tieshengkeji/tiesheng-springboot
1
1
Fork 0
Code Pull Requests Actions Packages Releases Activity

perf:请求时将通过getCurrentUserName()方法返回的对象检验用户是否非法

Browse Source
This commit is contained in:
曾文豪
2024-08-07 14:09:28 +08:00
parent bb38428708
commit 1ee4b4af30
27 changed files with 295 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
springboot-web/src/main/java/com/tiesheng/web/EnableTieshengWeb.java
View File

@@ -2,8 +2,8 @@ package com.tiesheng.web;
import com.tiesheng.database.DatabaseAutoConfigurer;
import com.tiesheng.encrypt.EncryptAutoConfigurer;
import com.tiesheng.login.LoginAutoConfigurer;
import com.tiesheng.message.MessageAutoConfigurer;
import com.tiesheng.platform.PlatformAutoConfigurer;
import com.tiesheng.util.UtilAutoConfigurer;
import com.tiesheng.web.service.TieshengWebConfigurer;
import org.springframework.context.annotation.Import;
@@ -20,9 +20,9 @@ import java.lang.annotation.*;
UtilAutoConfigurer.class,
MessageAutoConfigurer.class,
WebAutoConfigurer.class,
LoginAutoConfigurer.class,
DatabaseAutoConfigurer.class,
EncryptAutoConfigurer.class,
PlatformAutoConfigurer.class,
})
public @interface EnableTieshengWeb {

3
springboot-web/src/main/java/com/tiesheng/web/WebAutoConfigurer.java
View File

@@ -10,7 +10,8 @@ import org.springframework.context.annotation.ComponentScan;
@ComponentScan({
"com.tiesheng.web.**.*",
"com.tiesheng.role.**.*",
"com.tiesheng.login.**.*",
})
@MapperScan(value = {"com.tiesheng.web.mapper", "com.tiesheng.role.mapper"})
@MapperScan(value = {"com.tiesheng.web.mapper", "com.tiesheng.role.mapper", "com.tiesheng.login.mapper"})
public class WebAutoConfigurer {
}

2
springboot-web/src/main/java/com/tiesheng/web/controller/LogController.java
View File

@@ -6,7 +6,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.tiesheng.util.pojos.ApiResp;
import com.tiesheng.util.pojos.PageDTO;
import com.tiesheng.web.pojos.dao.CoreLogApi;
import com.tiesheng.web.pojos.dao.CoreLogLogin;
import com.tiesheng.login.pojos.dao.CoreLogLogin;
import com.tiesheng.web.pojos.dao.CoreLogOperation;
import com.tiesheng.web.pojos.dao.CoreLogProcess;
import com.tiesheng.web.pojos.vo.ProcessDetailVo;

7
springboot-web/src/main/java/com/tiesheng/web/mapper/CoreLogLoginMapper.java
View File

@@ -1,7 +0,0 @@
package com.tiesheng.web.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.tiesheng.web.pojos.dao.CoreLogLogin;
public interface CoreLogLoginMapper extends BaseMapper<CoreLogLogin> {
}

7
springboot-web/src/main/java/com/tiesheng/web/mapper/CorePlatformUniqueMapper.java
View File

@@ -1,7 +0,0 @@
package com.tiesheng.web.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
public interface CorePlatformUniqueMapper extends BaseMapper<CorePlatformUnique> {
}

41
springboot-web/src/main/java/com/tiesheng/web/pojos/RequestUserInfo.java
View File

@@ -1,41 +0,0 @@
package com.tiesheng.web.pojos;
/**
* 当前token的数据
*
* @author hao
*/
public class RequestUserInfo {
private String id;
private String name;
private Object data;
///////////////////////////////////////////////////////////////////////////
// setter\getter
///////////////////////////////////////////////////////////////////////////
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Object getData() {
return data;
}
public void setData(Object data) {
this.data = data;
}
}

111
springboot-web/src/main/java/com/tiesheng/web/pojos/dao/CoreLogLogin.java
View File

@@ -1,111 +0,0 @@
package com.tiesheng.web.pojos.dao;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableName;
import com.tiesheng.util.pojos.DaoBase;
/**
* 日志-登录
*/
@TableName(value = "core_log_login")
public class CoreLogLogin extends DaoBase {
/**
* 用户id
*/
@TableField(value = "user_id")
private String userId;
/**
* 用户id
*/
@TableField(value = "user_name")
private String userName;
/**
* ip
*/
@TableField(value = "platform")
private String platform;
/**
* ip
*/
@TableField(value = "ip")
private String ip;
/**
* ip地址
*/
@TableField(value = "address")
private String address;
/**
* 获取用户id
*
* @return user_id - 用户id
*/
public String getUserId() {
return userId;
}
/**
* 设置用户id
*
* @param userId 用户id
*/
public void setUserId(String userId) {
this.userId = userId;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPlatform() {
return platform;
}
public void setPlatform(String platform) {
this.platform = platform;
}
/**
* 获取ip
*
* @return ip - ip
*/
public String getIp() {
return ip;
}
/**
* 设置ip
*
* @param ip ip
*/
public void setIp(String ip) {
this.ip = ip;
}
/**
* 获取ip地址
*
* @return address - ip地址
*/
public String getAddress() {
return address;
}
/**
* 设置ip地址
*
* @param address ip地址
*/
public void setAddress(String address) {
this.address = address;
}
}

