/*
|
Copyright [2020] [https://www.xiaonuo.vip]
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
you may not use this file except in compliance with the License.
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
distributed under the License is distributed on an "AS IS" BASIS,
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
See the License for the specific language governing permissions and
|
limitations under the License.
|
|
Snowy采用APACHE LICENSE 2.0开源协议,您在使用过程中,需要注意以下几点:
|
|
1.请不要删除和修改根目录下的LICENSE文件。
|
2.请不要删除和修改Snowy源码头部的版权声明。
|
3.请保留源码和相关描述文件的项目出处,作者声明等。
|
4.分发源码时候,请注明软件出处 https://gitee.com/xiaonuobase/snowy
|
5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/xiaonuobase/snowy
|
6.若您的项目无法满足以上几点,可申请商业授权,获取Snowy商业授权许可,请在官网购买授权,地址为 https://www.xiaonuo.vip
|
*/
|
package vip.xiaonuo.sys.modular.auth.service.impl;
|
|
import cn.hutool.core.bean.BeanUtil;
|
import cn.hutool.core.convert.Convert;
|
import cn.hutool.core.date.DateTime;
|
import cn.hutool.core.util.ObjectUtil;
|
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.extra.spring.SpringUtil;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.stereotype.Service;
|
import org.springframework.web.context.request.RequestContextHolder;
|
import org.springframework.web.context.request.ServletRequestAttributes;
|
import vip.xiaonuo.core.consts.CommonConstant;
|
import vip.xiaonuo.core.context.constant.ConstantContextHolder;
|
import vip.xiaonuo.core.dbs.CurrentDataSourceContext;
|
import vip.xiaonuo.core.enums.CommonStatusEnum;
|
import vip.xiaonuo.core.exception.AuthException;
|
import vip.xiaonuo.core.exception.ServiceException;
|
import vip.xiaonuo.core.exception.enums.AuthExceptionEnum;
|
import vip.xiaonuo.core.exception.enums.ServerExceptionEnum;
|
import vip.xiaonuo.core.pojo.login.SysLoginUser;
|
import vip.xiaonuo.core.tenant.context.TenantCodeHolder;
|
import vip.xiaonuo.core.tenant.context.TenantDbNameHolder;
|
import vip.xiaonuo.core.tenant.entity.TenantInfo;
|
import vip.xiaonuo.core.tenant.exception.TenantException;
|
import vip.xiaonuo.core.tenant.exception.enums.TenantExceptionEnum;
|
import vip.xiaonuo.core.tenant.service.TenantInfoService;
|
import vip.xiaonuo.core.util.CryptogramUtil;
|
import vip.xiaonuo.core.util.HttpServletUtil;
|
import vip.xiaonuo.core.util.IpAddressUtil;
|
import vip.xiaonuo.sys.core.cache.UserCache;
|
import vip.xiaonuo.sys.core.enums.LogSuccessStatusEnum;
|
import vip.xiaonuo.sys.core.jwt.JwtPayLoad;
|
import vip.xiaonuo.sys.core.jwt.JwtTokenUtil;
|
import vip.xiaonuo.sys.core.log.LogManager;
|
import vip.xiaonuo.sys.modular.auth.factory.LoginUserFactory;
|
import vip.xiaonuo.sys.modular.auth.service.AuthService;
|
import vip.xiaonuo.sys.modular.user.entity.SysUser;
|
import vip.xiaonuo.sys.modular.user.service.SysUserService;
|
|
import javax.annotation.Resource;
|
import javax.servlet.http.HttpServletRequest;
|
import java.util.Map;
|
|
