Merge branch 'master' of https://gitee.com/beijing_hongye_huicheng/lilishop
This commit is contained in:
pikachu1995@126.com
commit
013e8f8f70
@ -2,6 +2,7 @@ package cn.lili.common.security;
|
||||
|
||||
import cn.lili.common.security.enums.UserEnums;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@ -13,6 +14,7 @@ import java.io.Serializable;
|
||||
@Data
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
@Builder
|
||||
public class AuthUser implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 582441893336003319L;
|
||||
@ -84,22 +86,5 @@ public class AuthUser implements Serializable {
|
||||
this.nickName = nickName;
|
||||
}
|
||||
|
||||
public AuthUser(String username, String id, String face, UserEnums manager, String nickName, Boolean isSuper) {
|
||||
this.username = username;
|
||||
this.id = id;
|
||||
this.face = face;
|
||||
this.role = manager;
|
||||
this.isSuper = isSuper;
|
||||
this.nickName = nickName;
|
||||
}
|
||||
|
||||
public AuthUser(String username, String id, UserEnums manager, String nickName, Boolean isSuper, String clerkId, String face) {
|
||||
this.username = username;
|
||||
this.id = id;
|
||||
this.role = manager;
|
||||
this.isSuper = isSuper;
|
||||
this.nickName = nickName;
|
||||
this.clerkId = clerkId;
|
||||
this.face = face;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,10 +4,10 @@ import cn.lili.cache.Cache;
|
||||
import cn.lili.cache.CachePrefix;
|
||||
import cn.lili.common.enums.ResultCode;
|
||||
import cn.lili.common.exception.ServiceException;
|
||||
import cn.lili.common.properties.JWTTokenProperties;
|
||||
import cn.lili.common.security.AuthUser;
|
||||
import cn.lili.common.security.enums.SecurityEnum;
|
||||
import cn.lili.common.security.enums.UserEnums;
|
||||
import cn.lili.common.properties.JWTTokenProperties;
|
||||
import com.google.gson.Gson;
|
||||
import io.jsonwebtoken.*;
|
||||
import io.jsonwebtoken.security.SignatureException;
|
||||
@ -34,24 +34,21 @@ public class TokenUtil {
|
||||
/**
|
||||
* 构建token
|
||||
*
|
||||
* @param username 主体
|
||||
* @param claim 私有声明
|
||||
* @param longTerm 长时间特殊token 如:移动端,微信小程序等
|
||||
* @param userEnums 用户枚举
|
||||
* @param authUser 私有声明
|
||||
* @return TOKEN
|
||||
*/
|
||||
public Token createToken(String username, Object claim, boolean longTerm, UserEnums userEnums) {
|
||||
public Token createToken(AuthUser authUser) {
|
||||
Token token = new Token();
|
||||
//访问token
|
||||
String accessToken = createToken(username, claim, tokenProperties.getTokenExpireTime());
|
||||
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
|
||||
|
||||
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1,
|
||||
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken, 1,
|
||||
tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
||||
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
||||
Long expireTime = longTerm ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
|
||||
String refreshToken = createToken(username, claim, expireTime);
|
||||
Long expireTime = authUser.getLongTerm() ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
|
||||
String refreshToken = createToken(authUser, expireTime);
|
||||
|
||||
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
|
||||
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
|
||||
|
||||
token.setAccessToken(accessToken);
|
||||
token.setRefreshToken(refreshToken);
|
||||
@ -62,17 +59,17 @@ public class TokenUtil {
|
||||
* 刷新token
|
||||
*
|
||||
* @param oldRefreshToken 刷新token
|
||||
* @param userEnums 用户枚举
|
||||
* @return token
|
||||
*/
|
||||
public Token refreshToken(String oldRefreshToken, UserEnums userEnums) {
|
||||
public Token refreshToken(String oldRefreshToken) {
|
||||
|
||||
Claims claims;
|
||||
try {
|
||||
claims = Jwts.parser()
|
||||
.setSigningKey(SecretKeyUtil.generalKeyByDecoders())
|
||||
.parseClaimsJws(oldRefreshToken).getBody();
|
||||
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
|
||||
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException |
|
||||
IllegalArgumentException e) {
|
||||
//token 过期 认证失败等
|
||||
throw new ServiceException(ResultCode.USER_AUTH_EXPIRED);
|
||||
}
|
||||
@ -80,7 +77,7 @@ public class TokenUtil {
|
||||
//获取存储在claims中的用户信息
|
||||
String json = claims.get(SecurityEnum.USER_CONTEXT.getValue()).toString();
|
||||
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
