优化 UserSession 的实现,将 id 变成自增,额外增加 token 字段
YunaiV
parent
0f21b55e6d
commit
8606f5c605
|
|
@ -0,0 +1 @@
|
|||
暂未适配国产 DM 数据库,如果你有需要,可以微信联系 wangwenbin-server 一起建设。
|
||||
|
|
@ -46,6 +46,10 @@
|
|||
<groupId>org.postgresql</groupId>
|
||||
<artifactId>postgresql</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.microsoft.sqlserver</groupId>
|
||||
<artifactId>mssql-jdbc</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.alibaba</groupId>
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package cn.iocoder.yudao.framework.security.config;
|
|||
import cn.iocoder.yudao.framework.security.core.aop.PreAuthenticatedAspect;
|
||||
import cn.iocoder.yudao.framework.security.core.authentication.MultiUserDetailsAuthenticationProvider;
|
||||
import cn.iocoder.yudao.framework.security.core.context.TransmittableThreadLocalSecurityContextHolderStrategy;
|
||||
import cn.iocoder.yudao.framework.security.core.filter.JWTAuthenticationTokenFilter;
|
||||
import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
|
||||
import cn.iocoder.yudao.framework.security.core.handler.AccessDeniedHandlerImpl;
|
||||
import cn.iocoder.yudao.framework.security.core.handler.AuthenticationEntryPointImpl;
|
||||
import cn.iocoder.yudao.framework.security.core.handler.LogoutSuccessHandlerImpl;
|
||||
|
|
@ -86,9 +86,9 @@ public class YudaoSecurityAutoConfiguration {
|
|||
* Token 认证过滤器 Bean
|
||||
*/
|
||||
@Bean
|
||||
public JWTAuthenticationTokenFilter authenticationTokenFilter(MultiUserDetailsAuthenticationProvider authenticationProvider,
|
||||
GlobalExceptionHandler globalExceptionHandler) {
|
||||
return new JWTAuthenticationTokenFilter(securityProperties, authenticationProvider, globalExceptionHandler);
|
||||
public TokenAuthenticationFilter authenticationTokenFilter(MultiUserDetailsAuthenticationProvider authenticationProvider,
|
||||
GlobalExceptionHandler globalExceptionHandler) {
|
||||
return new TokenAuthenticationFilter(securityProperties, authenticationProvider, globalExceptionHandler);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package cn.iocoder.yudao.framework.security.config;
|
|||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.iocoder.yudao.framework.security.core.authentication.MultiUserDetailsAuthenticationProvider;
|
||||
import cn.iocoder.yudao.framework.security.core.filter.JWTAuthenticationTokenFilter;
|
||||
import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
|
||||
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
|
|
@ -55,7 +55,7 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
|
|||
* Token 认证过滤器 Bean
|
||||
*/
|
||||
@Resource
|
||||
private JWTAuthenticationTokenFilter authenticationTokenFilter;
|
||||
private TokenAuthenticationFilter authenticationTokenFilter;
|
||||
|
||||
/**
|
||||
* 自定义的权限映射 Bean 们
|
||||
|
|
|
|||
|
|
@ -18,13 +18,13 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* JWT 过滤器,验证 token 的有效性
|
||||
* Token 过滤器,验证 token 的有效性
|
||||
* 验证通过后,获得 {@link LoginUser} 信息,并加入到 Spring Security 上下文
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@RequiredArgsConstructor
|
||||
public class JWTAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
private final SecurityProperties securityProperties;
|
||||
|
||||
|
|
@ -43,7 +43,7 @@ public class JWTAuthenticationTokenFilter extends OncePerRequestFilter {
|
|||
LoginUser loginUser = authenticationProvider.verifyTokenAndRefresh(request, token);
|
||||
// 模拟 Login 功能,方便日常开发调试
|
||||
if (loginUser == null) {
|
||||
loginUser = this.mockLoginUser(request, token);
|
||||
loginUser = mockLoginUser(request, token);
|
||||
}
|
||||
// 设置当前用户
|
||||
if (loginUser != null) {
|
||||
|
|
@ -27,7 +27,8 @@ public class DefaultDatabaseQueryTest {
|
|||
if (StrUtil.startWithAny(tableInfo.getName().toLowerCase(), "act_", "flw_", "qrtz_")) {
|
||||
continue;
|
||||
}
|
||||
System.out.println(String.format("CREATE SEQUENCE %s_seq MINVALUE 0;", tableInfo.getName()));
|
||||
// System.out.println(String.format("CREATE SEQUENCE %s_seq MINVALUE 0;", tableInfo.getName()));
|
||||
System.out.println(String.format("DELETE FROM %s WHERE deleted = '1';", tableInfo.getName()));
|
||||
}
|
||||
System.out.println(tableInfos.size());
|
||||
System.out.println(System.currentTimeMillis() - time);
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
|
|||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import cn.iocoder.yudao.framework.security.core.authentication.MultiUsernamePasswordAuthenticationToken;
|
||||
import cn.iocoder.yudao.module.member.controller.app.auth.vo.*;
|
||||
import cn.iocoder.yudao.module.member.controller.app.social.vo.AppSocialUserBindReqVO;
|
||||
import cn.iocoder.yudao.module.member.controller.app.social.vo.AppSocialUserUnbindReqVO;
|
||||
import cn.iocoder.yudao.module.member.convert.auth.AuthConvert;
|
||||
import cn.iocoder.yudao.module.member.dal.dataobject.user.MemberUserDO;
|
||||
import cn.iocoder.yudao.module.member.dal.mysql.user.MemberUserMapper;
|
||||
|
|
@ -88,7 +86,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
|
|||
// 使用手机 + 密码,进行登录。
|
||||
LoginUser loginUser = this.login0(reqVO.getMobile(), reqVO.getPassword());
|
||||
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -105,7 +103,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
|
|||
// 执行登陆
|
||||
LoginUser loginUser = AuthConvert.INSTANCE.convert(user);
|
||||
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SMS, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -127,7 +125,7 @@ public class MemberAuthServiceImpl implements MemberAuthService {
|
|||
// 创建 LoginUser 对象
|
||||
LoginUser loginUser = AuthConvert.INSTANCE.convert(user);
|
||||
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -136,18 +134,18 @@ public class MemberAuthServiceImpl implements MemberAuthService {
|
|||