131
springboot-web/src/main/java/com/tiesheng/web/pojos/dao/CorePlatformUnique.java
View File

@@ -1,131 +0,0 @@
package com.tiesheng.web.pojos.dao;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableName;
import com.tiesheng.util.pojos.DaoBase;
/**
* 平台-唯一值
*/
@TableName(value = "core_platform_unique")
public class CorePlatformUnique extends DaoBase {
/**
* 用户id
*/
@TableField(value = "user_id")
private String userId;
/**
* appId
*/
@TableField(value = "app_id")
private String appId;
/**
* 唯一值
*/
@TableField(value = "unique_id")
private String uniqueId;
/**
* 平台
*/
@TableField(value = "platform")
private String platform;
/**
* 其他参数
*/
@TableField(value = "info")
private String info;
/**
* 获取用户id
*
* @return user_id - 用户id
*/
public String getUserId() {
return userId;
}
/**
* 设置用户id
*
* @param userId 用户id
*/
public void setUserId(String userId) {
this.userId = userId;
}
/**
* 获取appId
*
* @return app_id - appId
*/
public String getAppId() {
return appId;
}
/**
* 设置appId
*
* @param appId appId
*/
public void setAppId(String appId) {
this.appId = appId;
}
/**
* 获取唯一值
*
* @return unique_id - 唯一值
*/
public String getUniqueId() {
return uniqueId;
}
/**
* 设置唯一值
*
* @param uniqueId 唯一值
*/
public void setUniqueId(String uniqueId) {
this.uniqueId = uniqueId;
}
/**
* 获取平台
*
* @return platform - 平台
*/
public String getPlatform() {
return platform;
}
/**
* 设置平台
*
* @param platform 平台
*/
public void setPlatform(String platform) {
this.platform = platform;
}
/**
* 获取其他参数
*
* @return info - 其他参数
*/
public String getInfo() {
return info;
}
/**
* 设置其他参数
*
* @param info 其他参数
*/
public void setInfo(String info) {
this.info = info;
}
}

47
springboot-web/src/main/java/com/tiesheng/web/service/CoreLogService.java
View File

@@ -5,30 +5,24 @@ import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.thread.ThreadUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.servlet.ServletUtil;
import cn.hutool.json.JSONUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.tiesheng.util.ServletKit;
import com.tiesheng.util.config.Ip2regionConfig;
import com.tiesheng.login.mapper.CoreLogLoginMapper;
import com.tiesheng.login.pojos.RequestUserInfo;
import com.tiesheng.util.exception.ApiException;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.util.service.TsServiceBase;
import com.tiesheng.web.mapper.CoreLogApiMapper;
import com.tiesheng.web.mapper.CoreLogLoginMapper;
import com.tiesheng.web.mapper.CoreLogOperationMapper;
import com.tiesheng.web.mapper.CoreLogProcessMapper;
import com.tiesheng.web.pojos.RequestUserInfo;
import com.tiesheng.web.pojos.dao.CoreLogLogin;
import com.tiesheng.web.pojos.dao.CoreLogOperation;
import com.tiesheng.web.pojos.dao.CoreLogProcess;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.web.pojos.vo.ProcessDetailVo;
import com.tiesheng.web.util.ProcessImportConsumer;
import com.tiesheng.web.util.ProcessSyncConsumer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
@@ -50,8 +44,6 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
@Autowired
CoreLogApiMapper coreLogApiMapper;
@Autowired
Ip2regionConfig ip2regionConfig;
@Autowired
CoreLogProcessMapper coreLogProcessMapper;
public CoreLogLoginMapper getLogLoginMapper() {
@@ -184,12 +176,12 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
*/
public void addOperationLog(TokenBean tokenBean, String title, String subject, Object params) {
RequestUserInfo requestUserInfo = null;
if (tokenBean != null && !StrUtil.isEmpty(tokenBean.getId())) {
requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);
if (tokenBean == null || StrUtil.isEmpty(tokenBean.getId())) {
return;
}
RequestUserInfo requestUserInfo = tieshengWebConfigurer.configureLogin().getCachedUserInfo(tokenBean);
if (requestUserInfo == null) {
requestUserInfo = new RequestUserInfo();
return;
}
CoreLogOperation operation = new CoreLogOperation();
@@ -210,34 +202,7 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
cacheOperations.clear();
}
}
}
///////////////////////////////////////////////////////////////////////////
// 登录日志
///////////////////////////////////////////////////////////////////////////
/**
* 添加登录日志
*
* @param platformUnique
* @param tokenBean
*/
public void addLoginLog(CorePlatformUnique platformUnique, TokenBean tokenBean) {
HttpServletRequest request = ServletKit.getRequest();
String ip = ServletUtil.getClientIP(request);
CoreLogLogin login = new CoreLogLogin();
login.setUserId(tokenBean.getId());
login.setPlatform(platformUnique.getPlatform());
RequestUserInfo requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);
login.setUserName(requestUserInfo.getName());
login.setIp(ip);
login.setAddress(ip2regionConfig.search(login.getIp()));
coreLogLoginMapper.insert(login);
}
}

