1. 优化三方登陆的代码

2. 使用 redis 存储 state
This commit is contained in:
YunaiV 2021-10-05 23:47:37 +08:00
parent a0a5d3a357
commit 0d6df43c9c
19 changed files with 294 additions and 189 deletions

View File

@ -11,6 +11,7 @@ import cn.iocoder.yudao.adminserver.modules.system.enums.user.SysSocialTypeEnum;
import cn.iocoder.yudao.adminserver.modules.system.service.auth.SysAuthService; import cn.iocoder.yudao.adminserver.modules.system.service.auth.SysAuthService;
import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService;
import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysRoleService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysRoleService;
import cn.iocoder.yudao.adminserver.modules.system.service.social.SysSocialService;
import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserService; import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserService;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum; import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.pojo.CommonResult; import cn.iocoder.yudao.framework.common.pojo.CommonResult;
@ -56,9 +57,8 @@ public class SysAuthController {
private SysRoleService roleService; private SysRoleService roleService;
@Resource @Resource
private SysPermissionService permissionService; private SysPermissionService permissionService;
@Resource @Resource
private AuthRequestFactory authRequestFactory; private SysSocialService socialService;
@PostMapping("/login") @PostMapping("/login")
@ApiOperation("使用账号密码登录") @ApiOperation("使用账号密码登录")
@ -110,12 +110,7 @@ public class SysAuthController {
}) })
public CommonResult<String> socialLoginRedirect(@RequestParam("type") Integer type, public CommonResult<String> socialLoginRedirect(@RequestParam("type") Integer type,
@RequestParam("redirectUri") String redirectUri) { @RequestParam("redirectUri") String redirectUri) {
// 获得对应的 AuthRequest 实现 return CommonResult.success(socialService.getAuthorizeUrl(type, redirectUri));
AuthRequest authRequest = authRequestFactory.get(SysSocialTypeEnum.valueOfType(type).getSource());
// 生成跳转地址
String authorizeUri = authRequest.authorize(AuthStateUtils.createState());
authorizeUri = HttpUtils.replaceUrlQuery(authorizeUri, "redirect_uri", redirectUri);
return CommonResult.success(authorizeUri);
} }
@PostMapping("/social-login") @PostMapping("/social-login")
@ -136,12 +131,4 @@ public class SysAuthController {
return success(SysAuthLoginRespVO.builder().token(token).build()); return success(SysAuthLoginRespVO.builder().token(token).build());
} }
@RequestMapping("/{type}/callback")
public AuthResponse login(@PathVariable String type, AuthCallback callback) {
AuthRequest authRequest = authRequestFactory.get(type);
AuthResponse<AuthUser> response = authRequest.login(callback);
log.info("【response】= {}", JSONUtil.toJsonStr(response));
return response;
}
} }

View File

@ -1,7 +0,0 @@
package cn.iocoder.yudao.adminserver.modules.system.controller.user.vo.user;
/**
* @author weir
*/
public class AuthUser {
}

View File

@ -43,10 +43,6 @@ public interface SysAuthConvert {
LoginUser convert(SysUserProfileUpdatePasswordReqVO reqVO); LoginUser convert(SysUserProfileUpdatePasswordReqVO reqVO);
AuthCallback convert(SysAuthSocialLoginReqVO bean);
AuthCallback convert(SysAuthSocialLogin2ReqVO bean);
/** /**
* 将菜单列表构建成菜单树 * 将菜单列表构建成菜单树
* *

View File

@ -1,5 +1,6 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user; package cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.social;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysUserDO;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum; import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.mybatis.core.dataobject.BaseDO; import cn.iocoder.yudao.framework.mybatis.core.dataobject.BaseDO;
import com.baomidou.mybatisplus.annotation.TableId; import com.baomidou.mybatisplus.annotation.TableId;