// 使用手机号、手机验证码登录
|
||||
AppAuthSmsLoginReqVO loginReqVO = AppAuthSmsLoginReqVO.builder()
|
||||
.mobile(reqVO.getMobile()).code(reqVO.getSmsCode()).build();
|
||||
String sessionId = this.smsLogin(loginReqVO, userIp, userAgent);
|
||||
LoginUser loginUser = userSessionApi.getLoginUser(sessionId);
|
||||
String token = this.smsLogin(loginReqVO, userIp, userAgent);
|
||||
LoginUser loginUser = userSessionApi.getLoginUser(token);
|
||||
|
||||
// 绑定社交用户
|
||||
socialUserApi.bindSocialUser(AuthConvert.INSTANCE.convert(loginUser.getId(), getUserType().getValue(), reqVO));
|
||||
return sessionId;
|
||||
return token;
|
||||
}
|
||||
|
||||
private String createUserSessionAfterLoginSuccess(LoginUser loginUser, LoginLogTypeEnum logType, String userIp, String userAgent) {
|
||||
// 插入登陆日志
|
||||
createLoginLog(loginUser.getUsername(), logType, LoginResultEnum.SUCCESS);
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return userSessionApi.createUserSession(loginUser, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,33 +18,33 @@ public interface UserSessionApi {
|
|||
* @param loginUser 登录用户
|
||||
* @param userIp 用户 IP
|
||||
* @param userAgent 用户 UA
|
||||
* @return Session 编号
|
||||
* @return Token 令牌
|
||||
*/
|
||||
String createUserSession(@NotNull(message = "登录用户不能为空") LoginUser loginUser, String userIp, String userAgent);
|
||||
|
||||
/**
|
||||
* 刷新在线用户 Session 的更新时间
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param token Token 令牌
|
||||
* @param loginUser 登录用户
|
||||
*/
|
||||
void refreshUserSession(@NotEmpty(message = "Session编号不能为空") String sessionId,
|
||||
void refreshUserSession(@NotEmpty(message = "Token 令牌不能为空") String token,
|
||||
@NotNull(message = "登录用户不能为空") LoginUser loginUser);
|
||||
|
||||
/**
|
||||
* 删除在线用户 Session
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param token Token 令牌
|
||||
*/
|
||||
void deleteUserSession(String sessionId);
|
||||
void deleteUserSession(String token);
|
||||
|
||||
/**
|
||||
* 获得 Session 编号对应的在线用户
|
||||
* 获得 Token 令牌对应的在线用户
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param token Token 令牌
|
||||
* @return 在线用户
|
||||
*/
|
||||
LoginUser getLoginUser(String sessionId);
|
||||
LoginUser getLoginUser(String token);
|
||||
|
||||
/**
|
||||
* 获得 Session 超时时间,单位:毫秒
|
||||
|
|
|
|||
|
|
@ -25,18 +25,18 @@ public class UserSessionApiImpl implements UserSessionApi {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void refreshUserSession(String sessionId, LoginUser loginUser) {
|
||||
userSessionService.refreshUserSession(sessionId, loginUser);
|
||||
public void refreshUserSession(String token, LoginUser loginUser) {
|
||||
userSessionService.refreshUserSession(token, loginUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteUserSession(String sessionId) {
|
||||
userSessionService.deleteUserSession(sessionId);
|
||||
public void deleteUserSession(String token) {
|
||||
userSessionService.deleteUserSession(token);
|
||||
}
|
||||
|
||||
@Override
|
||||
public LoginUser getLoginUser(String sessionId) {
|
||||
return userSessionService.getLoginUser(sessionId);
|
||||
public LoginUser getLoginUser(String token) {
|
||||
return userSessionService.getLoginUser(token);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -69,10 +69,9 @@ public class UserSessionController {
|
|||
|
||||
@DeleteMapping("/delete")
|
||||
@ApiOperation("删除 Session")
|
||||
@ApiImplicitParam(name = "id", value = "Session 编号", required = true, dataTypeClass = String.class,
|
||||
example = "fe50b9f6-d177-44b1-8da9-72ea34f63db7")
|
||||
@ApiImplicitParam(name = "id", value = "Session 编号", required = true, dataTypeClass = Long.class, example = "1024")
|
||||
@PreAuthorize("@ss.hasPermission('system:user-session:delete')")
|
||||
public CommonResult<Boolean> deleteUserSession(@RequestParam("id") String id) {
|
||||
public CommonResult<Boolean> deleteUserSession(@RequestParam("id") Long id) {
|
||||
userSessionService.deleteUserSession(id);
|
||||
return success(true);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,10 +3,7 @@ package cn.iocoder.yudao.module.system.dal.dataobject.auth;
|
|||
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.dataobject.BaseDO;
|
||||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import com.baomidou.mybatisplus.annotation.IdType;
|
||||
import com.baomidou.mybatisplus.annotation.KeySequence;
|
||||
import com.baomidou.mybatisplus.annotation.TableId;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import com.baomidou.mybatisplus.annotation.*;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.EqualsAndHashCode;
|
||||
|
|
@ -22,18 +19,21 @@ import java.util.Date;
|
|||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@TableName(value = "system_user_session", autoResultMap = true)
|
||||
@KeySequence("system_user_session_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库,可不写。
|
||||
@TableName(value = "system_user_session")
|
||||
@Data
|
||||
@Builder
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
public class UserSessionDO extends BaseDO {
|
||||
|
||||
/**
|
||||
* 会话编号, 即 sessionId
|
||||
* 会话编号
|
||||
*/
|
||||
@TableId(type = IdType.INPUT)
|
||||
private String id;
|
||||
private Long id;
|
||||
/**
|
||||
* 令牌
|
||||
*/
|
||||
private String token;
|
||||
|
||||
/**
|
||||
* 用户编号
|
||||
*
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import java.util.Set;
|
|||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
@TableName(value = "system_user", autoResultMap = true)
|
||||
@TableName(value = "system_users", autoResultMap = true) // 由于 SQL Server 的 system_user 是关键字,所以使用 system_users
|
||||
@KeySequence("system_user_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库,可不写。
|
||||
@Data
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
