ComponentScan;
 @EnableDiscoveryClient
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatActApplication {
 
     public static void main(String[] args) {

webchat-admin/src/main/java/com/webchat/admin/WebchatAdminApplication.java

@@ -1,5 +1,7 @@
 package com.webchat.admin;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.ServletComponentScan;
@@ -9,6 +11,7 @@ import org.springframework.context.annotation.ComponentScan;
 @SpringBootApplication
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
 public class WebchatAdminApplication {
 
     public static void main(String[] args) {

webchat-aigc/src/main/java/com/webchat/aigc/llm/AiParameterService.java

@@ -57,6 +57,7 @@ public class AiParameterService {
     public LLMParameterDTO getParameter(String currentUserId, String input, String botCode) throws Exception {
         // 查询bot详情
         BotDTO botDTO = botService.getBotPluginFromCache(botCode);
+        // 插件参数抽取
         LLMParameterDTO parameterDTO = this.getParameterByLLM(botDTO, input);
         if (parameterDTO == null) {
             return null;

webchat-api/src/main/java/com/webchat/admin/WebchatApiApplication.java

@@ -1,14 +1,17 @@
 package com.webchat.admin;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.ComponentScan;
 
 @SpringBootApplication
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatApiApplication {
 
     public static void main(String[] args) {

webchat-client-chat/src/main/java/com/webchat/client/WebchatClientApplication.java

@@ -1,5 +1,6 @@
 package com.webchat.client;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.openfeign.EnableFeignClients;
@@ -8,6 +9,7 @@ import org.springframework.context.annotation.ComponentScan;
 @SpringBootApplication
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
 public class WebchatClientApplication {
 
     public static void main(String[] args) {

webchat-common/src/main/java/com/webchat/common/constants/RpcRequestConstants.java

@@ -0,0 +1,11 @@
+package com.webchat.common.constants;
+
+public class RpcRequestConstants {
+
+
+    public static final String RPC_REQUEST_ACCESS_KEY = "rpc-req-access-key";
+    public static final String RPC_REQUEST_SECRET_KEY = "rpc-req-secret-key";
+
+    public static final String RPC_REQUEST_DEFAULT_AK = "chat4j";
+    public static final String RPC_REQUEST_DEFAULT_SK = "e8492379531134b77362a7d1f8b1c4b4";
+}

webchat-common/src/main/java/com/webchat/common/enums/BaseErrCodeEnum.java

@@ -9,7 +9,9 @@ import lombok.NoArgsConstructor;
 @AllArgsConstructor
 public enum BaseErrCodeEnum {
 
-    UN_LOGIN(40001, "未登录");
+    UN_LOGIN(40001, "未登录"),
+
+    RPC_REQUEST_UN_PERMISSION(40002, "内部服务调用无权限");
 
     private int code;
     private String message;

webchat-connect/src/main/java/com/webchat/connect/WebchatConnectApplication.java

@@ -2,6 +2,8 @@ package com.webchat.connect;
 
 import com.webchat.common.util.SpringContextUtil;
 import com.webchat.connect.messagequeue.consumer.redis.ChatNotifyRedisQueueListener;
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.openfeign.EnableFeignClients;
@@ -10,6 +12,7 @@ import org.springframework.context.annotation.ComponentScan;
 @ComponentScan("com.webchat")
 @SpringBootApplication
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
 public class WebchatConnectApplication {
 
     public static void main(String[] args) {

webchat-connect/src/main/java/com/webchat/connect/service/UserChatMessageSendService.java

@@ -29,6 +29,9 @@ public class UserChatMessageSendService {
     public void doSend(ChatMessageRequestVO chatMessage) {
 
         String instanceHost = this.getReceiverSessionInstanceHost(getSSEBizCode(), chatMessage.getReceiverId());
+        if (instanceHost == null) {
+            return;
+        }
         FeignClientBuilder<ConnectServiceClient> feignClientBuilder = new FeignClientBuilder(ConnectServiceClient.class);
         ConnectServiceClient connectServiceClient = feignClientBuilder.build(instanceHost);
         APIResponseBean<Boolean> apiResponseBean = connectServiceClient.doSend(chatMessage);

webchat-pay/src/main/java/com/webchat/pay/WebchatPayApplication.java

@@ -1,5 +1,7 @@
 package com.webchat.pay;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@@ -10,6 +12,8 @@ import org.springframework.context.annotation.ComponentScan;
 @SpringBootApplication
 @EnableDiscoveryClient
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatPayApplication {
 