View File

@ -0,0 +1,24 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.social.SysSocialUserDO;
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.apache.ibatis.annotations.Mapper;
import java.util.Collection;
import java.util.List;
@Mapper
public interface SysSocialUserMapper extends BaseMapperX<SysSocialUserDO> {
default List<SysSocialUserDO> selectListByTypeAndUnionId(Integer userType, Collection<Integer> types, String unionId) {
return selectList(new QueryWrapper<SysSocialUserDO>().eq("user_type", userType)
.in("type", types).eq("union_id", unionId));
}
default List<SysSocialUserDO> selectListByTypeAndUserId(Integer userType, Collection<Integer> types, Long userId) {
return selectList(new QueryWrapper<SysSocialUserDO>().eq("user_type", userType)
.in("type", types).eq("user_id", userId));
}
}

View File

@ -1,11 +0,0 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysSocialUserDO;
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface SysSysUserSocialMapper extends BaseMapperX<SysSocialUserDO> {
}

View File

@ -1,11 +0,0 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysSocialUserDO;
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface SysUserSocialMapper extends BaseMapperX<SysSocialUserDO> {
}

View File

@ -1,18 +0,0 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.mysql.user;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysSocialUserDO;
import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.apache.ibatis.annotations.Mapper;
import java.util.List;
@Mapper
public interface SysSocialUserMapper extends BaseMapperX<SysSocialUserDO> {
default List<SysSocialUserDO> selectListByTypeAndUnionId(Integer userType, Integer type, String unionId) {
return selectList(new QueryWrapper<SysSocialUserDO>().eq("user_type", userType)
.eq("type", type).eq("union_id", unionId));
}
}

View File

@ -23,8 +23,12 @@ public interface SysRedisKeyConstants {
"captcha_code:%s", // 参数为 uuid "captcha_code:%s", // 参数为 uuid
STRING, String.class, RedisKeyDefine.TimeoutTypeEnum.DYNAMIC); STRING, String.class, RedisKeyDefine.TimeoutTypeEnum.DYNAMIC);
RedisKeyDefine AUTH_SOCIAL_USER = new RedisKeyDefine("认证的社交用户", RedisKeyDefine SOCIAL_AUTH_USER = new RedisKeyDefine("社交的授权用户",
"auth_social_user:%d:%s", // 参数为 typecode "social_auth_user:%d:%s", // 参数为 typecode
STRING, AuthUser.class, Duration.ofDays(1)); STRING, AuthUser.class, Duration.ofDays(1));
RedisKeyDefine SOCIAL_AUTH_STATE = new RedisKeyDefine("社交的 state",
"social_auth_state:%s", // 参数为 state
STRING, String.class, Duration.ofHours(24)); // 值为 state
} }

View File

@ -1,4 +1,4 @@
package cn.iocoder.yudao.adminserver.modules.system.dal.redis.auth; package cn.iocoder.yudao.adminserver.modules.system.dal.redis.social;
import cn.iocoder.yudao.framework.common.util.json.JsonUtils; import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthCallback;
@ -8,7 +8,7 @@ import org.springframework.stereotype.Repository;
import javax.annotation.Resource; import javax.annotation.Resource;
import static cn.iocoder.yudao.adminserver.modules.system.dal.redis.SysRedisKeyConstants.AUTH_SOCIAL_USER; import static cn.iocoder.yudao.adminserver.modules.system.dal.redis.SysRedisKeyConstants.SOCIAL_AUTH_USER;
/** /**
* 社交 {@link me.zhyd.oauth.model.AuthUser} RedisDAO * 社交 {@link me.zhyd.oauth.model.AuthUser} RedisDAO
@ -16,7 +16,7 @@ import static cn.iocoder.yudao.adminserver.modules.system.dal.redis.SysRedisKeyC
* @author 芋道源码 * @author 芋道源码
*/ */
@Repository @Repository
public class SysAuthSocialUserRedisDAO { public class SysSocialAuthUserRedisDAO {
@Resource @Resource
private StringRedisTemplate stringRedisTemplate; private StringRedisTemplate stringRedisTemplate;
@ -28,11 +28,11 @@ public class SysAuthSocialUserRedisDAO {
public void set(Integer type, AuthCallback authCallback, AuthUser authUser) { public void set(Integer type, AuthCallback authCallback, AuthUser authUser) {
String redisKey = formatKey(type, authCallback.getCode()); String redisKey = formatKey(type, authCallback.getCode());
stringRedisTemplate.opsForValue().set(redisKey, JsonUtils.toJsonString(authUser), AUTH_SOCIAL_USER.getTimeout()); stringRedisTemplate.opsForValue().set(redisKey, JsonUtils.toJsonString(authUser), SOCIAL_AUTH_USER.getTimeout());
} }
private static String formatKey(Integer type, String code) { private static String formatKey(Integer type, String code) {
return String.format(AUTH_SOCIAL_USER.getKeyTemplate(), type, code); return String.format(SOCIAL_AUTH_USER.getKeyTemplate(), type, code);
} }
} }

