fix: 用户被禁用、店铺被禁用、管理员被禁用，token未被清除问题处理。

2023-04-19 12:08:47 +08:00 · 2023-04-19 12:08:47 +08:00 · 7b6a150bd2
commit 7b6a150bd2
parent 1f21d80dc0
13 changed files with 122 additions and 27 deletions
--- a/buyer-api/src/main/java/cn/lili/security/BuyerAuthenticationFilter.java
+++ b/buyer-api/src/main/java/cn/lili/security/BuyerAuthenticationFilter.java
@ -99,7 +99,7 @@ public class BuyerAuthenticationFilter extends BasicAuthenticationFilter {
            AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
            //校验redis中是否有权限
-            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + jwt)) {
+            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER,authUser.getId()) + jwt)) {
                //构造返回信息
                List<GrantedAuthority> auths = new ArrayList<>();
                auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));
--- a/consumer/src/main/java/cn/lili/timetask/handler/impl/statistics/OnlineMemberStatistics.java
+++ b/consumer/src/main/java/cn/lili/timetask/handler/impl/statistics/OnlineMemberStatistics.java
@ -72,7 +72,8 @@ public class OnlineMemberStatistics implements EveryHourExecute {
        calendar.set(Calendar.MINUTE, 0);
        calendar.set(Calendar.SECOND, 0);
        calendar.set(Calendar.MILLISECOND, 0);
-        onlineMemberVOS.add(new OnlineMemberVO(calendar.getTime(), cache.keys(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + "*").size(), lastNum.get()));
+        onlineMemberVOS.add(new OnlineMemberVO(calendar.getTime(), cache.keys(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER) + "*").size(),
                lastNum.get()));
        //写入缓存
        cache.put(CachePrefix.ONLINE_MEMBER.getPrefix(), onlineMemberVOS);
--- a/framework/src/main/java/cn/lili/cache/CachePrefix.java
+++ b/framework/src/main/java/cn/lili/cache/CachePrefix.java
@ -555,4 +555,16 @@ public enum CachePrefix {
    public String getPrefix(UserEnums user) {
        return "{" + this.name() + "_" + user.name() + "}_";
    }
    /**
     * 获取缓存key值 + 用户端 +自定义前缀
     * 例如：三端都有用户体系，需要分别登录，如果用户名一致，则redis中的权限可能会冲突出错
     *
     * @param user         角色
     * @param customPrefix 自定义前缀
     * @return 缓存key值
     */
    public String getPrefix(UserEnums user, String customPrefix) {
        return "{" + this.name() + "_" + user.name() + "}_" + customPrefix + "_";
    }
 }
--- a/framework/src/main/java/cn/lili/common/security/context/UserContext.java
+++ b/framework/src/main/java/cn/lili/common/security/context/UserContext.java
@ -65,7 +65,7 @@ public class UserContext {
            AuthUser authUser = getAuthUser(accessToken);
            assert authUser != null;
-            if (!cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken)) {
+            if (!cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + accessToken)) {
                throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
            }
            return authUser;
--- a/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java
+++ b/framework/src/main/java/cn/lili/common/security/token/TokenUtil.java
@ -42,13 +42,13 @@ public class TokenUtil {
        //访问token
        String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
-        cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken, 1,
+        cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + accessToken, 1,
                tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
        //刷新token生成策略：如果是长时间有效的token（用于app），则默认15天有效期刷新token。如果是普通用户登录，则刷新token为普通token2倍数
        Long expireTime = authUser.getLongTerm() ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
        String refreshToken = createToken(authUser, expireTime);
-        cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
+        cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole(), authUser.getId()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
        token.setAccessToken(accessToken);
        token.setRefreshToken(refreshToken);
@ -85,11 +85,12 @@ public class TokenUtil {
        //如果缓存中有刷新token &&
-        if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) {
+        if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + oldRefreshToken)) {
            Token token = new Token();
            //访问token
            String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
-            cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
+            cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + accessToken, 1, tokenProperties.getTokenExpireTime(),