72
springboot-web/src/main/java/com/tiesheng/web/service/CorePlatformUniqueService.java
View File

@@ -1,72 +0,0 @@
package com.tiesheng.web.service;
import cn.hutool.core.util.StrUtil;
import com.tiesheng.web.mapper.CorePlatformUniqueMapper;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.login.pojos.DoLoginInfo;
import com.tiesheng.login.service.TieshengLoginConfigurer;
import com.tiesheng.util.service.TsServiceBase;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;
/**
* @author hao
*/
@Service
public class CorePlatformUniqueService extends TsServiceBase<CorePlatformUniqueMapper, CorePlatformUnique> implements TieshengLoginConfigurer {
@Autowired
TieshengWebConfigurer tieshengWebConfigurer;
@Autowired
CoreLogService coreLogService;
@Override
@Transactional(rollbackFor = Exception.class)
public TokenBean doLogin(DoLoginInfo loginInfo) {
CorePlatformUnique platformUnique = getOneByColumn("unique_id", loginInfo.getUnique());
if (platformUnique == null) {
platformUnique = new CorePlatformUnique();
platformUnique.setAppId(loginInfo.getAppId());
platformUnique.setUniqueId(loginInfo.getUnique());
}
platformUnique.setPlatform(loginInfo.getPlatform());
platformUnique.setInfo(loginInfo.getInfo());
saveOrUpdate(platformUnique);
String oldUserId = platformUnique.getUserId();
TokenBean tokenBean = tieshengWebConfigurer.login(platformUnique);
if (tokenBean != null) {
// 添加登录日志
coreLogService.addLoginLog(platformUnique, tokenBean);
// 更新唯一值
if (!StrUtil.isEmpty(tokenBean.getId()) &&
!Objects.equals(oldUserId, tokenBean.getId())) {
platformUnique.setUserId(tokenBean.getId());
saveOrUpdate(platformUnique);
}
}
return tokenBean;
}
@Override
public void onLoginRedirect(TokenBean bean, String to, String extra, HttpServletResponse response) {
tieshengWebConfigurer.redirect(bean, to, extra, response);
}
@Override
public void onSignError(HttpServletResponse response) {
tieshengWebConfigurer.onSignError(response);
}
}

44
springboot-web/src/main/java/com/tiesheng/web/service/TieshengWebConfigurer.java
View File

@@ -1,33 +1,19 @@
package com.tiesheng.web.service;
import cn.hutool.log.LogFactory;
import com.tiesheng.web.pojos.RequestUserInfo;
import com.tiesheng.web.pojos.dao.CoreConfigSystem;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.util.ServletKit;
import com.tiesheng.login.service.TsLoginConfigurer;
import com.tiesheng.util.exception.ApiRespEnum;
import com.tiesheng.util.pojos.ApiResp;
import com.tiesheng.web.pojos.dao.CoreConfigSystem;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletResponse;
/**
* WEB配置
* 核心配置
*
* @author hao
*/
public interface TieshengWebConfigurer {
/**
* 获取当前用户的姓名
*
* @return
*/
RequestUserInfo getCurrentUserName(TokenBean userId);
/**
* 添加其他异常处理
*
@@ -75,28 +61,16 @@ public interface TieshengWebConfigurer {
default void configSystemCheck(CoreConfigSystem configSystem) {
}
///////////////////////////////////////////////////////////////////////////
// 登录配置
///////////////////////////////////////////////////////////////////////////
/**
* 登录逻辑
* 登录配置
*
* @param platformUnique
* @return
*/
TokenBean login(CorePlatformUnique platformUnique);
TsLoginConfigurer configureLogin();
/**
* 登录重定向
*
* @param bean
* @param extra
* @param response
*/
void redirect(TokenBean bean, String to, String extra, HttpServletResponse response);
/**
* 签名错误的时候
*/
default void onSignError(HttpServletResponse response) {
ServletKit.write(response, "404", "text");
}
}