ContiNew/continew-admin
1
1
Fork 0
mirror of https://github.com/continew-org/continew-admin.git synced 2025-09-09 20:57:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: 优化认证及客户端相关代码

Browse Source
This commit is contained in:
Charles7c
2024-12-27 00:20:36 +08:00
parent 95f2617a4c
commit c90e80e9d7
35 changed files with 595 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
continew-module-system/src/main/java/top/continew/admin/auth/handler/AbstractAuthHandler.java → continew-module-system/src/main/java/top/continew/admin/auth/AbstractAuthHandler.java
View File

@@ -14,23 +14,30 @@
* limitations under the License.
*/
package top.continew.admin.auth.handler;
package top.continew.admin.auth;
import cn.dev33.satoken.stp.SaLoginModel;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.bean.BeanUtil;
import jakarta.annotation.Resource;
import lombok.RequiredArgsConstructor;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.model.req.AuthReq;
import top.continew.admin.common.context.RoleContext;
import top.continew.admin.common.context.UserContext;
import top.continew.admin.common.context.UserContextHolder;
import top.continew.admin.common.context.UserExtraContext;
import top.continew.admin.common.enums.DisEnableStatusEnum;
import top.continew.admin.system.model.entity.DeptDO;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.service.DeptService;
import top.continew.admin.system.service.OptionService;
import top.continew.admin.system.service.RoleService;
import top.continew.admin.system.service.UserService;
import top.continew.starter.core.validation.CheckUtils;
import top.continew.starter.core.validation.ValidationUtils;
import top.continew.starter.web.util.SpringWebUtils;
import java.util.Set;
@@ -39,35 +46,49 @@ import java.util.concurrent.CompletableFuture;
import static top.continew.admin.system.enums.PasswordPolicyEnum.PASSWORD_EXPIRATION_DAYS;
/**
* 认证处理器抽象
* 认证处理器
*
* @author KAI
* @author Charles7c
* @since 2024/12/22 14:52
*/
@Component
@RequiredArgsConstructor
public abstract class AbstractAuthHandler {
public abstract class AbstractAuthHandler<T extends AuthReq> implements AuthHandler<T> {
@Resource
private RoleService roleService;
protected OptionService optionService;
@Resource
private OptionService optionService;
protected UserService userService;
@Resource
protected RoleService roleService;
@Resource
private DeptService deptService;
@Resource
private ThreadPoolTaskExecutor threadPoolTaskExecutor;
public static final String CAPTCHA_EXPIRED = "验证码已失效";
public static final String CAPTCHA_ERROR = "验证码错误";
public static final String CLIENT_ID = "clientId";
protected static final String CAPTCHA_EXPIRED = "验证码已失效";
protected static final String CAPTCHA_ERROR = "验证码错误";
protected static final String CLIENT_ID = "clientId";
@Override
public void preLogin(T req, ClientResp client, HttpServletRequest request) {
// 参数校验
ValidationUtils.validate(req);
}
@Override
public void postLogin(T req, ClientResp client, HttpServletRequest request) {
}
/**
* 获取登录凭
*
*
* @param user 用户信息
* @param clientResp 客户端信息
* @return token 认证信息
* @param user 用户信息
* @param client 客户端信息
* @return token 令牌信息
*/
protected String authCertificate(UserDO user, ClientResp clientResp) {
preLogin(user, clientResp);
// 核心登录逻辑
protected String authenticate(UserDO user, ClientResp client) {
// 获取权限角色密码过期天数
Long userId = user.getId();
CompletableFuture<Set<String>> permissionFuture = CompletableFuture.supplyAsync(() -> roleService
.listPermissionByUserId(userId), threadPoolTaskExecutor);
@@ -76,62 +97,35 @@ public abstract class AbstractAuthHandler {
CompletableFuture<Integer> passwordExpirationDaysFuture = CompletableFuture.supplyAsync(() -> optionService
.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name()));
CompletableFuture.allOf(permissionFuture, roleFuture, passwordExpirationDaysFuture);
UserContext userContext = new UserContext(permissionFuture.join(), roleFuture
.join(), passwordExpirationDaysFuture.join());
BeanUtil.copyProperties(user, userContext);
SaLoginModel model = new SaLoginModel();
// 设置登录 token 最低活跃频率 如未指定则使用全局配置的 activeTimeout
model.setActiveTimeout(clientResp.getActiveTimeout());
// 设置登录 token 有效期单位 如未指定自动取全局配置的 timeout
model.setTimeout(clientResp.getTimeout());
// 设置设备类型
model.setDevice(clientResp.getClientType());
userContext.setClientType(clientResp.getClientType());
// 设置客户端id
userContext.setClientId(clientResp.getClientId());
model.setExtra(CLIENT_ID, clientResp.getClientId());
// 自定义用户上下文处理
customizeUserContext(userContext, user, clientResp);
// 登录并缓存用户信息
SaLoginModel model = new SaLoginModel();
// 指定此次登录 token 最低活跃频率单位如未指定则使用全局配置的 activeTimeout
model.setActiveTimeout(client.getActiveTimeout());
// 指定此次登录 token 有效期单位 如未指定自动取全局配置的 timeout
model.setTimeout(client.getTimeout());
// 客户端类型
model.setDevice(client.getClientType());
userContext.setClientType(client.getClientType());
// 客户端 ID
model.setExtra(CLIENT_ID, client.getClientId());
userContext.setClientId(client.getClientId());
StpUtil.login(userContext.getId(), model.setExtraData(BeanUtil.beanToMap(new UserExtraContext(SpringWebUtils
.getRequest()))));
UserContextHolder.setContext(userContext);
// 后置处理
String token = StpUtil.getTokenValue();
postLogin(token, user, clientResp);
return token;
return StpUtil.getTokenValue();
}
/**
* 登录前置处理
* 检查用户状态
*
* @param user 用户信息
* @param clientResp 客户端信息
* @param user 用户信息
*/
private void preLogin(UserDO user, ClientResp clientResp) {
}
/**
* 自定义用户上下文处理
*
* @param userContext 用户上下文
* @param user 用户信息
* @param clientResp 客户端信息
*/
protected void customizeUserContext(UserContext userContext, UserDO user, ClientResp clientResp) {
}
/**
* 登录后置处理
*
* @param token 登录令牌
* @param user 用户信息
* @param clientResp 客户端信息
*/
protected void postLogin(String token, UserDO user, ClientResp clientResp) {
protected void checkUserStatus(UserDO user) {
CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, user.getStatus(), "此账号已被禁用,如有疑问,请联系管理员");
DeptDO dept = deptService.getById(user.getDeptId());
CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, dept.getStatus(), "此账号所属部门已被禁用,如有疑问,请联系管理员");
}
}

51
continew-module-system/src/main/java/top/continew/admin/auth/AuthHandler.java
View File

@@ -19,37 +19,52 @@ package top.continew.admin.auth;
import jakarta.servlet.http.HttpServletRequest;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.AuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.system.model.resp.ClientResp;
/**
* 认证接口
* 认证处理器
*
* @author KAI
* @since 2024/12/22 14:52:23
* @author Charles7c
* @since 2024/12/22 14:52
*/
public interface AuthHandler<T extends AuthReq, R> {
public interface AuthHandler<T extends AuthReq> {
/**
* 执行登录
* 登录
*
* @param authReq 登录请求参数
* @param request HTTP请求对象
* @return 登录响应
* @param req 登录请求参数
* @param client 客户端信息
* @param request 请求对象
* @return 登录响应参数
*/
R login(T authReq, ClientResp clientResp, HttpServletRequest request);
LoginResp login(T req, ClientResp client, HttpServletRequest request);
/**
* 获取登录类型
* 登录前置处理
*
* @return 登录类型Enum
*
* @param req 登录请求参数
* @param client 客户端信息
* @param request 请求对象
*/
void preLogin(T req, ClientResp client, HttpServletRequest request);
/**
* 登录后置处理
*
*
* @param req 登录请求参数
* @param client 客户端信息
* @param request 请求对象
*/
void postLogin(T req, ClientResp client, HttpServletRequest request);
/**
* 获取认证类型
*
* @return 认证类型
*/
AuthTypeEnum getAuthType();
/**
* 校验参数
*
* @param authReq 登录请求参数
*/
void validate(T authReq);
}