View File

@ -17,7 +17,6 @@ public interface SysErrorCodeConstants {
ErrorCode AUTH_LOGIN_CAPTCHA_NOT_FOUND = new ErrorCode(1002000003, "验证码不存在"); ErrorCode AUTH_LOGIN_CAPTCHA_NOT_FOUND = new ErrorCode(1002000003, "验证码不存在");
ErrorCode AUTH_LOGIN_CAPTCHA_CODE_ERROR = new ErrorCode(1002000004, "验证码不正确"); ErrorCode AUTH_LOGIN_CAPTCHA_CODE_ERROR = new ErrorCode(1002000004, "验证码不正确");
ErrorCode AUTH_THIRD_LOGIN_NOT_BIND = new ErrorCode(1002000005, "未绑定账号,需要进行绑定"); ErrorCode AUTH_THIRD_LOGIN_NOT_BIND = new ErrorCode(1002000005, "未绑定账号,需要进行绑定");
ErrorCode AUTH_THIRD_OAUTH_FAILURE = new ErrorCode(1002000006, "社交授权失败,原因是:{}");
// ========== TOKEN 模块 1002001000 ========== // ========== TOKEN 模块 1002001000 ==========
ErrorCode TOKEN_EXPIRED = new ErrorCode(1002001000, "Token 已经过期"); ErrorCode TOKEN_EXPIRED = new ErrorCode(1002001000, "Token 已经过期");
@ -98,4 +97,7 @@ public interface SysErrorCodeConstants {
ErrorCode ERROR_CODE_NOT_EXISTS = new ErrorCode(1002013000, "错误码不存在"); ErrorCode ERROR_CODE_NOT_EXISTS = new ErrorCode(1002013000, "错误码不存在");
ErrorCode ERROR_CODE_DUPLICATE = new ErrorCode(1002013001, "已经存在编码为【{}】的错误码"); ErrorCode ERROR_CODE_DUPLICATE = new ErrorCode(1002013001, "已经存在编码为【{}】的错误码");
// ========== 社交模块 1002014000 ==========
ErrorCode SOCIAL_AUTH_FAILURE = new ErrorCode(1002014000, "社交授权失败,原因是:{}");
} }

View File

@ -1,14 +1,16 @@
package cn.iocoder.yudao.adminserver.modules.system.enums.user; package cn.iocoder.yudao.adminserver.modules.system.enums.user;
import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.ArrayUtil;
import cn.iocoder.yudao.framework.common.core.IntArrayValuable; import cn.iocoder.yudao.framework.common.core.IntArrayValuable;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import java.util.Arrays; import java.util.Arrays;
import java.util.List;
/** /**
* 社交用户的类型枚举 * 社交平台的类型枚举
* *
* @author 芋道源码 * @author 芋道源码
*/ */
@ -23,6 +25,8 @@ public enum SysSocialTypeEnum implements IntArrayValuable {
public static final int[] ARRAYS = Arrays.stream(values()).mapToInt(SysSocialTypeEnum::getType).toArray(); public static final int[] ARRAYS = Arrays.stream(values()).mapToInt(SysSocialTypeEnum::getType).toArray();
public static final List<Integer> WECHAT_ALL = ListUtil.toList(WECHAT_ENTERPRISE.type);
/** /**
* 类型 * 类型
*/ */
@ -41,4 +45,11 @@ public enum SysSocialTypeEnum implements IntArrayValuable {
return ArrayUtil.firstMatch(o -> o.getType().equals(type), values()); return ArrayUtil.firstMatch(o -> o.getType().equals(type), values());
} }
public static List<Integer> getRelationTypes(Integer type) {
if (WECHAT_ALL.contains(type)) {
return WECHAT_ALL;
}
return ListUtil.toList(type);
}
} }

