From 2283f707977c2a9224216ba3ce61b1f163c0834a Mon Sep 17 00:00:00 2001
From: hLinx <327159425@qq.com>
Date: Wed, 19 Jul 2023 16:47:19 +0800
Subject: [PATCH 1/9] =?UTF-8?q?feature:=20=E8=93=9D=E9=B2=B8=E7=BB=9F?=
 =?UTF-8?q?=E4=B8=80=E7=99=BB=E5=BD=95=E6=94=B9=E9=80=A0=E2=80=94=E2=80=94?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=99=90=E5=88=B6=E9=9D=9E=E8=85=BE=E8=AE=AF?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=E6=96=B9=E6=A1=88=20#2247?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/frontend/src/common/bkmagic.js            | 14 +++++++++
 .../src/utils/request/middleware/response.js  | 26 ++++++++++------
 src/frontend/src/views/system-permission.vue  | 30 +++++++++++++++++++
 3 files changed, 61 insertions(+), 9 deletions(-)
 create mode 100644 src/frontend/src/views/system-permission.vue

diff --git a/src/frontend/src/common/bkmagic.js b/src/frontend/src/common/bkmagic.js
index b038dcd7d6..f63dcac5aa 100644
--- a/src/frontend/src/common/bkmagic.js
+++ b/src/frontend/src/common/bkmagic.js
@@ -29,6 +29,8 @@ import {
   parseURL,
 } from '@utils/assist';
 
+import SystemPermission from '@views/system-permission.vue';
+
 import ApplyPermissionDialog from '@components/apply-permission/apply-dialog';
 
 import PassLogin from '@blueking/paas-login';
@@ -138,6 +140,18 @@ export const permissionDialog = (authParams = {}, authResult = {}) => {
   });
 };
 
+let systemPermissionInstance;
+export const systemPermission = (message) => {
+  if (!systemPermissionInstance) {
+    systemPermissionInstance = new Vue(SystemPermission).$mount();
+    systemPermissionInstance.message = message;
+    console.dir(systemPermissionInstance.$el);
+    systemPermissionInstance.$nextTick(() => {
+      document.body.innerHTML = systemPermissionInstance.$el.outerHTML;
+    });
+  }
+};
+
 Vue.prototype.messageError = messageError;
 Vue.prototype.messageSuccess = messageSuccess;
 Vue.prototype.messageInfo = messageInfo;
diff --git a/src/frontend/src/utils/request/middleware/response.js b/src/frontend/src/utils/request/middleware/response.js
index 18f5cc08d1..3495c018fb 100644
--- a/src/frontend/src/utils/request/middleware/response.js
+++ b/src/frontend/src/utils/request/middleware/response.js
@@ -31,6 +31,7 @@ import {
   loginDialog,
   messageError,
   permissionDialog,
+  systemPermission,
 } from '@/common/bkmagic';
 
 import RequestError from '../lib/request-error';
@@ -67,7 +68,7 @@ export default (interceptors) => {
     if (error.response) {
       // 登录状态失效
       if (error.response.status === 401
-                && error.response.headers['x-login-url']) {
+        && error.response.headers['x-login-url']) {
         return Promise.reject(new RequestError(401, error.response.headers['x-login-url']));
       }
       // 默认使用 http 错误描述，
@@ -98,19 +99,26 @@ export default (interceptors) => {
         break;
         // 没权限
       case 403: {
-        const requestPayload = error.response.config.payload;
-        const authResult = new AuthResultModel(error.response.data.authResult || {});
+        // 系统访问权限
+        if (error.response.data.code === 1302403) {
+          systemPermission(error.response.data.data);
+        } else {
+          // 资源访问权限
+          const requestPayload = error.response.config.payload;
+          const authResult = new AuthResultModel(error.response.data.authResult || {});
 
-        if (requestPayload.permission === 'page') {
+          if (requestPayload.permission === 'page') {
           // 配合 jb-router-view（@components/jb-router-view）全局展示没权限提示
-          EventBus.$emit('permission-page', authResult);
-        } else if (requestPayload.permission === 'catch') {
+            EventBus.$emit('permission-page', authResult);
+          } else if (requestPayload.permission === 'catch') {
           // 配合 apply-section （@components/apply-permission/apply-section）使用，局部展示没权限提示
-          EventBus.$emit('permission-catch', authResult);
-        } else {
+            EventBus.$emit('permission-catch', authResult);
+          } else {
           // 弹框展示没权限提示
-          permissionDialog('', authResult);
+            permissionDialog('', authResult);
+          }
         }
+
         break;
       }
       case 'CANCEL':
diff --git a/src/frontend/src/views/system-permission.vue b/src/frontend/src/views/system-permission.vue
new file mode 100644
index 0000000000..96e611fc73
--- /dev/null
+++ b/src/frontend/src/views/system-permission.vue
@@ -0,0 +1,30 @@
+<template>
+  <div class="system-permission">
+    <bk-exception type="403">
+      <span>无该应用的访问权限</span>
+      <div class="text-subtitle">
+        请联系 {{ message }} 开通
+      </div>
+    </bk-exception>
+  </div>
+</template>
+<script setup>
+  defineProps({
+    message: String,
+  });
+</script>
+<style lang="postcss">
+.system-permission{
+  display: flex;
+  justify-content: center;
+  padding-top: 200px;
+
+  .text-subtitle{
+    margin-top: 14px;
+    font-size: 14px;
+    color: #979ba5;
+    text-align: center;
+  }
+}
+</style>
+

From 8ef17888a62322e139f0050c152f3fc788c4816c Mon Sep 17 00:00:00 2001
From: jsonwan <jsonwan@tencent.com>
Date: Wed, 19 Jul 2023 16:48:48 +0800
Subject: [PATCH 2/9] =?UTF-8?q?feature:=20=E6=94=AF=E6=8C=81=E8=93=9D?=
 =?UTF-8?q?=E9=B2=B8=E5=BA=94=E7=94=A8=E7=BA=A7=E5=88=AB=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6=E8=B7=B3=E8=BD=AC=20#2238?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../i18n/exception/message.properties         |  1 +
 .../i18n/exception/message_en.properties      |  1 +
 .../i18n/exception/message_en_US.properties   |  1 +
 .../i18n/exception/message_zh.properties      |  1 +
 .../i18n/exception/message_zh_CN.properties   |  1 +
 .../bk/job/common/constant/ErrorCode.java     |  2 +
 .../tencent/bk/job/common/model/Response.java |  2 +-
 .../common/esb/sdk/AbstractEsbSdkClient.java  |  8 +++
 .../AppPermissionDeniedException.java         | 51 +++++++++++++++++++
 .../job/common/paas/login/EELoginClient.java  | 28 +++++++++-
 .../web/AuthorizeGatewayFilterFactory.java    | 40 ++++++++++++---
 11 files changed, 127 insertions(+), 9 deletions(-)
 create mode 100644 src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/exception/AppPermissionDeniedException.java

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties
index cdda51fd51..fc398b3245 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties
@@ -216,6 +216,7 @@
 
 ##业务错误-用户服务、登录服务
 1247001=用户不存在或者未登录
+1247403=无该应用访问权限
 
 
 
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
index a63ebdb2e7..797de2d341 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
@@ -216,6 +216,7 @@
 
 ## Business error - User/Login
 1247001=User does not exist or is not logged in
+1247403=Do not have access permission for the current application
 
 ## Business error - Backup
 1249001=Fail to get node info from artifactory
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
index a63ebdb2e7..797de2d341 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
@@ -216,6 +216,7 @@
 
 ## Business error - User/Login
 1247001=User does not exist or is not logged in
+1247403=Do not have access permission for the current application
 
 ## Business error - Backup
 1249001=Fail to get node info from artifactory
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties
index cdda51fd51..fc398b3245 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties
@@ -216,6 +216,7 @@
 
 ##业务错误-用户服务、登录服务
 1247001=用户不存在或者未登录
+1247403=无该应用访问权限
 
 
 
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties
index cdda51fd51..fc398b3245 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties
@@ -216,6 +216,7 @@
 