     public static void main(String[] args) {

webchat-pgc/src/main/java/com/webchat/pgc/WebchatPGCApplication.java

@@ -2,6 +2,8 @@ package com.webchat.pgc;
 
 import com.webchat.common.util.SpringContextUtil;
 import com.webchat.pgc.messagequeue.consumer.ArticlePushDelayQueueConsumer;
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@@ -12,6 +14,8 @@ import org.springframework.context.annotation.ComponentScan;
 @EnableDiscoveryClient
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatPGCApplication {
 
     public static void main(String[] args) {

webchat-remote/src/main/java/com/webchat/rmi/act/ICommentClient.java

@@ -5,6 +5,7 @@ import com.webchat.common.bean.APIPageResponseBean;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.CommentSaveVO;
 import com.webchat.domain.vo.response.CommentResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -14,7 +15,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import java.util.List;
 
-@FeignClient(name = "webchat-act-service", contextId = "commentClient")
+@FeignClient(name = "webchat-act-service",
+        contextId = "commentClient",
+        configuration = RpcRequestInterceptor.class)
 public interface ICommentClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/act/IResourceBehaviorClient.java

@@ -2,11 +2,14 @@ package com.webchat.rmi.act;
 
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.act.ResourceBehaviorRequestVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
-@FeignClient(name = "webchat-act-service", contextId = "resourceBehaviorClient")
+@FeignClient(name = "webchat-act-service",
+        contextId = "resourceBehaviorClient",
+        configuration = RpcRequestInterceptor.class)
 public interface IResourceBehaviorClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/aigc/BasicModelServiceClient.java

@@ -2,13 +2,16 @@ package com.webchat.rmi.aigc;
 
 
 import com.webchat.common.bean.APIResponseBean;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
 import java.util.List;
 
-@FeignClient(name = "webchat-aigc-service", contextId = "basicModelServiceClient")
+@FeignClient(name = "webchat-aigc-service",
+             contextId = "basicModelServiceClient",
+             configuration = RpcRequestInterceptor.class)
 public interface BasicModelServiceClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/aigc/LLMChatClient.java

@@ -2,11 +2,14 @@ package com.webchat.rmi.aigc;
 
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.dto.aigc.ChatCompletionMessageRequest;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
-@FeignClient(name = "webchat-aigc-service", contextId = "llmChatClient")
+@FeignClient(name = "webchat-aigc-service",
+        contextId = "llmChatClient",
+        configuration = RpcRequestInterceptor.class)
 public interface LLMChatClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/annotation/EnableRpcPermissionFilter.java

@@ -0,0 +1,27 @@
+package com.webchat.rmi.annotation;
+
+
+import com.webchat.rmi.config.RpcRequestFilterAutoConfig;
+import com.webchat.rmi.config.RpcRequestInterceptorAutoConfig;
+import org.springframework.context.annotation.Import;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * 注解被应用webchat项目rpc被调用方开启鉴权
+ *
+ */
+//注解保留到运行时，通过反射可读取
+@Retention(RetentionPolicy.RUNTIME)
+// 允许作用目标：类、接口……
+@Target(ElementType.TYPE)
+@Import(RpcRequestFilterAutoConfig.class)
+public @interface EnableRpcPermissionFilter {
+
+
+
+}

webchat-remote/src/main/java/com/webchat/rmi/annotation/EnableRpcPermissionInterceptor.java

@@ -0,0 +1,21 @@
+package com.webchat.rmi.annotation;
+
+
+import com.webchat.rmi.config.RpcRequestInterceptorAutoConfig;
+import org.springframework.context.annotation.Import;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+//注解保留到运行时，通过反射可读取
+@Retention(RetentionPolicy.RUNTIME)
+// 允许作用目标：类、接口……
+@Target(ElementType.TYPE)
+@Import(RpcRequestInterceptorAutoConfig.class)
+public @interface EnableRpcPermissionInterceptor {
+
+
+
+}

webchat-remote/src/main/java/com/webchat/rmi/builder/FeignClientBuilder.java

@@ -1,6 +1,7 @@
 package com.webchat.rmi.builder;
 