View File

@ -1,17 +1,13 @@
package cn.iocoder.yudao.adminserver.modules.system.service.auth.impl; package cn.iocoder.yudao.adminserver.modules.system.service.auth.impl;
import cn.hutool.core.collection.CollUtil; import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthSocialLogin2ReqVO; import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthSocialLogin2ReqVO;
import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthSocialLoginReqVO; import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthSocialLoginReqVO;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysSocialUserDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.social.SysSocialUserDO;
import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.user.SysSocialUserMapper; import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social.SysSocialUserMapper;
import cn.iocoder.yudao.adminserver.modules.system.dal.redis.auth.SysAuthSocialUserRedisDAO; import cn.iocoder.yudao.adminserver.modules.system.service.social.SysSocialService;
import cn.iocoder.yudao.adminserver.modules.system.enums.user.SysSocialTypeEnum;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum; import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil; import cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil;
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils; import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthLoginReqVO; import cn.iocoder.yudao.adminserver.modules.system.controller.auth.vo.auth.SysAuthLoginReqVO;
@ -27,12 +23,8 @@ import cn.iocoder.yudao.adminserver.modules.system.service.logger.SysLoginLogSer
import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService;
import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserService; import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserService;
import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
import com.xkcoding.justauth.AuthRequestFactory;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthRequest;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
@ -47,7 +39,6 @@ import org.springframework.util.Assert;
import javax.annotation.Resource; import javax.annotation.Resource;
import java.util.List; import java.util.List;
import java.util.Objects;
import java.util.Set; import java.util.Set;
import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception; import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
@ -77,15 +68,12 @@ public class SysAuthServiceImpl implements SysAuthService {
private SysLoginLogService loginLogService; private SysLoginLogService loginLogService;
@Resource @Resource
private SysUserSessionService userSessionService; private SysUserSessionService userSessionService;
@Resource @Resource
private SysAuthSocialUserRedisDAO authSocialUserRedisDAO; private SysSocialService socialService;
@Resource @Resource
private SysSocialUserMapper socialUserMapper; private SysSocialUserMapper socialUserMapper;
@Resource
private AuthRequestFactory authRequestFactory;
@Override @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 获取 username 对应的 SysUserDO // 获取 username 对应的 SysUserDO