35
continew-module-system/src/main/java/top/continew/admin/auth/config/AuthHandlerContext.java → continew-module-system/src/main/java/top/continew/admin/auth/AuthStrategy.java
View File

@@ -14,40 +14,43 @@
* limitations under the License.
*/
package top.continew.admin.auth.config;
package top.continew.admin.auth;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.AuthReq;
import top.continew.admin.auth.AuthHandler;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* 登录类型策略上文
* 认证策略
*
* @author KAI
* @since 2024/12/20 15:16:55
* @author Charles7c
* @since 2024/12/20 15:16
*/
@Component
public class AuthHandlerContext {
private final Map<String, AuthHandler<?, ?>> handlerMap = new HashMap<>();
public class AuthStrategy {
private final Map<AuthTypeEnum, AuthHandler<? extends AuthReq>> handlerMap = new HashMap<>();
@Autowired
public AuthHandlerContext(List<AuthHandler<?, ?>> strategies) {
for (AuthHandler<?, ?> strategy : strategies) {
handlerMap.put(strategy.getAuthType().getValue(), strategy);
public AuthStrategy(List<AuthHandler<? extends AuthReq>> handlers) {
for (AuthHandler<? extends AuthReq> handler : handlers) {
handlerMap.put(handler.getAuthType(), handler);
}
}
@SuppressWarnings("unchecked")
public <T extends AuthReq, R> AuthHandler<T, R> getHandler(String type) {
AuthHandler<?, ?> strategy = handlerMap.get(type);
if (strategy == null) {
throw new IllegalArgumentException("No handler found for type: " + type);
}
return (AuthHandler<T, R>)strategy;
/**
* 根据认证类型获取
*
* @param authType 认证类型
* @return 认证处理器
*/
public AuthHandler<AuthReq> getHandler(AuthTypeEnum authType) {
return (AuthHandler<AuthReq>)handlerMap.get(authType);
}
}

15
continew-module-system/src/main/java/top/continew/admin/auth/enums/AuthTypeEnum.java
View File

@@ -22,10 +22,11 @@ import top.continew.admin.common.constant.UiConstants;
import top.continew.starter.core.enums.BaseEnum;
/**
* 认证类型
* 认证类型枚举
*
* @author KAI
* @author Charles7c
* @since 2023/12/23 13:38
* @since 2024/12/22 14:52
*/
@Getter
@RequiredArgsConstructor
@@ -34,22 +35,22 @@ public enum AuthTypeEnum implements BaseEnum<String> {
/**
* 账号
*/
ACCOUNT("account", "账号", UiConstants.COLOR_ERROR),
ACCOUNT("ACCOUNT", "账号", UiConstants.COLOR_SUCCESS),
/**
* 邮箱
*/
EMAIL("email", "邮箱", UiConstants.COLOR_PRIMARY),
EMAIL("EMAIL", "邮箱", UiConstants.COLOR_PRIMARY),
/**
* 手机号
*/
PHONE("phone", "手机号", UiConstants.COLOR_SUCCESS),
PHONE("PHONE", "手机号", UiConstants.COLOR_PRIMARY),
/**
* 第三方授权
* 第三方账号
*/
SOCIAL_AUTH("socialAuth", "第三方授权", UiConstants.COLOR_DEFAULT);
SOCIAL("SOCIAL", "第三方账号", UiConstants.COLOR_ERROR);
private final String value;
private final String description;

138
continew-module-system/src/main/java/top/continew/admin/auth/handler/AccountAuthHandler.java
View File

@@ -16,105 +16,109 @@
package top.continew.admin.auth.handler;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.extra.servlet.JakartaServletUtil;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.AbstractAuthHandler;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.AccountAuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.service.LoginService;
import top.continew.admin.auth.AuthHandler;
import top.continew.admin.common.constant.CacheConstants;
import top.continew.admin.common.constant.SysConstants;
import top.continew.admin.common.util.SecureUtils;
import top.continew.admin.system.enums.PasswordPolicyEnum;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.service.OptionService;
import top.continew.admin.system.service.UserService;
import top.continew.starter.cache.redisson.util.RedisUtils;
import top.continew.starter.core.util.ExceptionUtils;
import top.continew.starter.core.validation.CheckUtils;
import top.continew.starter.core.validation.ValidationUtils;
import java.time.Duration;
/**
* 账号认证处理器
*
* @author KAI
* @since 2024/12/22 14:58:32
* @author Charles7c
* @since 2024/12/22 14:58
*/
@Component
@RequiredArgsConstructor
public class AccountAuthHandler extends AbstractAuthHandler implements AuthHandler<AccountAuthReq, LoginResp> {
public class AccountAuthHandler extends AbstractAuthHandler<AccountAuthReq> {
private final UserService userService;
private final LoginService loginService;
private final PasswordEncoder passwordEncoder;
private final OptionService optionService;
/**
* 获取认证类型
*
* @return 账号认证类型
*/
@Override
public LoginResp login(AccountAuthReq req, ClientResp client, HttpServletRequest request) {
// 解密密码
String rawPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getPassword()));
ValidationUtils.throwIfBlank(rawPassword, "密码解密失败");
// 验证用户名密码
String username = req.getUsername();
UserDO user = userService.getByUsername(username);
boolean isError = ObjectUtil.isNull(user) || !passwordEncoder.matches(rawPassword, user.getPassword());
// 检查账号锁定状态
this.checkUserLocked(req.getUsername(), request, isError);
ValidationUtils.throwIf(isError, "用户名或密码错误");
// 检查用户状态
super.checkUserStatus(user);
// 执行认证
String token = this.authenticate(user, client);
return LoginResp.builder().token(token).build();
}
@Override
public void preLogin(AccountAuthReq req, ClientResp client, HttpServletRequest request) {
super.preLogin(req, client, request);
// 校验验证码
int loginCaptchaEnabled = optionService.getValueByCode2Int("LOGIN_CAPTCHA_ENABLED");
if (SysConstants.YES.equals(loginCaptchaEnabled)) {
ValidationUtils.throwIfBlank(req.getCaptcha(), "验证码不能为空");
ValidationUtils.throwIfBlank(req.getUuid(), "验证码标识不能为空");
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + req.getUuid();
String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
RedisUtils.delete(captchaKey);
ValidationUtils.throwIfNotEqualIgnoreCase(req.getCaptcha(), captcha, CAPTCHA_ERROR);
}
}
@Override
public AuthTypeEnum getAuthType() {
return AuthTypeEnum.ACCOUNT;
}
/**
* 校验账号登录请求对象
* 检测用户是否已被锁定
*
* @param authReq 登录请求参数
* @param username 用户名
* @param request 请求对象
* @param isError 是否登录错误
*/
@Override
public void validate(AccountAuthReq authReq) {
// 获取验证码开关
int enableCaptcha = optionService.getValueByCode2Int("LOGIN_CAPTCHA_ENABLED");
ValidationUtils.validate(authReq);
if (SysConstants.YES.equals(enableCaptcha)) {
ValidationUtils.throwIfEmpty(authReq.getCaptcha(), "验证码不能为空");
ValidationUtils.throwIfEmpty(authReq.getUuid(), "验证码标识不能为空");
private void checkUserLocked(String username, HttpServletRequest request, boolean isError) {
// 不锁定
int maxErrorCount = optionService.getValueByCode2Int(PasswordPolicyEnum.PASSWORD_ERROR_LOCK_COUNT.name());
if (maxErrorCount <= SysConstants.NO) {
return;
}
}
/**
* 账号登录
*
* @param authReq 账号登录请求对象
* @param request HTTP请求对象
* @return 登录响应
*/
@Override
public LoginResp login(AccountAuthReq authReq, ClientResp clientResp, HttpServletRequest request) {
this.validate(authReq);
// 解密密码
String rawPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(authReq.getPassword()));
ValidationUtils.throwIfBlank(rawPassword, "密码解密失败");
// 验证用户名密码
UserDO user = userService.getByUsername(authReq.getUsername());
boolean isError = user == null || !passwordEncoder.matches(rawPassword, user.getPassword());
// 检查账号锁定状态
loginService.checkUserLocked(authReq.getUsername(), request, isError);
ValidationUtils.throwIf(isError, "用户名或密码错误");
// 检查用户状态
loginService.checkUserStatus(user);
// 执行登录
String token = this.authCertificate(user, clientResp);
return LoginResp.builder().token(token).build();
}
/**
* 获取认证信息
*
* @param user 用户信息
* @param clientResp 客户端信息
* @return 认证信息
*/
@Override
public String authCertificate(UserDO user, ClientResp clientResp) {
return super.authCertificate(user, clientResp);
// 检测是否已被锁定
String key = CacheConstants.USER_PASSWORD_ERROR_KEY_PREFIX + RedisUtils.formatKey(username, JakartaServletUtil
.getClientIP(request));
int lockMinutes = optionService.getValueByCode2Int(PasswordPolicyEnum.PASSWORD_ERROR_LOCK_MINUTES.name());
Integer currentErrorCount = ObjectUtil.defaultIfNull(RedisUtils.get(key), 0);
CheckUtils.throwIf(currentErrorCount >= maxErrorCount, "账号锁定 {} 分钟,请稍后再试", lockMinutes);
// 登录成功清除计数
if (!isError) {
RedisUtils.delete(key);
return;
}
// 登录失败递增计数
currentErrorCount++;
RedisUtils.set(key, currentErrorCount, Duration.ofMinutes(lockMinutes));
CheckUtils.throwIf(currentErrorCount >= maxErrorCount, "密码错误已达 {} 次,账号锁定 {} 分钟", maxErrorCount, lockMinutes);
}
}

