zenghuapei
/
cyywl_server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

去除 LoginUser 的 updateTime、username、password、status 字段,简化

pull/2/head
YunaiV 2022-05-07 01:30:37 +08:00
parent 8737674d74
commit 73bf0b6f4f
10 changed files with 184 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
yudao-dependencies/pom.xml
View File

@ -172,11 +172,6 @@
<version>${revision}</version> <version>${revision}</version>
</dependency> </dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
<dependency> <dependency>
<groupId>com.alibaba</groupId> <groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId> <artifactId>druid-spring-boot-starter</artifactId>

68
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/LoginUser.java
View File

@ -1,14 +1,12 @@
package cn.iocoder.yudao.framework.security.core; package cn.iocoder.yudao.framework.security.core;
import cn.hutool.core.map.MapUtil; import cn.hutool.core.map.MapUtil;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum; import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Data; import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.*; import java.util.HashMap;
import java.util.Map;
/** /**
* *
@ -16,7 +14,7 @@ import java.util.*;
* @author * @author
*/ */
@Data @Data
public class LoginUser implements UserDetails { public class LoginUser {
/** /**
* *
@ -28,23 +26,6 @@ public class LoginUser implements UserDetails {
* {@link UserTypeEnum} * {@link UserTypeEnum}
*/ */
private Integer userType; private Integer userType;
/**
*
*/
private Date updateTime;
/**
*
*/
private String username;
/**
*
*/
private String password;
/**
*
*/
private Integer status;
/** /**
* *
*/ */
@ -59,49 +40,6 @@ public class LoginUser implements UserDetails {
@JsonIgnore @JsonIgnore
private Map<String, Object> context; private Map<String, Object> context;
@Override
@JsonIgnore// 避免序列化
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
@JsonIgnore// 避免序列化
public boolean isEnabled() {
return CommonStatusEnum.ENABLE.getStatus().equals(status);
}
@Override
@JsonIgnore// 避免序列化
public Collection<? extends GrantedAuthority> getAuthorities() {
return new HashSet<>();
}
@Override
@JsonIgnore// 避免序列化
public boolean isAccountNonExpired() {
return true; // 返回 true不依赖 Spring Security 判断
}
@Override
@JsonIgnore// 避免序列化
public boolean isAccountNonLocked() {
return true; // 返回 true不依赖 Spring Security 判断
}
@Override
@JsonIgnore// 避免序列化
public boolean isCredentialsNonExpired() {
return true; // 返回 true不依赖 Spring Security 判断
}
// ========== 上下文 ==========
public void setContext(String key, Object value) { public void setContext(String key, Object value) {
if (context == null) { if (context == null) {
context = new HashMap<>(); context = new HashMap<>();

78
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/authentication/SpringSecurityUser.java Normal file
View File

@ -0,0 +1,78 @@
package cn.iocoder.yudao.framework.security.core.authentication;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import lombok.AllArgsConstructor;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.Collections;
/**
*
*
* @author
*/
@Data
@AllArgsConstructor
public class SpringSecurityUser implements UserDetails {
/**
*
*/
private Long id;
/**
*
*/
private String username;
/**
*
*/
private String password;
/**
*
*/
private Integer status;
/**
*
*/
private Long tenantId;
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isEnabled() {
return CommonStatusEnum.ENABLE.getStatus().equals(status);
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.emptyList();
}
@Override
public boolean isAccountNonExpired() {
return true; // 返回 true不依赖 Spring Security 判断
}
@Override
public boolean isAccountNonLocked() {
return true; // 返回 true不依赖 Spring Security 判断
}
@Override
public boolean isCredentialsNonExpired() {
return true; // 返回 true不依赖 Spring Security 判断
}
}

3
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java
View File

@ -11,6 +11,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.util.Collections;
/** /**
* *
@ -98,7 +99,7 @@ public class SecurityFrameworkUtils {
private static Authentication buildAuthentication(LoginUser loginUser, HttpServletRequest request) { private static Authentication buildAuthentication(LoginUser loginUser, HttpServletRequest request) {
// 创建 UsernamePasswordAuthenticationToken 对象 // 创建 UsernamePasswordAuthenticationToken 对象
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
loginUser, null, loginUser.getAuthorities()); loginUser, null, Collections.emptyList());
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
return authenticationToken; return authenticationToken;
} }

13
yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/convert/auth/AuthConvert.java
View File

