From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java | 248 +++++++++++++++++++++++--------------------------
1 files changed, 116 insertions(+), 132 deletions(-)
diff --git a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java
index 6d0ef7b..b561693 100644
--- a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java
@@ -1,75 +1,77 @@
package org.dromara.web.controller;
import cn.dev33.satoken.annotation.SaIgnore;
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.hutool.core.codec.Base64;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.json.JSONObject;
-import cn.hutool.json.JSONUtil;
-import com.alibaba.fastjson.JSON;
import jakarta.servlet.http.HttpServletRequest;
-import jakarta.validation.constraints.NotBlank;
import lombok.RequiredArgsConstructor;
-import me.zhyd.oauth.cache.AuthDefaultStateCache;
-import me.zhyd.oauth.cache.AuthStateCache;
-import me.zhyd.oauth.model.AuthCallback;
+import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.utils.AuthStateUtils;
-import org.dromara.common.auth.utils.AuthUtils;
+import org.dromara.common.core.constant.UserConstants;
import org.dromara.common.core.domain.R;
-import org.dromara.common.core.domain.model.EmailLoginBody;
import org.dromara.common.core.domain.model.LoginBody;
import org.dromara.common.core.domain.model.RegisterBody;
-import org.dromara.common.core.domain.model.SmsLoginBody;
-import org.dromara.common.core.utils.MapstructUtils;
-import org.dromara.common.core.utils.StreamUtils;
-import org.dromara.common.core.utils.StringUtils;
+import org.dromara.common.core.domain.model.SocialLoginBody;
+import org.dromara.common.core.utils.*;
+import org.dromara.common.encrypt.annotation.ApiEncrypt;
+import org.dromara.common.json.utils.JsonUtils;
+import org.dromara.common.satoken.utils.LoginHelper;
+import org.dromara.common.social.config.properties.SocialLoginConfigProperties;
+import org.dromara.common.social.config.properties.SocialProperties;
+import org.dromara.common.social.utils.SocialUtils;
+import org.dromara.common.sse.dto.SseMessageDto;
+import org.dromara.common.sse.utils.SseMessageUtils;
import org.dromara.common.tenant.helper.TenantHelper;
import org.dromara.system.domain.bo.SysTenantBo;
+import org.dromara.system.domain.vo.SysClientVo;
import org.dromara.system.domain.vo.SysTenantVo;
-import org.dromara.system.domain.vo.SysUserVo;
-import org.dromara.system.mapper.SysUserMapper;
+import org.dromara.system.service.ISysClientService;
import org.dromara.system.service.ISysConfigService;
+import org.dromara.system.service.ISysSocialService;
import org.dromara.system.service.ISysTenantService;
import org.dromara.web.domain.vo.LoginTenantVo;
import org.dromara.web.domain.vo.LoginVo;
import org.dromara.web.domain.vo.TenantListVo;
+import org.dromara.web.service.IAuthStrategy;
import org.dromara.web.service.SysLoginService;
import org.dromara.web.service.SysRegisterService;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
-import java.io.IOException;
import java.net.URL;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
/**
* 璁よ瘉
*
* @author Lion Li
*/
+@Slf4j
@SaIgnore
-@Validated
@RequiredArgsConstructor
@RestController
@RequestMapping("/auth")
public class AuthController {
- private AuthStateCache authStateCache;
+ private final SocialProperties socialProperties;
private final SysLoginService loginService;
private final SysRegisterService registerService;
private final ISysConfigService configService;
private final ISysTenantService tenantService;
- private final SysUserMapper userMapper;
- private final Map<String, String> auths = new HashMap<>();
- {
- auths.put("gitee", "{\"clientId\":\"38eaaa1b77b5e064313057a2f5745ce3a9f3e7686d9bd302c7df2f308ef6db81\",\"clientSecret\":\"2e633af8780cb9fe002c4c7291b722db944402e271efb99b062811f52d7da1ff\",\"redirectUri\":\"http://127.0.0.1:8888/social-login?source=gitee\"}");