88
continew-module-system/src/main/java/top/continew/admin/auth/handler/EmailAuthHandler.java
View File

@@ -17,17 +17,14 @@
package top.continew.admin.auth.handler;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.AbstractAuthHandler;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.EmailAuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.service.LoginService;
import top.continew.admin.auth.AuthHandler;
import top.continew.admin.common.constant.CacheConstants;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.service.UserService;
import top.continew.starter.cache.redisson.util.RedisUtils;
import top.continew.starter.core.validation.ValidationUtils;
@@ -35,73 +32,36 @@ import top.continew.starter.core.validation.ValidationUtils;
* 邮箱认证处理器
*
* @author KAI
* @author Charles7c
* @since 2024/12/22 14:58
*/
@Component
@RequiredArgsConstructor
public class EmailAuthHandler extends AbstractAuthHandler implements AuthHandler<EmailAuthReq, LoginResp> {
public class EmailAuthHandler extends AbstractAuthHandler<EmailAuthReq> {
private final UserService userService;
private final LoginService loginService;
@Override
public LoginResp login(EmailAuthReq req, ClientResp client, HttpServletRequest request) {
// 验证邮箱
UserDO user = userService.getByEmail(req.getEmail());
ValidationUtils.throwIfNull(user, "此邮箱未绑定本系统账号");
// 检查用户状态
super.checkUserStatus(user);
// 执行认证
String token = super.authenticate(user, client);
return LoginResp.builder().token(token).build();
}
@Override
public void preLogin(EmailAuthReq req, ClientResp client, HttpServletRequest request) {
String email = req.getEmail();
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + email;
String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
ValidationUtils.throwIfNotEqualIgnoreCase(req.getCaptcha(), captcha, CAPTCHA_ERROR);
RedisUtils.delete(captchaKey);
}
/**
* 获取认证类型
*
* @return 邮箱认证类型
*/
@Override
public AuthTypeEnum getAuthType() {
return AuthTypeEnum.EMAIL;
}
/**
* 校验邮箱登录请求对象
*
* @param authReq 邮箱登录请求参数
*/
@Override
public void validate(EmailAuthReq authReq) {
ValidationUtils.validate(authReq);
}
/**
* 邮箱登录
*
* @param authReq 邮箱登录请求对象
* @param request HTTP请求对象
* @return 登录响应
*/
@Override
public LoginResp login(EmailAuthReq authReq, ClientResp clientResp, HttpServletRequest request) {
this.validate(authReq);
String email = authReq.getEmail();
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + email;
String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, AbstractAuthHandler.CAPTCHA_EXPIRED);
ValidationUtils.throwIfNotEqualIgnoreCase(authReq.getCaptcha(), captcha, CAPTCHA_ERROR);
RedisUtils.delete(captchaKey);
// 验证邮箱
UserDO user = userService.getByEmail(authReq.getEmail());
ValidationUtils.throwIfNull(user, "此邮箱未绑定本系统账号");
// 检查用户状态
loginService.checkUserStatus(user);
// 执行登录
String token = this.authCertificate(user, clientResp);
return LoginResp.builder().token(token).build();
}
/**
* 获取登录凭证
*
* @param user 用户信息
* @param clientResp 客户端信息
* @return token 认证信息
*/
@Override
public String authCertificate(UserDO user, ClientResp clientResp) {
return super.authCertificate(user, clientResp);
}
}

90
continew-module-system/src/main/java/top/continew/admin/auth/handler/PhoneAuthHandler.java
View File

@@ -17,17 +17,14 @@
package top.continew.admin.auth.handler;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.AbstractAuthHandler;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.PhoneAuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.service.LoginService;
import top.continew.admin.auth.AuthHandler;
import top.continew.admin.common.constant.CacheConstants;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.service.UserService;
import top.continew.starter.cache.redisson.util.RedisUtils;
import top.continew.starter.core.validation.ValidationUtils;
@@ -35,75 +32,36 @@ import top.continew.starter.core.validation.ValidationUtils;
* 手机号认证处理器
*
* @author KAI
* @author Charles7c
* @since 2024/12/22 14:59
*/
@Component
@RequiredArgsConstructor
public class PhoneAuthHandler extends AbstractAuthHandler implements AuthHandler<PhoneAuthReq, LoginResp> {
public class PhoneAuthHandler extends AbstractAuthHandler<PhoneAuthReq> {
private final UserService userService;
private final LoginService loginService;
@Override
public LoginResp login(PhoneAuthReq req, ClientResp client, HttpServletRequest request) {
// 验证手机号
UserDO user = userService.getByPhone(req.getPhone());
ValidationUtils.throwIfNull(user, "此手机号未绑定本系统账号");
// 检查用户状态
super.checkUserStatus(user);
// 执行认证
String token = super.authenticate(user, client);
return LoginResp.builder().token(token).build();
}
@Override
public void preLogin(PhoneAuthReq req, ClientResp client, HttpServletRequest request) {
String phone = req.getPhone();
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + phone;
String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
ValidationUtils.throwIfNotEqualIgnoreCase(req.getCaptcha(), captcha, CAPTCHA_ERROR);
RedisUtils.delete(captchaKey);
}
/**
* 获取认证类型
*
* @return 手机号认证类型
*/
@Override
public AuthTypeEnum getAuthType() {
return AuthTypeEnum.PHONE;
}
/**
* 校验手机号登录请求对象
*
* @param authReq 手机号登录请求参数
*/
@Override
public void validate(PhoneAuthReq authReq) {
ValidationUtils.validate(authReq);
}
/**
* 手机号登录
*
* @param authReq 手机号登录请求对象
* @param request HTTP请求对象
* @return 登录响应
*/
@Override
public LoginResp login(PhoneAuthReq authReq, ClientResp clientResp, HttpServletRequest request) {
//校验参数
this.validate(authReq);
String phone = authReq.getPhone();
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + phone;
String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, AbstractAuthHandler.CAPTCHA_EXPIRED);
ValidationUtils.throwIfNotEqualIgnoreCase(authReq.getCaptcha(), captcha, AbstractAuthHandler.CAPTCHA_ERROR);
RedisUtils.delete(captchaKey);
// 验证手机号
UserDO user = userService.getByPhone(authReq.getPhone());
ValidationUtils.throwIfNull(user, "此手机号未绑定本系统账号");
// 检查用户状态
loginService.checkUserStatus(user);
// 执行登录
String token = this.authCertificate(user, clientResp);
return LoginResp.builder().token(token).build();
}
/**
* 获取登录凭证
*
* @param user 用户信息
* @param clientResp 客户端信息
* @return token 认证信息
*/
@Override
public String authCertificate(UserDO user, ClientResp clientResp) {
return super.authCertificate(user, clientResp);
}
}