@ -189,13 +177,12 @@ public class SysAuthServiceImpl implements SysAuthService {
@Override @Override
public String socialLogin(SysAuthSocialLoginReqVO reqVO, String userIp, String userAgent) { public String socialLogin(SysAuthSocialLoginReqVO reqVO, String userIp, String userAgent) {
// 使用 code 授权码进行登陆 // 使用 code 授权码进行登陆
AuthCallback authCallback = SysAuthConvert.INSTANCE.convert(reqVO); AuthUser authUser = socialService.getAuthUser(reqVO.getType(), reqVO.getCode(), reqVO.getState());
AuthUser authUser = this.obtainAuthUserFromCache(reqVO.getType(), authCallback); Assert.notNull(authUser, "授权用户不为空");
// 如果未绑定 SysSocialUserDO 用户则无法自动登陆进行报错 // 如果未绑定 SysSocialUserDO 用户则无法自动登陆进行报错
String unionId = getAuthUserUnionId(authUser); String unionId = socialService.getAuthUserUnionId(authUser);
List<SysSocialUserDO> socialUsers = socialUserMapper.selectListByTypeAndUnionId(UserTypeEnum.ADMIN.getValue(), List<SysSocialUserDO> socialUsers = socialService.getAllSocialUserList(reqVO.getType(), unionId);
reqVO.getType(), unionId);
if (CollUtil.isEmpty(socialUsers)) { if (CollUtil.isEmpty(socialUsers)) {
throw exception(AUTH_THIRD_LOGIN_NOT_BIND); throw exception(AUTH_THIRD_LOGIN_NOT_BIND);
} }
@ -209,8 +196,8 @@ public class SysAuthServiceImpl implements SysAuthService {
// TODO 芋艿需要改造下增加各种登陆方式 // TODO 芋艿需要改造下增加各种登陆方式
loginUser.setRoleIds(this.getUserRoleIds(loginUser.getId())); // 获取用户角色列表 loginUser.setRoleIds(this.getUserRoleIds(loginUser.getId())); // 获取用户角色列表
// 保存社交用户 // 绑定社交用户更新
this.saveSocialUser(reqVO.getType(), socialUsers, loginUser.getId(), authUser); socialService.bindSocialUser(loginUser.getId(), reqVO.getType(), authUser);
// 缓存登陆用户到 Redis 返回 sessionId 编号 // 缓存登陆用户到 Redis 返回 sessionId 编号
return userSessionService.createUserSession(loginUser, userIp, userAgent); return userSessionService.createUserSession(loginUser, userIp, userAgent);
@ -219,91 +206,20 @@ public class SysAuthServiceImpl implements SysAuthService {
@Override @Override
public String socialLogin2(SysAuthSocialLogin2ReqVO reqVO, String userIp, String userAgent) { public String socialLogin2(SysAuthSocialLogin2ReqVO reqVO, String userIp, String userAgent) {
// 使用 code 授权码进行登陆 // 使用 code 授权码进行登陆
AuthCallback authCallback = SysAuthConvert.INSTANCE.convert(reqVO); AuthUser authUser = socialService.getAuthUser(reqVO.getType(), reqVO.getCode(), reqVO.getState());
AuthUser authUser = this.obtainAuthUserFromCache(reqVO.getType(), authCallback); Assert.notNull(authUser, "授权用户不为空");
// 查询社交对应的 SysSocialUserDO 用户
String unionId = getAuthUserUnionId(authUser);
List<SysSocialUserDO> socialUsers = socialUserMapper.selectListByTypeAndUnionId(UserTypeEnum.ADMIN.getValue(),
reqVO.getType(), unionId);
// 使用账号密码进行登陆 // 使用账号密码进行登陆
LoginUser loginUser = this.login0(reqVO.getUsername(), reqVO.getPassword()); // TODO 芋艿需要改造下增加各种登陆方式 LoginUser loginUser = this.login0(reqVO.getUsername(), reqVO.getPassword()); // TODO 芋艿需要改造下增加各种登陆方式
loginUser.setRoleIds(this.getUserRoleIds(loginUser.getId())); // 获取用户角色列表 loginUser.setRoleIds(this.getUserRoleIds(loginUser.getId())); // 获取用户角色列表
// 保存社交用户 // 绑定社交用户新增
