add open api token

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/config/GlobalSecurityConfig.java

@@ -17,11 +17,17 @@
 
 package cn.hippo4j.auth.config;
 
+import java.util.stream.Stream;
+
+import javax.annotation.Resource;
+
 import cn.hippo4j.auth.constant.Constants;
 import cn.hippo4j.auth.filter.JWTAuthenticationFilter;
 import cn.hippo4j.auth.filter.JWTAuthorizationFilter;
 import cn.hippo4j.auth.security.JwtTokenManager;
+import cn.hippo4j.auth.service.ConsumerService;
 import cn.hippo4j.auth.service.impl.UserDetailsServiceImpl;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -40,9 +46,6 @@ import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import javax.annotation.Resource;
-import java.util.stream.Stream;
-
 /**
  * Global security config.
  */
@@ -60,6 +63,9 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
     @Resource
     private JwtTokenManager tokenManager;
 
+    @Resource
+    private ConsumerService consumerService;
+
     @Bean
     public UserDetailsService customUserService() {
         return new UserDetailsServiceImpl();
@@ -99,7 +105,7 @@ public class GlobalSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/doc.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs").anonymous()
                 .and()
                 .addFilter(new JWTAuthenticationFilter(authenticationManager()))
-                .addFilter(new JWTAuthorizationFilter(tokenManager, authenticationManager()))
+                .addFilter(new JWTAuthorizationFilter(tokenManager, authenticationManager(), consumerService))
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         disableAuthenticationIfNeeded(http);
         http.authorizeRequests().anyRequest().authenticated();

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/filter/JWTAuthorizationFilter.java

@@ -17,7 +17,16 @@
 
 package cn.hippo4j.auth.filter;
 
+import java.io.IOException;
+import java.util.Collections;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import cn.hippo4j.auth.security.JwtTokenManager;
+import cn.hippo4j.auth.service.ConsumerService;
 import cn.hippo4j.auth.toolkit.JwtTokenUtil;
 import cn.hippo4j.common.toolkit.JSONUtil;
 import cn.hippo4j.common.toolkit.StringUtil;
@@ -25,6 +34,7 @@ import cn.hippo4j.common.toolkit.UserContext;
 import cn.hippo4j.common.web.base.Results;
 import cn.hippo4j.common.web.exception.ServiceException;
 import lombok.extern.slf4j.Slf4j;
+
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,13 +42,6 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Collections;
-
 import static cn.hippo4j.common.constant.Constants.ACCESS_TOKEN;
 import static cn.hippo4j.common.web.exception.ErrorCodeEnum.LOGIN_TIMEOUT;
 
@@ -50,9 +53,15 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
 
     private final JwtTokenManager tokenManager;
 
-    public JWTAuthorizationFilter(JwtTokenManager tokenManager, AuthenticationManager authenticationManager) {
+    private final ConsumerService consumerService;
+
+    private final String ROLE_DEFAULT = "ROLE_ADMIN";
+
+    public JWTAuthorizationFilter(JwtTokenManager tokenManager, AuthenticationManager authenticationManager,
+                                  ConsumerService consumerService) {
         super(authenticationManager);
         this.tokenManager = tokenManager;
+        this.consumerService = consumerService;
     }
 
     @Override
@@ -110,6 +119,11 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
         if (expiration) {
             throw new ServiceException(LOGIN_TIMEOUT);
         }
+        Integer consumerId = consumerService.getConsumerId(token);
+        if (consumerId != null) {
+            return new UsernamePasswordAuthenticationToken(consumerId, null,
+                    Collections.singleton(new SimpleGrantedAuthority(ROLE_DEFAULT)));
+        }
         String username = JwtTokenUtil.getUsername(token);
         String userRole = JwtTokenUtil.getUserRole(token);
         UserContext.setUserInfo(username, userRole);

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/mapper/ConsumerMapper.java

@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.mapper;
+
+import cn.hippo4j.auth.model.ConsumerInfo;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:02
+ *@description:
+ */
+@Mapper
+public interface ConsumerMapper extends BaseMapper<ConsumerInfo> {
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/mapper/ConsumerTokenMapper.java

@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.mapper;
+
+import cn.hippo4j.auth.model.ConsumerTokenInfo;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:02
+ *@description:
+ */
+@Mapper
+public interface ConsumerTokenMapper extends BaseMapper<ConsumerTokenInfo> {
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/ConsumerInfo.java