@ -1,7 +1,7 @@
package cn.iocoder.yudao.module.member.convert.auth; package cn.iocoder.yudao.module.member.convert.auth;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.authentication.SpringSecurityUser;
import cn.iocoder.yudao.module.member.controller.app.auth.vo.*; import cn.iocoder.yudao.module.member.controller.app.auth.vo.*;
import cn.iocoder.yudao.module.member.controller.app.social.vo.AppSocialUserUnbindReqVO; import cn.iocoder.yudao.module.member.controller.app.social.vo.AppSocialUserUnbindReqVO;
import cn.iocoder.yudao.module.member.dal.dataobject.user.MemberUserDO; import cn.iocoder.yudao.module.member.dal.dataobject.user.MemberUserDO;
@ -19,13 +19,12 @@ public interface AuthConvert {
AuthConvert INSTANCE = Mappers.getMapper(AuthConvert.class); AuthConvert INSTANCE = Mappers.getMapper(AuthConvert.class);
@Mapping(source = "mobile", target = "username") LoginUser convert(MemberUserDO bean);
LoginUser convert0(MemberUserDO bean);
default LoginUser convert(MemberUserDO bean) { @Mapping(source = "mobile", target = "username")
// 目的,为了设置 UserTypeEnum.MEMBER.getValue() SpringSecurityUser convert2(MemberUserDO user);
return convert0(bean).setUserType(UserTypeEnum.MEMBER.getValue());
} LoginUser convert(SpringSecurityUser bean);
SocialUserBindReqDTO convert(Long userId, Integer userType, AppAuthSocialBindLoginReqVO reqVO); SocialUserBindReqDTO convert(Long userId, Integer userType, AppAuthSocialBindLoginReqVO reqVO);
SocialUserBindReqDTO convert(Long userId, Integer userType, AppAuthSocialQuickLoginReqVO reqVO); SocialUserBindReqDTO convert(Long userId, Integer userType, AppAuthSocialQuickLoginReqVO reqVO);

91
yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/service/auth/MemberAuthServiceImpl.java
View File