 
+import com.webchat.common.constants.RpcRequestConstants;
 import feign.Feign;
 import feign.Request;
 import feign.Target;
@@ -29,8 +30,11 @@ public class FeignClientBuilder<T> {
         Feign.Builder builder = Feign.builder()
                 .encoder(encoder)
                 .decoder(decoder)
-                .requestInterceptor(template -> template.header("Content-Type", "application/json"))
-                .contract(new SpringMvcContract());
+                .requestInterceptor(template -> {
+                        template.header("Content-Type", "application/json");
+                        template.header(RpcRequestConstants.RPC_REQUEST_ACCESS_KEY, RpcRequestConstants.RPC_REQUEST_DEFAULT_AK);
+                        template.header(RpcRequestConstants.RPC_REQUEST_SECRET_KEY, RpcRequestConstants.RPC_REQUEST_DEFAULT_SK);
+                }).contract(new SpringMvcContract());
 
         // 显式指定 name 和 URL
         Target<T> target = new Target.HardCodedTarget<>(
@@ -38,7 +42,6 @@ public class FeignClientBuilder<T> {
                 instanceHost,  // 自定义唯一标识
                 instanceHost
         );
-
         return builder.target(target);
     }
 

webchat-remote/src/main/java/com/webchat/rmi/config/RpcRequestFilterAutoConfig.java

@@ -0,0 +1,22 @@
+package com.webchat.rmi.config;
+
+
+import com.webchat.rmi.filter.RpcRequestPermissionFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+
+public class RpcRequestFilterAutoConfig {
+
+
+    @Bean
+    public FilterRegistrationBean<RpcRequestPermissionFilter> registrationRpcRequestFilter() {
+        FilterRegistrationBean<RpcRequestPermissionFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new RpcRequestPermissionFilter());
+        registration.addUrlPatterns("/*");
+        registration.setName("rpcRequestFilter");
+        registration.setOrder(-1);
+        return registration;
+    }
+
+
+}

webchat-remote/src/main/java/com/webchat/rmi/config/RpcRequestInterceptorAutoConfig.java

@@ -0,0 +1,13 @@
+package com.webchat.rmi.config;
+
+
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
+import org.springframework.context.annotation.Bean;
+
+public class RpcRequestInterceptorAutoConfig {
+
+    @Bean(name = "userRequestInterceptor")
+    public RpcRequestInterceptor userRequestInterceptor() {
+        return new RpcRequestInterceptor();
+    }
+}

webchat-remote/src/main/java/com/webchat/rmi/connect/ConnectServiceClient.java

@@ -2,11 +2,14 @@ package com.webchat.rmi.connect;
 
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.mess.ChatMessageRequestVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
-@FeignClient(name = "webchat-connect-service", contextId = "connectServiceClient")
+@FeignClient(name = "webchat-connect-service",
+             contextId = "connectServiceClient",
+             configuration = RpcRequestInterceptor.class)
 public interface ConnectServiceClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/filter/RpcRequestPermissionFilter.java

@@ -0,0 +1,69 @@
+package com.webchat.rmi.filter;
+
+import com.webchat.common.constants.RpcRequestConstants;
+import com.webchat.common.enums.BaseErrCodeEnum;
+import com.webchat.common.util.JsonUtil;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+@Slf4j
+public class RpcRequestPermissionFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        Filter.super.init(filterConfig);
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        String ak = request.getHeader(RpcRequestConstants.RPC_REQUEST_ACCESS_KEY);
+        String sk = request.getHeader(RpcRequestConstants.RPC_REQUEST_SECRET_KEY);
+
+        if (this.doCheck(ak, sk)) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+        this.noRequestPermission(response);
+        log.error("RPC内部调用鉴权失败。request_url:{}, ak:{}, sk:{}", request.getRequestURL(), ak, sk);
+    }
+
+
+    private boolean doCheck(String ak, String sk) {
+
+        return true;
+//        return RpcRequestConstants.RPC_REQUEST_DEFAULT_AK.equals(ak) &&
+//               RpcRequestConstants.RPC_REQUEST_DEFAULT_SK.equals(sk);
+    }
+
+    @Override
+    public void destroy() {
+        Filter.super.destroy();
+    }
+
+
+    private void noRequestPermission(HttpServletResponse response) {
+        Map<String, Object> responseMap = new HashMap<>();
+        response.setCharacterEncoding("UTF-8"); // 设置字符编码为 UTF-8
+        response.setContentType("application/json;charset=UTF-8"); // 设置内容类型和字符编码
+        responseMap.put("code", BaseErrCodeEnum.RPC_REQUEST_UN_PERMISSION.getCode());
+        responseMap.put("message", BaseErrCodeEnum.RPC_REQUEST_UN_PERMISSION.getMessage());
+        try {
+            response.getWriter().println(JsonUtil.toJsonString(responseMap));
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

webchat-remote/src/main/java/com/webchat/rmi/interceptor/RpcRequestInterceptor.java