- auths.put("github", "{\"clientId\":\"Iv1.1be0cdcd71aca63b\",\"clientSecret\":\"0d59d28b43152bc8906011624db37b0fed88d154\",\"redirectUri\":\"http://127.0.0.1:80/social-login?source=github\"}");
- authStateCache = AuthDefaultStateCache.INSTANCE;// 浣跨敤榛樿鐨勭紦瀛�
- }
+ private final ISysSocialService socialUserService;
+ private final ISysClientService clientService;
+ private final ScheduledExecutorService scheduledExecutorService;
+
/**
* 鐧诲綍鏂规硶
@@ -77,125 +79,91 @@
* @param body 鐧诲綍淇℃伅
* @return 缁撴灉
*/
+ @ApiEncrypt
@PostMapping("/login")
- public R<LoginVo> login(@Validated @RequestBody LoginBody body) {
- LoginVo loginVo = new LoginVo();
- // 鐢熸垚浠ょ墝
- String token = loginService.login(
- body.getTenantId(),
- body.getUsername(), body.getPassword(),
- body.getCode(), body.getUuid());
- loginVo.setToken(token);
+ public R<LoginVo> login(@RequestBody String body) {
+ LoginBody loginBody = JsonUtils.parseObject(body, LoginBody.class);
+ ValidatorUtils.validate(loginBody);
+ // 鎺堟潈绫诲瀷鍜屽鎴风id
+ String clientId = loginBody.getClientId();
+ String grantType = loginBody.getGrantType();
+ SysClientVo client = clientService.queryByClientId(clientId);
+ // 鏌ヨ涓嶅埌 client 鎴� client 鍐呬笉鍖呭惈 grantType
+ if (ObjectUtil.isNull(client) || !StringUtils.contains(client.getGrantType(), grantType)) {
+ log.info("瀹㈡埛绔痠d: {} 璁よ瘉绫诲瀷锛歿} 寮傚父!.", clientId, grantType);
+ return R.fail(MessageUtils.message("auth.grant.type.error"));
+ } else if (!UserConstants.NORMAL.equals(client.getStatus())) {
+ return R.fail(MessageUtils.message("auth.grant.type.blocked"));
+ }
+ // 鏍¢獙绉熸埛
+ loginService.checkTenant(loginBody.getTenantId());
+ // 鐧诲綍
+ LoginVo loginVo = IAuthStrategy.login(body, client, grantType);
+
+ Long userId = LoginHelper.getUserId();
+ scheduledExecutorService.schedule(() -> {
+ SseMessageDto dto = new SseMessageDto();
+ dto.setMessage("娆㈣繋鐧诲綍RuoYi-Vue-Plus鍚庡彴绠$悊绯荤粺");
+ dto.setUserIds(List.of(userId));
+ SseMessageUtils.publishMessage(dto);
+ }, 5, TimeUnit.SECONDS);
return R.ok(loginVo);
}
/**
- * 鐭俊鐧诲綍
+ * 绗笁鏂圭櫥褰曡姹�
*
- * @param body 鐧诲綍淇℃伅
+ * @param source 鐧诲綍鏉ユ簮
* @return 缁撴灉
- */
- @PostMapping("/smsLogin")
- public R<LoginVo> smsLogin(@Validated @RequestBody SmsLoginBody body) {
- LoginVo loginVo = new LoginVo();
- // 鐢熸垚浠ょ墝
- String token = loginService.smsLogin(
- body.getTenantId(),
- body.getPhonenumber(),
- body.getSmsCode());
- loginVo.setToken(token);
- return R.ok(loginVo);
- }
-
- /**
- * 閭欢鐧诲綍
- *
- * @param body 鐧诲綍淇℃伅
- * @return 缁撴灉
- */
- @PostMapping("/emailLogin")
- public R<LoginVo> emailLogin(@Validated @RequestBody EmailLoginBody body) {
- LoginVo loginVo = new LoginVo();
- // 鐢熸垚浠ょ墝
- String token = loginService.emailLogin(
- body.getTenantId(),
- body.getEmail(),
- body.getEmailCode());
- loginVo.setToken(token);
- return R.ok(loginVo);
- }
-
- /**
- * 灏忕▼搴忕櫥褰�(绀轰緥)
- *
- * @param xcxCode 灏忕▼搴廲ode
- * @return 缁撴灉
- */
- @PostMapping("/xcxLogin")
- public R<LoginVo> xcxLogin(@NotBlank(message = "{xcx.code.not.blank}") String xcxCode) {
- LoginVo loginVo = new LoginVo();
- // 鐢熸垚浠ょ墝
- String token = loginService.xcxLogin(xcxCode);
- loginVo.setToken(token);
- return R.ok(loginVo);
- }
-
-
-
-
- /**
- * 璁よ瘉鎺堟潈
- * @param source
- * @throws IOException
*/
@GetMapping("/binding/{source}")
- @ResponseBody
- public R<LoginVo> authBinding(@PathVariable("source") String source, HttpServletRequest request){
- SysUserVo userLoding = new SysUserVo();
- if (ObjectUtil.isNull(userLoding)) {
- return R.fail("鎺堟潈澶辫触锛岃鍏堢櫥褰曞啀缁戝畾");
- }
- if (userMapper.checkAuthUser(userLoding.getUserId(),source) > 0)
- {
- return R.fail(source + "骞冲彴璐﹀彿宸茬粡缁戝畾");
- }
- String obj = auths.get(source);
- if (StringUtils.isEmpty(obj))
- {
+ public R<String> authBinding(@PathVariable("source") String source,
+ @RequestParam String tenantId, @RequestParam String domain) {