 ##业务错误-用户服务、登录服务
 1247001=用户不存在或者未登录
+1247403=无该应用访问权限
 
 
 
diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java
index 0f24a926b6..309a397bc4 100644
--- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java
+++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java
@@ -273,6 +273,8 @@ public class ErrorCode {
     // 用户服务 start
     // 用户不存在或者未登录
     public static final int USER_NOT_EXIST_OR_NOT_LOGIN_IN = 1247001;
+    // 用户认证成功，但用户无应用访问权限
+    public static final int USER_ACCESS_APP_FORBIDDEN = 1247403;
     // 用户服务 end
 
     // 业务网关 start
diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/Response.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/Response.java
index fae8eed059..e41359abd2 100644
--- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/Response.java
+++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/Response.java
@@ -58,7 +58,7 @@ public class Response<T> {
     @ApiModelProperty("错误信息")
     private String errorMsg;
 
-    @ApiModelProperty("请求成功返回的数据")
+    @ApiModelProperty("请求成功/失败返回的数据")
     private T data;
 
     @ApiModelProperty("请求 ID")
diff --git a/src/backend/commons/esb-sdk/src/main/java/com/tencent/bk/job/common/esb/sdk/AbstractEsbSdkClient.java b/src/backend/commons/esb-sdk/src/main/java/com/tencent/bk/job/common/esb/sdk/AbstractEsbSdkClient.java
index cf1c6c6a00..d960721b41 100644
--- a/src/backend/commons/esb-sdk/src/main/java/com/tencent/bk/job/common/esb/sdk/AbstractEsbSdkClient.java
+++ b/src/backend/commons/esb-sdk/src/main/java/com/tencent/bk/job/common/esb/sdk/AbstractEsbSdkClient.java
@@ -48,6 +48,10 @@
  * ESB API 调用基础实现
  */
 public abstract class AbstractEsbSdkClient {
+
+    // 请求成功
+    protected static final Integer ESB_CODE_OK = 0;
+
     private final Logger log = LoggerFactory.getLogger(this.getClass());
 
     private static final JsonMapper JSON_MAPPER = JsonMapper.nonDefaultMapper();
@@ -150,6 +154,10 @@ private <R> void requestEsbApi(BkApiContext<? extends EsbReq, R> apiContext,
             }
 
             esbResp = JSON_MAPPER.fromJson(respStr, typeReference);
+            if (esbResp == null) {
+                log.warn("[AbstractEsbSdkClient] warn:esbResp is null after JSON parse, respStr={}", respStr);
+                throw new InternalException("Esb api resp unexpected, fail to parse json data", ErrorCode.API_ERROR);
+            }
             apiContext.setResp(esbResp);
             if (!esbResp.getResult()) {
                 log.warn(
diff --git a/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/exception/AppPermissionDeniedException.java b/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/exception/AppPermissionDeniedException.java
new file mode 100644
index 0000000000..ba74d68d28
--- /dev/null
+++ b/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/exception/AppPermissionDeniedException.java
@@ -0,0 +1,51 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+package com.tencent.bk.job.common.paas.exception;
+
+import com.tencent.bk.job.common.constant.ErrorCode;
+import com.tencent.bk.job.common.exception.ServiceException;
+import com.tencent.bk.job.common.model.error.ErrorType;
+import lombok.Getter;
+import lombok.ToString;
+
+/**
+ * 应用权限不足异常
+ */
+@Getter
+@ToString
+public class AppPermissionDeniedException extends ServiceException {
+
+    // 源于用户管理接口：进一步的操作提示
+    private final String message;
+
+    public AppPermissionDeniedException(String message) {
+        super(ErrorType.PERMISSION_DENIED, ErrorCode.USER_ACCESS_APP_FORBIDDEN);
+        this.message = message;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+}
diff --git a/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/EELoginClient.java b/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/EELoginClient.java
index 4c55d2f528..f7e6979fd3 100644
--- a/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/EELoginClient.java
+++ b/src/backend/commons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/EELoginClient.java
@@ -32,6 +32,7 @@
 import com.tencent.bk.job.common.exception.InternalUserManageException;
 import com.tencent.bk.job.common.metrics.CommonMetricNames;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
+import com.tencent.bk.job.common.paas.exception.AppPermissionDeniedException;
 import com.tencent.bk.job.common.paas.model.EsbUserDto;
 import com.tencent.bk.job.common.util.http.HttpMetricUtil;
 import io.micrometer.core.instrument.Tag;
@@ -40,6 +41,14 @@
 
 @Slf4j
 public class EELoginClient extends AbstractEsbSdkClient implements ILoginClient {
+
+    // 用户认证失败，即用户登录态无效
+    private static final Integer ESB_CODE_USER_NOT_LOGIN = 1302100;
+    // 用户不存在
+    private static final Integer ESB_CODE_USER_NOT_EXIST = 1302103;
+    // 用户认证成功，但用户无应用访问权限
+    private static final Integer ESB_CODE_USER_NO_APP_PERMISSION = 1302403;
+
     private static final String API_GET_USER_INFO = "/api/c/compapi/v2/bk_login/get_user/";
 
     public EELoginClient(String esbHostUrl, String appCode, String appSecret, String lang, boolean useEsbTestEnv) {
@@ -81,7 +90,13 @@ private BkUserDTO getUserInfo(EsbReq esbReq) {
                 new TypeReference<EsbResp<EsbUserDto>>() {
                 }
             );
-            return convertToBkUserDTO(esbResp.getData());
+            Integer code = esbResp.getCode();
+            if (ESB_CODE_OK.equals(code)) {
+                return convertToBkUserDTO(esbResp.getData());
+            } else {
+                handleNotOkResp(esbResp);
+                return null;
+            }
         } catch (Exception e) {
             String errorMsg = "Get " + API_GET_USER_INFO + " error";
             log.error(errorMsg, e);
@@ -91,6 +106,17 @@ private BkUserDTO getUserInfo(EsbReq esbReq) {
         }
     }
 
+    private void handleNotOkResp(EsbResp<EsbUserDto> esbResp) {
+        Integer code = esbResp.getCode();
+        if (ESB_CODE_USER_NO_APP_PERMISSION.equals(code)) {
+            throw new AppPermissionDeniedException(esbResp.getMessage());
+        } else if (ESB_CODE_USER_NOT_LOGIN.equals(code)) {
+            log.info("User not login, esbResp.code={}, esbResp.message={}", esbResp.getCode(), esbResp.getMessage());
+        } else if (ESB_CODE_USER_NOT_EXIST.equals(code)) {
+            log.info("User not exist, esbResp.code={}, esbResp.message={}", esbResp.getCode(), esbResp.getMessage());
+        }
+    }
+
     private BkUserDTO convertToBkUserDTO(EsbUserDto esbUserDto) {
         BkUserDTO bkUserDTO = new BkUserDTO();
         bkUserDTO.setUsername(esbUserDto.getUsername());
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
index faf7edff43..d788830aab 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
@@ -24,8 +24,12 @@
 
 package com.tencent.bk.job.gateway.filter.web;
 
+import com.tencent.bk.job.common.constant.ErrorCode;
+import com.tencent.bk.job.common.model.Response;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
+import com.tencent.bk.job.common.paas.exception.AppPermissionDeniedException;
 import com.tencent.bk.job.common.util.RequestUtil;
+import com.tencent.bk.job.common.util.json.JsonUtils;
 import com.tencent.bk.job.gateway.config.LoginExemptionConfig;
 import com.tencent.bk.job.gateway.web.service.LoginService;
 import lombok.extern.slf4j.Slf4j;
@@ -33,12 +37,15 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
+import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
+import reactor.core.publisher.Mono;
 
+import java.nio.charset.StandardCharsets;
 import java.util.List;
 