@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.model;
+
+import java.time.LocalDateTime;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 12:58
+ *@description:
+ */
+@Data
+@TableName("consumer")
+public class ConsumerInfo {
+
+    /**
+     * 自增id
+     */
+    @TableId(type = IdType.AUTO)
+    private Integer id;
+
+    /**
+     * appid
+     */
+    private String appId;
+
+    /**
+     * 应用名
+     */
+    private String name;
+
+    /**
+     * 1: deleted， 0: normal
+     */
+    private String isDeleted;
+
+    /**
+     * 创建时间
+     */
+    private LocalDateTime createTime;
+
+    /**
+     * 修改时间
+     */
+    private LocalDateTime updateTime;
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/ConsumerTokenInfo.java

@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.model;
+
+import java.time.LocalDateTime;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.Data;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:00
+ *@description:
+ */
+@Data
+@TableName("consumer_token")
+public class ConsumerTokenInfo {
+
+    @TableId(type = IdType.AUTO)
+    /**
+     * 自增id
+     */
+    private Integer id;
+
+    /**
+     * 消费者id
+     */
+    private Integer consumerId;
+
+    /**
+     * token
+     */
+    private String token;
+
+    /**
+     * token失效时间
+     */
+    private LocalDateTime expires;
+
+    /**
+     * 1: deleted， 0: normal
+     */
+    private int isDeleted;
+
+    /**
+     * 创建时间
+     */
+    private LocalDateTime createTime;
+
+    /**
+     * 修改时间
+     */
+    private LocalDateTime updateTime;
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/model/biz/conmuser/ConsumerDTO.java

@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.model.biz.conmuser;
+
+import com.sun.istack.NotNull;
+import lombok.Data;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:12
+ *@description:
+ */
+@Data
+public class ConsumerDTO {
+
+    /**
+     * appid
+     */
+    @NotNull
+    private String appId;
+
+    /**
+     * 应用名
+     */
+    @NotNull
+    private String name;
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/security/JwtTokenManager.java

@@ -17,10 +17,14 @@
 
 package cn.hippo4j.auth.security;
 
+import java.util.Date;
+import java.util.List;
+
 import cn.hippo4j.common.toolkit.StringUtil;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -28,9 +32,6 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
 
-import java.util.Date;
-import java.util.List;
-
 import static cn.hippo4j.auth.constant.Constants.TOKEN_VALIDITY_IN_SECONDS;
 import static cn.hippo4j.auth.toolkit.JwtTokenUtil.SECRET;
 import static cn.hippo4j.common.constant.Constants.AUTHORITIES_KEY;
@@ -45,6 +46,10 @@ public class JwtTokenManager {
         long now = System.currentTimeMillis();
         Date validity;
         validity = new Date(now + TOKEN_VALIDITY_IN_SECONDS * 1000L);
+        return createToken(userName, validity);
+    }
+
+    public String createToken(String userName, Date validity) {
         Claims claims = Jwts.claims().setSubject(userName);
         return Jwts.builder().setClaims(claims).setExpiration(validity)
                 .signWith(SignatureAlgorithm.HS512, SECRET).compact();

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/ConsumerService.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.service;
+
+import cn.hippo4j.auth.model.ConsumerInfo;
+import cn.hippo4j.auth.model.ConsumerTokenInfo;
+import cn.hippo4j.auth.model.biz.conmuser.ConsumerDTO;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:10
+ *@description:
+ */
+public interface ConsumerService {
+
+    ConsumerInfo createConsumer(ConsumerDTO consumerDTO);
+
+    ConsumerTokenInfo generateAndSaveConsumerToken(ConsumerInfo consumer);
+
+    Integer getConsumerId(String tokenHeader);
+}

hippo4j-server/hippo4j-auth/src/main/java/cn/hippo4j/auth/service/impl/ConsumerServiceImpl.java

