From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java | 157 +++++++++++++++++++---------------------------------
1 files changed, 57 insertions(+), 100 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java b/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java
index a11520b..9191fca 100644
--- a/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java
+++ b/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java
@@ -1,116 +1,73 @@
package org.dromara.common.social.utils;
+import cn.hutool.core.util.ObjectUtil;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.*;
+import org.dromara.common.core.utils.SpringUtils;
+import org.dromara.common.social.config.properties.SocialLoginConfigProperties;
+import org.dromara.common.social.config.properties.SocialProperties;
+import org.dromara.common.social.maxkey.AuthMaxKeyRequest;
+import org.dromara.common.social.topiam.AuthTopIamRequest;
/**
* 璁よ瘉鎺堟潈宸ュ叿绫�
*
* @author thiszhc
*/
-public class SocialUtils {
+public class SocialUtils {
- public static AuthRequest getAuthRequest(String source, String clientId,
- String clientSecret, String redirectUri) throws AuthException {
- AuthRequest authRequest = null;
- switch (source.toLowerCase()) {
- case "dingtalk" ->
- authRequest = new AuthDingTalkRequest(AuthConfig.builder()
- .clientId(clientId)
- .clientSecret(clientSecret)
- .redirectUri(redirectUri)
- .build());
- case "baidu" ->
- authRequest = new AuthBaiduRequest(AuthConfig.builder()
- .clientId(clientId)
- .clientSecret(clientSecret)
- .redirectUri(redirectUri)
- .build());
- case "github" ->
- authRequest = new AuthGithubRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "gitee" ->
- authRequest = new AuthGiteeRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "weibo" ->
- authRequest = new AuthWeiboRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "coding" ->
- authRequest = new AuthCodingRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "oschina" ->
- authRequest = new AuthOschinaRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "alipay" ->
- // 鏀粯瀹濆湪鍒涘缓鍥炶皟鍦板潃鏃讹紝涓嶅厑璁镐娇鐢╨ocalhost鎴栬��127.0.0.1锛屾墍浠ヨ繖鍎跨殑鍥炶皟鍦板潃浣跨敤鐨勫眬鍩熺綉鍐呯殑ip
- authRequest = new AuthAlipayRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .alipayPublicKey("").redirectUri(redirectUri).build());
- case "qq" ->
- authRequest = new AuthQqRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "wechat_open" -> authRequest = new AuthWeChatOpenRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).build());
- case "csdn" ->
- authRequest = new AuthCsdnRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "taobao" ->
- authRequest = new AuthTaobaoRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "douyin" ->
- authRequest = new AuthDouyinRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "linkedin" ->
- authRequest = new AuthLinkedinRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "microsoft" -> authRequest = new AuthMicrosoftRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).build());
- case "mi" ->
- authRequest = new AuthMiRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "toutiao" ->
- authRequest = new AuthToutiaoRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "teambition" -> authRequest = new AuthTeambitionRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).build());
- case "pinterest" -> authRequest = new AuthPinterestRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).build());
- case "renren" ->
- authRequest = new AuthRenrenRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "stack_overflow" -> authRequest = new AuthStackOverflowRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).stackOverflowKey("").build());
- case "huawei" ->
- authRequest = new AuthHuaweiRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "wechat_enterprise" ->
- authRequest = new AuthWeChatEnterpriseQrcodeRequest(AuthConfig.builder().clientId(clientId)