113
continew-module-system/src/main/java/top/continew/admin/auth/handler/SocialAuthHandler.java
View File

@@ -18,6 +18,7 @@ package top.continew.admin.auth.handler;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.ReUtil;
@@ -30,84 +31,59 @@ import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthRequest;
import org.springframework.stereotype.Component;
import top.continew.admin.auth.AuthHandler;
import top.continew.admin.auth.AbstractAuthHandler;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.SocialAuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.service.LoginService;
import top.continew.admin.common.constant.RegexConstants;
import top.continew.admin.common.constant.SysConstants;
import top.continew.admin.common.enums.GenderEnum;
import top.continew.admin.system.enums.MessageTemplateEnum;
import top.continew.admin.system.enums.MessageTypeEnum;
import top.continew.admin.system.model.entity.RoleDO;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.entity.UserSocialDO;
import top.continew.admin.system.model.req.MessageReq;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.service.RoleService;
import top.continew.admin.system.service.MessageService;
import top.continew.admin.system.service.UserRoleService;
import top.continew.admin.system.service.UserService;
import top.continew.admin.system.service.UserSocialService;
import top.continew.starter.core.autoconfigure.project.ProjectProperties;
import top.continew.starter.core.exception.BadRequestException;
import top.continew.starter.core.validation.ValidationUtils;
import top.continew.starter.messaging.websocket.util.WebSocketUtils;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List;
/**
* 手机号认证处理器
* 第三方账号认证处理器
*
* @author KAI
* @since 2024/12/25 14:21
*/
@Component
@RequiredArgsConstructor
public class SocialAuthHandler extends AbstractAuthHandler implements AuthHandler<SocialAuthReq, LoginResp> {
public class SocialAuthHandler extends AbstractAuthHandler<SocialAuthReq> {
private final AuthRequestFactory authRequestFactory;
private final UserSocialService userSocialService;
private final UserService userService;
private final RoleService roleService;
private final UserRoleService userRoleService;
private final LoginService loginService;
private final MessageService messageService;
private final ProjectProperties projectProperties;
/**
* 获取认证类型
*
* @return 第三方认证类型
*/
@Override
public AuthTypeEnum getAuthType() {
return AuthTypeEnum.SOCIAL_AUTH;
}
/**
* 校验第三方登录请求对象
*
* @param authReq 登录请求参数
*/
@Override
public void validate(SocialAuthReq authReq) {
ValidationUtils.validate(authReq);
}
/**
* 第三方登录
*
* @param authReq 第三方登录请求对象
* @param request HTTP请求对象
* @return 登录响应
*/
@Override
public LoginResp login(SocialAuthReq authReq, ClientResp clientResp, HttpServletRequest request) {
this.validate(authReq);
if (StpUtil.isLogin()) {
StpUtil.logout();
}
AuthRequest authRequest = this.getAuthRequest(authReq.getSource());
public LoginResp login(SocialAuthReq req, ClientResp client, HttpServletRequest request) {
// 获取第三方登录信息
AuthRequest authRequest = this.getAuthRequest(req.getSource());
AuthCallback callback = new AuthCallback();
callback.setCode(authReq.getCode());
callback.setState(authReq.getState());
callback.setCode(req.getCode());
callback.setState(req.getState());
AuthResponse<AuthUser> response = authRequest.login(callback);
ValidationUtils.throwIf(!response.ok(), response.getMsg());
AuthUser authUser = response.getData();
// 如未绑定则自动注册新用户,保存或更新关联信息
String source = authUser.getSource();
String openId = authUser.getUuid();
UserSocialDO userSocial = userSocialService.getBySourceAndOpenId(source, openId);
@@ -136,19 +112,39 @@ public class SocialAuthHandler extends AbstractAuthHandler implements AuthHandle
userSocial.setUserId(userId);
userSocial.setSource(source);
userSocial.setOpenId(openId);
loginService.sendSecurityMsg(user);
this.sendSecurityMsg(user);
} else {
user = BeanUtil.copyProperties(userService.getById(userSocial.getUserId()), UserDO.class);
}
loginService.checkUserStatus(user);
// 检查用户状态
super.checkUserStatus(user);
userSocial.setMetaJson(JSONUtil.toJsonStr(authUser));
userSocial.setLastLoginTime(LocalDateTime.now());
userSocialService.saveOrUpdate(userSocial);
// 执行登录
String token = this.authCertificate(user, clientResp);
// 执行认证
String token = super.authenticate(user, client);
return LoginResp.builder().token(token).build();
}
@Override
public void preLogin(SocialAuthReq req, ClientResp client, HttpServletRequest request) {
super.preLogin(req, client, request);
if (StpUtil.isLogin()) {
StpUtil.logout();
}
}
@Override
public AuthTypeEnum getAuthType() {
return AuthTypeEnum.SOCIAL;
}
/**
* 获取 AuthRequest
*
* @param source 平台名称
* @return AuthRequest
*/
private AuthRequest getAuthRequest(String source) {
try {
return authRequestFactory.get(source);
@@ -158,15 +154,20 @@ public class SocialAuthHandler extends AbstractAuthHandler implements AuthHandle
}
/**
* 获取认证信
* 发送安全消
*
* @param user 用户信息
* @param clientResp 客户端信息
* @return 认证信息
* @param user 用户信息
*/
@Override
protected String authCertificate(UserDO user, ClientResp clientResp) {
return super.authCertificate(user, clientResp);
private void sendSecurityMsg(UserDO user) {
MessageReq req = new MessageReq();
MessageTemplateEnum socialRegister = MessageTemplateEnum.SOCIAL_REGISTER;
req.setTitle(socialRegister.getTitle().formatted(projectProperties.getName()));
req.setContent(socialRegister.getContent().formatted(user.getNickname()));
req.setType(MessageTypeEnum.SECURITY);
messageService.add(req, CollUtil.toList(user.getId()));
List<String> tokenList = StpUtil.getTokenValueListByLoginId(user.getId());
for (String token : tokenList) {
WebSocketUtils.sendMessage(token, "1");
}
}
}

7
continew-module-system/src/main/java/top/continew/admin/auth/model/req/AccountAuthReq.java
View File

@@ -21,17 +21,16 @@ import jakarta.validation.constraints.NotBlank;
import lombok.Data;
import java.io.Serial;
import java.io.Serializable;
/**
* 账号登录参数
* 账号认证参数
*
* @author Charles7c
* @since 2022/12/21 20:43
*/
@Data
@Schema(description = "账号登录参数")
public class AccountAuthReq extends AuthReq implements Serializable {
@Schema(description = "账号认证参数")
public class AccountAuthReq extends AuthReq {
@Serial
private static final long serialVersionUID = 1L;

35
continew-module-system/src/main/java/top/continew/admin/auth/model/req/AuthReq.java
View File