@@ -0,0 +1,15 @@
+package com.webchat.rmi.interceptor;
+
+import com.webchat.common.constants.RpcRequestConstants;
+import feign.RequestInterceptor;
+import feign.RequestTemplate;
+
+
+public class RpcRequestInterceptor implements RequestInterceptor {
+
+    @Override
+    public void apply(RequestTemplate requestTemplate) {
+        requestTemplate.header(RpcRequestConstants.RPC_REQUEST_ACCESS_KEY, RpcRequestConstants.RPC_REQUEST_DEFAULT_AK);
+        requestTemplate.header(RpcRequestConstants.RPC_REQUEST_SECRET_KEY, RpcRequestConstants.RPC_REQUEST_DEFAULT_SK);
+    }
+}

webchat-remote/src/main/java/com/webchat/rmi/pay/PaymentApiServiceClient.java

@@ -3,6 +3,7 @@ package com.webchat.rmi.pay;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.dto.payment.PaymentOrderCreateDTO;
 import com.webchat.domain.dto.payment.PaymentTransRequestDTO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -12,7 +13,9 @@ import org.springframework.web.bind.annotation.RequestHeader;
 
 import java.math.BigDecimal;
 
-@FeignClient(name = "webchat-pay-service", contextId = "paymentApiServiceClient")
+@FeignClient(name = "webchat-pay-service",
+             contextId = "paymentApiServiceClient",
+             configuration = RpcRequestInterceptor.class)
 public interface PaymentApiServiceClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/pay/PaymentAppServiceClient.java

@@ -5,6 +5,7 @@ import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.payment.CreateAppRequestVO;
 import com.webchat.domain.vo.response.payment.AppBaseResponseVO;
 import com.webchat.domain.vo.response.payment.CreateAppResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -12,7 +13,9 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestParam;
 
-@FeignClient(name = "webchat-pay-service", contextId = "paymentAppServiceClient")
+@FeignClient(name = "webchat-pay-service",
+        contextId = "paymentAppServiceClient",
+        configuration = RpcRequestInterceptor.class)
 public interface PaymentAppServiceClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/pay/PaymentWalletServiceClient.java

@@ -4,6 +4,7 @@ import com.webchat.common.bean.APIPageResponseBean;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.common.config.annotation.ValidatePermission;
 import com.webchat.domain.vo.response.UserWalletDetailResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -12,7 +13,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import java.math.BigDecimal;
 
-@FeignClient(name = "webchat-pay-service", contextId = "paymentWalletServiceClient")
+@FeignClient(name = "webchat-pay-service",
+             contextId = "paymentWalletServiceClient",
+             configuration = RpcRequestInterceptor.class)
 public interface PaymentWalletServiceClient {
 
     @GetMapping("/pay-service/wallet/balance/{userId}")

webchat-remote/src/main/java/com/webchat/rmi/pgc/MessageCardTemplateClient.java

@@ -3,6 +3,7 @@ package com.webchat.rmi.pgc;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.MessageCardTemplateRequestVO;
 import com.webchat.domain.vo.response.MessageCardTemplateResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -10,7 +11,9 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
 
-@FeignClient(name = "webchat-pgc-service", contextId = "messageCardTemplateClient")
+@FeignClient(name = "webchat-pgc-service",
+        contextId = "messageCardTemplateClient",
+        configuration = RpcRequestInterceptor.class)
 public interface MessageCardTemplateClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/pgc/OfficialArticleClient.java

@@ -4,6 +4,7 @@ import com.webchat.common.bean.APIPageResponseBean;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.publicaccount.SaveArticleRequestVO;
 import com.webchat.domain.vo.response.publicaccount.ArticleBaseResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -15,7 +16,9 @@ import java.util.List;
 import java.util.Map;
 