|
||||
|
||||
UserEnums userEnums = authUser.getRole();
|
||||
|
||||
String username = authUser.getUsername();
|
||||
//获取是否长期有效的token
|
||||
@ -91,17 +88,18 @@ public class TokenUtil {
|
||||
if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) {
|
||||
Token token = new Token();
|
||||
//访问token
|
||||
String accessToken = createToken(username, authUser, tokenProperties.getTokenExpireTime());
|
||||
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
|
||||
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
||||
|
||||
//如果是信任登录设备,则刷新token长度继续延长
|
||||
Long expirationTime = tokenProperties.getTokenExpireTime() * 2;
|
||||
if (longTerm) {
|
||||
expirationTime = 60 * 24 * 15L;
|
||||
authUser.setLongTerm(true);
|
||||
}
|
||||
|
||||
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
||||
String refreshToken = createToken(username, authUser, expirationTime);
|
||||
String refreshToken = createToken(authUser, expirationTime);
|
||||
|
||||
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
|
||||
token.setAccessToken(accessToken);
|
||||
@ -117,18 +115,17 @@ public class TokenUtil {
|
||||
/**
|
||||
* 生成token
|
||||
*
|
||||
* @param username 主体
|
||||
* @param claim 私有神明内容
|
||||
* @param authUser jwt主体对象
|
||||
* @param expirationTime 过期时间(分钟)
|
||||
* @return token字符串
|
||||
*/
|
||||
private String createToken(String username, Object claim, Long expirationTime) {
|
||||
private String createToken(AuthUser authUser, Long expirationTime) {
|
||||
//JWT 生成
|
||||
return Jwts.builder()
|
||||
//jwt 私有声明
|
||||
.claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(claim))
|
||||
.claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(authUser))
|
||||
//JWT的主体
|
||||
.setSubject(username)
|
||||
.setSubject(authUser.getUsername())
|
||||
//失效时间 当前时间+过期分钟
|
||||
.setExpiration(new Date(System.currentTimeMillis() + expirationTime * 60 * 1000))
|
||||
//签名算法和密钥
|
||||
|
||||
@ -23,20 +23,23 @@ public class SeatTokenGenerate extends AbstractTokenGenerate<Seat> {
|
||||
|
||||
@Override
|
||||
public Token createToken(Seat seat, Boolean longTerm) {
|
||||
AuthUser authUser = new AuthUser(
|
||||
seat.getUsername(),
|
||||
seat.getId(),
|
||||
seat.getNickName(),
|
||||
seat.getFace(),
|
||||
UserEnums.SEAT);
|
||||
authUser.setTenantId(seat.getTenantId());
|
||||
AuthUser authUser = AuthUser.builder()
|
||||
.username(seat.getUsername())
|
||||
.id(seat.getId())
|
||||
.nickName(seat.getNickName())
|
||||
.face(seat.getFace())
|
||||
.role(UserEnums.SEAT)
|
||||
.longTerm(longTerm)
|
||||
.tenantId(seat.getTenantId())
|
||||
.build();
|
||||
|
||||
//登陆成功生成token
|
||||
return tokenUtil.createToken(seat.getUsername(), authUser, longTerm, UserEnums.SEAT);
|
||||
return tokenUtil.createToken(authUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token refreshToken(String refreshToken) {
|
||||
return tokenUtil.refreshToken(refreshToken, UserEnums.SEAT);
|
||||
return tokenUtil.refreshToken(refreshToken);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -57,14 +57,21 @@ public class MemberTokenGenerate extends AbstractTokenGenerate<Member> {
|
||||
String destination = rocketmqCustomProperties.getMemberTopic() + ":" + MemberTagsEnum.MEMBER_LOGIN.name();
|
||||
rocketMQTemplate.asyncSend(destination, member, RocketmqSendCallbackBuilder.commonCallback());
|
||||
|
||||
AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), member.getNickName(), member.getFace(), UserEnums.MEMBER);
|
||||
AuthUser authUser = AuthUser.builder()
|
||||
.username(member.getUsername())
|
||||
.face(member.getFace())
|
||||
.id(member.getId())
|
||||
.role(UserEnums.MEMBER)
|
||||
.nickName(member.getNickName())
|
||||
.longTerm(longTerm)
|
||||
.build();
|
||||
//登陆成功生成token
|
||||
return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.MEMBER);
|
||||
return tokenUtil.createToken(authUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token refreshToken(String refreshToken) {
|
||||
return tokenUtil.refreshToken(refreshToken, UserEnums.MEMBER);
|
||||
return tokenUtil.refreshToken(refreshToken);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -11,16 +11,16 @@ import cn.lili.common.security.enums.UserEnums;
|
||||
import cn.lili.common.security.token.Token;
|
||||
import cn.lili.common.security.token.TokenUtil;
|
||||
import cn.lili.common.security.token.base.AbstractTokenGenerate;