 /**
@@ -87,13 +94,11 @@ private GatewayFilter getLoginFilter() {
                 response.getHeaders().add("x-login-url", loginService.getLoginRedirectUrl());
                 return response.setComplete();
             }
-            BkUserDTO user = null;
-            // 遍历所有传入token找出当前环境的
-            for (String bkToken : bkTokenList) {
-                user = loginService.getUser(bkToken);
-                if (user != null) {
-                    break;
-                }
+            BkUserDTO user;
+            try {
+                user = getUserByTokenList(bkTokenList);
+            } catch (AppPermissionDeniedException e) {
+                return getUserAccessAppForbiddenResp(response, e.getMessage());
             }
             if (user == null) {
                 log.warn("Invalid user token");
@@ -108,6 +113,27 @@ private GatewayFilter getLoginFilter() {
         };
     }
 
+    private Mono<Void> getUserAccessAppForbiddenResp(ServerHttpResponse response, String data) {
+        Response<?> resp = new Response<>(ErrorCode.USER_ACCESS_APP_FORBIDDEN, data);
+        response.setStatusCode(HttpStatus.FORBIDDEN);
+        String body = JsonUtils.toJson(resp);
+        DataBuffer dataBuffer = response.bufferFactory().wrap(body.getBytes(StandardCharsets.UTF_8));
+        response.getHeaders().setContentLength(body.length());
+        response.writeWith(Mono.just(dataBuffer)).subscribe();
+        return response.setComplete();
+    }
+
+    private BkUserDTO getUserByTokenList(List<String> bkTokenList) {
+        // 遍历所有传入token找出当前环境的
+        for (String bkToken : bkTokenList) {
+            BkUserDTO user = loginService.getUser(bkToken);
+            if (user != null) {
+                return user;
+            }
+        }
+        return null;
+    }
+
     @Override
     public GatewayFilter apply(Config config) {
         if (loginExemptionConfig.isEnableLoginExemption()) {

From c3aed86054f8c49f42e86861c9046134d61c3151 Mon Sep 17 00:00:00 2001
From: hLinx <327159425@qq.com>
Date: Thu, 20 Jul 2023 10:23:53 +0800
Subject: [PATCH 3/9] =?UTF-8?q?feature:=20=E8=93=9D=E9=B2=B8=E7=BB=9F?=
 =?UTF-8?q?=E4=B8=80=E7=99=BB=E5=BD=95=E6=94=B9=E9=80=A0=E2=80=94=E2=80=94?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=99=90=E5=88=B6=E9=9D=9E=E8=85=BE=E8=AE=AF?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=E6=96=B9=E6=A1=88=20#2247?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/frontend/src/common/bkmagic.js                    | 10 +++++++---
 src/frontend/src/i18n/local.js                        |  1 +
 src/frontend/src/utils/request/middleware/response.js |  2 +-
 src/frontend/src/views/system-permission.vue          |  8 ++++++--
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/frontend/src/common/bkmagic.js b/src/frontend/src/common/bkmagic.js
index f63dcac5aa..c07ed472da 100644
--- a/src/frontend/src/common/bkmagic.js
+++ b/src/frontend/src/common/bkmagic.js
@@ -35,6 +35,8 @@ import ApplyPermissionDialog from '@components/apply-permission/apply-dialog';
 
 import PassLogin from '@blueking/paas-login';
 
+import i18n from '@/i18n';
+
 // 全量引入
 import './fully-import';
 
@@ -143,9 +145,11 @@ export const permissionDialog = (authParams = {}, authResult = {}) => {
 let systemPermissionInstance;
 export const systemPermission = (message) => {
   if (!systemPermissionInstance) {
-    systemPermissionInstance = new Vue(SystemPermission).$mount();
-    systemPermissionInstance.message = message;
-    console.dir(systemPermissionInstance.$el);
+    systemPermissionInstance = new Vue({
+      i18n,
+      render: h => h(SystemPermission, { attrs: { message } }),
+    }).$mount();
+
     systemPermissionInstance.$nextTick(() => {
       document.body.innerHTML = systemPermissionInstance.$el.outerHTML;
     });
diff --git a/src/frontend/src/i18n/local.js b/src/frontend/src/i18n/local.js
index 55c150c794..3e0e1fd91e 100644
--- a/src/frontend/src/i18n/local.js
+++ b/src/frontend/src/i18n/local.js
@@ -594,4 +594,5 @@ export default {
   取消收藏成功: 'Remove from my-favorite-list successful',
   '复制 IP': 'Copy IP',
   '复制 IPv6': 'Copy IPv6',
+  无该应用的访问权限: 'Do not have access permission for the current application.',
 };
diff --git a/src/frontend/src/utils/request/middleware/response.js b/src/frontend/src/utils/request/middleware/response.js
index 3495c018fb..d5bc1ce183 100644
--- a/src/frontend/src/utils/request/middleware/response.js
+++ b/src/frontend/src/utils/request/middleware/response.js
@@ -100,7 +100,7 @@ export default (interceptors) => {
         // 没权限
       case 403: {
         // 系统访问权限
-        if (error.response.data.code === 1302403) {
+        if (error.response.data.code === 1247403) {
           systemPermission(error.response.data.data);
         } else {
           // 资源访问权限
diff --git a/src/frontend/src/views/system-permission.vue b/src/frontend/src/views/system-permission.vue
index 96e611fc73..440ba1bceb 100644
--- a/src/frontend/src/views/system-permission.vue
+++ b/src/frontend/src/views/system-permission.vue
@@ -1,17 +1,21 @@
 <template>
   <div class="system-permission">
     <bk-exception type="403">
-      <span>无该应用的访问权限</span>
+      <span>{{ $t('无该应用的访问权限') }}</span>
       <div class="text-subtitle">
-        请联系 {{ message }} 开通
+        {{ message }}
       </div>
     </bk-exception>
   </div>
 </template>
 <script setup>
+  import { getCurrentInstance } from 'vue';
+
   defineProps({
     message: String,
   });
+
+  console.log('getCurrentInstance = ', getCurrentInstance());
 </script>
 <style lang="postcss">
 .system-permission{

From 05d460a44bb0c52fff1d57124705cdbab7ab3694 Mon Sep 17 00:00:00 2001
From: hLinx <327159425@qq.com>
Date: Thu, 20 Jul 2023 10:24:31 +0800
Subject: [PATCH 4/9] =?UTF-8?q?feature:=20=E8=93=9D=E9=B2=B8=E7=BB=9F?=
 =?UTF-8?q?=E4=B8=80=E7=99=BB=E5=BD=95=E6=94=B9=E9=80=A0=E2=80=94=E2=80=94?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=99=90=E5=88=B6=E9=9D=9E=E8=85=BE=E8=AE=AF?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=E6=96=B9=E6=A1=88=20#2247?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/frontend/src/views/system-permission.vue | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/frontend/src/views/system-permission.vue b/src/frontend/src/views/system-permission.vue
index 440ba1bceb..81338f7e1e 100644
--- a/src/frontend/src/views/system-permission.vue
+++ b/src/frontend/src/views/system-permission.vue
@@ -9,13 +9,11 @@
   </div>
 </template>
 <script setup>
-  import { getCurrentInstance } from 'vue';
 
   defineProps({
     message: String,
   });
 
-  console.log('getCurrentInstance = ', getCurrentInstance());
 </script>
 <style lang="postcss">
 .system-permission{

From b99d4d4819f68b840f37b79236808ea8c8cf01ef Mon Sep 17 00:00:00 2001
From: jsonwan <jsonwan@tencent.com>
Date: Thu, 20 Jul 2023 07:42:23 +0800
Subject: [PATCH 5/9] =?UTF-8?q?feature:=20=E6=94=AF=E6=8C=81=E8=93=9D?=
 =?UTF-8?q?=E9=B2=B8=E5=BA=94=E7=94=A8=E7=BA=A7=E5=88=AB=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6=E8=B7=B3=E8=BD=AC=20#2238?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

