1. 新增 api 绑定客户凭证进行权限校验

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/convert/ApiDefinitionConvert.java

@@ -7,6 +7,7 @@ import com.zt.plat.module.databus.controller.admin.gateway.vo.definition.*;
 import com.zt.plat.module.databus.dal.dataobject.gateway.ApiDefinitionDO;
 import com.zt.plat.module.databus.dal.dataobject.gateway.ApiStepDO;
 import com.zt.plat.module.databus.dal.dataobject.gateway.ApiTransformDO;
+import com.zt.plat.module.databus.framework.integration.gateway.domain.ApiCredentialBinding;
 import com.zt.plat.module.databus.framework.integration.gateway.domain.ApiDefinitionAggregate;
 import com.zt.plat.module.databus.framework.integration.gateway.domain.ApiFlowPublication;
 import com.zt.plat.module.databus.framework.integration.gateway.domain.ApiStepDefinition;
@@ -18,6 +19,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.List;
+import java.util.Objects;
 import java.util.stream.Collectors;
 
 @Mapper
@@ -48,6 +50,11 @@ public interface ApiDefinitionConvert {
         detail.setApiLevelTransforms(convertTransforms(aggregate.getDefinition().getId(), aggregate.getApiLevelTransforms().values()));
         detail.setSteps(convertSteps(aggregate.getSteps()));
         detail.setPublication(convert(aggregate.getPublication()));
+        detail.setCredentialBindings(convertCredentialBindings(aggregate.getCredentialBindings()));
+        detail.setCredentialIds(detail.getCredentialBindings().stream()
+            .map(ApiCredentialBindingRespVO::getCredentialId)
+            .filter(Objects::nonNull)
+            .collect(Collectors.toList()));
         return detail;
     }
 
@@ -99,6 +106,15 @@ public interface ApiDefinitionConvert {
         return publication == null ? null : BeanUtils.toBean(publication, ApiDefinitionPublicationRespVO.class);
     }
 
+    default List<ApiCredentialBindingRespVO> convertCredentialBindings(List<ApiCredentialBinding> bindings) {
+        if (CollUtil.isEmpty(bindings)) {
+            return new ArrayList<>();
+        }
+        return bindings.stream()
+                .map(binding -> BeanUtils.toBean(binding, ApiCredentialBindingRespVO.class))
+                .collect(Collectors.toList());
+    }
+
     /**
      * 转换步骤列表（DO -> SaveReqVO）
      */

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/accesslog/ApiAccessLogPageReqVO.java

@@ -47,6 +47,12 @@ public class ApiAccessLogPageReqVO extends PageParam {
     @Schema(description = "请求路径", example = "/gateway/api/user/query")
     private String requestPath;
 
+    @Schema(description = "应用标识", example = "app-portal-01")
+    private String credentialAppId;
+
+    @Schema(description = "凭证主键", example = "10086")
+    private Long credentialId;
+
     @Schema(description = "请求时间区间")
     @DateTimeFormat(pattern = FORMAT_YEAR_MONTH_DAY_HOUR_MINUTE_SECOND)
     private LocalDateTime[] requestTime;

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/accesslog/ApiAccessLogRespVO.java

@@ -33,6 +33,12 @@ public class ApiAccessLogRespVO {
     @Schema(description = "请求路径", example = "/gateway/api/user/query")
     private String requestPath;
 
+    @Schema(description = "应用标识", example = "app-portal-01")
+    private String credentialAppId;
+
+    @Schema(description = "凭证主键", example = "10086")
+    private Long credentialId;
+
     @Schema(description = "查询参数(JSON)")
     private String requestQuery;
 

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/definition/ApiCredentialBindingRespVO.java

@@ -0,0 +1,17 @@
+package com.zt.plat.module.databus.controller.admin.gateway.vo.definition;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+@Data
+public class ApiCredentialBindingRespVO {
+
+    @Schema(description = "凭证主键", example = "10086")
+    private Long credentialId;
+
+    @Schema(description = "应用标识", example = "app-portal-01")
+    private String appId;
+
+    @Schema(description = "应用名称")
+    private String appName;
+}

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/definition/ApiDefinitionDetailRespVO.java

@@ -53,6 +53,12 @@ public class ApiDefinitionDetailRespVO {
     @Schema(description = "API 级别变换列表")
     private List<ApiDefinitionTransformRespVO> apiLevelTransforms = new ArrayList<>();
 
+    @Schema(description = "授权凭证 ID 列表")
+    private List<Long> credentialIds = new ArrayList<>();
+
+    @Schema(description = "授权凭证详情列表")
+    private List<ApiCredentialBindingRespVO> credentialBindings = new ArrayList<>();
+
     @Schema(description = "步骤列表")
     private List<ApiDefinitionStepRespVO> steps = new ArrayList<>();
 