/**
|
* 认证相关service实现类
|
*
|
* @author xuyuxiang
|
* @date 2020/3/11 16:58
|
*/
|
@Service
|
public class AuthServiceImpl implements AuthService, UserDetailsService {
|
|
@Resource
|
private SysUserService sysUserService;
|
|
@Resource
|
private UserCache userCache;
|
|
@Override
|
public String login(String account, String password) {
|
|
if (ObjectUtil.hasEmpty(account, password)) {
|
LogManager.me().executeLoginLog(account, LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.ACCOUNT_PWD_EMPTY.getMessage());
|
throw new AuthException(AuthExceptionEnum.ACCOUNT_PWD_EMPTY);
|
}
|
|
SysUser sysUser = sysUserService.getUserByCount(account);
|
|
//用户不存在,账号或密码错误
|
if (ObjectUtil.isEmpty(sysUser)) {
|
LogManager.me().executeLoginLog(account, LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.ACCOUNT_PWD_ERROR.getMessage());
|
throw new AuthException(AuthExceptionEnum.ACCOUNT_PWD_ERROR);
|
}
|
|
String passwordHashValue = sysUser.getPwdHashValue();
|
|
// 解密密码(这里是前端传来的,如果不需要可将其干掉,这里不做开关)
|
password = CryptogramUtil.doSm2Decrypt(password);
|
|
//验证账号密码是否正确
|
if (ObjectUtil.isEmpty(passwordHashValue) || !passwordHashValue.equals(CryptogramUtil.doHashValue(password))) {
|
LogManager.me().executeLoginLog(sysUser.getAccount(), LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.ACCOUNT_PWD_ERROR.getMessage());
|
throw new AuthException(AuthExceptionEnum.ACCOUNT_PWD_ERROR);
|
}
|
|
return doLogin(sysUser);
|
}
|
|
@Override
|
public String doLogin(SysUser sysUser) {
|
|
Integer sysUserStatus = sysUser.getStatus();
|
|
//验证账号是否被冻结
|
if (CommonStatusEnum.DISABLE.getCode().equals(sysUserStatus)) {
|
LogManager.me().executeLoginLog(sysUser.getAccount(), LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.ACCOUNT_FREEZE_ERROR.getMessage());
|
throw new AuthException(AuthExceptionEnum.ACCOUNT_FREEZE_ERROR);
|
}
|
|
//构造SysLoginUser
|
SysLoginUser sysLoginUser = this.genSysLoginUser(sysUser);
|
|
//构造jwtPayLoad
|
JwtPayLoad jwtPayLoad = new JwtPayLoad(sysUser.getId(), sysUser.getAccount());
|
|
//生成token
|
String token = JwtTokenUtil.generateToken(jwtPayLoad);
|
|
//缓存token与登录用户信息对应, 默认2个小时
|
this.cacheLoginUser(jwtPayLoad, sysLoginUser);
|
|
//设置最后登录ip和时间
|
sysUser.setLastLoginIp(IpAddressUtil.getIp(HttpServletUtil.getRequest()));
|
sysUser.setLastLoginTime(DateTime.now());
|
|
//更新用户登录信息
|
sysUserService.updateById(sysUser);
|
|
//登录成功,记录登录日志
|
LogManager.me().executeLoginLog(sysUser.getAccount(), LogSuccessStatusEnum.SUCCESS.getCode(), null);
|
|
//登录成功,设置SpringSecurityContext上下文,方便获取用户
|
this.setSpringSecurityContextAuthentication(sysLoginUser);
|
|
//如果开启限制单用户登陆,则踢掉原来的用户
|
Boolean enableSingleLogin = ConstantContextHolder.getEnableSingleLogin();
|
if (enableSingleLogin) {
|
|
//获取所有的登陆用户
|
Map<String, SysLoginUser> allLoginUsers = userCache.getAllKeyValues();
|
for (Map.Entry<String, SysLoginUser> loginedUserEntry : allLoginUsers.entrySet()) {
|
|