@ -1,7 +1,6 @@
package cn.iocoder.yudao.module.member.service.auth; package cn.iocoder.yudao.module.member.service.auth;
import cn.hutool.core.lang.Assert; import cn.hutool.core.lang.Assert;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum; import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils; import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
@ -78,7 +77,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
throw new UsernameNotFoundException(mobile); throw new UsernameNotFoundException(mobile);
} }
// 创建 LoginUser 对象 // 创建 LoginUser 对象
return AuthConvert.INSTANCE.convert(user); return AuthConvert.INSTANCE.convert2(user);
} }
@Override @Override
@ -87,7 +86,8 @@ public class MemberAuthServiceImpl implements MemberAuthService {
LoginUser loginUser = login0(reqVO.getMobile(), reqVO.getPassword()); LoginUser loginUser = login0(reqVO.getMobile(), reqVO.getPassword());
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, reqVO.getMobile(),
LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent);
} }
@Override @Override
@ -101,10 +101,11 @@ public class MemberAuthServiceImpl implements MemberAuthService {
Assert.notNull(user, "获取用户失败,结果为空"); Assert.notNull(user, "获取用户失败,结果为空");
// 执行登陆 // 执行登陆
LoginUser loginUser = AuthConvert.INSTANCE.convert(user); LoginUser loginUser = buildLoginUser(user);
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SMS, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, reqVO.getMobile(),
LoginLogTypeEnum.LOGIN_SMS, userIp, userAgent);
} }
@Override @Override
@ -123,10 +124,11 @@ public class MemberAuthServiceImpl implements MemberAuthService {
} }
// 创建 LoginUser 对象 // 创建 LoginUser 对象
LoginUser loginUser = AuthConvert.INSTANCE.convert(user); LoginUser loginUser = buildLoginUser(user);
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, null,
LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
} }
@Override @Override
@ -142,9 +144,10 @@ public class MemberAuthServiceImpl implements MemberAuthService {
return token; return token;
} }
private String createUserSessionAfterLoginSuccess(LoginUser loginUser, LoginLogTypeEnum logType, String userIp, String userAgent) { private String createUserSessionAfterLoginSuccess(LoginUser loginUser, String mobile,
LoginLogTypeEnum logType, String userIp, String userAgent) {
// 插入登陆日志 // 插入登陆日志
createLoginLog(loginUser.getUsername(), logType, LoginResultEnum.SUCCESS); createLoginLog(loginUser.getId(), mobile, logType, LoginResultEnum.SUCCESS);
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return userSessionApi.createUserSession(loginUser, userIp, userAgent); return userSessionApi.createUserSession(loginUser, userIp, userAgent);
} }
@ -164,29 +167,32 @@ public class MemberAuthServiceImpl implements MemberAuthService {
authentication = authenticationManager.authenticate(new MultiUsernamePasswordAuthenticationToken( authentication = authenticationManager.authenticate(new MultiUsernamePasswordAuthenticationToken(
username, password, getUserType())); username, password, getUserType()));
} catch (BadCredentialsException badCredentialsException) { } catch (BadCredentialsException badCredentialsException) {
this.createLoginLog(username, logType, LoginResultEnum.BAD_CREDENTIALS); this.createLoginLog(null, username, logType, LoginResultEnum.BAD_CREDENTIALS);
throw exception(AUTH_LOGIN_BAD_CREDENTIALS); throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
} catch (DisabledException disabledException) { } catch (DisabledException disabledException) {
this.createLoginLog(username, logType, LoginResultEnum.USER_DISABLED); this.createLoginLog(null, username, logType, LoginResultEnum.USER_DISABLED);
throw exception(AUTH_LOGIN_USER_DISABLED); throw exception(AUTH_LOGIN_USER_DISABLED);
} catch (AuthenticationException authenticationException) { } catch (AuthenticationException authenticationException) {
log.error("[login0][username({}) 发生未知异常]", username, authenticationException); log.error("[login0][username({}) 发生未知异常]", username, authenticationException);
this.createLoginLog(username, logType, LoginResultEnum.UNKNOWN_ERROR); this.createLoginLog(null, username, logType, LoginResultEnum.UNKNOWN_ERROR);
throw exception(AUTH_LOGIN_FAIL_UNKNOWN); throw exception(AUTH_LOGIN_FAIL_UNKNOWN);
} }
Assert.notNull(authentication.getPrincipal(), "Principal 不会为空"); Assert.notNull(authentication.getPrincipal(), "Principal 不会为空");
return (LoginUser) authentication.getPrincipal(); return (LoginUser) authentication.getPrincipal();
} }