package cn.iocoder.yudao.module.system.dal.mysql.auth;
|
||||
|
||||
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.session.UserSessionPageReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.auth.UserSessionDO;
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.query.QueryWrapperX;
|
||||
import cn.iocoder.yudao.framework.mybatis.core.query.LambdaQueryWrapperX;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.session.UserSessionPageReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.auth.UserSessionDO;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
|
||||
import java.util.Collection;
|
||||
|
|
@ -15,13 +15,23 @@ import java.util.List;
|
|||
public interface UserSessionMapper extends BaseMapperX<UserSessionDO> {
|
||||
|
||||
default PageResult<UserSessionDO> selectPage(UserSessionPageReqVO reqVO, Collection<Long> userIds) {
|
||||
return selectPage(reqVO, new QueryWrapperX<UserSessionDO>()
|
||||
.inIfPresent("user_id", userIds)
|
||||
.likeIfPresent("user_ip", reqVO.getUserIp()));
|
||||
return selectPage(reqVO, new LambdaQueryWrapperX<UserSessionDO>()
|
||||
.inIfPresent(UserSessionDO::getUserId, userIds)
|
||||
.likeIfPresent(UserSessionDO::getUserIp, reqVO.getUserIp()));
|
||||
}
|
||||
|
||||
default List<UserSessionDO> selectListBySessionTimoutLt() {
|
||||
return selectList(new QueryWrapperX<UserSessionDO>().lt("session_timeout",new Date()));
|
||||
return selectList(new LambdaQueryWrapperX<UserSessionDO>()
|
||||
.lt(UserSessionDO::getSessionTimeout, new Date()));
|
||||
}
|
||||
|
||||
default void updateByToken(String token, UserSessionDO updateObj) {
|
||||
update(updateObj, new LambdaQueryWrapperX<UserSessionDO>()
|
||||
.eq(UserSessionDO::getToken, token));
|
||||
}
|
||||
|
||||
default void deleteByToken(String token) {
|
||||
delete(new LambdaQueryWrapperX<UserSessionDO>().eq(UserSessionDO::getToken, token));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package cn.iocoder.yudao.module.system.dal.redis;
|
|||
|
||||
import cn.iocoder.yudao.framework.redis.core.RedisKeyDefine;
|
||||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import me.zhyd.oauth.model.AuthUser;
|
||||
|
||||
import java.time.Duration;
|
||||
|
||||
|
|
@ -20,7 +19,7 @@ public interface RedisKeyConstants {
|
|||
STRING, String.class, RedisKeyDefine.TimeoutTypeEnum.DYNAMIC);
|
||||
|
||||
RedisKeyDefine LOGIN_USER = new RedisKeyDefine("登录用户的缓存",
|
||||
"login_user:%s", // 参数为 sessionId
|
||||
"login_user:%s", // 参数为 token 令牌
|
||||
STRING, LoginUser.class, RedisKeyDefine.TimeoutTypeEnum.DYNAMIC);
|
||||
|
||||
RedisKeyDefine SOCIAL_AUTH_STATE = new RedisKeyDefine("社交登陆的 state", // 注意,它是被 JustAuth 的 justauth.type.prefix 使用到
|
||||
|
|
|
|||
|
|
@ -24,24 +24,29 @@ public class LoginUserRedisDAO {
|
|||
@Resource
|
||||
private SecurityProperties securityProperties;
|
||||
|
||||
public LoginUser get(String sessionId) {
|
||||
String redisKey = formatKey(sessionId);
|
||||
public LoginUser get(String token) {
|
||||
String redisKey = formatKey(token);
|
||||
return JsonUtils.parseObject(stringRedisTemplate.opsForValue().get(redisKey), LoginUser.class);
|
||||
}
|
||||
|
||||
public void set(String sessionId, LoginUser loginUser) {
|
||||
String redisKey = formatKey(sessionId);
|
||||
public Boolean exists(String token) {
|
||||
String redisKey = formatKey(token);
|
||||
return stringRedisTemplate.hasKey(redisKey);
|
||||
}
|
||||
|
||||
public void set(String token, LoginUser loginUser) {
|
||||
String redisKey = formatKey(token);
|
||||
stringRedisTemplate.opsForValue().set(redisKey, JsonUtils.toJsonString(loginUser),
|
||||
securityProperties.getSessionTimeout());
|
||||
}
|
||||
|
||||
public void delete(String sessionId) {
|
||||
String redisKey = formatKey(sessionId);
|
||||
public void delete(String token) {
|
||||
String redisKey = formatKey(token);
|
||||
stringRedisTemplate.delete(redisKey);
|
||||
}
|
||||
|
||||
private static String formatKey(String sessionId) {
|
||||
return LOGIN_USER.formatKey(sessionId);
|
||||
private static String formatKey(String token) {
|
||||
return LOGIN_USER.formatKey(token);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ public class UserSessionTimeoutJob implements JobHandler {
|
|||
@Override
|
||||
public String execute(String param) throws Exception {
|
||||
// 执行过期
|
||||
Long timeoutCount = userSessionService.clearSessionTimeout();
|
||||
Long timeoutCount = userSessionService.deleteTimeoutSession();
|
||||
// 返回结果,记录每次的超时数量
|
||||
return String.format("移除在线会话数量为 %s 个", timeoutCount);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|||
// 使用账号密码,进行登录
|
||||
LoginUser loginUser = login0(reqVO.getUsername(), reqVO.getPassword());
|
||||
|
||||
// 缓存登陆用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登陆用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_USERNAME, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -207,7 +207,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|||
// 创建 LoginUser 对象
|
||||
LoginUser loginUser = buildLoginUser(user);
|
||||
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -219,14 +219,14 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|||
// 绑定社交用户
|
||||
socialUserService.bindSocialUser(AuthConvert.INSTANCE.convert(loginUser.getId(), getUserType().getValue(), reqVO));
|
||||
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return createUserSessionAfterLoginSuccess(loginUser, LoginLogTypeEnum.LOGIN_SOCIAL, userIp, userAgent);
|
||||
}
|
||||
|
||||
private String createUserSessionAfterLoginSuccess(LoginUser loginUser, LoginLogTypeEnum logType, String userIp, String userAgent) {
|
||||
// 插入登陆日志
|
||||
createLoginLog(loginUser.getUsername(), logType, LoginResultEnum.SUCCESS);
|
||||
// 缓存登录用户到 Redis 中,返回 sessionId 编号
|
||||
// 缓存登录用户到 Redis 中,返回 Token 令牌
|
||||
