|
|
@@ -1,18 +1,22 @@
|
|
|
package cn.kdan.cloud.pdf.office.sso.service.impl;
|
|
|
|
|
|
+import cn.kdan.cloud.pdf.office.api.account.feign.LoginDeviceApi;
|
|
|
import cn.kdan.cloud.pdf.office.api.account.feign.OauthClientDetailsApi;
|
|
|
import cn.kdan.cloud.pdf.office.api.account.feign.UserApi;
|
|
|
+import cn.kdan.cloud.pdf.office.api.account.vo.LoginDevice;
|
|
|
import cn.kdan.cloud.pdf.office.api.account.vo.OauthClientDetails;
|
|
|
import cn.kdan.cloud.pdf.office.common.constant.CommonConstant;
|
|
|
+import cn.kdan.cloud.pdf.office.common.enums.EmailCodeTypeEnum;
|
|
|
import cn.kdan.cloud.pdf.office.common.exception.BackendRuntimeException;
|
|
|
import cn.kdan.cloud.pdf.office.common.pojo.CustomUserDetails;
|
|
|
+import cn.kdan.cloud.pdf.office.common.utils.CommonUtils;
|
|
|
+import cn.kdan.cloud.pdf.office.common.utils.RedisUtils;
|
|
|
+import cn.kdan.cloud.pdf.office.common.vo.TokenVO;
|
|
|
import cn.kdan.cloud.pdf.office.common.vo.UserInfoVO;
|
|
|
import cn.kdan.cloud.pdf.office.sso.constant.AuthConstant;
|
|
|
-import cn.kdan.cloud.pdf.office.common.enums.EmailCodeTypeEnum;
|
|
|
import cn.kdan.cloud.pdf.office.sso.service.AuthService;
|
|
|
-import cn.kdan.cloud.pdf.office.common.utils.RedisUtils;
|
|
|
-import cn.kdan.cloud.pdf.office.common.vo.TokenVO;
|
|
|
import cn.kdan.cloud.pdf.office.sso.utils.TokenUtils;
|
|
|
+import com.alibaba.nacos.common.utils.CollectionUtils;
|
|
|
import org.apache.commons.lang.StringUtils;
|
|
|
import org.slf4j.Logger;
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
@@ -43,6 +47,7 @@ import javax.annotation.Resource;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import java.security.Principal;
|
|
|
import java.util.*;
|
|
|
+import java.util.stream.Collectors;
|
|
|
|
|
|
@Service
|
|
|
@RefreshScope
|
|
|
@@ -51,12 +56,13 @@ public class AuthServiceImpl implements AuthService {
|
|
|
private final Logger logger = LoggerFactory.getLogger(AuthServiceImpl.class);
|
|
|
|
|
|
@Autowired
|
|
|
- private RedisUtils<String,String> redisUtils;
|
|
|
+ private RedisUtils<String, String> redisUtils;
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
private UserApi userApi;
|
|
|
-
|
|
|
+ @Autowired
|
|
|
+ private LoginDeviceApi loginDeviceApi;
|
|
|
@Autowired
|
|
|
private OauthClientDetailsApi oauthClientDetailsApi;
|
|
|
|
|
|
@@ -67,7 +73,6 @@ public class AuthServiceImpl implements AuthService {
|
|
|
private TokenEndpoint tokenEndpoint;
|
|
|
|
|
|
|
|
|
-
|
|
|
@Value("${security.oauth2.client.user-authorization-uri}")
|
|
|
private String authorizeUrl;
|
|
|
|
|
|
@@ -121,15 +126,15 @@ public class AuthServiceImpl implements AuthService {
|
|
|
//如果是管理平台就去查管理平台的用户表
|
|
|
UserInfoVO userInfoVO = userApi.getByAppAccount(email,appId,platformType).getResult();
|
|
|
//检查用户存在
|
|
|
- // checkUser(userInfoVO);
|
|
|
+ checkUser(userInfoVO);
|
|
|
//检查邮件验证码
|
|
|
- // checkEmailCodeValid(EmailCodeTypeEnum.LOGIN,email,code);
|
|
|
+ checkEmailCodeValid(EmailCodeTypeEnum.LOGIN,email,code);
|
|
|
// 检查设备是否达到上限
|
|
|
- //checkLoginDeviceNum(userInfoVO.getId());
|
|
|
+ checkLoginDeviceNum(userInfoVO.getId(), deviceSign);
|
|
|
TokenVO vo = getTokenByUser(code, userInfoVO);
|
|
|
//关联设备登录
|
|
|
- //relateTokenAndDevice(vo.getAccess_token(),userInfoVO.getId(),deviceSign,appId);
|
|
|
- return getTokenByUser(code, userInfoVO);
|
|
|
+ relateTokenAndDevice(vo.getAccess_token(), userInfoVO.getId(), deviceSign, appId);
|
|
|
+ return vo;
|
|
|
}
|
|
|
|
|
|
@Resource
|
|
|
@@ -137,7 +142,7 @@ public class AuthServiceImpl implements AuthService {
|
|
|
private TokenStore tokenStore;
|
|
|
|
|
|
@Override
|
|
|
- public void invalidToken(String token) {
|
|
|
+ public void logout(String token, String userId, String deviceSign, String appId) {
|
|
|
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(token);
|
|
|
if (oAuth2AccessToken != null) {
|
|
|
OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
|
|
|
@@ -146,6 +151,7 @@ public class AuthServiceImpl implements AuthService {
