diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java index 382060b4..5f64b810 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java @@ -59,6 +59,7 @@ public class EmailAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java index 5d32359e..5db4c1f2 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java @@ -72,6 +72,7 @@ public class PasswordAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java index b515c144..dd5f4b29 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java @@ -59,6 +59,7 @@ public class SmsAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java index fdbae894..06d04ad2 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java @@ -96,6 +96,7 @@ public class SocialAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java index ab2f0ca7..e072fc4b 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java @@ -54,6 +54,7 @@ public class XcxAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java index f6b997e1..e03731c5 100644 --- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java +++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java @@ -35,6 +35,7 @@ public class LoginHelper { public static final String LOGIN_USER_KEY = "loginUser"; public static final String TENANT_KEY = "tenantId"; public static final String USER_KEY = "userId"; + public static final String CLIENT_KEY = "clientid"; /** * 登录系统 基于 设备类型 diff --git a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java index 0d643471..63564a9d 100644 --- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java @@ -1,13 +1,19 @@ package org.dromara.gateway.filter; +import cn.dev33.satoken.exception.NotLoginException; +import cn.dev33.satoken.reactor.context.SaReactorSyncHolder; import cn.dev33.satoken.reactor.filter.SaReactorFilter; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaResult; import org.dromara.common.core.constant.HttpStatus; +import org.dromara.common.core.utils.ServletUtils; +import org.dromara.common.core.utils.StringUtils; +import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.gateway.config.properties.IgnoreWhiteProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.server.reactive.ServerHttpRequest; /** * [Sa-Token 权限认证] 拦截器 @@ -35,6 +41,19 @@ public class AuthFilter { // 检查是否登录 是否有token StpUtil.checkLogin(); + // 检查 header 里的 clientId 与 token 里的是否一致 + ServerHttpRequest request = SaReactorSyncHolder.getContext().getRequest(); + String headerCid = request.getHeaders().getFirst(LoginHelper.CLIENT_KEY); + String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString(); + if (!StringUtils.equals(headerCid, clientId)) { + // token 无效 + throw NotLoginException.newInstance( + StpUtil.getLoginType(), + NotLoginException.INVALID_TOKEN, + NotLoginException.NOT_TOKEN_MESSAGE, + StpUtil.getTokenValue()); + } + // 有效率影响 用于临时测试 // if (log.isDebugEnabled()) { // log.debug("剩余有效时间: {}", StpUtil.getTokenTimeout());