return userSessionService.createUserSession(loginUser, userIp, userAgent);
|
||||
}
|
||||
|
||||
|
|
@ -240,7 +240,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
|
|||
// 删除 session
|
||||
userSessionService.deleteUserSession(token);
|
||||
// 记录登出日志
|
||||
this.createLogoutLog(loginUser.getId(), loginUser.getUsername());
|
||||
createLogoutLog(loginUser.getId(), loginUser.getUsername());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ public interface UserSessionService {
|
|||
*
|
||||
* @return {@link Long } 移出的超时用户数量
|
||||
**/
|
||||
long clearSessionTimeout();
|
||||
long deleteTimeoutSession();
|
||||
|
||||
/**
|
||||
* 创建在线用户 Session
|
||||
|
|
@ -33,32 +33,39 @@ public interface UserSessionService {
|
|||
* @param loginUser 登录用户
|
||||
* @param userIp 用户 IP
|
||||
* @param userAgent 用户 UA
|
||||
* @return Session 编号
|
||||
* @return Token 令牌
|
||||
*/
|
||||
String createUserSession(LoginUser loginUser, String userIp, String userAgent);
|
||||
|
||||
/**
|
||||
* 刷新在线用户 Session 的更新时间
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param token 令牌
|
||||
* @param loginUser 登录用户
|
||||
*/
|
||||
void refreshUserSession(String sessionId, LoginUser loginUser);
|
||||
void refreshUserSession(String token, LoginUser loginUser);
|
||||
|
||||
/**
|
||||
* 删除在线用户 Session
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param token token 令牌
|
||||
*/
|
||||
void deleteUserSession(String sessionId);
|
||||
void deleteUserSession(String token);
|
||||
|
||||
/**
|
||||
* 获得 Session 编号对应的在线用户
|
||||
* 删除在线用户 Session
|
||||
*
|
||||
* @param sessionId Session 编号
|
||||
* @param id 编号
|
||||
*/
|
||||
void deleteUserSession(Long id);
|
||||
|
||||
/**
|
||||
* 获得 Token 对应的在线用户
|
||||
*
|
||||
* @param token 令牌
|
||||
* @return 在线用户
|
||||
*/
|
||||
LoginUser getLoginUser(String sessionId);
|
||||
LoginUser getLoginUser(String token);
|
||||
|
||||
/**
|
||||
* 获得 Session 超时时间,单位:毫秒
|
||||
|
|
|
|||
|
|
@ -3,28 +3,28 @@ package cn.iocoder.yudao.module.system.service.auth;
|
|||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.util.IdUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
|
||||
import cn.iocoder.yudao.framework.security.config.SecurityProperties;
|
||||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import cn.iocoder.yudao.module.system.api.logger.dto.LoginLogCreateReqDTO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.session.UserSessionPageReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.auth.UserSessionDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.dal.mysql.auth.UserSessionMapper;
|
||||
import cn.iocoder.yudao.module.system.dal.redis.auth.LoginUserRedisDAO;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginLogTypeEnum;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginResultEnum;
|
||||
import cn.iocoder.yudao.module.system.service.logger.LoginLogService;
|
||||
import cn.iocoder.yudao.module.system.service.user.AdminUserService;
|
||||
import cn.iocoder.yudao.module.system.dal.redis.auth.LoginUserRedisDAO;
|
||||
import cn.iocoder.yudao.module.system.api.logger.dto.LoginLogCreateReqDTO;
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
|
||||
import com.google.common.collect.Lists;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.time.Duration;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.Collection;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertSet;
|
||||
import static cn.iocoder.yudao.framework.common.util.date.DateUtils.addTime;
|
||||
|
|
@ -65,82 +65,99 @@ public class UserSessionServiceImpl implements UserSessionService {
|
|||
return userSessionMapper.selectPage(reqVO, userIds);
|
||||
}
|
||||
|
||||
// TODO @芋艿:优化下该方法
|
||||
@Override
|
||||
public long clearSessionTimeout() {
|
||||
// 获取db里已经超时的用户列表
|
||||
List<UserSessionDO> sessionTimeoutDOS = userSessionMapper.selectListBySessionTimoutLt();
|
||||
Map<String, UserSessionDO> timeoutSessionDOMap = sessionTimeoutDOS
|
||||
.stream()
|
||||
.filter(sessionDO -> loginUserRedisDAO.get(sessionDO.getId()) == null)
|
||||
.collect(Collectors.toMap(UserSessionDO::getId, o -> o));
|
||||
// 确认已经超时,按批次移出在线用户列表
|
||||
if (CollUtil.isNotEmpty(timeoutSessionDOMap)) {
|
||||
Lists.partition(new ArrayList<>(timeoutSessionDOMap.keySet()), 100)
|
||||
.forEach(userSessionMapper::deleteBatchIds);
|
||||
// 记录用户超时退出日志
|
||||
createTimeoutLogoutLog(timeoutSessionDOMap.values());
|
||||
public long deleteTimeoutSession() {
|
||||
// 获取 db 里已经超时的用户列表
|
||||
List<UserSessionDO> timeoutSessions = userSessionMapper.selectListBySessionTimoutLt();
|
||||
if (CollUtil.isEmpty(timeoutSessions)) {
|
||||
return 0L;
|
||||
}
|
||||
return timeoutSessionDOMap.size();
|
||||
|
||||
// 由于过期的用户一般不多,所以顺序遍历,进行清理
|
||||
int count = 0;
|
||||
for (UserSessionDO session : timeoutSessions) {
|
||||
// 基于 Redis 二次判断,同时也保证 Redis Key 的立即过期,避免延迟导致浪费内存空间
|
||||
if (loginUserRedisDAO.exists(session.getToken())) {
|
||||
continue;
|
||||
}
|
||||
userSessionMapper.deleteById(session.getId());
|
||||
// 记录退出日志
|
||||
createLogoutLog(session, LoginLogTypeEnum.LOGOUT_TIMEOUT);
|
||||
count++;
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
private void createTimeoutLogoutLog(Collection<UserSessionDO> timeoutSessionDOS) {
|
||||
for (UserSessionDO timeoutSessionDO : timeoutSessionDOS) {
|
||||
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
|
||||
reqDTO.setLogType(LoginLogTypeEnum.LOGOUT_TIMEOUT.getType());
|
||||
reqDTO.setTraceId(TracerUtils.getTraceId());
|
||||
reqDTO.setUserId(timeoutSessionDO.getUserId());
|
||||
reqDTO.setUserType(timeoutSessionDO.getUserType());
|
||||
reqDTO.setUsername(timeoutSessionDO.getUsername());
|
||||
reqDTO.setUserAgent(timeoutSessionDO.getUserAgent());
|
||||
reqDTO.setUserIp(timeoutSessionDO.getUserIp());
|
||||
reqDTO.setResult(LoginResultEnum.SUCCESS.getResult());