@@ -20,27 +20,42 @@ import com.fasterxml.jackson.annotation.JsonSubTypes;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import lombok.Data;
import top.continew.admin.auth.enums.AuthTypeEnum;
import java.io.Serial;
import java.io.Serializable;
/**
* 登录参数基
* 认证参数基类
*
* @author KAI
* @author Charles7c
* @since 2024/12/22 15:16
*/
@Data
@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, include = JsonTypeInfo.As.EXISTING_PROPERTY, property = "authType", visible = true)
@JsonSubTypes({@JsonSubTypes.Type(value = AccountAuthReq.class, name = "account"),
@JsonSubTypes.Type(value = EmailAuthReq.class, name = "email"),
@JsonSubTypes.Type(value = PhoneAuthReq.class, name = "phone"),
@JsonSubTypes.Type(value = SocialAuthReq.class, name = "socialAuth")})
public abstract class AuthReq {
@JsonSubTypes({@JsonSubTypes.Type(value = AccountAuthReq.class, name = "ACCOUNT"),
@JsonSubTypes.Type(value = EmailAuthReq.class, name = "EMAIL"),
@JsonSubTypes.Type(value = PhoneAuthReq.class, name = "PHONE"),
@JsonSubTypes.Type(value = SocialAuthReq.class, name = "SOCIAL")})
public class AuthReq implements Serializable {
@Schema(description = "客户端id")
@NotBlank(message = "客户端id不能为空")
@Serial
private static final long serialVersionUID = 1L;
/**
* 客户端 ID
*/
@Schema(description = "客户端 ID")
@NotBlank(message = "客户端ID不能为空")
private String clientId;
/**
* 认证类型
*/
@Schema(description = "认证类型")
@NotBlank(message = "认证类型不能为空")
private String authType;
@NotNull(message = "认证类型非法")
private AuthTypeEnum authType;
}

7
continew-module-system/src/main/java/top/continew/admin/auth/model/req/EmailAuthReq.java
View File

@@ -24,17 +24,16 @@ import lombok.Data;
import org.hibernate.validator.constraints.Length;
import java.io.Serial;
import java.io.Serializable;
/**
* 邮箱登录参数
* 邮箱认证参数
*
* @author Charles7c
* @since 2023/10/23 20:15
*/
@Data
@Schema(description = "邮箱登录参数")
public class EmailAuthReq extends AuthReq implements Serializable {
@Schema(description = "邮箱认证参数")
public class EmailAuthReq extends AuthReq {
@Serial
private static final long serialVersionUID = 1L;

7
continew-module-system/src/main/java/top/continew/admin/auth/model/req/PhoneAuthReq.java
View File

@@ -24,17 +24,16 @@ import lombok.Data;
import org.hibernate.validator.constraints.Length;
import java.io.Serial;
import java.io.Serializable;
/**
* 手机号登录参数
* 手机号认证参数
*
* @author Charles7c
* @since 2023/10/26 22:37
*/
@Data
@Schema(description = "手机号登录参数")
public class PhoneAuthReq extends AuthReq implements Serializable {
@Schema(description = "手机号认证参数")
public class PhoneAuthReq extends AuthReq {
@Serial
private static final long serialVersionUID = 1L;

22
continew-module-system/src/main/java/top/continew/admin/auth/model/req/SocialAuthReq.java
View File

@@ -20,30 +20,40 @@ import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotBlank;
import lombok.Data;
import java.io.Serial;
/**
* 第三方登录参数
* 第三方账号认证参数
*
* @author KAI
* @author Charles7c
* @since 2024/12/25 15:43
*/
@Data
@Schema(description = "第三方登录参数")
@Schema(description = "第三方账号认证参数")
public class SocialAuthReq extends AuthReq {
@Serial
private static final long serialVersionUID = 1L;
/**
* 第三方登录平台
*/
@Schema(description = "第三方登录平台", example = "gitee")
@NotBlank(message = "第三方登录平台不能为空")
private String source;
/**
* 第三方登录code
* 授权码
*/
@NotBlank(message = "第三方登录code不能为空")
@Schema(description = "授权码", example = "a08d33e9e577fb339de027499784ed4e871d6f62ae65b459153e906ab546bd56")
@NotBlank(message = "授权码不能为空")
private String code;
/**
* 第三方登录state
* 状态码
*/
@NotBlank(message = "第三方登录state不能为空")
@Schema(description = "状态码", example = "2ca8d8baf437eb374efaa1191a3d")
@NotBlank(message = "状态码不能为空")
private String state;
}

4
continew-module-system/src/main/java/top/continew/admin/auth/model/resp/LoginResp.java
View File

@@ -24,14 +24,14 @@ import java.io.Serial;
import java.io.Serializable;
/**
* 令牌信息
* 登录响应参数
*
* @author Charles7c
* @since 2022/12/21 20:42
*/
@Data
@Builder
@Schema(description = "令牌信息")
@Schema(description = "登录响应参数")
public class LoginResp implements Serializable {
@Serial

48
continew-module-system/src/main/java/top/continew/admin/auth/service/LoginService.java → continew-module-system/src/main/java/top/continew/admin/auth/service/AuthService.java
View File

@@ -17,51 +17,28 @@
package top.continew.admin.auth.service;
import jakarta.servlet.http.HttpServletRequest;
import me.zhyd.oauth.model.AuthUser;
import top.continew.admin.auth.model.req.AuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.model.resp.RouteResp;
import top.continew.admin.system.model.entity.UserDO;
import java.util.List;
/**
* 登录业务接口
* 认证业务接口
*
* @author Charles7c
* @since 2022/12/21 21:48
*/
public interface LoginService {
public interface AuthService {
/**
* 检查用户状态
* 登录
*
* @param user 用户信息
* @param req 登录请求参数
* @param request 请求对象
* @return 登录响应参数
*/
void checkUserStatus(UserDO user);
/**
* 检查用户是否被锁定
*
* @param username 用户名
* @param request 请求对象
* @param isError 是否登录错误
*/
void checkUserLocked(String username, HttpServletRequest request, boolean isError);
/**
* 执行登录操作
*
* @param user 用户信息
* @return token
*/
String login(UserDO user);
/**
* 三方账号登录
*
* @param authUser 三方账号信息
* @return 令牌
*/
String socialLogin(AuthUser authUser);
LoginResp login(AuthReq req, HttpServletRequest request);
/**
* 构建路由树
@@ -70,11 +47,4 @@ public interface LoginService {
* @return 路由树
*/
List<RouteResp> buildRouteTree(Long userId);
/**
* 发送安全消息
*
* @param user 用户信息
*/
void sendSecurityMsg(UserDO user);
}

125
continew-module-system/src/main/java/top/continew/admin/auth/service/impl/AuthServiceImpl.java Normal file
View File