+ SocialLoginConfigProperties obj = socialProperties.getType().get(source);
+ if (ObjectUtil.isNull(obj)) {
return R.fail(source + "骞冲彴璐﹀彿鏆備笉鏀寔");
}
- JSONObject json = JSONUtil.parseObj(obj);
- AuthRequest authRequest = AuthUtils.getAuthRequest(source,
- json.getStr("clientId"),
- json.getStr("clientSecret"),
- json.getStr("redirectUri"), authStateCache);
- String authorizeUrl = authRequest.authorize(AuthStateUtils.createState());
- return R.ok(authorizeUrl);
+ AuthRequest authRequest = SocialUtils.getAuthRequest(source, socialProperties);
+ Map<String, String> map = new HashMap<>();
+ map.put("tenantId", tenantId);
+ map.put("domain", domain);
+ map.put("state", AuthStateUtils.createState());
+ String authorizeUrl = authRequest.authorize(Base64.encode(JsonUtils.toJsonString(map), StandardCharsets.UTF_8));
+ return R.ok("鎿嶄綔鎴愬姛", authorizeUrl);
}
/**
- * @param source
- * @param callback
- * @param request
- * @return
+ * 绗笁鏂圭櫥褰曞洖璋冧笟鍔″鐞� 缁戝畾鎺堟潈
+ *
+ * @param loginBody 璇锋眰浣�
+ * @return 缁撴灉
*/
- @SuppressWarnings("unchecked")
- @GetMapping("/social-login/{source}")
- public R<String> socialLogin(@PathVariable("source") String source, AuthCallback callback, HttpServletRequest request) throws IOException {
- String obj = auths.get(source);
- if (StringUtils.isEmpty(obj))
- {
- return R.fail("绗笁鏂瑰钩鍙扮郴缁熶笉鏀寔鎴栨湭鎻愪緵鏉ユ簮");
+ @PostMapping("/social/callback")
+ public R<Void> socialCallback(@RequestBody SocialLoginBody loginBody) {
+ // 鑾峰彇绗笁鏂圭櫥褰曚俊鎭�
+ AuthResponse<AuthUser> response = SocialUtils.loginAuth(
+ loginBody.getSource(), loginBody.getSocialCode(),
+ loginBody.getSocialState(), socialProperties);
+ AuthUser authUserData = response.getData();
+ // 鍒ゆ柇鎺堟潈鍝嶅簲鏄惁鎴愬姛
+ if (!response.ok()) {
+ return R.fail(response.getMsg());
}
- JSONObject json = JSONUtil.parseObj(obj);
- AuthRequest authRequest = AuthUtils.getAuthRequest(source,
- json.getStr("clientId"),
- json.getStr("clientSecret"),
- json.getStr("redirectUri"), authStateCache);
- AuthResponse<AuthUser> response = authRequest.login(callback);
- return loginService.socialLogin(source, response, request);
+ loginService.socialRegister(authUserData);
+ return R.ok();
}
+
+ /**
+ * 鍙栨秷鎺堟潈
+ *
+ * @param socialId socialId
+ */
+ @DeleteMapping(value = "/unlock/{socialId}")
+ public R<Void> unlockSocial(@PathVariable Long socialId) {
+ Boolean rows = socialUserService.deleteWithValidById(socialId);
+ return rows ? R.ok() : R.fail("鍙栨秷鎺堟潈澶辫触");
+ }
/**
@@ -210,6 +178,7 @@
/**
* 鐢ㄦ埛娉ㄥ唽
*/
+ @ApiEncrypt
@PostMapping("/register")
public R<Void> register(@Validated @RequestBody RegisterBody user) {
if (!configService.selectRegisterEnabled(user.getTenantId())) {
@@ -226,8 +195,26 @@
*/
@GetMapping("/tenant/list")
public R<LoginTenantVo> tenantList(HttpServletRequest request) throws Exception {
+ // 杩斿洖瀵硅薄
+ LoginTenantVo result = new LoginTenantVo();
+ boolean enable = TenantHelper.isEnable();
+ result.setTenantEnabled(enable);
+ // 濡傛灉鏈紑鍚鎴疯繖鐩存帴杩斿洖
+ if (!enable) {
+ return R.ok(result);
+ }
+
List<SysTenantVo> tenantList = tenantService.queryList(new SysTenantBo());
List<TenantListVo> voList = MapstructUtils.convert(tenantList, TenantListVo.class);
+ try {
+ // 濡傛灉鍙秴绠¤繑鍥炴墍鏈夌鎴�
+ if (LoginHelper.isSuperAdmin()) {
+ result.setVoList(voList);
+ return R.ok(result);
+ }
+ } catch (NotLoginException ignored) {
+ }
+
// 鑾峰彇鍩熷悕
String host;
String referer = request.getHeader("referer");
@@ -239,12 +226,9 @@
}
// 鏍规嵁鍩熷悕杩涜绛涢��
List<TenantListVo> list = StreamUtils.filter(voList, vo ->
- StringUtils.equals(vo.getDomain(), host));
- // 杩斿洖瀵硅薄
- LoginTenantVo vo = new LoginTenantVo();
- vo.setVoList(CollUtil.isNotEmpty(list) ? list : voList);
- vo.setTenantEnabled(TenantHelper.isEnable());
- return R.ok(vo);
+ StringUtils.equals(vo.getDomain(), host));
+ result.setVoList(CollUtil.isNotEmpty(list) ? list : voList);
+ return R.ok(result);
}
}
--
Gitblit v1.9.3