支持国际化
---
 .../job/common/i18n/locale/LocaleUtils.java   |  4 ++
 .../i18n/exception/message_en.properties      |  2 +-
 .../i18n/exception/message_en_US.properties   |  2 +-
 .../bk/job/gateway/config/RouteConfig.java    |  4 +-
 .../job/gateway/config/SdkClientConfig.java   | 30 +++++++--
 .../AddWebLangHeaderGatewayFilterFactory.java |  3 +-
 .../web/AuthorizeGatewayFilterFactory.java    | 23 +++++--
 .../job/gateway/web/service/LoginService.java |  3 +-
 .../web/service/impl/LoginServiceImpl.java    | 64 ++++++++++++++++---
 9 files changed, 110 insertions(+), 25 deletions(-)

diff --git a/src/backend/commons/common-i18n/src/main/java/com/tencent/bk/job/common/i18n/locale/LocaleUtils.java b/src/backend/commons/common-i18n/src/main/java/com/tencent/bk/job/common/i18n/locale/LocaleUtils.java
index 1de0bc1294..9ea4b7ff19 100644
--- a/src/backend/commons/common-i18n/src/main/java/com/tencent/bk/job/common/i18n/locale/LocaleUtils.java
+++ b/src/backend/commons/common-i18n/src/main/java/com/tencent/bk/job/common/i18n/locale/LocaleUtils.java
@@ -38,6 +38,10 @@ public class LocaleUtils {
     public static final String LANG_ZH = "zh";
     public static final String LANG_EN = "en";
     public static final String LANG_EN_US = "en_US";
+    /**
+     * 蓝鲸通用的LANG HEADER
+     */
+    public static final String BLUEKING_LANG_HEADER = "blueking_language";
     /**
      * 定义项目通用的LANG HEADER
      */
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
index 797de2d341..28f4474466 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
@@ -216,7 +216,7 @@
 
 ## Business error - User/Login
 1247001=User does not exist or is not logged in
-1247403=Do not have access permission for the current application
+1247403=No access permission for this application
 
 ## Business error - Backup
 1249001=Fail to get node info from artifactory
diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
index 797de2d341..28f4474466 100644
--- a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
+++ b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
@@ -216,7 +216,7 @@
 
 ## Business error - User/Login
 1247001=User does not exist or is not logged in
-1247403=Do not have access permission for the current application
+1247403=No access permission for this application
 
 ## Business error - Backup
 1249001=Fail to get node info from artifactory
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RouteConfig.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RouteConfig.java
index 88a8d0ee7f..27a6815fe3 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RouteConfig.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/RouteConfig.java
@@ -46,6 +46,7 @@
 
 import java.util.List;
 
+import static com.tencent.bk.job.common.i18n.locale.LocaleUtils.BLUEKING_LANG_HEADER;
 import static org.springframework.web.reactive.function.server.RequestPredicates.GET;
 
 @Slf4j
@@ -95,6 +96,7 @@ Mono<ServerResponse> getUserByBkToken(ServerRequest request) {
 
             String tokenCookieName = loginService.getCookieNameForToken();
             List<String> cookieList = request.headers().header("cookie");
+            String lang = request.headers().firstHeader(BLUEKING_LANG_HEADER);
 
             List<String> bkTokenList = RequestUtil.getCookieValuesFromCookies(cookieList, tokenCookieName);
             if (CollectionUtils.isEmpty(bkTokenList)) {
@@ -107,7 +109,7 @@ Mono<ServerResponse> getUserByBkToken(ServerRequest request) {
             BkUserDTO user = null;
             // 遍历所有传入token找出当前环境的
             for (String bkToken : bkTokenList) {
-                user = loginService.getUser(bkToken);
+                user = loginService.getUser(bkToken, lang);
                 if (user != null) {
                     break;
                 }
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/SdkClientConfig.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/SdkClientConfig.java
index 9533ecc21d..7ddd6b0065 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/SdkClientConfig.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/SdkClientConfig.java
@@ -24,6 +24,7 @@
 
 package com.tencent.bk.job.gateway.config;
 
+import com.tencent.bk.job.common.i18n.locale.LocaleUtils;
 import com.tencent.bk.job.common.paas.login.CustomLoginClient;
 import com.tencent.bk.job.common.paas.login.EELoginClient;
 import com.tencent.bk.job.common.paas.login.ILoginClient;
@@ -44,12 +45,31 @@ public ILoginClient innerLoginClient(@Autowired BkConfig bkConfig) {
         return new CustomLoginClient(bkConfig.getCustomLoginApiUrl());
     }
 
-    @Bean
+    @Bean(name = "enLoginClient")
+    @ConditionalOnProperty(value = "paas.login.custom.enabled", havingValue = "false", matchIfMissing = true)
+    @Primary
+    public ILoginClient enLoginClient(@Autowired BkConfig bkConfig) {
+        log.info("Init standard en login client");
+        return new EELoginClient(
+            bkConfig.getEsbUrl(),
+            bkConfig.getAppCode(),
+            bkConfig.getAppSecret(),
+            LocaleUtils.LANG_EN,
+            bkConfig.isUseEsbTestEnv()
+        );
+    }
+
+    @Bean(name = "cnLoginClient")
     @ConditionalOnProperty(value = "paas.login.custom.enabled", havingValue = "false", matchIfMissing = true)
     @Primary
-    public ILoginClient standardLoginClient(@Autowired BkConfig bkConfig) {
-        log.info("Init standard login client");
-        return new EELoginClient(bkConfig.getEsbUrl(), bkConfig.getAppCode(), bkConfig.getAppSecret(),
-            bkConfig.isUseEsbTestEnv());
+    public ILoginClient cnLoginClient(@Autowired BkConfig bkConfig) {
+        log.info("Init standard cn login client");
+        return new EELoginClient(
+            bkConfig.getEsbUrl(),
+            bkConfig.getAppCode(),
+            bkConfig.getAppSecret(),
+            LocaleUtils.LANG_ZH_CN,
+            bkConfig.isUseEsbTestEnv()
+        );
     }
 }
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AddWebLangHeaderGatewayFilterFactory.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AddWebLangHeaderGatewayFilterFactory.java
index 72b117b61d..4750122a3a 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AddWebLangHeaderGatewayFilterFactory.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AddWebLangHeaderGatewayFilterFactory.java
@@ -35,6 +35,7 @@
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
 
+import static com.tencent.bk.job.common.i18n.locale.LocaleUtils.BLUEKING_LANG_HEADER;
 import static com.tencent.bk.job.common.i18n.locale.LocaleUtils.COMMON_LANG_HEADER;
 
 /**
@@ -54,7 +55,7 @@ public AddWebLangHeaderGatewayFilterFactory() {
     public GatewayFilter apply(Config config) {
         return (exchange, chain) -> {
             ServerHttpRequest request = exchange.getRequest();
-            String webLangCookieValue = RequestUtil.getCookieValue(request, "blueking_language");
+            String webLangCookieValue = RequestUtil.getCookieValue(request, BLUEKING_LANG_HEADER);
             String commonLang = LocaleUtils.LANG_ZH_CN;
             if (!StringUtils.isEmpty(webLangCookieValue)) {
                 if (webLangCookieValue.equalsIgnoreCase(WebLangCookie.EN)) {
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
index d788830aab..e69c48106b 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
@@ -25,6 +25,7 @@
 package com.tencent.bk.job.gateway.filter.web;
 