|
||||
loginLogService.createLoginLog(reqDTO);
|
||||
}
|
||||
private void createLogoutLog(UserSessionDO session, LoginLogTypeEnum type) {
|
||||
LoginLogCreateReqDTO reqDTO = new LoginLogCreateReqDTO();
|
||||
reqDTO.setLogType(type.getType());
|
||||
reqDTO.setTraceId(TracerUtils.getTraceId());
|
||||
reqDTO.setUserId(session.getUserId());
|
||||
reqDTO.setUserType(session.getUserType());
|
||||
reqDTO.setUsername(session.getUsername());
|
||||
reqDTO.setUserAgent(session.getUserAgent());
|
||||
reqDTO.setUserIp(session.getUserIp());
|
||||
reqDTO.setResult(LoginResultEnum.SUCCESS.getResult());
|
||||
loginLogService.createLoginLog(reqDTO);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String createUserSession(LoginUser loginUser, String userIp, String userAgent) {
|
||||
// 生成 Session 编号
|
||||
String sessionId = generateSessionId();
|
||||
String token = generateToken();
|
||||
// 写入 Redis 缓存
|
||||
loginUser.setUpdateTime(new Date());
|
||||
loginUserRedisDAO.set(sessionId, loginUser);
|
||||
loginUserRedisDAO.set(token, loginUser);
|
||||
// 写入 DB 中
|
||||
UserSessionDO userSession = UserSessionDO.builder().id(sessionId)
|
||||
UserSessionDO userSession = UserSessionDO.builder().token(token)
|
||||
.userId(loginUser.getId()).userType(loginUser.getUserType())
|
||||
.userIp(userIp).userAgent(userAgent).username(loginUser.getUsername())
|
||||
.sessionTimeout(addTime(Duration.ofMillis(getSessionTimeoutMillis())))
|
||||
.build();
|
||||
userSessionMapper.insert(userSession);
|
||||
// 返回 Session 编号
|
||||
return sessionId;
|
||||
// 返回 Token 令牌
|
||||
return token;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void refreshUserSession(String sessionId, LoginUser loginUser) {
|
||||
public void refreshUserSession(String token, LoginUser loginUser) {
|
||||
// 写入 Redis 缓存
|
||||
loginUser.setUpdateTime(new Date());
|
||||
loginUserRedisDAO.set(sessionId, loginUser);
|
||||
loginUserRedisDAO.set(token, loginUser);
|
||||
// 更新 DB 中
|
||||
UserSessionDO updateObj = UserSessionDO.builder().id(sessionId).build();
|
||||
UserSessionDO updateObj = UserSessionDO.builder().build();
|
||||
updateObj.setUsername(loginUser.getUsername());
|
||||
updateObj.setUpdateTime(new Date());
|
||||
updateObj.setSessionTimeout(addTime(Duration.ofMillis(getSessionTimeoutMillis())));
|
||||
userSessionMapper.updateById(updateObj);
|
||||
userSessionMapper.updateByToken(token, updateObj);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteUserSession(String sessionId) {
|
||||
public void deleteUserSession(String token) {
|
||||
// 删除 Redis 缓存
|
||||
loginUserRedisDAO.delete(sessionId);
|
||||
loginUserRedisDAO.delete(token);
|
||||
// 删除 DB 记录
|
||||
userSessionMapper.deleteById(sessionId);
|
||||
userSessionMapper.deleteByToken(token);
|
||||
// 无需记录日志,因为退出那已经记录
|
||||
}
|
||||
|
||||
@Override
|
||||
public LoginUser getLoginUser(String sessionId) {
|
||||
return loginUserRedisDAO.get(sessionId);
|
||||
public void deleteUserSession(Long id) {
|
||||
UserSessionDO session = userSessionMapper.selectById(id);
|
||||
if (session == null) {
|
||||
return;
|
||||
}
|
||||
// 删除 Redis 缓存
|
||||
loginUserRedisDAO.delete(session.getToken());
|
||||
// 删除 DB 记录
|
||||
userSessionMapper.deleteById(id);
|
||||
// 记录退出日志
|
||||
createLogoutLog(session, LoginLogTypeEnum.LOGOUT_DELETE);
|
||||
}
|
||||
|
||||
@Override
|
||||
public LoginUser getLoginUser(String token) {
|
||||
return loginUserRedisDAO.get(token);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -149,11 +166,11 @@ public class UserSessionServiceImpl implements UserSessionService {
|
|||
}
|
||||
|
||||
/**
|
||||
* 生成 Session 编号,目前采用 UUID 算法
|
||||
* 生成 Token 令牌,目前采用 UUID 算法
|
||||
*
|
||||
* @return Session 编号
|
||||
*/
|
||||
private static String generateSessionId() {
|
||||
private static String generateToken() {
|
||||
return IdUtil.fastSimpleUUID();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -134,6 +134,7 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
AuthLoginReqVO reqVO = randomPojo(AuthLoginReqVO.class);
|
||||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
|
||||
// 调用, 并断言异常
|
||||
assertServiceException(() -> authService.login(reqVO, userIp, userAgent), AUTH_LOGIN_CAPTCHA_NOT_FOUND);
|
||||
// 校验调用参数
|
||||
|
|
@ -148,10 +149,12 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
// 准备参数
|
||||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
String code = randomString();
|
||||
AuthLoginReqVO reqVO = randomPojo(AuthLoginReqVO.class);
|
||||
|
||||
// mock 验证码不正确
|
||||
String code = randomString();
|
||||
when(captchaService.getCaptchaCode(reqVO.getUuid())).thenReturn(code);
|
||||
|
||||
// 调用, 并断言异常
|
||||
assertServiceException(() -> authService.login(reqVO, userIp, userAgent), AUTH_LOGIN_CAPTCHA_CODE_ERROR);
|
||||
// 校验调用参数
|
||||
|
|
@ -172,6 +175,7 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
// mock 抛出异常
|
||||
when(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(reqVO.getUsername(), reqVO.getPassword())))
|
||||
.thenThrow(new BadCredentialsException("测试账号或密码不正确"));
|
||||
|
||||
// 调用, 并断言异常
|
||||
assertServiceException(() -> authService.login(reqVO, userIp, userAgent), AUTH_LOGIN_BAD_CREDENTIALS);
|
||||
// 校验调用参数
|
||||
|
|
@ -188,11 +192,13 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
AuthLoginReqVO reqVO = randomPojo(AuthLoginReqVO.class);
|
||||
|
||||
// mock 验证码正确
|
||||
when(captchaService.getCaptchaCode(reqVO.getUuid())).thenReturn(reqVO.getCode());
|
||||
// mock 抛出异常
|
||||
when(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(reqVO.getUsername(), reqVO.getPassword())))
|
||||
.thenThrow(new DisabledException("测试用户被禁用"));
|
||||
|
||||
// 调用, 并断言异常
|
||||
assertServiceException(() -> authService.login(reqVO, userIp, userAgent), AUTH_LOGIN_USER_DISABLED);