                    TimeUnit.MINUTES);
            //如果是信任登录设备，则刷新token长度继续延长
            Long expirationTime = tokenProperties.getTokenExpireTime() * 2;
@ -101,10 +102,10 @@ public class TokenUtil {
            //刷新token生成策略：如果是长时间有效的token（用于app），则默认15天有效期刷新token。如果是普通用户登录，则刷新token为普通token2倍数
            String refreshToken = createToken(authUser, expirationTime);
-            cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
+            cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
            token.setAccessToken(accessToken);
            token.setRefreshToken(refreshToken);
-            cache.remove(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken);
+            cache.remove(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) + oldRefreshToken);
            return token;
        } else {
            throw new ServiceException(ResultCode.USER_AUTH_EXPIRED);
--- a/framework/src/main/java/cn/lili/modules/member/service/MemberService.java
+++ b/framework/src/main/java/cn/lili/modules/member/service/MemberService.java
@ -11,11 +11,10 @@ import cn.lili.modules.member.entity.dto.MemberAddDTO;
 import cn.lili.modules.member.entity.dto.MemberEditDTO;
 import cn.lili.modules.member.entity.vo.MemberSearchVO;
 import cn.lili.modules.member.entity.vo.MemberVO;
 import cn.lili.modules.member.entity.vo.QRLoginResultVo;
 import cn.lili.modules.member.entity.vo.QRCodeLoginSessionVo;
 import cn.lili.modules.member.entity.vo.QRLoginResultVo;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.service.IService;
 import org.elasticsearch.monitor.os.OsStats;
 import java.util.List;
 import java.util.Map;
@ -260,6 +259,13 @@ public interface MemberService extends IService<Member> {
     */
    void logout(UserEnums userEnums);
    /**
     * 登出
     *
     * @param userId 用户id
     */
    void logout(String userId);
    /**
     * 修改会员是否拥有店铺
     *
--- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java
@ -19,7 +19,6 @@ import cn.lili.common.security.token.Token;
 import cn.lili.common.sensitive.SensitiveWordsFilter;
 import cn.lili.common.utils.*;
 import cn.lili.common.vo.PageVO;
 import cn.lili.modules.connect.config.ConnectAuthEnum;
 import cn.lili.modules.connect.entity.Connect;
 import cn.lili.modules.connect.entity.dto.ConnectAuthUser;
 import cn.lili.modules.connect.service.ConnectService;
@ -309,7 +308,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
        this.save(member);
        // 发送会员注册信息
-        applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("new member register", rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_REGISTER.name(), member));
+        applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("new member register", rocketmqCustomProperties.getMemberTopic(),
                MemberTagsEnum.MEMBER_REGISTER.name(), member));
    }
    @Override
@ -456,7 +456,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
        checkMember(memberAddDTO.getUsername(), memberAddDTO.getMobile());
        //添加会员
-        Member member = new Member(memberAddDTO.getUsername(), new BCryptPasswordEncoder().encode(memberAddDTO.getPassword()), memberAddDTO.getMobile());
+        Member member = new Member(memberAddDTO.getUsername(), new BCryptPasswordEncoder().encode(memberAddDTO.getPassword()),
                memberAddDTO.getMobile());
        registerHandler(member);
        return member;
    }
@ -525,7 +526,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
                memberPointMessage.setPoint(point);
                memberPointMessage.setType(type);
                memberPointMessage.setMemberId(memberId);
-                applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("update member point", rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_POINT_CHANGE.name(), memberPointMessage));
+                applicationEventPublisher.publishEvent(new TransactionCommitSendMQEvent("update member point",
                        rocketmqCustomProperties.getMemberTopic(), MemberTagsEnum.MEMBER_POINT_CHANGE.name(), memberPointMessage));
                return true;
            }
            return false;
@ -540,6 +542,10 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
        updateWrapper.set("disabled", status);
        updateWrapper.in("id", memberIds);
        //如果是禁用
        if (Boolean.FALSE.equals(status)) {
            disableMemberLogout(memberIds);
        }
        return this.update(updateWrapper);