@@ -0,0 +1,125 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.admin.auth.service.impl;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.lang.tree.TreeNodeConfig;
import cn.hutool.core.lang.tree.TreeUtil;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import top.continew.admin.auth.AuthHandler;
import top.continew.admin.auth.AuthStrategy;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.auth.model.req.AuthReq;
import top.continew.admin.auth.model.resp.LoginResp;
import top.continew.admin.auth.model.resp.RouteResp;
import top.continew.admin.auth.service.AuthService;
import top.continew.admin.common.constant.SysConstants;
import top.continew.admin.common.enums.DisEnableStatusEnum;
import top.continew.admin.system.enums.MenuTypeEnum;
import top.continew.admin.system.model.resp.ClientResp;
import top.continew.admin.system.model.resp.MenuResp;
import top.continew.admin.system.service.ClientService;
import top.continew.admin.system.service.MenuService;
import top.continew.admin.system.service.RoleService;
import top.continew.starter.core.validation.ValidationUtils;
import top.continew.starter.extension.crud.annotation.TreeField;
import top.continew.starter.extension.crud.autoconfigure.CrudProperties;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
/**
* 认证业务实现
*
* @author Charles7c
* @since 2022/12/21 21:49
*/
@Service
@RequiredArgsConstructor
public class AuthServiceImpl implements AuthService {
private final AuthStrategy authStrategy;
private final ClientService clientService;
private final RoleService roleService;
private final MenuService menuService;
private final CrudProperties crudProperties;
@Override
public LoginResp login(AuthReq req, HttpServletRequest request) {
AuthTypeEnum authType = req.getAuthType();
// 校验客户端
ClientResp client = clientService.getByClientId(req.getClientId());
ValidationUtils.throwIfNull(client, "客户端不存在");
ValidationUtils.throwIf(DisEnableStatusEnum.DISABLE.equals(client.getStatus()), "客户端已禁用");
ValidationUtils.throwIf(!client.getAuthType().contains(authType.getValue()), "该客户端暂未授权 [{}] 认证", authType
.getDescription());
// 获取处理器
AuthHandler<AuthReq> authHandler = authStrategy.getHandler(authType);
// 登录前置处理
authHandler.preLogin(req, client, request);
// 登录
LoginResp loginResp = authHandler.login(req, client, request);
// 登录后置处理
authHandler.postLogin(req, client, request);
return loginResp;
}
@Override
public List<RouteResp> buildRouteTree(Long userId) {
Set<String> roleCodeSet = roleService.listCodeByUserId(userId);
if (CollUtil.isEmpty(roleCodeSet)) {
return new ArrayList<>(0);
}
// 查询菜单列表
Set<MenuResp> menuSet = new LinkedHashSet<>();
if (roleCodeSet.contains(SysConstants.SUPER_ROLE_CODE)) {
menuSet.addAll(menuService.listAll());
} else {
roleCodeSet.forEach(roleCode -> menuSet.addAll(menuService.listByRoleCode(roleCode)));
}
List<MenuResp> menuList = menuSet.stream().filter(m -> !MenuTypeEnum.BUTTON.equals(m.getType())).toList();
if (CollUtil.isEmpty(menuList)) {
return new ArrayList<>(0);
}
// 构建路由树
TreeField treeField = MenuResp.class.getDeclaredAnnotation(TreeField.class);
TreeNodeConfig treeNodeConfig = crudProperties.getTree().genTreeNodeConfig(treeField);
List<Tree<Long>> treeList = TreeUtil.build(menuList, treeField.rootId(), treeNodeConfig, (m, tree) -> {
tree.setId(m.getId());
tree.setParentId(m.getParentId());
tree.setName(m.getTitle());
tree.setWeight(m.getSort());
tree.putExtra("type", m.getType().getValue());
tree.putExtra("path", m.getPath());
tree.putExtra("name", m.getName());
tree.putExtra("component", m.getComponent());
tree.putExtra("redirect", m.getRedirect());
tree.putExtra("icon", m.getIcon());
tree.putExtra("isExternal", m.getIsExternal());
tree.putExtra("isCache", m.getIsCache());
tree.putExtra("isHidden", m.getIsHidden());
tree.putExtra("permission", m.getPermission());
});
return BeanUtil.copyToList(treeList, RouteResp.class);
}
}

267
continew-module-system/src/main/java/top/continew/admin/auth/service/impl/LoginServiceImpl.java
View File