 import com.tencent.bk.job.common.constant.ErrorCode;
+import com.tencent.bk.job.common.i18n.locale.LocaleUtils;
 import com.tencent.bk.job.common.model.Response;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
 import com.tencent.bk.job.common.paas.exception.AppPermissionDeniedException;
@@ -37,8 +38,10 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
+import org.springframework.context.i18n.LocaleContextHolder;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpResponse;
 import org.springframework.stereotype.Component;
@@ -48,6 +51,8 @@
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 
+import static com.tencent.bk.job.common.i18n.locale.LocaleUtils.BLUEKING_LANG_HEADER;
+
 /**
  * 用户token校验
  */
@@ -81,6 +86,12 @@ private GatewayFilter getLoginFilter() {
             ServerHttpResponse response = exchange.getResponse();
             String tokenCookieName = loginService.getCookieNameForToken();
             List<String> bkTokenList = RequestUtil.getCookieValuesFromHeader(request, tokenCookieName);
+            String lang = RequestUtil.getCookieValue(request, BLUEKING_LANG_HEADER);
+            if (StringUtils.isBlank(lang)) {
+                lang = LocaleUtils.LANG_EN;
+                log.warn("Cannot find blueking_language in cookie, use en");
+            }
+            LocaleContextHolder.setLocale(LocaleUtils.getLocale(lang), true);
             if (CollectionUtils.isEmpty(bkTokenList)) {
                 log.warn("Fail to parse token from headers, please check");
                 String bkToken = RequestUtil.getCookieValue(request, tokenCookieName);
@@ -96,7 +107,7 @@ private GatewayFilter getLoginFilter() {
             }
             BkUserDTO user;
             try {
-                user = getUserByTokenList(bkTokenList);
+                user = getUserByTokenList(bkTokenList, lang);
             } catch (AppPermissionDeniedException e) {
                 return getUserAccessAppForbiddenResp(response, e.getMessage());
             }
@@ -117,16 +128,18 @@ private Mono<Void> getUserAccessAppForbiddenResp(ServerHttpResponse response, St
         Response<?> resp = new Response<>(ErrorCode.USER_ACCESS_APP_FORBIDDEN, data);
         response.setStatusCode(HttpStatus.FORBIDDEN);
         String body = JsonUtils.toJson(resp);
-        DataBuffer dataBuffer = response.bufferFactory().wrap(body.getBytes(StandardCharsets.UTF_8));
-        response.getHeaders().setContentLength(body.length());
+        byte[] bodyBytes = body.getBytes(StandardCharsets.UTF_8);
+        DataBuffer dataBuffer = response.bufferFactory().wrap(bodyBytes);
+        response.getHeaders().setContentLength(bodyBytes.length);
+        response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
         response.writeWith(Mono.just(dataBuffer)).subscribe();
         return response.setComplete();
     }
 
-    private BkUserDTO getUserByTokenList(List<String> bkTokenList) {
+    private BkUserDTO getUserByTokenList(List<String> bkTokenList, String lang) {
         // 遍历所有传入token找出当前环境的
         for (String bkToken : bkTokenList) {
-            BkUserDTO user = loginService.getUser(bkToken);
+            BkUserDTO user = loginService.getUser(bkToken, lang);
             if (user != null) {
                 return user;
             }
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
index 5931d66f90..650c6a9d21 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
@@ -41,9 +41,10 @@ public interface LoginService {
      * 根据token获取用户信息
      *
      * @param bkToken 用户token
+     * @param lang    语言
      * @return 用户信息
      */
-    BkUserDTO getUser(String bkToken);
+    BkUserDTO getUser(String bkToken, String lang);
 
     /**
      * 获取登录跳转url
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
index 9b8bd8ac35..8181fffd49 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
@@ -30,15 +30,19 @@
 import com.google.common.util.concurrent.UncheckedExecutionException;
 import com.tencent.bk.job.common.constant.ErrorCode;
 import com.tencent.bk.job.common.exception.InternalException;
+import com.tencent.bk.job.common.i18n.locale.LocaleUtils;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
 import com.tencent.bk.job.common.paas.login.ILoginClient;
 import com.tencent.bk.job.gateway.config.BkConfig;
 import com.tencent.bk.job.gateway.web.service.LoginService;
+import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;
 
+import java.util.Objects;
 import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
@@ -49,14 +53,22 @@ public class LoginServiceImpl implements LoginService {
     private final BkConfig bkConfig;
     private final String tokenName;
     private final String loginUrl;
-    private final ILoginClient loginClient;
-    private LoadingCache<String, Optional<BkUserDTO>> onlineUserCache = CacheBuilder.newBuilder()
+    private final ILoginClient enLoginClient;
+    private final ILoginClient cnLoginClient;
+    private LoadingCache<BkTokenWithLang, Optional<BkUserDTO>> onlineUserCache = CacheBuilder.newBuilder()
         .maximumSize(200).expireAfterWrite(10, TimeUnit.SECONDS).build(
-            new CacheLoader<String, Optional<BkUserDTO>>() {
+            new CacheLoader<BkTokenWithLang, Optional<BkUserDTO>>() {
                 @Override
-                public Optional<BkUserDTO> load(String bkToken) throws Exception {
+                public Optional<BkUserDTO> load(BkTokenWithLang bkTokenWithLang) throws Exception {
                     try {
-                        BkUserDTO userDto = loginClient.getUserInfoByToken(bkToken);
+                        String lang = bkTokenWithLang.getLang();
+                        String bkToken = bkTokenWithLang.getBkToken();
+                        BkUserDTO userDto;
+                        if (LocaleUtils.LANG_ZH_CN.equals(lang)) {
+                            userDto = cnLoginClient.getUserInfoByToken(bkToken);
+                        } else {
+                            userDto = enLoginClient.getUserInfoByToken(bkToken);
+                        }
                         return Optional.ofNullable(userDto);
                     } catch (Exception e) {
                         return Optional.empty();
@@ -66,13 +78,16 @@ public Optional<BkUserDTO> load(String bkToken) throws Exception {
         );
 
     @Autowired
-    public LoginServiceImpl(BkConfig bkConfig, ILoginClient loginClient) {
+    public LoginServiceImpl(BkConfig bkConfig,
+                            @Qualifier("enLoginClient") ILoginClient enLoginClient,
+                            @Qualifier("cnLoginClient") ILoginClient cnLoginClient) {
         this.bkConfig = bkConfig;
-        this.loginClient = loginClient;
+        this.enLoginClient = enLoginClient;
+        this.cnLoginClient = cnLoginClient;
         this.loginUrl = getLoginUrlProp();
         this.tokenName = bkConfig.isCustomPaasLoginEnabled() ? bkConfig.getCustomLoginToken() : "bk_token";
         log.info("Init login service, customLoginEnabled:{}, loginClient:{}, loginUrl:{}, tokenName:{}",
-            bkConfig.isCustomPaasLoginEnabled(), loginClient.getClass(), loginUrl, tokenName);
+            bkConfig.isCustomPaasLoginEnabled(), enLoginClient.getClass(), loginUrl, tokenName);
     }
 
     private String getLoginUrlProp() {
@@ -96,14 +111,43 @@ public void deleteUser(String bkToken) {
         onlineUserCache.invalidate(bkToken);
     }
 
+    @Getter
+    class BkTokenWithLang {
+        private String bkToken;
+        private String lang;
+
+        BkTokenWithLang(String bkToken, String lang) {
+            this.bkToken = bkToken;
+            this.lang = lang;
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            if (this == o) return true;
+            if (!(o instanceof BkTokenWithLang)) return false;
+            BkTokenWithLang that = (BkTokenWithLang) o;
+            return Objects.equals(bkToken, that.bkToken) &&
+                Objects.equals(lang, that.lang);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(bkToken, lang);
+        }
+    }
 
     @Override
-    public BkUserDTO getUser(String bkToken) {
+    public BkUserDTO getUser(String bkToken, String lang) {
         if (StringUtils.isBlank(bkToken)) {
             return null;
         }
+        if (StringUtils.isBlank(lang)) {
+            log.warn("getUser: lang is null or blank, use default en");
+            lang = LocaleUtils.LANG_EN;
+        }
         try {
-            Optional<BkUserDTO> userDto = onlineUserCache.get(bkToken);
+            BkTokenWithLang bkTokenWithLang = new BkTokenWithLang(bkToken, lang);
+            Optional<BkUserDTO> userDto = onlineUserCache.get(bkTokenWithLang);
             return userDto.orElse(null);
         } catch (ExecutionException | UncheckedExecutionException e) {
             log.warn("Error occur when get user from paas!");