    }
@ -680,8 +686,33 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
    @Override
    public void logout(UserEnums userEnums) {
        String currentUserToken = UserContext.getCurrentUserToken();
        AuthUser authUser = UserContext.getAuthUser(currentUserToken);
        if (CharSequenceUtil.isNotEmpty(currentUserToken)) {
-            cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken);
+            cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + currentUserToken);
            cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()) );
        }
    }
    @Override
    public void logout(String userId) {
        cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, userId));
        cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MANAGER, userId));
    }
    /**
     * 禁用会员会员token删除
     *
     * @param memberIds 会员id
     */
    public void disableMemberLogout(List<String> memberIds) {
        if (memberIds != null) {
            memberIds.forEach(memberId -> {
                cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MEMBER, memberId));
                cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MEMBER, memberId));
            });
        }
    }
--- a/framework/src/main/java/cn/lili/modules/permission/service/AdminUserService.java
+++ b/framework/src/main/java/cn/lili/modules/permission/service/AdminUserService.java
@ -107,4 +107,11 @@ public interface AdminUserService extends IService<AdminUser> {
     */
    void logout(UserEnums userEnums);
    /**
     * 登出
     *
     * @param adminUserIds 用户id
     */
    void logout(List<String> adminUserIds);
 }
--- a/framework/src/main/java/cn/lili/modules/permission/serviceimpl/AdminUserServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/permission/serviceimpl/AdminUserServiceImpl.java
@ -142,11 +142,24 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
    @Override
    public void logout(UserEnums userEnums) {
        String currentUserToken = UserContext.getCurrentUserToken();
        AuthUser authUser = UserContext.getAuthUser(currentUserToken);
        if (CharSequenceUtil.isNotEmpty(currentUserToken)) {
-            cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken);
+            cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums, authUser.getId()) + currentUserToken);
            cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums, authUser.getId()));
        }
    }
    @Override
    public void logout(List<String> adminUserIds) {
        if (adminUserIds == null || adminUserIds.isEmpty()) {
            return;
        }
        adminUserIds.forEach(adminUserId -> {
            cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, adminUserId));
            cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.MANAGER, adminUserId));
        });
    }
    @Override
    public AdminUser findByUsername(String username) {
@ -234,6 +247,8 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
        QueryWrapper<UserRole> queryWrapper = new QueryWrapper<>();
        queryWrapper.in("user_id", ids);
        userRoleService.remove(queryWrapper);
        this.logout(ids);
    }
    /**
--- a/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
@ -9,6 +9,7 @@ import cn.lili.common.exception.ServiceException;
 import cn.lili.common.properties.RocketmqCustomProperties;
 import cn.lili.common.security.AuthUser;
 import cn.lili.common.security.context.UserContext;
 import cn.lili.common.security.enums.UserEnums;
 import cn.lili.common.utils.BeanUtil;
 import cn.lili.common.vo.PageVO;
 import cn.lili.modules.goods.entity.dos.GoodsSku;
@ -244,6 +245,13 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
            if (update) {
                goodsService.underStoreGoods(id);
            }
            //删除店员token
            clerkService.list(new LambdaQueryWrapper<Clerk>().eq(Clerk::getStoreId, id)).forEach(clerk -> {
                cache.vagueDel(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE, clerk.getMemberId()));
                cache.vagueDel(CachePrefix.REFRESH_TOKEN.getPrefix(UserEnums.STORE, clerk.getMemberId()));
            });
            return update;
        }
@ -371,7 +379,8 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
        clerkService.remove(new LambdaQueryWrapper<Clerk>().eq(Clerk::getShopkeeper, true));
        List<Clerk> clerkList = new ArrayList<>();
        //遍历已开启的店铺