@@ -1,267 +0,0 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.admin.auth.service.impl;
import cn.dev33.satoken.stp.SaLoginConfig;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.tree.Tree;
import cn.hutool.core.lang.tree.TreeNodeConfig;
import cn.hutool.core.lang.tree.TreeUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.ReUtil;
import cn.hutool.extra.servlet.JakartaServletUtil;
import cn.hutool.json.JSONUtil;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import me.zhyd.oauth.model.AuthUser;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import top.continew.admin.auth.model.resp.RouteResp;
import top.continew.admin.auth.service.LoginService;
import top.continew.admin.common.constant.CacheConstants;
import top.continew.admin.common.constant.RegexConstants;
import top.continew.admin.common.constant.SysConstants;
import top.continew.admin.common.context.RoleContext;
import top.continew.admin.common.context.UserContext;
import top.continew.admin.common.context.UserContextHolder;
import top.continew.admin.common.context.UserExtraContext;
import top.continew.admin.common.enums.DisEnableStatusEnum;
import top.continew.admin.common.enums.GenderEnum;
import top.continew.admin.system.enums.MenuTypeEnum;
import top.continew.admin.system.enums.MessageTemplateEnum;
import top.continew.admin.system.enums.MessageTypeEnum;
import top.continew.admin.system.enums.PasswordPolicyEnum;
import top.continew.admin.system.model.entity.DeptDO;
import top.continew.admin.system.model.entity.RoleDO;
import top.continew.admin.system.model.entity.UserDO;
import top.continew.admin.system.model.entity.UserSocialDO;
import top.continew.admin.system.model.req.MessageReq;
import top.continew.admin.system.model.resp.MenuResp;
import top.continew.admin.system.service.*;
import top.continew.starter.cache.redisson.util.RedisUtils;
import top.continew.starter.core.autoconfigure.project.ProjectProperties;
import top.continew.starter.core.validation.CheckUtils;
import top.continew.starter.extension.crud.annotation.TreeField;
import top.continew.starter.extension.crud.autoconfigure.CrudProperties;
import top.continew.starter.messaging.websocket.util.WebSocketUtils;
import top.continew.starter.web.util.SpringWebUtils;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.*;
import java.util.concurrent.CompletableFuture;
import static top.continew.admin.system.enums.PasswordPolicyEnum.PASSWORD_EXPIRATION_DAYS;
/**
* 登录业务实现
*
* @author Charles7c
* @since 2022/12/21 21:49
*/
@Service
@RequiredArgsConstructor
public class LoginServiceImpl implements LoginService {
private final ProjectProperties projectProperties;
private final CrudProperties crudProperties;
private final PasswordEncoder passwordEncoder;
private final ThreadPoolTaskExecutor threadPoolTaskExecutor;
private final UserService userService;
private final DeptService deptService;
private final RoleService roleService;
private final MenuService menuService;
private final UserRoleService userRoleService;
private final UserSocialService userSocialService;
private final OptionService optionService;
private final MessageService messageService;
@Override
@Transactional(rollbackFor = Exception.class)
public String socialLogin(AuthUser authUser) {
String source = authUser.getSource();
String openId = authUser.getUuid();
UserSocialDO userSocial = userSocialService.getBySourceAndOpenId(source, openId);
UserDO user;
if (null == userSocial) {
String username = authUser.getUsername();
String nickname = authUser.getNickname();
UserDO existsUser = userService.getByUsername(username);
String randomStr = RandomUtil.randomString(RandomUtil.BASE_CHAR, 5);
if (null != existsUser || !ReUtil.isMatch(RegexConstants.USERNAME, username)) {
username = randomStr + IdUtil.fastSimpleUUID();
}
if (!ReUtil.isMatch(RegexConstants.GENERAL_NAME, nickname)) {
nickname = source.toLowerCase() + randomStr;
}
user = new UserDO();
user.setUsername(username);
user.setNickname(nickname);
user.setGender(GenderEnum.valueOf(authUser.getGender().name()));
user.setAvatar(authUser.getAvatar());
user.setDeptId(SysConstants.SUPER_DEPT_ID);
Long userId = userService.add(user);
RoleDO role = roleService.getByCode(SysConstants.SUPER_ROLE_CODE);
userRoleService.assignRolesToUser(Collections.singletonList(role.getId()), userId);
userSocial = new UserSocialDO();
userSocial.setUserId(userId);
userSocial.setSource(source);
userSocial.setOpenId(openId);
this.sendSecurityMsg(user);
} else {
user = BeanUtil.copyProperties(userService.getById(userSocial.getUserId()), UserDO.class);
}
this.checkUserStatus(user);
userSocial.setMetaJson(JSONUtil.toJsonStr(authUser));
userSocial.setLastLoginTime(LocalDateTime.now());
userSocialService.saveOrUpdate(userSocial);
return this.login(user);
}
@Override
public List<RouteResp> buildRouteTree(Long userId) {
Set<String> roleCodeSet = roleService.listCodeByUserId(userId);
if (CollUtil.isEmpty(roleCodeSet)) {
return new ArrayList<>(0);
}
// 查询菜单列表
Set<MenuResp> menuSet = new LinkedHashSet<>();
if (roleCodeSet.contains(SysConstants.SUPER_ROLE_CODE)) {
menuSet.addAll(menuService.listAll());
} else {
roleCodeSet.forEach(roleCode -> menuSet.addAll(menuService.listByRoleCode(roleCode)));
}
List<MenuResp> menuList = menuSet.stream().filter(m -> !MenuTypeEnum.BUTTON.equals(m.getType())).toList();
if (CollUtil.isEmpty(menuList)) {
return new ArrayList<>(0);
}
// 构建路由树
TreeField treeField = MenuResp.class.getDeclaredAnnotation(TreeField.class);
TreeNodeConfig treeNodeConfig = crudProperties.getTree().genTreeNodeConfig(treeField);
List<Tree<Long>> treeList = TreeUtil.build(menuList, treeField.rootId(), treeNodeConfig, (m, tree) -> {
tree.setId(m.getId());
tree.setParentId(m.getParentId());
tree.setName(m.getTitle());
tree.setWeight(m.getSort());
tree.putExtra("type", m.getType().getValue());
tree.putExtra("path", m.getPath());
tree.putExtra("name", m.getName());
tree.putExtra("component", m.getComponent());
tree.putExtra("redirect", m.getRedirect());
tree.putExtra("icon", m.getIcon());
tree.putExtra("isExternal", m.getIsExternal());
tree.putExtra("isCache", m.getIsCache());
tree.putExtra("isHidden", m.getIsHidden());
tree.putExtra("permission", m.getPermission());
});
return BeanUtil.copyToList(treeList, RouteResp.class);
}
/**
* 登录并缓存用户信息
*
* @param user 用户信息
* @return 令牌
*/
@Override
public String login(UserDO user) {
Long userId = user.getId();
CompletableFuture<Set<String>> permissionFuture = CompletableFuture.supplyAsync(() -> roleService
.listPermissionByUserId(userId), threadPoolTaskExecutor);
CompletableFuture<Set<RoleContext>> roleFuture = CompletableFuture.supplyAsync(() -> roleService
.listByUserId(userId), threadPoolTaskExecutor);
CompletableFuture<Integer> passwordExpirationDaysFuture = CompletableFuture.supplyAsync(() -> optionService
.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name()));
CompletableFuture.allOf(permissionFuture, roleFuture, passwordExpirationDaysFuture);
UserContext userContext = new UserContext(permissionFuture.join(), roleFuture
.join(), passwordExpirationDaysFuture.join());
BeanUtil.copyProperties(user, userContext);
// 登录并缓存用户信息
StpUtil.login(userContext.getId(), SaLoginConfig.setExtraData(BeanUtil
.beanToMap(new UserExtraContext(SpringWebUtils.getRequest()))));
UserContextHolder.setContext(userContext);
return StpUtil.getTokenValue();
}
/**
* 检查用户状态
*
* @param user 用户信息
*/
@Override
public void checkUserStatus(UserDO user) {
CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, user.getStatus(), "此账号已被禁用,如有疑问,请联系管理员");
DeptDO dept = deptService.getById(user.getDeptId());
CheckUtils.throwIfEqual(DisEnableStatusEnum.DISABLE, dept.getStatus(), "此账号所属部门已被禁用,如有疑问,请联系管理员");
}
/**
* 检测用户是否已被锁定
*
* @param username 用户名
* @param request 请求对象
* @param isError 是否登录错误
*/
@Override
public void checkUserLocked(String username, HttpServletRequest request, boolean isError) {
// 不锁定
int maxErrorCount = optionService.getValueByCode2Int(PasswordPolicyEnum.PASSWORD_ERROR_LOCK_COUNT.name());
if (maxErrorCount <= SysConstants.NO) {
return;
}
// 检测是否已被锁定
String key = CacheConstants.USER_PASSWORD_ERROR_KEY_PREFIX + RedisUtils.formatKey(username, JakartaServletUtil
.getClientIP(request));
int lockMinutes = optionService.getValueByCode2Int(PasswordPolicyEnum.PASSWORD_ERROR_LOCK_MINUTES.name());
Integer currentErrorCount = ObjectUtil.defaultIfNull(RedisUtils.get(key), 0);
CheckUtils.throwIf(currentErrorCount >= maxErrorCount, "账号锁定 {} 分钟,请稍后再试", lockMinutes);
// 登录成功清除计数
if (!isError) {
RedisUtils.delete(key);
return;
}
// 登录失败递增计数
currentErrorCount++;
RedisUtils.set(key, currentErrorCount, Duration.ofMinutes(lockMinutes));
CheckUtils.throwIf(currentErrorCount >= maxErrorCount, "密码错误已达 {} 次,账号锁定 {} 分钟", maxErrorCount, lockMinutes);
}
/**
* 发送安全消息
*
* @param user 用户信息
*/
@Override
public void sendSecurityMsg(UserDO user) {
MessageReq req = new MessageReq();
MessageTemplateEnum socialRegister = MessageTemplateEnum.SOCIAL_REGISTER;
req.setTitle(socialRegister.getTitle().formatted(projectProperties.getName()));
req.setContent(socialRegister.getContent().formatted(user.getNickname()));
req.setType(MessageTypeEnum.SECURITY);
messageService.add(req, CollUtil.toList(user.getId()));
List<String> tokenList = StpUtil.getTokenValueListByLoginId(user.getId());
for (String token : tokenList) {
WebSocketUtils.sendMessage(token, "1");
}
}
}

4
continew-module-system/src/main/java/top/continew/admin/system/mapper/ClientMapper.java
View File

@@ -20,9 +20,9 @@ import top.continew.starter.data.mp.base.BaseMapper;
import top.continew.admin.system.model.entity.ClientDO;
/**
* 客户端管理 Mapper
* 客户端 Mapper
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
public interface ClientMapper extends BaseMapper<ClientDO> {}

8
continew-module-system/src/main/java/top/continew/admin/system/model/entity/ClientDO.java
View File

@@ -27,9 +27,9 @@ import java.io.Serial;
import java.util.List;
/**
* 客户端管理实体
* 客户端实体
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
@Data
@@ -40,12 +40,12 @@ public class ClientDO extends BaseDO {
private static final long serialVersionUID = 1L;
/**
* 客户端ID
* 客户端 ID
*/
private String clientId;
/**
* 客户端Key
* 客户端 Key
*/
private String clientKey;

19
continew-module-system/src/main/java/top/continew/admin/system/model/query/ClientQuery.java
View File

@@ -27,13 +27,13 @@ import java.io.Serializable;
import java.util.List;
/**
* 客户端管理查询条件
* 客户端查询条件
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
@Data
@Schema(description = "客户端管理查询条件")
@Schema(description = "客户端查询条件")
public class ClientQuery implements Serializable {
@Serial
@@ -43,33 +43,30 @@ public class ClientQuery implements Serializable {
* 客户端Key
*/
@Schema(description = "客户端Key")
@Query(type = QueryType.EQ)
private String clientKey;
/**
* 客户端秘钥
*/
@Schema(description = "客户端秘钥")
@Query(type = QueryType.EQ)
private String clientSecret;
/**
* 登录类型
* 认证类型
*/
@Schema(description = "登录类型")
@Schema(description = "认证类型")
@Query(type = QueryType.IN)
private List<String> authType;
/**
* 客户端类型
*/
@Schema(description = "客户端类型")
@Query(type = QueryType.EQ)
private String clientType;
/**
* 状态1启用2禁用
* 状态
*/
@Schema(description = "状态")
@Query(type = QueryType.EQ)
@Schema(description = "状态", example = "1")
private DisEnableStatusEnum status;
}