private void createLoginLog(String mobile, LoginLogTypeEnum logType, LoginResultEnum loginResult) { private void createLoginLog(Long userId, String mobile, LoginLogTypeEnum logType, LoginResultEnum loginResult) {
// 获得用户 // 获得用户
MemberUserDO user = userService.getUserByMobile(mobile); if (userId == null) {
MemberUserDO user = userService.getUserByMobile(mobile);
userId = user != null ? user.getId() : null;
}
// 插入登录日志 // 插入登录日志
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO(); LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
reqDTO.setLogType(logType.getType()); reqDTO.setLogType(logType.getType());
reqDTO.setTraceId(TracerUtils.getTraceId()); reqDTO.setTraceId(TracerUtils.getTraceId());
if (user != null) { if (userId != null) {
reqDTO.setUserId(user.getId()); reqDTO.setUserId(userId);
} }
reqDTO.setUserType(getUserType().getValue()); reqDTO.setUserType(getUserType().getValue());
reqDTO.setUsername(mobile); reqDTO.setUsername(mobile);
@ -195,39 +201,14 @@ public class MemberAuthServiceImpl implements MemberAuthService {
reqDTO.setResult(loginResult.getResult()); reqDTO.setResult(loginResult.getResult());
loginLogApi.createLoginLog(reqDTO); loginLogApi.createLoginLog(reqDTO);
// 更新最后登录时间 // 更新最后登录时间
if (user != null && Objects.equals(LoginResultEnum.SUCCESS.getResult(), loginResult.getResult())) { if (userId != null && Objects.equals(LoginResultEnum.SUCCESS.getResult(), loginResult.getResult())) {
userService.updateUserLogin(user.getId(), getClientIP()); userService.updateUserLogin(userId, getClientIP());
} }
} }
@Override @Override
public LoginUser verifyTokenAndRefresh(String token) { public LoginUser verifyTokenAndRefresh(String token) {
// 获得 LoginUser return userSessionApi.getLoginUser(token);
LoginUser loginUser = userSessionApi.getLoginUser(token);
if (loginUser == null) {
return null;
}
// 刷新 LoginUser 缓存
this.refreshLoginUserCache(token, loginUser);
return loginUser;
}
private void refreshLoginUserCache(String token, LoginUser loginUser) {
// 每 1/3 的 Session 超时时间,刷新 LoginUser 缓存
if (System.currentTimeMillis() - loginUser.getUpdateTime().getTime() <
userSessionApi.getSessionTimeoutMillis() / 3) {
return;
}
// 重新加载 UserDO 信息
MemberUserDO user = userService.getUser(loginUser.getId());
if (user == null || CommonStatusEnum.DISABLE.getStatus().equals(user.getStatus())) {
// 校验 token 时,用户被禁用的情况下,也认为 token 过期,方便前端跳转到登录界面
throw exception(AUTH_TOKEN_EXPIRED);
}
// 刷新 LoginUser 缓存
userSessionApi.refreshUserSession(token, loginUser);
} }
@Override @Override
@ -239,10 +220,10 @@ public class MemberAuthServiceImpl implements MemberAuthService {
} }
// 执行登陆 // 执行登陆
this.createLoginLog(user.getMobile(), LoginLogTypeEnum.LOGIN_MOCK, LoginResultEnum.SUCCESS); createLoginLog(userId, user.getMobile(), LoginLogTypeEnum.LOGIN_MOCK, LoginResultEnum.SUCCESS);
// 创建 LoginUser 对象 // 创建 LoginUser 对象
return AuthConvert.INSTANCE.convert(user); return buildLoginUser(user);
} }
@Override @Override
@ -255,7 +236,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
// 删除 session // 删除 session
userSessionApi.deleteUserSession(token); userSessionApi.deleteUserSession(token);
// 记录登出日志 // 记录登出日志
this.createLogoutLog(loginUser.getId(), loginUser.getUsername()); createLogoutLog(loginUser.getId());
} }
@Override @Override
@ -321,17 +302,29 @@ public class MemberAuthServiceImpl implements MemberAuthService {
return user; return user;
} }
private void createLogoutLog(Long userId, String username) { private void createLogoutLog(Long userId) {
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO(); LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
reqDTO.setLogType(LoginLogTypeEnum.LOGOUT_SELF.getType()); reqDTO.setLogType(LoginLogTypeEnum.LOGOUT_SELF.getType());
reqDTO.setTraceId(TracerUtils.getTraceId()); reqDTO.setTraceId(TracerUtils.getTraceId());
reqDTO.setUserId(userId); reqDTO.setUserId(userId);
reqDTO.setUserType(getUserType().getValue()); reqDTO.setUserType(getUserType().getValue());
reqDTO.setUsername(username); reqDTO.setUsername(getMobile(userId));
reqDTO.setUserAgent(ServletUtils.getUserAgent()); reqDTO.setUserAgent(ServletUtils.getUserAgent());
reqDTO.setUserIp(getClientIP()); reqDTO.setUserIp(getClientIP());
reqDTO.setResult(LoginResultEnum.SUCCESS.getResult()); reqDTO.setResult(LoginResultEnum.SUCCESS.getResult());
loginLogApi.createLoginLog(reqDTO); loginLogApi.createLoginLog(reqDTO);
} }
private LoginUser buildLoginUser(MemberUserDO user) {
return AuthConvert.INSTANCE.convert(user).setUserType(getUserType().getValue());
}
private String getMobile(Long userId) {
if (userId == null) {
return null;
}
MemberUserDO user = userService.getUser(userId);
return user != null ? user.getMobile() : null;
}
} }