From e24c7dc9b302f7561e8d8805f0019ef26d4597bd Mon Sep 17 00:00:00 2001
From: hLinx <327159425@qq.com>
Date: Thu, 20 Jul 2023 15:05:11 +0800
Subject: [PATCH 6/9] =?UTF-8?q?feature:=20=E8=93=9D=E9=B2=B8=E7=BB=9F?=
 =?UTF-8?q?=E4=B8=80=E7=99=BB=E5=BD=95=E6=94=B9=E9=80=A0=E2=80=94=E2=80=94?=
 =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=99=90=E5=88=B6=E9=9D=9E=E8=85=BE=E8=AE=AF?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=E6=96=B9=E6=A1=88=20#2247?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/frontend/src/common/bkmagic.js                 |  4 ++--
 .../src/utils/request/middleware/response.js       |  2 +-
 src/frontend/src/views/system-permission.vue       | 14 ++++++++++----
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/frontend/src/common/bkmagic.js b/src/frontend/src/common/bkmagic.js
index c07ed472da..d4a7287304 100644
--- a/src/frontend/src/common/bkmagic.js
+++ b/src/frontend/src/common/bkmagic.js
@@ -143,11 +143,11 @@ export const permissionDialog = (authParams = {}, authResult = {}) => {
 };
 
 let systemPermissionInstance;
-export const systemPermission = (message) => {
+export const systemPermission = (message, data) => {
   if (!systemPermissionInstance) {
     systemPermissionInstance = new Vue({
       i18n,
-      render: h => h(SystemPermission, { attrs: { message } }),
+      render: h => h(SystemPermission, { attrs: { message, data } }),
     }).$mount();
 
     systemPermissionInstance.$nextTick(() => {
diff --git a/src/frontend/src/utils/request/middleware/response.js b/src/frontend/src/utils/request/middleware/response.js
index d5bc1ce183..98a0fd55cb 100644
--- a/src/frontend/src/utils/request/middleware/response.js
+++ b/src/frontend/src/utils/request/middleware/response.js
@@ -101,7 +101,7 @@ export default (interceptors) => {
       case 403: {
         // 系统访问权限
         if (error.response.data.code === 1247403) {
-          systemPermission(error.response.data.data);
+          systemPermission(error.response.data.errorMsg, error.response.data.data);
         } else {
           // 资源访问权限
           const requestPayload = error.response.config.payload;
diff --git a/src/frontend/src/views/system-permission.vue b/src/frontend/src/views/system-permission.vue
index 81338f7e1e..e865c815fd 100644
--- a/src/frontend/src/views/system-permission.vue
+++ b/src/frontend/src/views/system-permission.vue
@@ -1,10 +1,12 @@
 <template>
   <div class="system-permission">
     <bk-exception type="403">
-      <span>{{ $t('无该应用的访问权限') }}</span>
-      <div class="text-subtitle">
+      <div style="font-size: 24px; line-height: 32px; color: #63656E;">
         {{ message }}
       </div>
+      <div class="text-subtitle">
+        {{ data }}
+      </div>
     </bk-exception>
   </div>
 </template>
@@ -12,18 +14,22 @@
 
   defineProps({
     message: String,
+    data: String,
   });
 
 </script>
 <style lang="postcss">
 .system-permission{
   display: flex;
+  height: 100vh;
+  padding-top: 150px;
   justify-content: center;
-  padding-top: 200px;
+  background: #fff;
 
   .text-subtitle{
-    margin-top: 14px;
+    margin-top: 16px;
     font-size: 14px;
+    line-height: 22px;
     color: #979ba5;
     text-align: center;
   }

From 12c7b9a91b4833eccce83b10d9f3542b3cc4d5b7 Mon Sep 17 00:00:00 2001
From: jsonwan <jsonwan@tencent.com>
Date: Thu, 20 Jul 2023 17:04:29 +0800
Subject: [PATCH 7/9] =?UTF-8?q?feature:=20=E6=94=AF=E6=8C=81=E8=93=9D?=
 =?UTF-8?q?=E9=B2=B8=E5=BA=94=E7=94=A8=E7=BA=A7=E5=88=AB=E7=9A=84=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6=E8=B7=B3=E8=BD=AC=20#2238?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

解析根异常
---
 .../web/AuthorizeGatewayFilterFactory.java    | 10 +++-
 .../job/gateway/web/service/LoginService.java |  2 +-
 .../web/service/impl/LoginServiceImpl.java    | 53 +++++++++----------
 3 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
index e69c48106b..cdaa72e141 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
@@ -25,6 +25,7 @@
 package com.tencent.bk.job.gateway.filter.web;
 
 import com.tencent.bk.job.common.constant.ErrorCode;
+import com.tencent.bk.job.common.exception.InternalUserManageException;
 import com.tencent.bk.job.common.i18n.locale.LocaleUtils;
 import com.tencent.bk.job.common.model.Response;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
@@ -108,8 +109,13 @@ private GatewayFilter getLoginFilter() {
             BkUserDTO user;
             try {
                 user = getUserByTokenList(bkTokenList, lang);
-            } catch (AppPermissionDeniedException e) {
-                return getUserAccessAppForbiddenResp(response, e.getMessage());
+            } catch (InternalUserManageException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof AppPermissionDeniedException) {
+                    return getUserAccessAppForbiddenResp(response, cause.getMessage());
+                } else {
+                    throw e;
+                }
             }
             if (user == null) {
                 log.warn("Invalid user token");
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
index 650c6a9d21..2fb3329d7d 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/LoginService.java
@@ -33,7 +33,7 @@ public interface LoginService {
     /**
      * 使用户失效
      *
-     * @param bkToken
+     * @param bkToken 用户Token
      */
     void deleteUser(String bkToken);
 
diff --git a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
index 8181fffd49..e0099c3a72 100644
--- a/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
+++ b/src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/web/service/impl/LoginServiceImpl.java
@@ -38,6 +38,7 @@
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;
@@ -55,24 +56,20 @@ public class LoginServiceImpl implements LoginService {
     private final String loginUrl;
     private final ILoginClient enLoginClient;
     private final ILoginClient cnLoginClient;
-    private LoadingCache<BkTokenWithLang, Optional<BkUserDTO>> onlineUserCache = CacheBuilder.newBuilder()
+    private final LoadingCache<BkTokenWithLang, Optional<BkUserDTO>> onlineUserCache = CacheBuilder.newBuilder()
         .maximumSize(200).expireAfterWrite(10, TimeUnit.SECONDS).build(
             new CacheLoader<BkTokenWithLang, Optional<BkUserDTO>>() {
                 @Override
-                public Optional<BkUserDTO> load(BkTokenWithLang bkTokenWithLang) throws Exception {
-                    try {
-                        String lang = bkTokenWithLang.getLang();
-                        String bkToken = bkTokenWithLang.getBkToken();
-                        BkUserDTO userDto;
-                        if (LocaleUtils.LANG_ZH_CN.equals(lang)) {
-                            userDto = cnLoginClient.getUserInfoByToken(bkToken);
-                        } else {
-                            userDto = enLoginClient.getUserInfoByToken(bkToken);
-                        }
-                        return Optional.ofNullable(userDto);
-                    } catch (Exception e) {
-                        return Optional.empty();
+                public Optional<BkUserDTO> load(@NotNull BkTokenWithLang bkTokenWithLang) {
+                    String normalLang = bkTokenWithLang.getNormalLang();
+                    String bkToken = bkTokenWithLang.getBkToken();
+                    BkUserDTO userDto;
+                    if (LocaleUtils.LANG_ZH_CN.equals(normalLang)) {
+                        userDto = cnLoginClient.getUserInfoByToken(bkToken);
+                    } else {
+                        userDto = enLoginClient.getUserInfoByToken(bkToken);
                     }
+                    return Optional.ofNullable(userDto);
                 }
             }
         );
@@ -108,17 +105,18 @@ public void deleteUser(String bkToken) {
         if (StringUtils.isBlank(bkToken)) {
             return;
         }
-        onlineUserCache.invalidate(bkToken);
+        onlineUserCache.invalidate(new BkTokenWithLang(bkToken, LocaleUtils.LANG_EN));
+        onlineUserCache.invalidate(new BkTokenWithLang(bkToken, LocaleUtils.LANG_ZH_CN));
     }
 
     @Getter
-    class BkTokenWithLang {
-        private String bkToken;
-        private String lang;
+    static class BkTokenWithLang {
+        final private String bkToken;
+        final private String normalLang;
 