|
|
|
tokenStore.removeRefreshToken(oAuth2RefreshToken);
|
|
|
tokenStore.removeAccessTokenUsingRefreshToken(oAuth2RefreshToken);
|
|
|
}
|
|
|
+ deleteTokenAndDevice(userId, deviceSign, appId);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -153,25 +159,32 @@ public class AuthServiceImpl implements AuthService {
|
|
|
*
|
|
|
* @param userInfoVO
|
|
|
*/
|
|
|
- private void checkUser(UserInfoVO userInfoVO){
|
|
|
- if(ObjectUtils.isEmpty(userInfoVO)){
|
|
|
+ private void checkUser(UserInfoVO userInfoVO) {
|
|
|
+ if (ObjectUtils.isEmpty(userInfoVO)) {
|
|
|
throw new BackendRuntimeException(AuthConstant.EXCEPTION_MSG_USER_NOT_FOUND);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- private void checkLoginDeviceNum(String userId){
|
|
|
- //根据userId查询如果list>2
|
|
|
-// if(list.size()>=2){
|
|
|
-// throw new BackendRuntimeException(AuthConstant.EXCEPTION_MSG_DEVICE_NUM_MAX);
|
|
|
-// }
|
|
|
+ /**
|
|
|
+ * 检查设备是否达到上限
|
|
|
+ * @param userId 用户id
|
|
|
+ * @param deviceSign 设备
|
|
|
+ */
|
|
|
+ private void checkLoginDeviceNum(String userId, String deviceSign) {
|
|
|
+ //根据userId查询如果list>2,并且设备号不属于其中的某一个
|
|
|
+ List<LoginDevice> list = loginDeviceApi.getByUserId(userId).getResult();
|
|
|
+ List<String> snList = list.stream().map(LoginDevice::getUniqueSn).collect(Collectors.toList());
|
|
|
+ if (CollectionUtils.isNotEmpty(list)&&list.size() >= 2&&!snList.contains(deviceSign)) {
|
|
|
+ throw new BackendRuntimeException(AuthConstant.EXCEPTION_MSG_DEVICE_NUM_MAX);
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* 校验邮件验证码
|
|
|
*
|
|
|
- * @param type 邮件验证码类型
|
|
|
+ * @param type 邮件验证码类型
|
|
|
* @param account 用户
|
|
|
- * @param code 验证码
|
|
|
+ * @param code 验证码
|
|
|
*/
|
|
|
private void checkEmailCodeValid(EmailCodeTypeEnum type, String account, String code) {
|
|
|
//获取用户存在redis中的登录邮箱验证码
|
|
|
@@ -229,18 +242,25 @@ public class AuthServiceImpl implements AuthService {
|
|
|
* @param deviceSign
|
|
|
* @param appId
|
|
|
*/
|
|
|
- private void relateTokenAndDevice(String token,String userId,String deviceSign,String appId){
|
|
|
- //todo 登录设备表插入数据关联用户
|
|
|
- redisUtils.hset(appId+AuthConstant.DEVICE_LOGIN_TOKEN_KEY,userId + CommonConstant.STRIKE_THROUGH + deviceSign ,token );
|
|
|
+ private void relateTokenAndDevice(String token,String userId,String deviceSign,String appId) {
|
|
|
+ // 登录设备表插入数据关联用户
|
|
|
+ LoginDevice loginDevice = new LoginDevice();
|
|
|
+ loginDevice.setId(CommonUtils.generateId());
|
|
|
+ loginDevice.setCreatedAt(new Date());
|
|
|
+ loginDevice.setUniqueSn(deviceSign);
|
|
|
+ loginDevice.setUserId(userId);
|
|
|
+ loginDeviceApi.create(loginDevice);
|
|
|
+ redisUtils.hset(appId + AuthConstant.DEVICE_LOGIN_TOKEN_KEY, userId + CommonConstant.STRIKE_THROUGH + deviceSign, token);
|
|
|
}
|
|
|
|
|
|
- private void deleteTokenAndDevice(String token,String userId,String deviceSign,String appId){
|
|
|
- //todo 登录设备表删除数据关联用户
|
|
|
- redisUtils.hdel(appId+AuthConstant.DEVICE_LOGIN_TOKEN_KEY,userId + CommonConstant.STRIKE_THROUGH + deviceSign );
|
|
|
+ private void deleteTokenAndDevice(String userId, String deviceSign, String appId) {
|
|
|
+ // 登录设备表删除数据关联用户
|
|
|
+ loginDeviceApi.delete(deviceSign, appId);
|
|
|
+ redisUtils.hdel(appId + AuthConstant.DEVICE_LOGIN_TOKEN_KEY, userId + CommonConstant.STRIKE_THROUGH + deviceSign);
|
|
|
}
|
|
|
|
|
|
- private TokenVO convert(OAuth2AccessToken token){
|
|
|
- if(token == null) {
|
|
|
+ private TokenVO convert(OAuth2AccessToken token) {
|
|
|
+ if (token == null) {
|
|
|
return null;
|
|
|
}
|
|
|
TokenVO tokenVO = new TokenVO();
|
|
|
@@ -258,7 +278,7 @@ public class AuthServiceImpl implements AuthService {
|
|
|
keySet.add(AuthConstant.ACCESS+token);
|
|
|
keySet.add(AuthConstant.AUTH+token);
|
|
|
keySet.add(AuthConstant.ACCESS_TO_REFRESH + token);
|
|
|
- long time = 30 * 60L;
|
|
|
+ long time = 30 * 24 * 60 * 60L;
|
|
|
keySet.forEach(key -> redisUtils.expire(key, time));
|
|
|
}
|
|
|
|
wangPH