 
-@FeignClient(name = "webchat-pgc-service")
+@FeignClient(name = "webchat-pgc-service",
+        contextId = "officialArticleClient",
+        configuration = RpcRequestInterceptor.class)
 public interface OfficialArticleClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/search/SearchEngineClient.java

@@ -1,11 +1,14 @@
 package com.webchat.rmi.search;
 
 import com.webchat.common.bean.APIPageResponseBean;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
-@FeignClient(name = "webchat-search-service")
+@FeignClient(name = "webchat-search-service",
+        contextId = "searchEngineClient",
+        configuration = RpcRequestInterceptor.class)
 public interface SearchEngineClient {
 
     @GetMapping("/search-service/content/query")

webchat-remote/src/main/java/com/webchat/rmi/search/VectorSearchEngineClient.java

@@ -2,13 +2,16 @@ package com.webchat.rmi.search;
 
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.search.MilvusSearchRequestVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
 
-@FeignClient(name = "webchat-search-service", contextId = "vectorSearchEngineClient")
+@FeignClient(name = "webchat-search-service",
+        contextId = "vectorSearchEngineClient",
+        configuration = RpcRequestInterceptor.class)
 public interface VectorSearchEngineClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/sso/OauthServiceClient.java

@@ -2,11 +2,14 @@ package com.webchat.rmi.sso;
 
 
 import com.webchat.common.bean.APIResponseBean;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 
-@FeignClient(name = "webchat-sso-service")
+@FeignClient(name = "webchat-sso-service",
+        contextId = "oauthServiceClient",
+        configuration = RpcRequestInterceptor.class)
 public interface OauthServiceClient {
 
     @GetMapping("/sso-service/oauth/userId/{oauthCode}")

webchat-remote/src/main/java/com/webchat/rmi/ugc/ChatMessageClient.java

@@ -6,6 +6,7 @@ import com.webchat.common.bean.APIResponseBeanUtil;
 import com.webchat.domain.vo.request.ChattingRequestVO;
 import com.webchat.domain.vo.response.chatting.ChattingListResponseVO;
 import com.webchat.domain.vo.response.mess.ChatMessageResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -18,7 +19,9 @@ import java.util.List;
 /**
  * 声明用户对话消息基础服务 客户端
  */
-@FeignClient(name = "webchat-ugc-service", contextId = "ugcChatMessageClient")
+@FeignClient(name = "webchat-ugc-service",
+        contextId = "ugcChatMessageClient",
+        configuration = RpcRequestInterceptor.class)
 public interface ChatMessageClient {
 
 

webchat-remote/src/main/java/com/webchat/rmi/ugc/MomentClient.java

@@ -3,6 +3,7 @@ package com.webchat.rmi.ugc;
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.MomentSaveOrUpdateVO;
 import com.webchat.domain.vo.response.moment.MomentDetailVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -12,7 +13,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 import java.util.List;
 
 
-@FeignClient(name = "webchat-ugc-service", contextId = "momentClient")
+@FeignClient(name = "webchat-ugc-service",
+        contextId = "momentClient",
+        configuration = RpcRequestInterceptor.class)
 public interface MomentClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/ugc/RedPacketClient.java

@@ -3,6 +3,7 @@ package com.webchat.rmi.ugc;
 
 import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.SendRedPacketRequestVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -16,7 +17,9 @@ import org.springframework.web.bind.annotation.RequestBody;
  * 回答：红包收发归属业务场景（类如商城购买商品属于商城订单/下单业务）
  * 而钱包扣除属于基础钱包交易应该由基于PAY服务支持。
  */
-@FeignClient(name = "webchat-ugc-service", contextId = "redPacketClient")
+@FeignClient(name = "webchat-ugc-service",
+        contextId = "redPacketClient",
+        configuration = RpcRequestInterceptor.class)
 public interface RedPacketClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/user/AccessApplicationServiceClient.java

@@ -5,6 +5,7 @@ import com.webchat.common.bean.APIResponseBean;
 import com.webchat.domain.vo.request.payment.CreateAppRequestVO;
 import com.webchat.domain.vo.response.payment.AppBaseResponseVO;
 import com.webchat.domain.vo.response.payment.CreateAppResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -12,7 +13,9 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestParam;
 