String loginedUserKey = loginedUserEntry.getKey();
|
SysLoginUser loginedUser = loginedUserEntry.getValue();
|
|
//如果账号名称相同,并且redis缓存key和刚刚生成的用户的uuid不一样,则清除以前登录的
|
if (loginedUser.getName().equals(sysUser.getName())
|
&& !loginedUserKey.equals(jwtPayLoad.getUuid())) {
|
this.clearUser(loginedUserKey, loginedUser.getAccount());
|
}
|
}
|
}
|
|
//返回token
|
return token;
|
}
|
|
@Override
|
public String getTokenFromRequest(HttpServletRequest request) {
|
String authToken = request.getHeader(CommonConstant.AUTHORIZATION);
|
if (ObjectUtil.isEmpty(authToken) || CommonConstant.UNDEFINED.equals(authToken)) {
|
return null;
|
} else {
|
//token不是以Bearer打头,则响应回格式不正确
|
if (!authToken.startsWith(CommonConstant.TOKEN_TYPE_BEARER)) {
|
throw new AuthException(AuthExceptionEnum.NOT_VALID_TOKEN_TYPE);
|
}
|
try {
|
authToken = authToken.substring(CommonConstant.TOKEN_TYPE_BEARER.length() + 1);
|
} catch (StringIndexOutOfBoundsException e) {
|
throw new AuthException(AuthExceptionEnum.NOT_VALID_TOKEN_TYPE);
|
}
|
// 判断是否开启了加密
|
if (ConstantContextHolder.getCryptogramConfigs().getTokenEncDec()) {
|
// 解密token
|
authToken = CryptogramUtil.doDecrypt(authToken);
|
}
|
}
|
|
return authToken;
|
}
|
|
@Override
|
public SysLoginUser getLoginUserByToken(String token) {
|
|
//校验token,错误则抛异常
|
this.checkToken(token);
|
|
//根据token获取JwtPayLoad部分
|
JwtPayLoad jwtPayLoad = JwtTokenUtil.getJwtPayLoad(token);
|
|
//从redis缓存中获取登录用户
|
Object cacheObject = userCache.get(jwtPayLoad.getUuid());
|
|
//用户不存在则表示登录已过期
|
if (ObjectUtil.isEmpty(cacheObject)) {
|
throw new AuthException(AuthExceptionEnum.LOGIN_EXPIRED);
|
}
|
|
//转换成登录用户
|
SysLoginUser sysLoginUser = (SysLoginUser) cacheObject;
|
|
//用户存在, 无痛刷新缓存,在登录过期前活动的用户自动刷新缓存时间
|
this.cacheLoginUser(jwtPayLoad, sysLoginUser);
|
|
//返回用户
|
return sysLoginUser;
|
}
|
|
@Override
|
public void logout() {
|
|
HttpServletRequest request = HttpServletUtil.getRequest();
|
|
if (ObjectUtil.isNotNull(request)) {
|
|
//获取token
|
String token = this.getTokenFromRequest(request);
|
|
//如果token为空直接返回
|
if (ObjectUtil.isEmpty(token)) {
|
return;
|
}
|
|
//校验token,错误则抛异常,待确定
|
this.checkToken(token);
|
|
//根据token获取JwtPayLoad部分
|
JwtPayLoad jwtPayLoad = JwtTokenUtil.getJwtPayLoad(token);
|
|
//获取缓存的key
|
String loginUserCacheKey = jwtPayLoad.getUuid();
|
this.clearUser(loginUserCacheKey, jwtPayLoad.getAccount());
|
|
} else {
|
throw new ServiceException(ServerExceptionEnum.REQUEST_EMPTY);
|
}
|
}
|
|
@Override
|
public void setSpringSecurityContextAuthentication(SysLoginUser sysLoginUser) {
|
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
|
new UsernamePasswordAuthenticationToken(
|
sysLoginUser,
|
null,
|
sysLoginUser.getAuthorities());
|
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
|
}
|
|
@Override
|
public Authentication getAuthentication() {
|
return SecurityContextHolder.getContext().getAuthentication();
|
}
|
|
@Override
|
public void checkToken(String token) {