- .clientSecret(clientSecret).redirectUri(redirectUri).agentId("").build());
- case "kujiale" ->
- authRequest = new AuthKujialeRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "gitlab" ->
- authRequest = new AuthGitlabRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "meituan" ->
- authRequest = new AuthMeituanRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "eleme" ->
- authRequest = new AuthElemeRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "wechat_mp" ->
- authRequest = new AuthWeChatMpRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- case "aliyun" ->
- authRequest = new AuthAliyunRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret)
- .redirectUri(redirectUri).build());
- default -> {
- }
+ private static final AuthRedisStateCache STATE_CACHE = SpringUtils.getBean(AuthRedisStateCache.class);
+
+ @SuppressWarnings("unchecked")
+ public static AuthResponse<AuthUser> loginAuth(String source, String code, String state, SocialProperties socialProperties) throws AuthException {
+ AuthRequest authRequest = getAuthRequest(source, socialProperties);
+ AuthCallback callback = new AuthCallback();
+ callback.setCode(code);
+ callback.setState(state);
+ return authRequest.login(callback);
+ }
+
+ public static AuthRequest getAuthRequest(String source, SocialProperties socialProperties) throws AuthException {
+ SocialLoginConfigProperties obj = socialProperties.getType().get(source);
+ if (ObjectUtil.isNull(obj)) {
+ throw new AuthException("涓嶆敮鎸佺殑绗笁鏂圭櫥褰曠被鍨�");
}
- if (null == authRequest) {
- throw new AuthException("鏈幏鍙栧埌鏈夋晥鐨凙uth閰嶇疆");
- }
- return authRequest;
+ AuthConfig.AuthConfigBuilder builder = AuthConfig.builder()
+ .clientId(obj.getClientId())
+ .clientSecret(obj.getClientSecret())
+ .redirectUri(obj.getRedirectUri())
+ .scopes(obj.getScopes());
+ return switch (source.toLowerCase()) {
+ case "dingtalk" -> new AuthDingTalkRequest(builder.build(), STATE_CACHE);
+ case "baidu" -> new AuthBaiduRequest(builder.build(), STATE_CACHE);
+ case "github" -> new AuthGithubRequest(builder.build(), STATE_CACHE);
+ case "gitee" -> new AuthGiteeRequest(builder.build(), STATE_CACHE);
+ case "weibo" -> new AuthWeiboRequest(builder.build(), STATE_CACHE);
+ case "coding" -> new AuthCodingRequest(builder.build(), STATE_CACHE);
+ case "oschina" -> new AuthOschinaRequest(builder.build(), STATE_CACHE);
+ // 鏀粯瀹濆湪鍒涘缓鍥炶皟鍦板潃鏃讹紝涓嶅厑璁镐娇鐢╨ocalhost鎴栬��127.0.0.1锛屾墍浠ヨ繖鍎跨殑鍥炶皟鍦板潃浣跨敤鐨勫眬鍩熺綉鍐呯殑ip
+ case "alipay_wallet" -> new AuthAlipayRequest(builder.build(), socialProperties.getType().get("alipay_wallet").getAlipayPublicKey(), STATE_CACHE);
+ case "qq" -> new AuthQqRequest(builder.build(), STATE_CACHE);
+ case "wechat_open" -> new AuthWeChatOpenRequest(builder.build(), STATE_CACHE);
+ case "taobao" -> new AuthTaobaoRequest(builder.build(), STATE_CACHE);
+ case "douyin" -> new AuthDouyinRequest(builder.build(), STATE_CACHE);
+ case "linkedin" -> new AuthLinkedinRequest(builder.build(), STATE_CACHE);
+ case "microsoft" -> new AuthMicrosoftRequest(builder.build(), STATE_CACHE);
+ case "renren" -> new AuthRenrenRequest(builder.build(), STATE_CACHE);
+ case "stack_overflow" -> new AuthStackOverflowRequest(builder.build(), STATE_CACHE);
+ case "huawei" -> new AuthHuaweiRequest(builder.build(), STATE_CACHE);
+ case "wechat_enterprise" -> new AuthWeChatEnterpriseQrcodeRequest(builder.build(), STATE_CACHE);
+ case "gitlab" -> new AuthGitlabRequest(builder.build(), STATE_CACHE);
+ case "wechat_mp" -> new AuthWeChatMpRequest(builder.build(), STATE_CACHE);
+ case "aliyun" -> new AuthAliyunRequest(builder.build(), STATE_CACHE);
+ case "maxkey" -> new AuthMaxKeyRequest(builder.build(), STATE_CACHE);
+ case "topiam" -> new AuthTopIamRequest(builder.build(), STATE_CACHE);
+ default -> throw new AuthException("鏈幏鍙栧埌鏈夋晥鐨凙uth閰嶇疆");
+ };
}
}
--
Gitblit v1.9.3