this.saveSocialUser(reqVO.getType(), socialUsers, loginUser.getId(), authUser); socialService.bindSocialUser(loginUser.getId(), reqVO.getType(), authUser);
// 缓存登陆用户到 Redis 返回 sessionId 编号 // 缓存登陆用户到 Redis 返回 sessionId 编号
return userSessionService.createUserSession(loginUser, userIp, userAgent); return userSessionService.createUserSession(loginUser, userIp, userAgent);
} }
private static String getAuthUserUnionId(AuthUser authUser) {
return StrUtil.blankToDefault(authUser.getToken().getUnionId(), authUser.getUuid());
}
private AuthUser obtainAuthUserFromCache(Integer type, AuthCallback authCallback) {
// 从缓存中获取
AuthUser authUser = authSocialUserRedisDAO.get(type, authCallback);
if (authUser != null) {
return authUser;
}
// 请求获取
authUser = this.obtainAuthUser(type, authCallback);
authSocialUserRedisDAO.set(type, authCallback, authUser);
return authUser;
}
private AuthUser obtainAuthUser(Integer type, AuthCallback authCallback) {
AuthRequest authRequest = authRequestFactory.get(SysSocialTypeEnum.valueOfType(type).getSource());
AuthResponse<?> authResponse = authRequest.login(authCallback);
log.info("[obtainAuthUser][请求社交平台 type({}) request({}) response({})]", type, JsonUtils.toJsonString(authCallback),
JsonUtils.toJsonString(authResponse));
if (!authResponse.ok()) {
throw exception(AUTH_THIRD_OAUTH_FAILURE, authResponse.getMsg());
}
return (AuthUser) authResponse.getData();
}
/**
* 保存社交用户
*
* @param socialUsers 已存在的社交用户列表
* @param userId 绑定的用户编号
* @param authUser 需要保存的社交用户信息
*/
private void saveSocialUser(Integer type, List<SysSocialUserDO> socialUsers, Long userId, AuthUser authUser) {
// 逻辑一如果 socialUsers 指定的 userId 改变需要进行更新
// 例如说一个微信 unionId 对应了多个社交账号结果其中有个关联了新的 userId则其它也要跟着修改
// 考虑到 socialUsers 一般比较少直接 for 循环更新即可
socialUsers.forEach(socialUser -> {
if (Objects.equals(socialUser.getUserId(), userId)) {
return;
}
socialUserMapper.updateById(new SysSocialUserDO().setUserId(socialUser.getUserId()).setUserId(userId));
});
// 逻辑二如果 authUser 不存在于 socialUsers 则进行新增否则进行更新
SysSocialUserDO saveSocialUser = CollUtil.findOneByField(socialUsers, "openid", authUser.getUuid());
if (saveSocialUser == null) {
saveSocialUser = new SysSocialUserDO();
saveSocialUser.setUserId(userId).setUserType(UserTypeEnum.ADMIN.getValue());
saveSocialUser.setType(type).setOpenid(authUser.getUuid()).setToken(authUser.getToken().getAccessToken())
.setUnionId(getAuthUserUnionId(authUser)).setRawTokenInfo(JsonUtils.toJsonString(authUser.getToken()));
saveSocialUser.setNickname(authUser.getNickname()).setAvatar(authUser.getAvatar())
.setRawUserInfo(JsonUtils.toJsonString(authUser.getRawUserInfo()));
socialUserMapper.insert(saveSocialUser);
} else {
saveSocialUser = new SysSocialUserDO().setId(saveSocialUser.getId());
saveSocialUser.setToken(authUser.getToken().getAccessToken()).setUnionId(getAuthUserUnionId(authUser))
.setRawTokenInfo(JsonUtils.toJsonString(authUser.getToken()));
saveSocialUser.setNickname(authUser.getNickname()).setAvatar(authUser.getAvatar())
.setRawUserInfo(JsonUtils.toJsonString(authUser.getRawUserInfo()));
socialUserMapper.updateById(saveSocialUser);
}
}
@Override @Override
public void logout(String token) { public void logout(String token) {
// 查询用户信息 // 查询用户信息