15
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/AuthConvert.java
View File

@ -1,20 +1,17 @@
package cn.iocoder.yudao.module.system.convert.auth; package cn.iocoder.yudao.module.system.convert.auth;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils; import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeSendReqDTO; import cn.iocoder.yudao.framework.security.core.authentication.SpringSecurityUser;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeSendReqDTO; import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeSendReqDTO;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeUseReqDTO; import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeUseReqDTO;
import cn.iocoder.yudao.module.system.api.social.dto.SocialUserBindReqDTO; import cn.iocoder.yudao.module.system.api.social.dto.SocialUserBindReqDTO;
import cn.iocoder.yudao.module.system.api.social.dto.SocialUserUnbindReqDTO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*; import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*;
import cn.iocoder.yudao.module.system.dal.dataobject.permission.MenuDO; import cn.iocoder.yudao.module.system.dal.dataobject.permission.MenuDO;
import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO; import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO; import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
import cn.iocoder.yudao.module.system.enums.permission.MenuIdEnum; import cn.iocoder.yudao.module.system.enums.permission.MenuIdEnum;
import org.mapstruct.Mapper; import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
import org.mapstruct.factory.Mappers; import org.mapstruct.factory.Mappers;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -25,13 +22,11 @@ public interface AuthConvert {
AuthConvert INSTANCE = Mappers.getMapper(AuthConvert.class); AuthConvert INSTANCE = Mappers.getMapper(AuthConvert.class);
@Mapping(source = "updateTime", target = "updateTime", ignore = true) // 字段相同,但是含义不同,忽略 LoginUser convert(AdminUserDO bean);
LoginUser convert0(AdminUserDO bean);
default LoginUser convert(AdminUserDO bean) { SpringSecurityUser convert2(AdminUserDO user);
// 目的,为了设置 UserTypeEnum.ADMIN.getValue()
return convert0(bean).setUserType(UserTypeEnum.ADMIN.getValue()); LoginUser convert(SpringSecurityUser bean);
}
default AuthPermissionInfoRespVO convert(AdminUserDO user, List<RoleDO> roleList, List<MenuDO> menuList) { default AuthPermissionInfoRespVO convert(AdminUserDO user, List<RoleDO> roleList, List<MenuDO> menuList) {
return AuthPermissionInfoRespVO.builder() return AuthPermissionInfoRespVO.builder()