|
||||
// 校验调用参数
|
||||
|
|
@ -214,6 +220,7 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
// mock 抛出异常
|
||||
when(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(reqVO.getUsername(), reqVO.getPassword())))
|
||||
.thenThrow(new AuthenticationException("测试未知异常") {});
|
||||
|
||||
// 调用, 并断言异常
|
||||
assertServiceException(() -> authService.login(reqVO, userIp, userAgent), AUTH_LOGIN_FAIL_UNKNOWN);
|
||||
// 校验调用参数
|
||||
|
|
@ -229,27 +236,29 @@ public class AuthServiceImplTest extends BaseDbUnitTest {
|
|||
// 准备参数
|
||||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
AuthLoginReqVO reqVO = randomPojo(AuthLoginReqVO.class);
|
||||
|
||||
// mock 验证码正确
|
||||
when(captchaService.getCaptchaCode(reqVO.getUuid())).thenReturn(reqVO.getCode());
|
||||
// mock authentication
|
||||
Long userId = randomLongId();
|
||||
Set<Long> userRoleIds = randomSet(Long.class);
|
||||
String sessionId = randomString();
|
||||
AuthLoginReqVO reqVO = randomPojo(AuthLoginReqVO.class);
|
||||
LoginUser loginUser = randomPojo(LoginUser.class, o -> {
|
||||
o.setId(userId);
|
||||
o.setRoleIds(userRoleIds);
|
||||
});
|
||||
// mock 验证码正确
|
||||
when(captchaService.getCaptchaCode(reqVO.getUuid())).thenReturn(reqVO.getCode());
|
||||
// mock authentication
|
||||
when(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(reqVO.getUsername(), reqVO.getPassword())))
|
||||
.thenReturn(authentication);
|
||||
when(authentication.getPrincipal()).thenReturn(loginUser);
|
||||
// mock 获得 User 拥有的角色编号数组
|
||||
when(permissionService.getUserRoleIds(userId, singleton(CommonStatusEnum.ENABLE.getStatus()))).thenReturn(userRoleIds);
|
||||
// mock 缓存登录用户到 Redis
|
||||
when(userSessionService.createUserSession(loginUser, userIp, userAgent)).thenReturn(sessionId);
|
||||
String token = randomString();
|
||||
when(userSessionService.createUserSession(loginUser, userIp, userAgent)).thenReturn(token);
|
||||
|
||||
// 调用, 并断言异常
|
||||
String login = authService.login(reqVO, userIp, userAgent);
|
||||
assertEquals(sessionId, login);
|
||||
assertEquals(token, login);
|
||||
// 校验调用参数
|
||||
verify(captchaService, times(1)).deleteCaptchaCode(reqVO.getUuid());
|
||||
verify(loginLogService, times(1)).createLoginLog(
|
||||
|
|
|
|||
|
|
@ -1,31 +1,31 @@
|
|||
package cn.iocoder.yudao.module.system.service.auth;
|
||||
|
||||
import cn.hutool.core.date.DateUtil;
|
||||
import cn.iocoder.yudao.framework.security.config.SecurityProperties;
|
||||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.session.UserSessionPageReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.dal.mysql.auth.UserSessionMapper;
|
||||
import cn.iocoder.yudao.module.system.service.logger.LoginLogService;
|
||||
import cn.iocoder.yudao.module.system.service.user.AdminUserService;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.auth.UserSessionDO;
|
||||
import cn.iocoder.yudao.module.system.dal.redis.auth.LoginUserRedisDAO;
|
||||
import cn.iocoder.yudao.module.system.enums.common.SexEnum;
|
||||
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
|
||||
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.common.util.date.DateUtils;
|
||||
import cn.iocoder.yudao.framework.common.util.object.ObjectUtils;
|
||||
import cn.iocoder.yudao.framework.security.config.SecurityProperties;
|
||||
import cn.iocoder.yudao.framework.security.core.LoginUser;
|
||||
import cn.iocoder.yudao.framework.test.core.ut.BaseDbAndRedisUnitTest;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.session.UserSessionPageReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.auth.UserSessionDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.dal.mysql.auth.UserSessionMapper;
|
||||
import cn.iocoder.yudao.module.system.dal.redis.auth.LoginUserRedisDAO;
|
||||
import cn.iocoder.yudao.module.system.enums.common.SexEnum;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginLogTypeEnum;
|
||||
import cn.iocoder.yudao.module.system.enums.logger.LoginResultEnum;
|
||||
import cn.iocoder.yudao.module.system.service.logger.LoginLogService;
|
||||
import cn.iocoder.yudao.module.system.service.user.AdminUserService;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.context.annotation.Import;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.time.Duration;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
import java.util.Calendar;
|
||||
|
||||
import static cn.hutool.core.util.RandomUtil.randomEle;
|
||||
import static cn.iocoder.yudao.framework.common.util.date.DateUtils.addTime;
|
||||
|
|
@ -33,8 +33,9 @@ import static cn.iocoder.yudao.framework.test.core.util.AssertUtils.assertPojoEq
|
|||
import static cn.iocoder.yudao.framework.test.core.util.RandomUtils.*;
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.mockito.ArgumentMatchers.argThat;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
|
|
@ -61,6 +62,11 @@ public class UserSessionServiceImplTest extends BaseDbAndRedisUnitTest {
|
|||
@MockBean
|
||||
private SecurityProperties securityProperties;
|
||||
|
||||
@BeforeEach
|
||||
public void setUp() {
|
||||
when(securityProperties.getSessionTimeout()).thenReturn(Duration.ofDays(1L));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUserSessionPage_success() {
|
||||
// mock 数据
|
||||
|
|
@ -78,15 +84,9 @@ public class UserSessionServiceImplTest extends BaseDbAndRedisUnitTest {
|
|||
});
|
||||
userSessionMapper.insert(dbSession);
|
||||
// 测试 username 不匹配
|
||||
userSessionMapper.insert(ObjectUtils.cloneIgnoreId(dbSession, o -> {
|
||||
o.setId(randomString());
|
||||
o.setUserId(123456L);
|
||||
}));
|
||||
userSessionMapper.insert(ObjectUtils.cloneIgnoreId(dbSession, o -> o.setUserId(123456L)));
|
||||
// 测试 userIp 不匹配
|
||||
userSessionMapper.insert(ObjectUtils.cloneIgnoreId(dbSession, o -> {