18
continew-module-system/src/main/java/top/continew/admin/system/model/req/ClientReq.java
View File

@@ -28,13 +28,13 @@ import java.io.Serial;
import java.util.List;
/**
* 创建或修改客户端管理参数
* 创建或修改客户端参数
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
@Data
@Schema(description = "创建或修改客户端管理参数")
@Schema(description = "创建或修改客户端参数")
public class ClientReq extends BaseReq {
@Serial
@@ -63,11 +63,12 @@ public class ClientReq extends BaseReq {
private String clientSecret;
/**
* 登录类型
* 认证类型
*/
@Schema(description = "登录类型")
@NotNull(message = "登录类型不能为空")
@Schema(description = "认证类型")
@NotNull(message = "认证类型不能为空")
private List<String> authType;
/**
* 客户端类型
*/
@@ -89,9 +90,8 @@ public class ClientReq extends BaseReq {
private Integer timeout;
/**
* 状态1启用2禁用
* 状态
*/
@Schema(description = "状态1启用2禁用")
@NotNull(message = "状态1启用2禁用不能为空")
@Schema(description = "状态", example = "1")
private DisEnableStatusEnum status;
}

25
continew-module-system/src/main/java/top/continew/admin/system/model/resp/ClientDetailResp.java
View File

@@ -22,19 +22,20 @@ import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import top.continew.admin.common.enums.DisEnableStatusEnum;
import top.continew.starter.extension.crud.model.resp.BaseDetailResp;
import top.continew.starter.file.excel.converter.ExcelBaseEnumConverter;
import java.io.Serial;
import java.util.List;
/**
* 客户端管理详情信息
* 客户端详情信息
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
@Data
@ExcelIgnoreUnannotated
@Schema(description = "客户端管理详情信息")
@Schema(description = "客户端详情信息")
public class ClientDetailResp extends BaseDetailResp {
@Serial
@@ -44,55 +45,55 @@ public class ClientDetailResp extends BaseDetailResp {
* 客户端ID
*/
@Schema(description = "客户端ID")
@ExcelProperty(value = "客户端ID")
@ExcelProperty(value = "客户端ID", order = 2)
private String clientId;
/**
* 客户端Key
*/
@Schema(description = "客户端Key")
@ExcelProperty(value = "客户端Key")
@ExcelProperty(value = "客户端Key", order = 3)
private String clientKey;
/**
* 客户端秘钥
*/
@Schema(description = "客户端秘钥")
@ExcelProperty(value = "客户端秘钥")
@ExcelProperty(value = "客户端秘钥", order = 4)
private String clientSecret;
/**
* 登录类型
*/
@Schema(description = "登录类型")
@ExcelProperty(value = "登录类型")
@ExcelProperty(value = "登录类型", order = 5)
private List<String> authType;
/**
* 客户端类型
*/
@Schema(description = "客户端类型")
@ExcelProperty(value = "客户端类型")
@ExcelProperty(value = "客户端类型", order = 6)
private String clientType;
/**
* Token最低活跃频率-1为不限制
*/
@Schema(description = "Token最低活跃频率-1为不限制")
@ExcelProperty(value = "Token最低活跃频率-1为不限制")
@ExcelProperty(value = "Token最低活跃频率-1为不限制", order = 7)
private Integer activeTimeout;
/**
* Token有效期默认30天单位
*/
@Schema(description = "Token有效期默认30天单位")
@ExcelProperty(value = "Token有效期默认30天单位")
@ExcelProperty(value = "Token有效期默认30天单位", order = 8)
private Integer timeout;
/**
* 状态
*/
@Schema(description = "状态")
@ExcelProperty(value = "状态")
@Schema(description = "状态", example = "1")
@ExcelProperty(value = "状态", converter = ExcelBaseEnumConverter.class, order = 9)
private DisEnableStatusEnum status;
}

6
continew-module-system/src/main/java/top/continew/admin/system/model/resp/ClientResp.java
View File

@@ -25,13 +25,13 @@ import java.io.Serial;
import java.util.List;
/**
* 客户端管理信息
* 客户端信息
*
* @author MoChou
* @author KAI
* @since 2024/12/03 16:04
*/
@Data
@Schema(description = "客户端管理信息")
@Schema(description = "客户端信息")
public class ClientResp extends BaseResp {
@Serial

14
continew-module-system/src/main/java/top/continew/admin/system/service/ClientService.java
View File

@@ -23,13 +23,19 @@ import top.continew.admin.system.model.resp.ClientResp;
import top.continew.starter.extension.crud.service.BaseService;
/**
* 客户端管理业务接口
* 客户端业务接口
*
* @author MoChou
* @author KAI
* @author Charles7c
* @since 2024/12/03 16:04
*/
public interface ClientService extends BaseService<ClientResp, ClientDetailResp, ClientQuery, ClientReq> {
ClientResp getClientByClientId(String clientId);
/**
* 根据客户端 ID 查詢
*
* @param clientId 客戶端 ID
* @return 客户端信息
*/
ClientResp getByClientId(String clientId);
}

43
continew-module-system/src/main/java/top/continew/admin/system/service/impl/ClientServiceImpl.java
View File

@@ -17,10 +17,7 @@
package top.continew.admin.system.service.impl;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.digest.DigestUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import top.continew.admin.auth.enums.AuthTypeEnum;
import top.continew.admin.system.mapper.ClientMapper;
@@ -37,40 +34,38 @@ import top.continew.starter.extension.crud.service.BaseServiceImpl;
import java.util.List;
/**
* 客户端管理业务实现
* 客户端业务实现
*
* @author MoChou
* @author KAI
* @author Charles7c
* @since 2024/12/03 16:04
*/
@Service
@RequiredArgsConstructor
public class ClientServiceImpl extends BaseServiceImpl<ClientMapper, ClientDO, ClientResp, ClientDetailResp, ClientQuery, ClientReq> implements ClientService {
@Override
protected void beforeAdd(ClientReq req) {
public void beforeAdd(ClientReq req) {
String clientId = DigestUtil.md5Hex(req.getClientKey() + StringConstants.COLON + req.getClientSecret());
req.setClientId(clientId);
}
/**
* 通过ClientId获取客户端实例
*
* @param clientId 客户端id
* @return 客户端响应对象
*/
@Override
public ClientResp getClientByClientId(String clientId) {
ClientDO clientDO = baseMapper.selectOne(new LambdaQueryWrapper<ClientDO>()
.eq(ClientDO::getClientId, clientId));
return BeanUtil.copyProperties(clientDO, ClientResp.class);
public void beforeDelete(List<Long> ids) {
// 查询如果删除客户端记录以后是否还存在账号认证的方式,不存在则不允许删除
List<ClientDO> clientList = baseMapper.lambdaQuery()
.in(ClientDO::getId, ids)
.like(ClientDO::getAuthType, AuthTypeEnum.ACCOUNT.getValue())
.list();
ValidationUtils.throwIfEmpty(clientList, "请至少保留 [{}] 认证类型", AuthTypeEnum.ACCOUNT.getDescription());
super.beforeDelete(ids);
}
@Override
protected void beforeDelete(List<Long> ids) {
// 查询如果删除客户端记录以后是否还存在账号认证的方式,不存在则不允许删除
List<ClientDO> clientDOS = baseMapper.selectList(new LambdaQueryWrapper<ClientDO>().notIn(ClientDO::getId, ids)
.like(ClientDO::getAuthType, AuthTypeEnum.ACCOUNT.getValue()));
ValidationUtils.throwIfEmpty(clientDOS, StrUtil.format("请至少保留一条{}认证的方式", AuthTypeEnum.ACCOUNT
.getDescription()));
super.beforeDelete(ids);
public ClientResp getByClientId(String clientId) {
return baseMapper.lambdaQuery()
.eq(ClientDO::getClientId, clientId)
.oneOpt()
.map(client -> BeanUtil.copyProperties(client, ClientResp.class))
.orElse(null);
}
}