@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.auth.service.impl;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import cn.hippo4j.auth.mapper.ConsumerMapper;
+import cn.hippo4j.auth.mapper.ConsumerTokenMapper;
+import cn.hippo4j.auth.model.ConsumerDO;
+import cn.hippo4j.auth.model.ConsumerInfo;
+import cn.hippo4j.auth.model.ConsumerTokenInfo;
+import cn.hippo4j.auth.model.biz.conmuser.ConsumerDTO;
+import cn.hippo4j.auth.security.JwtTokenManager;
+import cn.hippo4j.auth.service.ConsumerService;
+import cn.hippo4j.common.toolkit.StringUtil;
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.stereotype.Service;
+import org.springframework.util.ObjectUtils;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:10
+ *@description:
+ */
+@Service
+@RequiredArgsConstructor
+public class ConsumerServiceImpl implements ConsumerService {
+
+    private static final Date DEFAULT_EXPIRES = new GregorianCalendar(2099, Calendar.JANUARY, 1).getTime();
+
+    private final ConsumerMapper consumerMapper;
+
+    private final ConsumerTokenMapper consumerTokenMapper;
+
+    private final JwtTokenManager jwtTokenManager;
+
+    @Override
+    public ConsumerInfo createConsumer(ConsumerDTO consumerDTO) {
+        ConsumerInfo consumerDO = new ConsumerInfo();
+        consumerDO.setAppId(consumerDTO.getAppId());
+        consumerDO.setName(consumerDTO.getName());
+        consumerMapper.insert(consumerDO);
+        return consumerDO;
+
+    }
+
+    @Override
+    public ConsumerTokenInfo generateAndSaveConsumerToken(ConsumerInfo consumer) {
+        String token = jwtTokenManager.createToken(consumer.getName(), DEFAULT_EXPIRES);
+        ConsumerTokenInfo consumerTokenDO = new ConsumerTokenInfo();
+        consumerTokenDO.setConsumerId(consumer.getId());
+        consumerTokenDO.setToken(token);
+        consumerTokenMapper.insert(consumerTokenDO);
+        return consumerTokenDO;
+    }
+
+    @Override
+    public Integer getConsumerId(String tokenHeader) {
+        if (StringUtil.isEmpty(tokenHeader)) {
+            return null;
+        }
+        LambdaUpdateWrapper<ConsumerTokenInfo> wrapper = Wrappers.lambdaUpdate();
+        wrapper.eq(ConsumerTokenInfo::getToken, tokenHeader);
+        ConsumerTokenInfo consumerTokenDO = consumerTokenMapper.selectOne(wrapper);
+
+        return ObjectUtils.isEmpty(consumerTokenDO) ? null : consumerTokenDO.getConsumerId();
+    }
+}

hippo4j-server/hippo4j-bootstrap/src/main/resources/application.properties

@@ -37,7 +37,7 @@ hippo4j.database.init_script=sql-script/mysql/hippo4j_manager.sql
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.datasource.url=jdbc:mysql://localhost:3306/hippo4j_manager?characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true&serverTimezone=GMT%2B8
 spring.datasource.username=root
-spring.datasource.password=root
+spring.datasource.password=123456
 
 ### Hikari Datasource
 spring.datasource.hikari.pool-name=Hikari

hippo4j-server/hippo4j-bootstrap/src/main/resources/sql-script/h2/hippo4j_manager.sql

@@ -162,6 +162,32 @@ CREATE TABLE IF NOT EXISTS `his_config_verify` (
     PRIMARY KEY (`id`)
 );
 
+CREATE TABLE IF NOT EXISTS  `consumer` (
+    `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+    `app_id` varchar(500) NOT NULL DEFAULT 'default' COMMENT 'AppID',
+    `name` varchar(500) NOT NULL DEFAULT 'default' COMMENT '应用名',
+    `is_deleted` bit(1) NOT NULL DEFAULT b'0' COMMENT '1: deleted, 0: normal',
+    `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+    `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `UK_AppId_DeletedAt` (`app_id`))
+    ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='开放API消费者';
+
+CREATE TABLE IF NOT EXISTS `consumer_token` (
+    `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+    `consumer_id` int(11) unsigned DEFAULT NULL COMMENT '消费者id',
+    `token` varchar(256) NOT NULL DEFAULT '' COMMENT 'token',
+    `expires` datetime NOT NULL DEFAULT '2099-01-01 00:00:00' COMMENT 'token失效时间',
+    `is_deleted` bit(1) NOT NULL DEFAULT b'0' COMMENT '1: deleted, 0: normal',
+    `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+    `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
+    PRIMARY KEY (`Id`),
+    UNIQUE KEY `UK_Token_DeletedAt` (`Token`)
+    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='consumer token表';
+
+
+
+
 INSERT IGNORE INTO `tenant` (`id`, `tenant_id`, `tenant_name`, `tenant_desc`, `owner`, `gmt_create`, `gmt_modified`, `del_flag`) VALUES ('1', 'prescription', '处方组', '负责维护处方服务, 包括不限于电子处方等业务', '谢良辰', '2021-10-24 13:42:11', '2021-10-24 13:42:11', '0');
 