|
||||
o.setId(randomString());
|
||||
o.setUserIp("testUserIp");
|
||||
}));
|
||||
userSessionMapper.insert(ObjectUtils.cloneIgnoreId(dbSession, o -> o.setUserIp("testUserIp")));
|
||||
// 准备参数
|
||||
UserSessionPageReqVO reqVO = new UserSessionPageReqVO();
|
||||
reqVO.setUsername(dbUser.getUsername());
|
||||
|
|
@ -100,35 +100,60 @@ public class UserSessionServiceImplTest extends BaseDbAndRedisUnitTest {
|
|||
assertPojoEquals(dbSession, pageResult.getList().get(0));
|
||||
}
|
||||
|
||||
// TODO 芋艿:单测写的有问题
|
||||
@Test
|
||||
public void testClearSessionTimeout_none() {
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setSessionTimeout(addTime(Duration.ofDays(1)));
|
||||
});
|
||||
userSessionMapper.insert(userSession);
|
||||
|
||||
// 调用
|
||||
long count = userSessionService.deleteTimeoutSession();
|
||||
// 断言
|
||||
assertEquals(0, count);
|
||||
assertPojoEquals(userSession, userSessionMapper.selectById(userSession.getId())); // 未删除
|
||||
}
|
||||
|
||||
@Test // Redis 还存在的情况
|
||||
public void testClearSessionTimeout_exists() {
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setSessionTimeout(DateUtils.addDate(Calendar.DAY_OF_YEAR, -1));
|
||||
});
|
||||
userSessionMapper.insert(userSession);
|
||||
// mock redis 数据
|
||||
loginUserRedisDAO.set(userSession.getToken(), new LoginUser());
|
||||
|
||||
// 调用
|
||||
long count = userSessionService.deleteTimeoutSession();
|
||||
// 断言
|
||||
assertEquals(0, count);
|
||||
assertPojoEquals(userSession, userSessionMapper.selectById(userSession.getId())); // 未删除
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testClearSessionTimeout_success() {
|
||||
// 准备超时数据 120 条, 在线用户 1 条
|
||||
int expectedTimeoutCount = 120, expectedTotal = 1;
|
||||
|
||||
// 准备数据
|
||||
List<UserSessionDO> prepareData = Stream
|
||||
.iterate(0, i -> i)
|
||||
.limit(expectedTimeoutCount)
|
||||
.map(i -> randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setSessionTimeout(DateUtil.offsetSecond(new Date(), -1));
|
||||
}))
|
||||
.collect(Collectors.toList());
|
||||
UserSessionDO sessionDO = randomPojo(UserSessionDO.class, o -> {
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setSessionTimeout(DateUtil.offsetMinute(new Date(), 30));
|
||||
o.setSessionTimeout(DateUtils.addDate(Calendar.DAY_OF_YEAR, -1));
|
||||
});
|
||||
prepareData.add(sessionDO);
|
||||
prepareData.forEach(userSessionMapper::insert);
|
||||
userSessionMapper.insert(userSession);
|
||||
|
||||
// 清空超时数据
|
||||
long actualTimeoutCount = userSessionService.clearSessionTimeout();
|
||||
long count = userSessionService.deleteTimeoutSession();
|
||||
// 校验
|
||||
assertEquals(expectedTimeoutCount, actualTimeoutCount);
|
||||
List<UserSessionDO> userSessionDOS = userSessionMapper.selectList();
|
||||
assertEquals(expectedTotal, userSessionDOS.size());
|
||||
assertPojoEquals(sessionDO, userSessionDOS.get(0), "updateTime");
|
||||
assertEquals(1, count);
|
||||
assertNull(userSessionMapper.selectById(userSession.getId())); // 已删除
|
||||
verify(loginLogService).createLoginLog(argThat(loginLog -> {
|
||||
assertPojoEquals(userSession, loginLog);
|
||||
assertEquals(LoginLogTypeEnum.LOGOUT_TIMEOUT.getType(), loginLog.getLogType());
|
||||
assertEquals(LoginResultEnum.SUCCESS.getResult(), loginLog.getResult());
|
||||
return true;
|
||||
}));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -140,80 +165,86 @@ public class UserSessionServiceImplTest extends BaseDbAndRedisUnitTest {
|
|||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setTenantId(0L); // 租户设置为 0,因为暂未启用多租户组件
|
||||
});
|
||||
// mock 方法
|
||||
when(securityProperties.getSessionTimeout()).thenReturn(Duration.ofDays(1));
|
||||
|
||||
// 调用
|
||||
String sessionId = userSessionService.createUserSession(loginUser, userIp, userAgent);
|
||||
String token = userSessionService.createUserSession(loginUser, userIp, userAgent);
|
||||
// 校验 UserSessionDO 记录
|
||||
UserSessionDO userSessionDO = userSessionMapper.selectById(sessionId);
|
||||
UserSessionDO userSessionDO = userSessionMapper.selectOne(UserSessionDO::getToken, token);
|
||||
assertPojoEquals(loginUser, userSessionDO, "id", "updateTime");
|
||||
assertEquals(sessionId, userSessionDO.getId());
|
||||
assertEquals(token, userSessionDO.getToken());
|
||||
assertEquals(userIp, userSessionDO.getUserIp());
|
||||
assertEquals(userAgent, userSessionDO.getUserAgent());
|
||||
// 校验 LoginUser 缓存
|
||||
LoginUser redisLoginUser = loginUserRedisDAO.get(sessionId);
|
||||
LoginUser redisLoginUser = loginUserRedisDAO.get(token);
|
||||
assertPojoEquals(loginUser, redisLoginUser, "username", "password");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCreateRefreshUserSession_success() {
|
||||
public void testCreateRefreshUserSession() {
|
||||
// 准备参数
|
||||
String sessionId = randomString();
|
||||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
long timeLong = randomLongId();
|
||||
String userName = randomString();
|
||||
Date date = randomDate();
|
||||
String token = randomString();
|
||||
|
||||
// mock redis 数据
|
||||
LoginUser loginUser = randomPojo(LoginUser.class, o -> o.setUserType(randomEle(UserTypeEnum.values()).getValue()));
|
||||
// mock 方法
|
||||
when(securityProperties.getSessionTimeout()).thenReturn(Duration.ofDays(1));
|
||||
// mock 数据
|
||||
loginUser.setUpdateTime(date);
|
||||
loginUserRedisDAO.set(sessionId, loginUser);
|
||||
UserSessionDO userSession = UserSessionDO.builder().id(sessionId)
|
||||
.userId(loginUser.getId()).userType(loginUser.getUserType())
|
||||
.userIp(userIp).userAgent(userAgent).username(userName)
|
||||
.sessionTimeout(addTime(Duration.ofMillis(timeLong)))
|
||||
.build();
|
||||
loginUserRedisDAO.set(token, loginUser);
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setToken(token);
|
||||