-@FeignClient(name = "webchat-user-service", contextId = "accessApplicationServiceClient")
+@FeignClient(name = "webchat-user-service",
+             contextId = "accessApplicationServiceClient",
+             configuration = RpcRequestInterceptor.class)
 public interface AccessApplicationServiceClient {
 
     @PostMapping("/user-service/app/check/{ak}/{sk}")

webchat-remote/src/main/java/com/webchat/rmi/user/AccountRelationClient.java

@@ -7,6 +7,7 @@ import com.webchat.domain.vo.request.CreateGroupRequestVO;
 import com.webchat.domain.vo.response.AccountRelationResponseVO;
 import com.webchat.domain.vo.response.UserBaseResponseInfoVO;
 import com.webchat.domain.vo.response.WaitConfirmUserResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -16,7 +17,7 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import java.util.List;
 
-@FeignClient(name = "webchat-user-service", contextId = "accountRelationClient")
+@FeignClient(name = "webchat-user-service", contextId = "accountRelationClient", configuration = RpcRequestInterceptor.class)
 public interface AccountRelationClient {
 
     /**

webchat-remote/src/main/java/com/webchat/rmi/user/UserServiceClient.java

@@ -7,6 +7,7 @@ import com.webchat.domain.vo.request.CreateRobotRequestVO;
 import com.webchat.domain.vo.request.UserRegistryInfoRequestVO;
 import com.webchat.domain.vo.response.UserBaseResponseInfoVO;
 import com.webchat.domain.vo.response.UserBaseResponseVO;
+import com.webchat.rmi.interceptor.RpcRequestInterceptor;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -24,7 +25,7 @@ import java.util.Set;
  * @Date 2025/1/14 00:51
  * @description
  */
-@FeignClient(name = "webchat-user-service", contextId = "userServiceClient")
+@FeignClient(name = "webchat-user-service", contextId = "userServiceClient", configuration = RpcRequestInterceptor.class)
 public interface UserServiceClient {
 
     /**

webchat-search/src/main/java/com/webchat/search/WebchatSearchApplication.java

@@ -1,6 +1,8 @@
 package com.webchat.search;
 
 import com.webchat.common.util.SpringContextUtil;
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import com.webchat.search.messagequeue.consumer.ArticleSyncRedisQueueConsumer;
 import com.webchat.search.service.voctor.ArticleMilvusService;
 import org.springframework.boot.SpringApplication;
@@ -13,6 +15,8 @@ import org.springframework.context.annotation.ComponentScan;
 @EnableDiscoveryClient
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatSearchApplication {
 
     public static void main(String[] args) {

webchat-sso/src/main/java/com/webchat/sso/WebchatSSOApplication.java

@@ -1,5 +1,7 @@
 package com.webchat.sso;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.openfeign.EnableFeignClients;
@@ -8,6 +10,8 @@ import org.springframework.context.annotation.ComponentScan;
 @ComponentScan(basePackages = "com.webchat")
 @SpringBootApplication
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatSSOApplication {
 
     public static void main(String[] args) {

webchat-ugc/src/main/java/com/webchat/ugc/WebchatUGCApplication.java

@@ -1,6 +1,8 @@
 package com.webchat.ugc;
 
 import com.webchat.common.util.SpringContextUtil;
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import com.webchat.ugc.messaegqueue.consumer.redis.MomentPublishRedisMQConsumer;
 import com.webchat.ugc.messaegqueue.consumer.redis.PersistentMessageRedisMQConsumer;
 import com.webchat.ugc.messaegqueue.consumer.redis.RefreshChattingRedisMQConsumer;
@@ -16,6 +18,8 @@ import org.springframework.context.annotation.ComponentScan;
 @EnableDiscoveryClient
 @ComponentScan("com.webchat")
 @EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatUGCApplication {
 
     public static void main(String[] args) {

webchat-user/src/main/java/com/webchat/user/WebchatUserApplication.java

@@ -1,14 +1,19 @@
 package com.webchat.user;
 
+import com.webchat.rmi.annotation.EnableRpcPermissionFilter;
+import com.webchat.rmi.annotation.EnableRpcPermissionInterceptor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Import;
 
 @SpringBootApplication
 @EnableDiscoveryClient
 @ComponentScan("com.webchat")
+@EnableFeignClients("com.webchat.rmi")
+@EnableRpcPermissionInterceptor
+@EnableRpcPermissionFilter
 public class WebchatUserApplication {
 
     public static void main(String[] args) {