96
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java
View File

@ -1,12 +1,12 @@
package cn.iocoder.yudao.module.system.service.auth; package cn.iocoder.yudao.module.system.service.auth;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum; import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils; import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
import cn.iocoder.yudao.framework.common.util.validation.ValidationUtils; import cn.iocoder.yudao.framework.common.util.validation.ValidationUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.authentication.MultiUsernamePasswordAuthenticationToken; import cn.iocoder.yudao.framework.security.core.authentication.MultiUsernamePasswordAuthenticationToken;
import cn.iocoder.yudao.framework.security.core.authentication.SpringSecurityUser;
import cn.iocoder.yudao.module.system.api.logger.dto.LoginLogCreateReqDTO; import cn.iocoder.yudao.module.system.api.logger.dto.LoginLogCreateReqDTO;
import cn.iocoder.yudao.module.system.api.sms.SmsCodeApi; import cn.iocoder.yudao.module.system.api.sms.SmsCodeApi;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*; import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*;
@ -79,7 +79,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
throw new UsernameNotFoundException(username); throw new UsernameNotFoundException(username);
} }
// 创建 LoginUser 对象 // 创建 LoginUser 对象
return buildLoginUser(user); return AuthConvert.INSTANCE.convert2(user);
} }
@Override @Override
@ -89,7 +89,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
if (user == null) { if (user == null) {
throw new UsernameNotFoundException(String.valueOf(userId)); throw new UsernameNotFoundException(String.valueOf(userId));
} }
createLoginLog(user.getUsername(), LoginLogTypeEnum.LOGIN_MOCK, LoginResultEnum.SUCCESS); createLoginLog(userId, user.getUsername(), LoginLogTypeEnum.LOGIN_MOCK, LoginResultEnum.SUCCESS);
// 创建 LoginUser 对象 // 创建 LoginUser 对象
return buildLoginUser(user); return buildLoginUser(user);
@ -104,7 +104,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
LoginUser loginUser = login0(reqVO.getUsername(), reqVO.getPassword()); LoginUser loginUser = login0(reqVO.getUsername(), reqVO.getPassword());
// 缓存登陆用户到 Redis 中,返回 Token 令牌 // 缓存登陆用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, reqVO.getUsername(),
LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent);
} }
@Override @Override
@ -132,7 +133,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
LoginUser loginUser = buildLoginUser(user); LoginUser loginUser = buildLoginUser(user);
// 缓存登陆用户到 Redis 中,返回 sessionId 编号 // 缓存登陆用户到 Redis 中,返回 sessionId 编号
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_MOBILE, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, reqVO.getMobile(),
LoginLogTypeEnum.LOGIN_MOBILE, userIp, userAgent);
} }
private void verifyCaptcha(AuthLoginReqVO reqVO) { private void verifyCaptcha(AuthLoginReqVO reqVO) {
@ -147,13 +149,13 @@ public class AdminAuthServiceImpl implements AdminAuthService {
String code = captchaService.getCaptchaCode(reqVO.getUuid()); String code = captchaService.getCaptchaCode(reqVO.getUuid());
if (code == null) { if (code == null) {
// 创建登录失败日志(验证码不存在) // 创建登录失败日志(验证码不存在)
this.createLoginLog(reqVO.getUsername(), logTypeEnum, LoginResultEnum.CAPTCHA_NOT_FOUND); createLoginLog(null, reqVO.getUsername(), logTypeEnum, LoginResultEnum.CAPTCHA_NOT_FOUND);
throw exception(AUTH_LOGIN_CAPTCHA_NOT_FOUND); throw exception(AUTH_LOGIN_CAPTCHA_NOT_FOUND);
} }
// 验证码不正确 // 验证码不正确
if (!code.equals(reqVO.getCode())) { if (!code.equals(reqVO.getCode())) {
// 创建登录失败日志(验证码不正确) // 创建登录失败日志(验证码不正确)
this.createLoginLog(reqVO.getUsername(), logTypeEnum, LoginResultEnum.CAPTCHA_CODE_ERROR); createLoginLog(null, reqVO.getUsername(), logTypeEnum, LoginResultEnum.CAPTCHA_CODE_ERROR);
throw exception(AUTH_LOGIN_CAPTCHA_CODE_ERROR); throw exception(AUTH_LOGIN_CAPTCHA_CODE_ERROR);
} }
// 正确,所以要删除下验证码 // 正确,所以要删除下验证码
@ -170,29 +172,35 @@ public class AdminAuthServiceImpl implements AdminAuthService {
authentication = authenticationManager.authenticate(new MultiUsernamePasswordAuthenticationToken( authentication = authenticationManager.authenticate(new MultiUsernamePasswordAuthenticationToken(
username, password, getUserType())); username, password, getUserType()));
} catch (BadCredentialsException badCredentialsException) { } catch (BadCredentialsException badCredentialsException) {
this.createLoginLog(username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS); createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
throw exception(AUTH_LOGIN_BAD_CREDENTIALS); throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
} catch (DisabledException disabledException) { } catch (DisabledException disabledException) {
this.createLoginLog(username, logTypeEnum, LoginResultEnum.USER_DISABLED); createLoginLog(null, username, logTypeEnum, LoginResultEnum.USER_DISABLED);
throw exception(AUTH_LOGIN_USER_DISABLED); throw exception(AUTH_LOGIN_USER_DISABLED);
} catch (AuthenticationException authenticationException) { } catch (AuthenticationException authenticationException) {
log.error("[login0][username({}) 发生未知异常]", username, authenticationException); log.error("[login0][username({}) 发生未知异常]", username, authenticationException);
this.createLoginLog(username, logTypeEnum, LoginResultEnum.UNKNOWN_ERROR); createLoginLog(null, username, logTypeEnum, LoginResultEnum.UNKNOWN_ERROR);
throw exception(AUTH_LOGIN_FAIL_UNKNOWN); throw exception(AUTH_LOGIN_FAIL_UNKNOWN);
} }
Assert.notNull(authentication.getPrincipal(), "Principal 不会为空"); Assert.notNull(authentication.getPrincipal(), "Principal 不会为空");
return (LoginUser) authentication.getPrincipal(); // 构建 User 对象
return AuthConvert.INSTANCE.convert((SpringSecurityUser) authentication.getPrincipal())
.setUserType(getUserType().getValue());
} }
private void createLoginLog(String username, LoginLogTypeEnum logTypeEnum, LoginResultEnum loginResult) { private void createLoginLog(Long userId, String username,