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/definition/ApiDefinitionSaveReqVO.java

@@ -46,6 +46,9 @@ public class ApiDefinitionSaveReqVO {
     @Valid
     private List<ApiDefinitionTransformSaveReqVO> apiLevelTransforms = new ArrayList<>();
 
+    @Schema(description = "授权的客户端凭证 ID 列表")
+    private List<Long> credentialIds = new ArrayList<>();
+
     @Schema(description = "步骤列表")
     @NotEmpty(message = "编排步骤不能为空")
     @Valid

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiAccessLogDO.java

@@ -52,6 +52,16 @@ public class ApiAccessLogDO extends TenantBaseDO {
      */
     private String requestPath;
 
+    /**
+     * 调用使用的应用标识
+     */
+    private String credentialAppId;
+
+    /**
+     * 调用使用的凭证主键
+     */
+    private Long credentialId;
+
     /**
      * 查询参数（JSON 字符串）
      */

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiDefinitionCredentialDO.java

@@ -0,0 +1,37 @@
+package com.zt.plat.module.databus.dal.dataobject.gateway;
+
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.KeySequence;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.zt.plat.framework.mybatis.core.dataobject.BaseDO;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * API 与客户端凭证的授权关联。
+ */
+@Data
+@TableName("databus_api_definition_credential")
+@KeySequence("databus_api_definition_credential_seq")
+@EqualsAndHashCode(callSuper = true)
+public class ApiDefinitionCredentialDO extends BaseDO {
+
+    @TableId(type = IdType.ASSIGN_ID)
+    private Long id;
+
+    /**
+     * API 主键
+     */
+    private Long apiId;
+
+    /**
+     * 客户端凭证主键
+     */
+    private Long credentialId;
+
+    /**
+     * 绑定时的应用标识冗余，便于快速校验
+     */
+    private String appId;
+}

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/mysql/gateway/ApiAccessLogMapper.java

@@ -20,6 +20,8 @@ public interface ApiAccessLogMapper extends BaseMapperX<ApiAccessLogDO> {
                 .eqIfPresent(ApiAccessLogDO::getResponseStatus, reqVO.getResponseStatus())
                 .eqIfPresent(ApiAccessLogDO::getStatus, reqVO.getStatus())
                 .likeIfPresent(ApiAccessLogDO::getClientIp, reqVO.getClientIp())
+                .eqIfPresent(ApiAccessLogDO::getCredentialAppId, reqVO.getCredentialAppId())
+                .eqIfPresent(ApiAccessLogDO::getCredentialId, reqVO.getCredentialId())
                 .eqIfPresent(ApiAccessLogDO::getTenantId, reqVO.getTenantId())
                 .likeIfPresent(ApiAccessLogDO::getRequestPath, reqVO.getRequestPath());
         if (ArrayUtil.isNotEmpty(reqVO.getRequestTime()) && reqVO.getRequestTime().length == 2) {

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/mysql/gateway/ApiDefinitionCredentialMapper.java

@@ -0,0 +1,32 @@
+package com.zt.plat.module.databus.dal.mysql.gateway;
+
+import com.zt.plat.framework.mybatis.core.mapper.BaseMapperX;
+import com.zt.plat.framework.mybatis.core.query.LambdaQueryWrapperX;
+import com.zt.plat.module.databus.dal.dataobject.gateway.ApiDefinitionCredentialDO;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.List;
+
+@Mapper
+public interface ApiDefinitionCredentialMapper extends BaseMapperX<ApiDefinitionCredentialDO> {
+
+    default List<ApiDefinitionCredentialDO> selectByApiId(Long apiId) {
+        return selectList(new LambdaQueryWrapperX<ApiDefinitionCredentialDO>()
+                .eq(ApiDefinitionCredentialDO::getApiId, apiId));
+    }
+
+    default void deleteByApiId(Long apiId) {
+        delete(new LambdaQueryWrapperX<ApiDefinitionCredentialDO>()
+                .eq(ApiDefinitionCredentialDO::getApiId, apiId));
+    }
+
+    /**
+     * 按 API 逻辑删除已有绑定，保留操作记录。
+     */
+    default void logicDeleteByApiId(Long apiId) {
+        ApiDefinitionCredentialDO entity = new ApiDefinitionCredentialDO();
+        entity.setDeleted(Boolean.TRUE);
+        update(entity, new LambdaQueryWrapperX<ApiDefinitionCredentialDO>()
+                .eq(ApiDefinitionCredentialDO::getApiId, apiId));
+    }
+}