-        BkTokenWithLang(String bkToken, String lang) {
+        BkTokenWithLang(String bkToken, String normalLang) {
             this.bkToken = bkToken;
-            this.lang = lang;
+            this.normalLang = normalLang;
         }
 
         @Override
@@ -127,26 +125,27 @@ public boolean equals(Object o) {
             if (!(o instanceof BkTokenWithLang)) return false;
             BkTokenWithLang that = (BkTokenWithLang) o;
             return Objects.equals(bkToken, that.bkToken) &&
-                Objects.equals(lang, that.lang);
+                Objects.equals(normalLang, that.normalLang);
         }
 
         @Override
         public int hashCode() {
-            return Objects.hash(bkToken, lang);
+            return Objects.hash(bkToken, normalLang);
         }
     }
 
     @Override
-    public BkUserDTO getUser(String bkToken, String lang) {
+    public BkUserDTO getUser(String bkToken, String bkLang) {
         if (StringUtils.isBlank(bkToken)) {
             return null;
         }
-        if (StringUtils.isBlank(lang)) {
-            log.warn("getUser: lang is null or blank, use default en");
-            lang = LocaleUtils.LANG_EN;
+        if (StringUtils.isBlank(bkLang)) {
+            log.warn("getUser: bkLang is null or blank, use default en");
+            bkLang = LocaleUtils.LANG_EN;
         }
         try {
-            BkTokenWithLang bkTokenWithLang = new BkTokenWithLang(bkToken, lang);
+            String normalLang = LocaleUtils.getNormalLang(bkLang);
+            BkTokenWithLang bkTokenWithLang = new BkTokenWithLang(bkToken, normalLang);
             Optional<BkUserDTO> userDto = onlineUserCache.get(bkTokenWithLang);
             return userDto.orElse(null);
         } catch (ExecutionException | UncheckedExecutionException e) {

From 10fc24e32ef300bc0ff88597e321fb12b89fb820 Mon Sep 17 00:00:00 2001
From: wangyu096 <wangyu096@163.com>
Date: Fri, 21 Jul 2023 10:26:50 +0800
Subject: [PATCH 8/9] =?UTF-8?q?fix:=20=E8=84=9A=E6=9C=AC=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2=EF=BC=8C=E6=89=B9=E9=87=8F=E7=BC=96=E8=BE=91?=
 =?UTF-8?q?=E6=A0=87=E7=AD=BE=E6=8A=A5=E9=94=99=20#2263?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../manage/api/web/impl/WebScriptResourceImpl.java    | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/web/impl/WebScriptResourceImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/web/impl/WebScriptResourceImpl.java
index e297eb605d..a440f7367c 100644
--- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/web/impl/WebScriptResourceImpl.java
+++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/web/impl/WebScriptResourceImpl.java
@@ -1093,6 +1093,11 @@ public Response<?> batchUpdateScriptTags(String username,
             return Response.buildValidateFailResp(validateResult);
         }
 
+        if (CollectionUtils.isEmpty(req.getAddTagIdList()) && CollectionUtils.isEmpty(req.getDeleteTagIdList())) {
+            // do nothing
+            return Response.buildSuccessResp(true);
+        }
+
         boolean isPublicScript = appResourceScope == null;
         List<String> scriptIdList = req.getIdList();
         AuthResult authResult;
@@ -1131,12 +1136,6 @@ private ValidateResult checkScriptTagBatchPatchReq(ScriptTagBatchPatchReq req) {
             log.warn("ScriptTagBatchUpdateReq->idList is empty");
             return ValidateResult.fail(ErrorCode.ILLEGAL_PARAM_WITH_PARAM_NAME, "idList");
         }
-
-        if (CollectionUtils.isEmpty(req.getAddTagIdList()) && CollectionUtils.isEmpty(req.getDeleteTagIdList())) {
-            log.warn("ScriptTagBatchUpdateReq->No script tags changed!");
-            return ValidateResult.fail(ErrorCode.ILLEGAL_PARAM_WITH_PARAM_NAME,
-                "addTagIdList|deleteTagIdList");
-        }
         return ValidateResult.pass();
     }
 

From 5bb12dbbd0f0724bad0593b2b9a17f8827cfc362 Mon Sep 17 00:00:00 2001
From: wangyu096 <wangyu096@163.com>
Date: Sat, 22 Jul 2023 19:03:01 +0800
Subject: [PATCH 9/9] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=20job-manage=20?=
 =?UTF-8?q?=E6=89=B9=E9=87=8F=E8=8E=B7=E5=8F=96=E4=B8=BB=E6=9C=BA=20API=20?=
 =?UTF-8?q?=E6=80=A7=E8=83=BD=20#2272?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../config/JobRedisAutoConfiguration.java     |  4 +-
 .../manage/manager/app/ApplicationCache.java  |  4 +-
 .../manager/cache/DangerousRuleCache.java     |  4 +-
 .../bk/job/manage/manager/host/HostCache.java | 55 +++++++++++++++----
 .../service/host/impl/HostServiceImpl.java    | 14 +++--
 5 files changed, 60 insertions(+), 21 deletions(-)

diff --git a/src/backend/commons/common-redis/src/main/java/com/tencent/bk/job/common/redis/config/JobRedisAutoConfiguration.java b/src/backend/commons/common-redis/src/main/java/com/tencent/bk/job/common/redis/config/JobRedisAutoConfiguration.java
index d7f8af8d05..d989640f12 100644
--- a/src/backend/commons/common-redis/src/main/java/com/tencent/bk/job/common/redis/config/JobRedisAutoConfiguration.java
+++ b/src/backend/commons/common-redis/src/main/java/com/tencent/bk/job/common/redis/config/JobRedisAutoConfiguration.java
@@ -44,8 +44,8 @@ public class JobRedisAutoConfiguration {
 
     @Bean("jsonRedisTemplate")
     @Primary
-    public RedisTemplate<Object, Object> jsonRedisTemplate(RedisConnectionFactory redisConnectionFactory) {
-        RedisTemplate<Object, Object> redisTemplate = new RedisTemplate<>();
+    public RedisTemplate<String, Object> jsonRedisTemplate(RedisConnectionFactory redisConnectionFactory) {
+        RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
         redisTemplate.setConnectionFactory(redisConnectionFactory);
 
         ObjectMapper objectMapper = new ObjectMapper();
diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/app/ApplicationCache.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/app/ApplicationCache.java
index f009868ff8..7bd323f216 100644
--- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/app/ApplicationCache.java
+++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/app/ApplicationCache.java
@@ -57,13 +57,13 @@
 public class ApplicationCache {
 
     private final ApplicationDAO applicationDAO;
-    private final RedisTemplate<Object, Object> redisTemplate;
+    private final RedisTemplate<String, Object> redisTemplate;
     private final String APP_HASH_KEY = "job:manage:apps";
     private final String SCOPE_HASH_KEY = "job:manage:scopes";
 
     @Autowired
     public ApplicationCache(ApplicationDAO applicationDAO,
-                            @Qualifier("jsonRedisTemplate") RedisTemplate<Object, Object> redisTemplate) {
+                            @Qualifier("jsonRedisTemplate") RedisTemplate<String, Object> redisTemplate) {
         this.applicationDAO = applicationDAO;
         this.redisTemplate = redisTemplate;
     }
diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/cache/DangerousRuleCache.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/cache/DangerousRuleCache.java
index 6d2988f87d..3cb857c150 100644
--- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/cache/DangerousRuleCache.java
+++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/cache/DangerousRuleCache.java
@@ -25,12 +25,12 @@ public class DangerousRuleCache {
     public static final String DANGEROUS_RULE_HASH_KEY = "job:manage:dangerousRules";
     private final DSLContext dslContext;
     private final DangerousRuleDAO dangerousRuleDAO;
-    private final RedisTemplate redisTemplate;
+    private final RedisTemplate<String, Object> redisTemplate;
 