View File

@ -0,0 +1,63 @@
package cn.iocoder.yudao.adminserver.modules.system.service.social;
import cn.hutool.core.util.StrUtil;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.social.SysSocialUserDO;
import cn.iocoder.yudao.adminserver.modules.system.enums.user.SysSocialTypeEnum;
import cn.iocoder.yudao.framework.common.exception.ServiceException;
import me.zhyd.oauth.model.AuthUser;
import javax.validation.constraints.NotNull;
import java.util.List;
/**
* 社交 Service 接口例如说社交平台的授权登录
*
* @author 芋道源码
*/
public interface SysSocialService {
/**
* 获得社交平台的授权 URL
*
* @param type 社交平台的类型 {@link SysSocialTypeEnum}
* @param redirectUri 重定向 URL
* @return 社交平台的授权 URL
*/
String getAuthorizeUrl(Integer type, String redirectUri);
/**
* 获得授权的用户
* 如果授权失败则会抛出 {@link ServiceException} 异常
*
* @param type 社交平台的类型 {@link SysSocialTypeEnum}
* @param code 授权码
* @param state state
* @return 授权用户
*/
@NotNull
AuthUser getAuthUser(Integer type, String code, String state);
default String getAuthUserUnionId(AuthUser authUser) {
return StrUtil.blankToDefault(authUser.getToken().getUnionId(), authUser.getUuid());
}
/**
* 获得 unionId 对应的某个社交平台的所有社交用户
* 注意这里的所有指的是类似微信平台包括了小程序公众号PC 网站他们的 unionId 是一致的
*
* @param type 社交平台的类型 {@link SysSocialTypeEnum}
* @param unionId 社交平台的 unionId
* @return 社交用户列表
*/
List<SysSocialUserDO> getAllSocialUserList(Integer type, String unionId);
/**
* 绑定社交用户
*
* @param userId 用户编号
* @param type 社交平台的类型 {@link SysSocialTypeEnum}
* @param authUser 授权用户
*/
void bindSocialUser(Long userId, Integer type, AuthUser authUser);
}

