From 460cdbd87a50f5b4e36d5cea9732748b6289159c Mon Sep 17 00:00:00 2001 From: "Michelle.Chung" <1242874891@qq.com> Date: Mon, 24 Jul 2023 18:40:43 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20SaReactorFilter?= =?UTF-8?q?=20=E8=BF=87=E6=BB=A4=E5=99=A8=E5=88=A4=E6=96=AD=20token=20?= =?UTF-8?q?=E5=AE=A2=E6=88=B7=E7=AB=AF=20id=20=E6=98=AF=E5=90=A6=E6=9C=89?= =?UTF-8?q?=E6=95=88=20;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/service/impl/EmailAuthStrategy.java | 1 + .../service/impl/PasswordAuthStrategy.java | 1 + .../auth/service/impl/SmsAuthStrategy.java | 1 + .../auth/service/impl/SocialAuthStrategy.java | 1 + .../auth/service/impl/XcxAuthStrategy.java | 1 + .../common/satoken/utils/LoginHelper.java | 1 + .../dromara/gateway/filter/AuthFilter.java | 19 +++++++++++++++++++ 7 files changed, 25 insertions(+) diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java index 382060b4..5f64b810 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/EmailAuthStrategy.java @@ -59,6 +59,7 @@ public class EmailAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java index 5d32359e..5db4c1f2 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/PasswordAuthStrategy.java @@ -72,6 +72,7 @@ public class PasswordAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java index b515c144..dd5f4b29 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SmsAuthStrategy.java @@ -59,6 +59,7 @@ public class SmsAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java index fdbae894..06d04ad2 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/SocialAuthStrategy.java @@ -96,6 +96,7 @@ public class SocialAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java index ab2f0ca7..e072fc4b 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/impl/XcxAuthStrategy.java @@ -54,6 +54,7 @@ public class XcxAuthStrategy implements IAuthStrategy { // 例如: 后台用户30分钟过期 app用户1天过期 model.setTimeout(client.getTimeout()); model.setActiveTimeout(client.getActiveTimeout()); + model.setExtra(LoginHelper.CLIENT_KEY, clientId); // 生成token LoginHelper.login(loginUser, model); diff --git a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java index f6b997e1..e03731c5 100644 --- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java +++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java @@ -35,6 +35,7 @@ public class LoginHelper { public static final String LOGIN_USER_KEY = "loginUser"; public static final String TENANT_KEY = "tenantId"; public static final String USER_KEY = "userId"; + public static final String CLIENT_KEY = "clientid"; /** * 登录系统 基于 设备类型 diff --git a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java index 0d643471..63564a9d 100644 --- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java @@ -1,13 +1,19 @@ package org.dromara.gateway.filter; +import cn.dev33.satoken.exception.NotLoginException; +import cn.dev33.satoken.reactor.context.SaReactorSyncHolder; import cn.dev33.satoken.reactor.filter.SaReactorFilter; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaResult; import org.dromara.common.core.constant.HttpStatus; +import org.dromara.common.core.utils.ServletUtils; +import org.dromara.common.core.utils.StringUtils; +import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.gateway.config.properties.IgnoreWhiteProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.server.reactive.ServerHttpRequest; /** * [Sa-Token 权限认证] 拦截器 @@ -35,6 +41,19 @@ public class AuthFilter { // 检查是否登录 是否有token StpUtil.checkLogin(); + // 检查 header 里的 clientId 与 token 里的是否一致 + ServerHttpRequest request = SaReactorSyncHolder.getContext().getRequest(); + String headerCid = request.getHeaders().getFirst(LoginHelper.CLIENT_KEY); + String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString(); + if (!StringUtils.equals(headerCid, clientId)) { + // token 无效 + throw NotLoginException.newInstance( + StpUtil.getLoginType(), + NotLoginException.INVALID_TOKEN, + NotLoginException.NOT_TOKEN_MESSAGE, + StpUtil.getTokenValue()); + } + // 有效率影响 用于临时测试 // if (log.isDebugEnabled()) { // log.debug("剩余有效时间: {}", StpUtil.getTokenTimeout());