 INSERT IGNORE INTO `item` (`id`, `tenant_id`, `item_id`, `item_name`, `item_desc`, `owner`, `gmt_create`, `gmt_modified`, `del_flag`) VALUES ('1', 'prescription', 'dynamic-threadpool-example', '动态线程池示例项目', '动态线程池示例项目，对应 Hippo 项目的 example 模块', '马称', '2021-10-24 16:11:00', '2021-10-24 16:11:00', '0');

hippo4j-server/hippo4j-bootstrap/src/main/resources/sql-script/mysql/hippo4j_manager.sql

@@ -219,6 +219,30 @@ CREATE TABLE IF NOT EXISTS `his_config_verify`  (
     PRIMARY KEY (`id`) USING BTREE
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COMMENT='参数变更审核记录表';
 
+CREATE TABLE IF NOT EXISTS  `consumer` (
+    `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+    `app_id` varchar(500) NOT NULL DEFAULT 'default' COMMENT 'AppID',
+    `name` varchar(500) NOT NULL DEFAULT 'default' COMMENT '应用名',
+    `is_deleted` bit(1) NOT NULL DEFAULT b'0' COMMENT '1: deleted, 0: normal',
+    `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+    `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
+    PRIMARY KEY (`id`),
+    UNIQUE KEY `UK_AppId_DeletedAt` (`app_id`))
+    ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='开放API消费者';
+
+CREATE TABLE IF NOT EXISTS `consumer_token` (
+    `Id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT '自增Id',
+    `consumer_id` int(11) unsigned DEFAULT NULL COMMENT '消费者id',
+    `token` varchar(256) NOT NULL DEFAULT '' COMMENT 'token',
+    `expires` datetime NOT NULL DEFAULT '2099-01-01 00:00:00' COMMENT 'token失效时间',
+    `is_deleted` bit(1) NOT NULL DEFAULT b'0' COMMENT '1: deleted, 0: normal',
+    `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
+    `update_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
+    PRIMARY KEY (`Id`),
+    UNIQUE KEY `UK_Token_DeletedAt` (`Token`)
+    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='consumer token表';
+
+
 /* Init SQL */
 INSERT IGNORE INTO `tenant` (`id`, `tenant_id`, `tenant_name`, `tenant_desc`, `owner`, `gmt_create`, `gmt_modified`, `del_flag`) VALUES ('1', 'prescription', '处方组', '负责维护处方服务, 包括不限于电子处方等业务', '谢良辰', '2021-10-24 13:42:11', '2021-10-24 13:42:11', '0');
 

hippo4j-server/hippo4j-config/src/main/java/cn/hippo4j/config/service/LongPollingService.java

@@ -109,7 +109,7 @@ public class LongPollingService {
         @Override
         public void run() {
             try {
-                for (Iterator<ClientLongPolling> iter = allSubs.iterator(); iter.hasNext(); ) {
+                for (Iterator<ClientLongPolling> iter = allSubs.iterator(); iter.hasNext();) {
                     ClientLongPolling clientSub = iter.next();
                     String identity = groupKey + GROUP_KEY_DELIMITER + identify;
                     List<String> parseMapForFilter = CollectionUtil.newArrayList(identity);

hippo4j-server/hippo4j-console/src/main/java/cn/hippo4j/console/controller/ConsumerController.java

@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.hippo4j.console.controller;
+
+import javax.validation.Valid;
+
+import cn.hippo4j.auth.model.ConsumerInfo;
+import cn.hippo4j.auth.model.ConsumerTokenInfo;
+import cn.hippo4j.auth.model.biz.conmuser.ConsumerDTO;
+import cn.hippo4j.auth.service.ConsumerService;
+import cn.hippo4j.common.web.base.Result;
+import cn.hippo4j.common.web.base.Results;
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ *@author : wh
+ *@date : 2022/10/29 13:04
+ *@description:
+ */
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/consumer")
+public class ConsumerController {
+
+    private final ConsumerService consumerService;
+
+    /**
+     * create consumer and token
+     * @param consumerDTO
+     * @return
+     */
+    @PostMapping()
+    @Transactional(rollbackFor = Exception.class)
+    public Result<ConsumerTokenInfo> createConsumer(@Valid @RequestBody ConsumerDTO consumerDTO) {
+        ConsumerInfo consumer = consumerService.createConsumer(consumerDTO);
+        ConsumerTokenInfo consumerTokenDO = consumerService.generateAndSaveConsumerToken(consumer);
+        return Results.success(consumerTokenDO);
+
+    }
+}