|
//校验token是否正确
|
Boolean tokenCorrect = JwtTokenUtil.checkToken(token);
|
if (!tokenCorrect) {
|
throw new AuthException(AuthExceptionEnum.REQUEST_TOKEN_ERROR);
|
}
|
|
//校验token是否失效
|
Boolean tokenExpired = JwtTokenUtil.isTokenExpired(token);
|
if (tokenExpired) {
|
throw new AuthException(AuthExceptionEnum.LOGIN_EXPIRED);
|
}
|
}
|
|
@Override
|
public void cacheTenantInfo(String tenantCode) {
|
if (StrUtil.isBlank(tenantCode)) {
|
return;
|
}
|
|
// 从spring容器中获取service,如果没开多租户功能,没引入相关包,这里会报错
|
TenantInfoService tenantInfoService = null;
|
try {
|
tenantInfoService = SpringUtil.getBean(TenantInfoService.class);
|
} catch (Exception e) {
|
throw new TenantException(TenantExceptionEnum.TENANT_MODULE_NOT_ENABLE_ERROR);
|
}
|
|
// 获取租户信息
|
TenantInfo tenantInfo = tenantInfoService.getByCode(tenantCode);
|
if (tenantInfo != null) {
|
String dbName = tenantInfo.getDbName();
|
|
// 租户编码的临时存放
|
TenantCodeHolder.put(tenantCode);
|
|
// 租户的数据库名称临时缓存
|
TenantDbNameHolder.put(dbName);
|
|
// 数据源信息临时缓存
|
CurrentDataSourceContext.setDataSourceType(dbName);
|
} else {
|
throw new TenantException(TenantExceptionEnum.CNAT_FIND_TENANT_ERROR);
|
}
|
}
|
|
@Override
|
public SysLoginUser loadUserByUsername(String account) throws UsernameNotFoundException {
|
SysLoginUser sysLoginUser = new SysLoginUser();
|
SysUser user = sysUserService.getUserByCount(account);
|
BeanUtil.copyProperties(user, sysLoginUser);
|
return sysLoginUser;
|
}
|
|
/**
|
* 根据key清空登陆信息
|
*
|
* @author xuyuxiang
|
* @date 2020/6/19 12:28
|
*/
|
private void clearUser(String loginUserKey, String account) {
|
//获取缓存的用户
|
Object cacheObject = userCache.get(loginUserKey);
|
|
//如果缓存的用户存在,清除会话,否则表示该会话信息已失效,不执行任何操作
|
if (ObjectUtil.isNotEmpty(cacheObject)) {
|
//清除登录会话
|
userCache.remove(loginUserKey);
|
//创建退出登录日志
|
LogManager.me().executeExitLog(account);
|
}
|
}
|
|
/**
|
* 构造登录用户信息
|
*
|
* @author xuyuxiang
|
* @date 2020/3/12 17:32
|
*/
|
@Override
|
public SysLoginUser genSysLoginUser(SysUser sysUser) {
|
SysLoginUser sysLoginUser = new SysLoginUser();
|
BeanUtil.copyProperties(sysUser, sysLoginUser);
|
LoginUserFactory.fillLoginUserInfo(sysLoginUser);
|
return sysLoginUser;
|
}
|
|
/**
|
* 缓存token与登录用户信息对应, 默认2个小时
|
*
|
* @author xuyuxiang
|
* @date 2020/3/13 14:51
|
*/
|
private void cacheLoginUser(JwtPayLoad jwtPayLoad, SysLoginUser sysLoginUser) {
|
String redisLoginUserKey = jwtPayLoad.getUuid();
|
userCache.put(redisLoginUserKey, sysLoginUser, Convert.toLong(ConstantContextHolder.getSessionTokenExpireSec()));
|
}
|
|
@Override
|
public void refreshUserDataScope(Long orgId) {
|
// request获取到token
|
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
|
String token = this.getTokenFromRequest(request);
|
SysLoginUser sysLoginUser = this.getLoginUserByToken(token);
|
sysLoginUser.getDataScopes().add(orgId);
|
this.cacheLoginUser(JwtTokenUtil.getJwtPayLoad(token), sysLoginUser);
|
}
|
}
|