LoginLogTypeEnum logTypeEnum, LoginResultEnum loginResult) {
// 获得用户 // 获得用户
AdminUserDO user = userService.getUserByUsername(username); if (userId == null) {
AdminUserDO user = userService.getUserByUsername(username);
userId = user != null ? user.getId() : null;
}
// 插入登录日志 // 插入登录日志
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO(); LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
reqDTO.setLogType(logTypeEnum.getType()); reqDTO.setLogType(logTypeEnum.getType());
reqDTO.setTraceId(TracerUtils.getTraceId()); reqDTO.setTraceId(TracerUtils.getTraceId());
if (user != null) { if (userId != null) {
reqDTO.setUserId(user.getId()); reqDTO.setUserId(userId);
} }
reqDTO.setUserType(getUserType().getValue()); reqDTO.setUserType(getUserType().getValue());
reqDTO.setUsername(username); reqDTO.setUsername(username);
@ -201,8 +209,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
reqDTO.setResult(loginResult.getResult()); reqDTO.setResult(loginResult.getResult());
loginLogService.createLoginLog(reqDTO); loginLogService.createLoginLog(reqDTO);
// 更新最后登录时间 // 更新最后登录时间
if (user != null && Objects.equals(LoginResultEnum.SUCCESS.getResult(), loginResult.getResult())) { if (userId != null && Objects.equals(LoginResultEnum.SUCCESS.getResult(), loginResult.getResult())) {
userService.updateUserLogin(user.getId(), ServletUtils.getClientIP()); userService.updateUserLogin(userId, ServletUtils.getClientIP());
} }
} }
@ -225,7 +233,8 @@ public class AdminAuthServiceImpl implements AdminAuthService {
LoginUser loginUser = buildLoginUser(user); LoginUser loginUser = buildLoginUser(user);
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, null,
LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
} }
@Override @Override
@ -237,12 +246,14 @@ public class AdminAuthServiceImpl implements AdminAuthService {
socialUserService.bindSocialUser(AuthConvert.INSTANCE.convert(loginUser.getId(), getUserType().getValue(), reqVO)); socialUserService.bindSocialUser(AuthConvert.INSTANCE.convert(loginUser.getId(), getUserType().getValue(), reqVO));
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent); return createUserSessionAfterLoginSuccess(loginUser, reqVO.getUsername(),
LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
} }
private String createUserSessionAfterLoginSuccess(LoginUser loginUser, LoginLogTypeEnum logType, String userIp, String userAgent) { private String createUserSessionAfterLoginSuccess(LoginUser loginUser, String username,
LoginLogTypeEnum logType, String userIp, String userAgent) {
// 插入登陆日志 // 插入登陆日志
createLoginLog(loginUser.getUsername(), logType, LoginResultEnum.SUCCESS); createLoginLog(loginUser.getId(), username, logType, LoginResultEnum.SUCCESS);
// 缓存登录用户到 Redis 中,返回 Token 令牌 // 缓存登录用户到 Redis 中,返回 Token 令牌
return userSessionService.createUserSession(loginUser, userIp, userAgent); return userSessionService.createUserSession(loginUser, userIp, userAgent);
} }
@ -257,7 +268,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
// 删除 session // 删除 session
userSessionService.deleteUserSession(token); userSessionService.deleteUserSession(token);
// 记录登出日志 // 记录登出日志
createLogoutLog(loginUser.getId(), loginUser.getUsername()); createLogoutLog(loginUser.getId());
} }
@Override @Override
@ -265,13 +276,13 @@ public class AdminAuthServiceImpl implements AdminAuthService {
return UserTypeEnum.ADMIN; return UserTypeEnum.ADMIN;
} }
private void createLogoutLog(Long userId, String username) { private void createLogoutLog(Long userId) {
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO(); LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
reqDTO.setLogType(LoginLogTypeEnum.LOGOUT_SELF.getType()); reqDTO.setLogType(LoginLogTypeEnum.LOGOUT_SELF.getType());
reqDTO.setTraceId(TracerUtils.getTraceId()); reqDTO.setTraceId(TracerUtils.getTraceId());
reqDTO.setUserId(userId); reqDTO.setUserId(userId);
reqDTO.setUsername(getUsername(userId));
reqDTO.setUserType(getUserType().getValue()); reqDTO.setUserType(getUserType().getValue());
reqDTO.setUsername(username);
reqDTO.setUserAgent(ServletUtils.getUserAgent()); reqDTO.setUserAgent(ServletUtils.getUserAgent());
reqDTO.setUserIp(ServletUtils.getClientIP()); reqDTO.setUserIp(ServletUtils.getClientIP());
reqDTO.setResult(LoginResultEnum.SUCCESS.getResult()); reqDTO.setResult(LoginResultEnum.SUCCESS.getResult());
@ -280,36 +291,19 @@ public class AdminAuthServiceImpl implements AdminAuthService {
@Override @Override
public LoginUser verifyTokenAndRefresh(String token) { public LoginUser verifyTokenAndRefresh(String token) {
// 获得 LoginUser return userSessionService.getLoginUser(token);
LoginUser loginUser = userSessionService.getLoginUser(token);
if (loginUser == null) {
return null;
}
// 刷新 LoginUser 缓存
return this.refreshLoginUserCache(token, loginUser);
}
private LoginUser refreshLoginUserCache(String token, LoginUser loginUser) {
// 每 1/3 的 Session 超时时间,刷新 LoginUser 缓存
if (System.currentTimeMillis() - loginUser.getUpdateTime().getTime() <
userSessionService.getSessionTimeoutMillis() / 3) {
return loginUser;
}
// 重新加载 AdminUserDO 信息
AdminUserDO user = userService.getUser(loginUser.getId());
if (user == null || CommonStatusEnum.DISABLE.getStatus().equals(user.getStatus())) {
throw exception(AUTH_TOKEN_EXPIRED); // 校验 token 时,用户被禁用的情况下,也认为 token 过期,方便前端跳转到登录界面
}
// 刷新 LoginUser 缓存
LoginUser newLoginUser= buildLoginUser(user);
userSessionService.refreshUserSession(token, newLoginUser);
return newLoginUser;
} }
private LoginUser buildLoginUser(AdminUserDO user) { private LoginUser buildLoginUser(AdminUserDO user) {
return AuthConvert.INSTANCE.convert(user); return AuthConvert.INSTANCE.convert(user).setUserType(getUserType().getValue());
}
private String getUsername(Long userId) {
if (userId == null) {
return null;
}
AdminUserDO user = userService.getUser(userId);
return user != null ? user.getUsername() : null;
} }
} }