     @Autowired
     public DangerousRuleCache(DSLContext dslContext,
                               DangerousRuleDAO dangerousRuleDAO,
-                              @Qualifier("jsonRedisTemplate") RedisTemplate redisTemplate) {
+                              @Qualifier("jsonRedisTemplate") RedisTemplate<String, Object> redisTemplate) {
         this.dslContext = dslContext;
         this.dangerousRuleDAO = dangerousRuleDAO;
         this.redisTemplate = redisTemplate;
diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/host/HostCache.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/host/HostCache.java
index af515bb330..17610f92ac 100644
--- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/host/HostCache.java
+++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/manager/host/HostCache.java
@@ -25,14 +25,17 @@
 package com.tencent.bk.job.manage.manager.host;
 
 import com.tencent.bk.job.common.model.dto.ApplicationHostDTO;
-import com.tencent.bk.job.common.service.AppScopeMappingService;
 import com.tencent.bk.job.manage.model.db.CacheHostDO;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.dao.DataAccessException;
+import org.springframework.data.redis.core.RedisOperations;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SessionCallback;
 import org.springframework.stereotype.Component;
-import org.springframework.util.CollectionUtils;
 
 import java.util.Collection;
 import java.util.Collections;
@@ -49,11 +52,13 @@
 @Component
 public class HostCache {
 
-    private final RedisTemplate redisTemplate;
+    private final RedisTemplate<String, Object> redisTemplate;
+
+    // 1天过期
+    private static final int EXPIRE_DAYS = 1;
 
     @Autowired
-    public HostCache(@Qualifier("jsonRedisTemplate") RedisTemplate<Object, Object> redisTemplate,
-                     AppScopeMappingService appScopeMappingService) {
+    public HostCache(@Qualifier("jsonRedisTemplate") RedisTemplate<String, Object> redisTemplate) {
         this.redisTemplate = redisTemplate;
     }
 
@@ -81,7 +86,12 @@ public List<CacheHostDO> batchGetHostsByHostIds(List<Long> hostIds) {
 
     private List<CacheHostDO> getHostsByKeys(List<String> hostKeys) {
         try {
-            return (List<CacheHostDO>) redisTemplate.opsForValue().multiGet(hostKeys);
+            List<Object> results = redisTemplate.opsForValue().multiGet(hostKeys);
+            if (CollectionUtils.isEmpty(results)) {
+                return Collections.emptyList();
+            }
+            // 通过 Object 间接强制转换 List
+            return (List<CacheHostDO>) (Object) results;
         } catch (Exception e) {
             log.warn("Batch get host in cache exception", e);
             return Collections.emptyList();
@@ -128,8 +138,8 @@ public void addOrUpdateHost(ApplicationHostDTO applicationHostDTO) {
         CacheHostDO cacheHost = CacheHostDO.fromApplicationHostDTO(applicationHostDTO);
         String hostIpKey = buildHostIpKey(applicationHostDTO);
         String hostIdKey = buildHostIdKey(applicationHostDTO);
-        redisTemplate.opsForValue().set(hostIpKey, cacheHost, 1, TimeUnit.DAYS);
-        redisTemplate.opsForValue().set(hostIdKey, cacheHost, 1, TimeUnit.DAYS);
+        redisTemplate.opsForValue().set(hostIpKey, cacheHost, EXPIRE_DAYS, TimeUnit.DAYS);
+        redisTemplate.opsForValue().set(hostIdKey, cacheHost, EXPIRE_DAYS, TimeUnit.DAYS);
     }
 
     /**
@@ -137,8 +147,33 @@ public void addOrUpdateHost(ApplicationHostDTO applicationHostDTO) {
      *
      * @param hosts 主机列表
      */
-    public void addOrUpdateHosts(List<ApplicationHostDTO> hosts) {
-        hosts.forEach(this::addOrUpdateHost);
+    public void batchAddOrUpdateHosts(List<ApplicationHostDTO> hosts) {
+        if (CollectionUtils.isEmpty(hosts)) {
+            return;
+        }
+        if (hosts.size() == 1) {
+            addOrUpdateHost(hosts.get(0));
+            return;
+        }
+
+        long start = System.currentTimeMillis();
+        redisTemplate.executePipelined(new SessionCallback<Object>() {
+            @Override
+            public Object execute(@NotNull RedisOperations operations) throws DataAccessException {
+                hosts.forEach(host -> {
+                    CacheHostDO cacheHost = CacheHostDO.fromApplicationHostDTO(host);
+                    String hostIpKey = buildHostIpKey(host);
+                    String hostIdKey = buildHostIdKey(host);
+                    operations.opsForValue().set(hostIpKey, cacheHost, EXPIRE_DAYS, TimeUnit.DAYS);
+                    operations.opsForValue().set(hostIdKey, cacheHost, EXPIRE_DAYS, TimeUnit.DAYS);
+                });
+                return null;
+            }
+        });
+        long cost = System.currentTimeMillis() - start;
+        if (cost > 1000) {
+            log.info("BatchAddOrUpdateHosts slow, hostSize: {}, cost: {}", hosts.size(), cost);
+        }
     }
 
 
diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/service/host/impl/HostServiceImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/service/host/impl/HostServiceImpl.java
index 7beb4111e3..7dbae97843 100644
--- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/service/host/impl/HostServiceImpl.java
+++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/service/host/impl/HostServiceImpl.java
@@ -312,7 +312,7 @@ public int deleteByBasicHost(List<BasicHostDTO> basicHostList) {
         hostCache.batchDeleteHost(hostList);
         hostList = applicationHostDAO.listHostInfoByHostIds(hostIdList);
         // 未成功从DB删除的主机重新加入缓存
-        hostCache.addOrUpdateHosts(hostList);
+        hostCache.batchAddOrUpdateHosts(hostList);
         return deletedNum;
     }
 
@@ -1642,11 +1642,13 @@ public Pair<List<String>, List<ApplicationHostDTO>> listHostsFromDb(List<String>
                         // DB中缓存的主机可能没有业务信息(依赖的主机事件还没有处理),那么暂时跳过该主机
                         continue;
                     }
-                    hostCache.addOrUpdateHost(appHost);
                     notExistCloudIps.remove(appHost.getCloudIp());
                     appHosts.add(appHost);
                 }
             }
+            if (CollectionUtils.isNotEmpty(appHosts)) {
+                hostCache.batchAddOrUpdateHosts(appHosts);
+            }
 
             long cost = System.currentTimeMillis() - start;
             if (cost > 1000) {
@@ -1669,7 +1671,7 @@ public Pair<List<String>, List<ApplicationHostDTO>> listHostsFromCmdb(List<Strin
                 notExistCloudIps.removeAll(cmdbExistHostIds);
                 log.info("sync new hosts from cmdb, hosts:{}", cmdbExistHosts);
 
-                hostCache.addOrUpdateHosts(cmdbExistHosts);
+                hostCache.batchAddOrUpdateHosts(cmdbExistHosts);
             }
 
             long cost = System.currentTimeMillis() - start;
@@ -1716,12 +1718,14 @@ public Pair<List<Long>, List<ApplicationHostDTO>> listHostsFromDb(List<Long> hos
                         // DB中缓存的主机可能没有业务信息(依赖的主机事件还没有处理),那么暂时跳过该主机
                         continue;
                     }
-                    hostCache.addOrUpdateHost(appHost);
                     notExistHostIds.remove(appHost.getHostId());
                     appHosts.add(appHost);
                 }
             }
 
+            if (CollectionUtils.isNotEmpty(appHosts)) {
+                hostCache.batchAddOrUpdateHosts(appHosts);
+            }
             long cost = System.currentTimeMillis() - start;
             if (cost > 1000) {
                 log.warn("ListHostsFromMySQL slow, hostSize: {}, cost: {}", hostIds.size(), cost);
@@ -1741,7 +1745,7 @@ public Pair<List<Long>, List<ApplicationHostDTO>> listHostsFromCmdb(List<Long> h
                 notExistHostIds.removeAll(cmdbExistHostIds);
                 log.info("sync new hosts from cmdb, hosts:{}", cmdbExistHosts);
 
-                hostCache.addOrUpdateHosts(cmdbExistHosts);
+                hostCache.batchAddOrUpdateHosts(cmdbExistHosts);
             }
 
             long cost = System.currentTimeMillis() - start;