|
||||
import cn.lili.modules.member.entity.dos.Clerk;
|
||||
import cn.lili.modules.member.entity.dos.Member;
|
||||
import cn.lili.modules.member.entity.vo.StoreUserMenuVO;
|
||||
import cn.lili.modules.member.service.ClerkService;
|
||||
import cn.lili.modules.member.service.StoreMenuRoleService;
|
||||
import cn.lili.modules.store.entity.dos.Store;
|
||||
import cn.lili.modules.store.service.StoreService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import cn.lili.modules.member.entity.dos.Clerk;
|
||||
import cn.lili.modules.member.entity.vo.StoreUserMenuVO;
|
||||
import cn.lili.modules.member.service.ClerkService;
|
||||
import cn.lili.modules.member.service.StoreMenuRoleService;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@ -61,7 +61,7 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
||||
throw new ServiceException(ResultCode.CLERK_DISABLED_ERROR);
|
||||
}
|
||||
//获取当前用户权限
|
||||
List<StoreUserMenuVO> storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(),member.getId());
|
||||
List<StoreUserMenuVO> storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(), member.getId());
|
||||
//缓存权限列表
|
||||
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + member.getId(), this.permissionList(storeUserMenuVOS));
|
||||
//查询店铺信息
|
||||
@ -69,16 +69,25 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
||||
if (store == null) {
|
||||
throw new ServiceException(ResultCode.STORE_NOT_OPEN);
|
||||
}
|
||||
AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), UserEnums.STORE, member.getNickName(), clerk.getIsSuper(), clerk.getId(),store.getStoreLogo());
|
||||
|
||||
authUser.setStoreId(store.getId());
|
||||
authUser.setStoreName(store.getStoreName());
|
||||
return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.STORE);
|
||||
//构建对象
|
||||
AuthUser authUser = AuthUser.builder()
|
||||
.username(member.getUsername())
|
||||
.id(member.getId())
|
||||
.role(UserEnums.STORE)
|
||||
.nickName(member.getNickName())
|
||||
.isSuper(clerk.getIsSuper())
|
||||
.clerkId(clerk.getId())
|
||||
.face(store.getStoreLogo())
|
||||
.storeId(store.getId())
|
||||
.storeName(store.getStoreName())
|
||||
.longTerm(longTerm)
|
||||
.build();
|
||||
return tokenUtil.createToken(authUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token refreshToken(String refreshToken) {
|
||||
return tokenUtil.refreshToken(refreshToken, UserEnums.STORE);
|
||||
return tokenUtil.refreshToken(refreshToken);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -145,7 +154,6 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
||||
superPermissions.add("/store/passport/login*");
|
||||
|
||||
|
||||
|
||||
//店铺设置
|
||||
queryPermissions.add("/store/settings/storeSettings*");
|
||||
//文章接口
|
||||
@ -154,6 +162,5 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
||||
queryPermissions.add("/store/statistics/index*");
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -40,18 +40,26 @@ public class ManagerTokenGenerate extends AbstractTokenGenerate<AdminUser> {
|
||||
|
||||
@Override
|
||||
public Token createToken(AdminUser adminUser, Boolean longTerm) {
|
||||
AuthUser authUser = new AuthUser(adminUser.getUsername(), adminUser.getId(), adminUser.getAvatar(), UserEnums.MANAGER, adminUser.getNickName(), adminUser.getIsSuper());
|
||||
AuthUser authUser = AuthUser.builder()
|
||||
.username(adminUser.getUsername())
|
||||
.id(adminUser.getId())
|
||||
.face(adminUser.getAvatar())
|
||||
.role(UserEnums.MANAGER)
|
||||
.nickName(adminUser.getNickName())
|
||||
.isSuper(adminUser.getIsSuper())
|
||||
.longTerm(longTerm)
|
||||
.build();
|
||||
|
||||
List<UserMenuVO> userMenuVOList = roleMenuService.findAllMenu(authUser.getId());
|
||||
//缓存权限列表
|
||||
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId(), this.permissionList(userMenuVOList));
|
||||
|
||||
return tokenUtil.createToken(adminUser.getUsername(), authUser, longTerm, UserEnums.MANAGER);
|
||||
return tokenUtil.createToken(authUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Token refreshToken(String refreshToken) {
|
||||
return tokenUtil.refreshToken(refreshToken, UserEnums.MANAGER);
|
||||
return tokenUtil.refreshToken(refreshToken);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -0,0 +1,2 @@
|
||||
package cn.lili.controller.security;public class Cop {
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user