14
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/UserSessionServiceImpl.java
View File

@ -23,7 +23,6 @@ import org.springframework.stereotype.Service;
import javax.annotation.Resource; import javax.annotation.Resource;
import java.time.Duration; import java.time.Duration;
import java.util.Collection; import java.util.Collection;
import java.util.Date;
import java.util.List; import java.util.List;
import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertSet; import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertSet;
@ -106,12 +105,11 @@ public class UserSessionServiceImpl implements UserSessionService {
// 生成 Session 编号 // 生成 Session 编号
String token = generateToken(); String token = generateToken();
// 写入 Redis 缓存 // 写入 Redis 缓存
loginUser.setUpdateTime(new Date());
loginUserRedisDAO.set(token, loginUser); loginUserRedisDAO.set(token, loginUser);
// 写入 DB 中 // 写入 DB 中
UserSessionDO userSession = UserSessionDO.builder().token(token) UserSessionDO userSession = UserSessionDO.builder().token(token)
.userId(loginUser.getId()).userType(loginUser.getUserType()) .userId(loginUser.getId()).userType(loginUser.getUserType())
.userIp(userIp).userAgent(userAgent).username(loginUser.getUsername()) .userIp(userIp).userAgent(userAgent).username("")
.sessionTimeout(addTime(Duration.ofMillis(getSessionTimeoutMillis()))) .sessionTimeout(addTime(Duration.ofMillis(getSessionTimeoutMillis())))
.build(); .build();
userSessionMapper.insert(userSession); userSessionMapper.insert(userSession);
@ -121,15 +119,7 @@ public class UserSessionServiceImpl implements UserSessionService {
@Override @Override
public void refreshUserSession(String token, LoginUser loginUser) { public void refreshUserSession(String token, LoginUser loginUser) {
// 写入 Redis 缓存
loginUser.setUpdateTime(new Date());
loginUserRedisDAO.set(token, loginUser);
// 更新 DB 中
UserSessionDO updateObj = UserSessionDO.builder().build();
updateObj.setUsername(loginUser.getUsername());
updateObj.setUpdateTime(new Date());
updateObj.setSessionTimeout(addTime(Duration.ofMillis(getSessionTimeoutMillis())));
userSessionMapper.updateByToken(token, updateObj);
} }
@Override @Override

2
yudao-module-system/yudao-module-system-biz/src/test/java/cn/iocoder/yudao/module/system/service/auth/UserSessionServiceImplTest.java
View File

@ -201,7 +201,7 @@ public class UserSessionServiceImplTest extends BaseDbAndRedisUnitTest {
assertPojoEquals(redisLoginUser, loginUser, "username", "password"); assertPojoEquals(redisLoginUser, loginUser, "username", "password");
// 校验 UserSessionDO 记录 // 校验 UserSessionDO 记录
UserSessionDO updateDO = userSessionMapper.selectOne(UserSessionDO::getToken, token); UserSessionDO updateDO = userSessionMapper.selectOne(UserSessionDO::getToken, token);
assertEquals(updateDO.getUsername(), loginUser.getUsername()); // assertEquals(updateDO.getUsername(), loginUser.getUsername());
assertNotNull(userSession.getUpdateTime()); assertNotNull(userSession.getUpdateTime());
assertNotNull(userSession.getSessionTimeout()); assertNotNull(userSession.getSessionTimeout());
} }