perf:请求时将通过getCurrentUserName()方法返回的对象检验用户是否非法

This commit is contained in:
曾文豪
2024-08-07 14:09:28 +08:00
parent bb38428708
commit 1ee4b4af30
27 changed files with 295 additions and 314 deletions

View File

@@ -5,30 +5,24 @@ import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.thread.ThreadUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.servlet.ServletUtil;
import cn.hutool.json.JSONUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.tiesheng.util.ServletKit;
import com.tiesheng.util.config.Ip2regionConfig;
import com.tiesheng.login.mapper.CoreLogLoginMapper;
import com.tiesheng.login.pojos.RequestUserInfo;
import com.tiesheng.util.exception.ApiException;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.util.service.TsServiceBase;
import com.tiesheng.web.mapper.CoreLogApiMapper;
import com.tiesheng.web.mapper.CoreLogLoginMapper;
import com.tiesheng.web.mapper.CoreLogOperationMapper;
import com.tiesheng.web.mapper.CoreLogProcessMapper;
import com.tiesheng.web.pojos.RequestUserInfo;
import com.tiesheng.web.pojos.dao.CoreLogLogin;
import com.tiesheng.web.pojos.dao.CoreLogOperation;
import com.tiesheng.web.pojos.dao.CoreLogProcess;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.web.pojos.vo.ProcessDetailVo;
import com.tiesheng.web.util.ProcessImportConsumer;
import com.tiesheng.web.util.ProcessSyncConsumer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
@@ -50,8 +44,6 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
@Autowired
CoreLogApiMapper coreLogApiMapper;
@Autowired
Ip2regionConfig ip2regionConfig;
@Autowired
CoreLogProcessMapper coreLogProcessMapper;
public CoreLogLoginMapper getLogLoginMapper() {
@@ -184,12 +176,12 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
*/
public void addOperationLog(TokenBean tokenBean, String title, String subject, Object params) {
RequestUserInfo requestUserInfo = null;
if (tokenBean != null && !StrUtil.isEmpty(tokenBean.getId())) {
requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);
if (tokenBean == null || StrUtil.isEmpty(tokenBean.getId())) {
return;
}
RequestUserInfo requestUserInfo = tieshengWebConfigurer.configureLogin().getCachedUserInfo(tokenBean);
if (requestUserInfo == null) {
requestUserInfo = new RequestUserInfo();
return;
}
CoreLogOperation operation = new CoreLogOperation();
@@ -210,34 +202,7 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
cacheOperations.clear();
}
}
}
///////////////////////////////////////////////////////////////////////////
// 登录日志
///////////////////////////////////////////////////////////////////////////
/**
* 添加登录日志
*
* @param platformUnique
* @param tokenBean
*/
public void addLoginLog(CorePlatformUnique platformUnique, TokenBean tokenBean) {
HttpServletRequest request = ServletKit.getRequest();
String ip = ServletUtil.getClientIP(request);
CoreLogLogin login = new CoreLogLogin();
login.setUserId(tokenBean.getId());
login.setPlatform(platformUnique.getPlatform());
RequestUserInfo requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);
login.setUserName(requestUserInfo.getName());
login.setIp(ip);
login.setAddress(ip2regionConfig.search(login.getIp()));
coreLogLoginMapper.insert(login);
}
}

View File

@@ -1,72 +0,0 @@
package com.tiesheng.web.service;
import cn.hutool.core.util.StrUtil;
import com.tiesheng.web.mapper.CorePlatformUniqueMapper;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.login.pojos.DoLoginInfo;
import com.tiesheng.login.service.TieshengLoginConfigurer;
import com.tiesheng.util.service.TsServiceBase;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;
/**
* @author hao
*/
@Service
public class CorePlatformUniqueService extends TsServiceBase<CorePlatformUniqueMapper, CorePlatformUnique> implements TieshengLoginConfigurer {
@Autowired
TieshengWebConfigurer tieshengWebConfigurer;
@Autowired
CoreLogService coreLogService;
@Override
@Transactional(rollbackFor = Exception.class)
public TokenBean doLogin(DoLoginInfo loginInfo) {
CorePlatformUnique platformUnique = getOneByColumn("unique_id", loginInfo.getUnique());
if (platformUnique == null) {
platformUnique = new CorePlatformUnique();
platformUnique.setAppId(loginInfo.getAppId());
platformUnique.setUniqueId(loginInfo.getUnique());
}
platformUnique.setPlatform(loginInfo.getPlatform());
platformUnique.setInfo(loginInfo.getInfo());
saveOrUpdate(platformUnique);
String oldUserId = platformUnique.getUserId();
TokenBean tokenBean = tieshengWebConfigurer.login(platformUnique);
if (tokenBean != null) {
// 添加登录日志
coreLogService.addLoginLog(platformUnique, tokenBean);
// 更新唯一值
if (!StrUtil.isEmpty(tokenBean.getId()) &&
!Objects.equals(oldUserId, tokenBean.getId())) {
platformUnique.setUserId(tokenBean.getId());
saveOrUpdate(platformUnique);
}
}
return tokenBean;
}
@Override
public void onLoginRedirect(TokenBean bean, String to, String extra, HttpServletResponse response) {
tieshengWebConfigurer.redirect(bean, to, extra, response);
}
@Override
public void onSignError(HttpServletResponse response) {
tieshengWebConfigurer.onSignError(response);
}
}

View File

@@ -1,33 +1,19 @@
package com.tiesheng.web.service;
import cn.hutool.log.LogFactory;
import com.tiesheng.web.pojos.RequestUserInfo;
import com.tiesheng.web.pojos.dao.CoreConfigSystem;
import com.tiesheng.web.pojos.dao.CorePlatformUnique;
import com.tiesheng.util.pojos.TokenBean;
import com.tiesheng.util.ServletKit;
import com.tiesheng.login.service.TsLoginConfigurer;
import com.tiesheng.util.exception.ApiRespEnum;
import com.tiesheng.util.pojos.ApiResp;
import com.tiesheng.web.pojos.dao.CoreConfigSystem;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletResponse;
/**
* WEB配置
* 核心配置
*
* @author hao
*/
public interface TieshengWebConfigurer {
/**
* 获取当前用户的姓名
*
* @return
*/
RequestUserInfo getCurrentUserName(TokenBean userId);
/**
* 添加其他异常处理
*
@@ -75,28 +61,16 @@ public interface TieshengWebConfigurer {
default void configSystemCheck(CoreConfigSystem configSystem) {
}
///////////////////////////////////////////////////////////////////////////
// 登录配置
///////////////////////////////////////////////////////////////////////////
/**
* 登录逻辑
* 登录配置
*
* @param platformUnique
* @return
*/
TokenBean login(CorePlatformUnique platformUnique);
TsLoginConfigurer configureLogin();
/**
* 登录重定向
*
* @param bean
* @param extra
* @param response
*/
void redirect(TokenBean bean, String to, String extra, HttpServletResponse response);
/**
* 签名错误的时候
*/
default void onSignError(HttpServletResponse response) {
ServletKit.write(response, "404", "text");
}
}