-        for (Store store : this.list(new LambdaQueryWrapper<Store>().eq(Store::getDeleteFlag, false).eq(Store::getStoreDisable, StoreStatusEnum.OPEN.name()))) {
+        for (Store store : this.list(new LambdaQueryWrapper<Store>().eq(Store::getDeleteFlag, false).eq(Store::getStoreDisable,
                StoreStatusEnum.OPEN.name()))) {
            clerkList.add(new Clerk(store));
        }
        clerkService.saveBatch(clerkList);
@ -381,7 +390,8 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
    public List<GoodsSku> getToMemberHistory(String memberId) {
        AuthUser currentUser = UserContext.getCurrentUser();
        List<String> skuIdList = new ArrayList<>();
-        for (FootPrint footPrint : footprintService.list(new LambdaUpdateWrapper<FootPrint>().eq(FootPrint::getStoreId, currentUser.getStoreId()).eq(FootPrint::getMemberId, memberId))) {
+        for (FootPrint footPrint :
                footprintService.list(new LambdaUpdateWrapper<FootPrint>().eq(FootPrint::getStoreId, currentUser.getStoreId()).eq(FootPrint::getMemberId, memberId))) {
            if (footPrint.getSkuId() != null) {
                skuIdList.add(footPrint.getSkuId());
            }
--- a/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java
+++ b/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java
@ -30,6 +30,7 @@ import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
 import javax.validation.constraints.NotNull;
 import java.util.ArrayList;
 import java.util.List;
@ -183,6 +184,14 @@ public class AdminUserManagerController {
        }
        user.setStatus(status);
        adminUserService.updateById(user);
        //登出用户
        if (Boolean.FALSE.equals(status)) {
            List<String> userIds = new ArrayList<>();
            userIds.add(userId);
            adminUserService.logout(userIds);
        }
        return ResultUtil.success();
    }
--- a/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
+++ b/manager-api/src/main/java/cn/lili/security/ManagerAuthenticationFilter.java
@ -86,7 +86,8 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
        //如果不是超级管理员， 则鉴权
        if (Boolean.FALSE.equals(authUser.getIsSuper())) {
            //获取缓存中的权限
-            Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
+            Map<String, List<String>> permission =
                    (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId());
            //获取数据(GET 请求)权限
            if (request.getMethod().equals(RequestMethod.GET.name())) {
@ -143,7 +144,7 @@ public class ManagerAuthenticationFilter extends BasicAuthenticationFilter {
            AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
            //校验redis中是否有权限
-            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER) + jwt)) {
+            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.MANAGER, authUser.getId()) + jwt)) {
                //用户角色
                List<GrantedAuthority> auths = new ArrayList<>();
                auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));
--- a/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
+++ b/seller-api/src/main/java/cn/lili/security/StoreAuthenticationFilter.java
@ -51,7 +51,8 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
    @SneakyThrows
    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        //从header中获取jwt
        String jwt = request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
        //如果没有token 则return
@ -89,7 +90,7 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
            AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
            //校验redis中是否有权限
-            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE) + jwt)) {
+            if (cache.hasKey(CachePrefix.ACCESS_TOKEN.getPrefix(UserEnums.STORE, authUser.getId()) + jwt)) {
                //用户角色
                List<GrantedAuthority> auths = new ArrayList<>();
                auths.add(new SimpleGrantedAuthority("ROLE_" + authUser.getRole().name()));
@ -124,7 +125,8 @@ public class StoreAuthenticationFilter extends BasicAuthenticationFilter {
        //如果不是超级管理员， 则鉴权
        if (!authUser.getIsSuper()) {
            //获取缓存中的权限
-            Map<String, List<String>> permission = (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
+            Map<String, List<String>> permission =
                    (Map<String, List<String>>) cache.get(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + authUser.getId());
            //获取数据(GET 请求)权限
            if (request.getMethod().equals(RequestMethod.GET.name())) {