});
|
||||
userSessionMapper.insert(userSession);
|
||||
|
||||
// 调用
|
||||
userSessionService.refreshUserSession(sessionId, loginUser);
|
||||
userSessionService.refreshUserSession(token, loginUser);
|
||||
// 校验 LoginUser 缓存
|
||||
LoginUser redisLoginUser = loginUserRedisDAO.get(sessionId);
|
||||
assertNotEquals(redisLoginUser.getUpdateTime(), date);
|
||||
LoginUser redisLoginUser = loginUserRedisDAO.get(token);
|
||||
assertPojoEquals(redisLoginUser, loginUser, "username", "password");
|
||||
// 校验 UserSessionDO 记录
|
||||
UserSessionDO updateDO = userSessionMapper.selectById(sessionId);
|
||||
UserSessionDO updateDO = userSessionMapper.selectOne(UserSessionDO::getToken, token);
|
||||
assertEquals(updateDO.getUsername(), loginUser.getUsername());
|
||||
assertNotEquals(updateDO.getUpdateTime(), userSession.getUpdateTime());
|
||||
assertNotEquals(updateDO.getSessionTimeout(), addTime(Duration.ofMillis(timeLong)));
|
||||
assertNotNull(userSession.getUpdateTime());
|
||||
assertNotNull(userSession.getSessionTimeout());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeleteUserSession_success() {
|
||||
public void testDeleteUserSession_Token() {
|
||||
// 准备参数
|
||||
String sessionId = randomString();
|
||||
String userIp = randomString();
|
||||
String userAgent = randomString();
|
||||
Long timeLong = randomLongId();
|
||||
LoginUser loginUser = randomPojo(LoginUser.class, o -> o.setUserType(randomEle(UserTypeEnum.values()).getValue()));
|
||||
// mock 存入 Redis
|
||||
when(securityProperties.getSessionTimeout()).thenReturn(Duration.ofDays(1));
|
||||
// mock 数据
|
||||
loginUserRedisDAO.set(sessionId, loginUser);
|
||||
UserSessionDO userSession = UserSessionDO.builder().id(sessionId)
|
||||
.userId(loginUser.getId()).userType(loginUser.getUserType())
|
||||
.userIp(userIp).userAgent(userAgent).username(loginUser.getUsername())
|
||||
.sessionTimeout(addTime(Duration.ofMillis(timeLong)))
|
||||
.build();
|
||||
String token = randomString();
|
||||
|
||||
// mock redis 数据
|
||||
loginUserRedisDAO.set(token, new LoginUser());
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
o.setToken(token);
|
||||
});
|
||||
userSessionMapper.insert(userSession);
|
||||
|
||||
// 调用
|
||||
userSessionService.deleteUserSession(sessionId);
|
||||
userSessionService.deleteUserSession(token);
|
||||
// 校验数据不存在了
|
||||
assertNull(loginUserRedisDAO.get(sessionId));
|
||||
assertNull(userSessionMapper.selectById(sessionId));
|
||||
assertNull(loginUserRedisDAO.get(token));
|
||||
assertNull(userSessionMapper.selectOne(UserSessionDO::getToken, token));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDeleteUserSession_Id() {
|
||||
// mock db 数据
|
||||
UserSessionDO userSession = randomPojo(UserSessionDO.class, o -> {
|
||||
o.setUserType(randomEle(UserTypeEnum.values()).getValue());
|
||||
});
|
||||
userSessionMapper.insert(userSession);
|
||||
// mock redis 数据
|
||||
loginUserRedisDAO.set(userSession.getToken(), new LoginUser());
|
||||
|
||||
// 准备参数
|
||||
Long id = userSession.getId();
|
||||
|
||||
// 调用
|
||||
userSessionService.deleteUserSession(id);
|
||||
// 校验数据不存在了
|
||||
assertNull(loginUserRedisDAO.get(userSession.getToken()));
|
||||
assertNull(userSessionMapper.selectById(id));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -115,7 +115,8 @@ CREATE TABLE IF NOT EXISTS "system_dict_type" (
|
|||
) COMMENT '字典类型表';
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `system_user_session` (
|
||||
`id` varchar(32) NOT NULL,
|
||||
"id" bigint NOT NULL GENERATED BY DEFAULT AS IDENTITY,
|
||||
`token` varchar(32) NOT NULL,
|
||||
`user_id` bigint DEFAULT NULL,
|
||||
"user_type" tinyint NOT NULL,
|
||||
`username` varchar(50) NOT NULL DEFAULT '',
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
<url>https://github.com/YunaiV/ruoyi-vue-pro</url>
|
||||
|
||||
<dependencies>
|
||||
<!-- TODO 芋艿:多模块 -->
|
||||
<dependency>
|
||||
<groupId>cn.iocoder.boot</groupId>
|
||||
<artifactId>yudao-module-member-biz</artifactId>
|
||||
|
|
@ -43,11 +42,11 @@
|
|||
<version>${revision}</version>
|
||||
</dependency>
|
||||
<!-- 默认引入 yudao-module-bpm-biz-flowable 实现,可以替换为 yudao-module-bpm-biz-activiti 实现-->
|
||||
<dependency>
|
||||
<groupId>cn.iocoder.boot</groupId>
|
||||
<artifactId>yudao-module-bpm-biz-flowable</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
<!-- <dependency>-->
|
||||
<!-- <groupId>cn.iocoder.boot</groupId>-->
|
||||
<!-- <artifactId>yudao-module-bpm-biz-flowable</artifactId>-->
|
||||
<!-- <version>${revision}</version>-->
|
||||
<!-- </dependency>-->
|
||||
<!-- <dependency>-->
|
||||
<!-- <groupId>cn.iocoder.boot</groupId>-->
|
||||
<!-- <artifactId>yudao-module-bpm-biz-activiti</artifactId>-->
|
||||
|
|
|
|||
|
|
@ -49,6 +49,9 @@ spring:
|
|||
# url: jdbc:oracle:thin:@127.0.0.1:1521:xe # Oracle 连接的示例
|
||||
username: root
|
||||
password: 123456
|
||||
# url: jdbc:sqlserver://127.0.0.1:1433;DatabaseName=${spring.datasource.dynamic.datasource.master.name} # SQLServer 连接的示例
|
||||
# username: sa
|
||||
# password: JSm:g(*%lU4ZAkz06cd52KqT3)i1?H7W
|
||||
slave: # 模拟从库,可根据自己需要修改
|
||||
name: ruoyi-vue-pro
|
||||
url: jdbc:mysql://127.0.0.1:3306/${spring.datasource.dynamic.datasource.slave.name}?useSSL=false&allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=UTF-8&serverTimezone=CTT # MySQL 连接的示例
|
||||
|
|
@ -56,6 +59,9 @@ spring:
|
|||
# url: jdbc:oracle:thin:@127.0.0.1:1521:xe # Oracle 连接的示例
|
||||
username: root
|
||||
password: 123456
|
||||
# url: jdbc:sqlserver://127.0.0.1:1433;DatabaseName=${spring.datasource.dynamic.datasource.slave.name} # SQLServer 连接的示例
|
||||
# username: sa
|
||||
# password: JSm:g(*%lU4ZAkz06cd52KqT3)i1?H7W
|
||||
|
||||
# Redis 配置。Redisson 默认的配置足够使用,一般不需要进行调优
|
||||
redis:
|
||||
|
|
|
|||
Loading…
Reference in New Issue