View File

@ -0,0 +1,147 @@
package cn.iocoder.yudao.adminserver.modules.system.service.social.impl;
import cn.hutool.core.collection.CollUtil;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.social.SysSocialUserDO;
import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social.SysSocialUserMapper;
import cn.iocoder.yudao.adminserver.modules.system.dal.redis.social.SysSocialAuthUserRedisDAO;
import cn.iocoder.yudao.adminserver.modules.system.enums.user.SysSocialTypeEnum;
import cn.iocoder.yudao.adminserver.modules.system.service.social.SysSocialService;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.common.util.http.HttpUtils;
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
import com.xkcoding.justauth.AuthRequestFactory;
import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.utils.AuthStateUtils;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import javax.validation.Valid;
import java.util.List;
import java.util.Objects;
import static cn.iocoder.yudao.adminserver.modules.system.enums.SysErrorCodeConstants.SOCIAL_AUTH_FAILURE;
import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
/**
* 社交 Service 实现类
*
* @author 芋道源码
*/
@Service
@Valid
@Slf4j
public class SysSocialServiceImpl implements SysSocialService {
@Resource
private AuthRequestFactory authRequestFactory;
@Resource
private SysSocialAuthUserRedisDAO authSocialUserRedisDAO;
@Resource
private SysSocialUserMapper socialUserMapper;
@Override
public String getAuthorizeUrl(Integer type, String redirectUri) {
// 获得对应的 AuthRequest 实现
AuthRequest authRequest = authRequestFactory.get(SysSocialTypeEnum.valueOfType(type).getSource());
// 生成跳转地址
String authorizeUri = authRequest.authorize(AuthStateUtils.createState());
return HttpUtils.replaceUrlQuery(authorizeUri, "redirect_uri", redirectUri);
}
@Override
public AuthUser getAuthUser(Integer type, String code, String state) {
AuthCallback authCallback = buildAuthCallback(code, state);
// 从缓存中获取
AuthUser authUser = authSocialUserRedisDAO.get(type, authCallback);
if (authUser != null) {
return authUser;
}
// 请求获取
authUser = this.getAuthUser0(type, authCallback);
// 缓存原因是 code 有且可以使用一次在社交登录时当未绑定 User 需要绑定登陆此时需要 code 使用两次
authSocialUserRedisDAO.set(type, authCallback, authUser);
return authUser;
}
@Override
public List<SysSocialUserDO> getAllSocialUserList(Integer type, String unionId) {
List<Integer> types = SysSocialTypeEnum.getRelationTypes(type);
return socialUserMapper.selectListByTypeAndUnionId(UserTypeEnum.ADMIN.getValue(), types, unionId);
}
@Override
public void bindSocialUser(Long userId, Integer type, AuthUser authUser) {
// 获得 unionId 对应的 SysSocialUserDO 列表
String unionId = getAuthUserUnionId(authUser);
List<SysSocialUserDO> socialUsers = this.getAllSocialUserList(type, unionId);
// 逻辑一如果 userId 之前绑定过该 type 的其它账号需要进行解绑
List<Integer> types = SysSocialTypeEnum.getRelationTypes(type);
List<SysSocialUserDO> oldSocialUsers = socialUserMapper.selectListByTypeAndUserId(UserTypeEnum.ADMIN.getValue(),
types, userId);
if (CollUtil.isNotEmpty(oldSocialUsers) && !Objects.equals(unionId, oldSocialUsers.get(0).getUnionId())) {
socialUserMapper.deleteBatchIds(CollectionUtils.convertSet(oldSocialUsers, SysSocialUserDO::getId));
}
// 逻辑二如果 socialUsers 指定的 userId 改变需要进行更新
// 例如说一个微信 unionId 对应了多个社交账号结果其中有个关联了新的 userId则其它也要跟着修改
// 考虑到 socialUsers 一般比较少直接 for 循环更新即可
socialUsers.forEach(socialUser -> {
if (Objects.equals(socialUser.getUserId(), userId)) {
return;
}
socialUserMapper.updateById(new SysSocialUserDO().setUserId(socialUser.getUserId()).setUserId(userId));
});
// 逻辑三如果 authUser 不存在于 socialUsers 则进行新增否则进行更新
SysSocialUserDO saveSocialUser = CollUtil.findOneByField(socialUsers, "openid", authUser.getUuid());
if (saveSocialUser == null) {
saveSocialUser = new SysSocialUserDO();
saveSocialUser.setUserId(userId).setUserType(UserTypeEnum.ADMIN.getValue());
saveSocialUser.setType(type).setOpenid(authUser.getUuid()).setToken(authUser.getToken().getAccessToken())
.setUnionId(unionId).setRawTokenInfo(JsonUtils.toJsonString(authUser.getToken()));
saveSocialUser.setNickname(authUser.getNickname()).setAvatar(authUser.getAvatar())
.setRawUserInfo(JsonUtils.toJsonString(authUser.getRawUserInfo()));
socialUserMapper.insert(saveSocialUser);
} else {
saveSocialUser = new SysSocialUserDO().setId(saveSocialUser.getId());
saveSocialUser.setToken(authUser.getToken().getAccessToken())
.setRawTokenInfo(JsonUtils.toJsonString(authUser.getToken()));
saveSocialUser.setNickname(authUser.getNickname()).setAvatar(authUser.getAvatar())
.setRawUserInfo(JsonUtils.toJsonString(authUser.getRawUserInfo()));
socialUserMapper.updateById(saveSocialUser);
}
}
/**
* 请求社交平台获得授权的用户
*
* @param type 社交平台的类型
* @param authCallback 授权回调
* @return 授权的用户
*/
private AuthUser getAuthUser0(Integer type, AuthCallback authCallback) {
AuthRequest authRequest = authRequestFactory.get(SysSocialTypeEnum.valueOfType(type).getSource());
AuthResponse<?> authResponse = authRequest.login(authCallback);
log.info("[getAuthUser0][请求社交平台 type({}) request({}) response({})]", type, JsonUtils.toJsonString(authCallback),
JsonUtils.toJsonString(authResponse));
if (!authResponse.ok()) {
throw exception(SOCIAL_AUTH_FAILURE, authResponse.getMsg());
}
return (AuthUser) authResponse.getData();
}
private static AuthCallback buildAuthCallback(String code, String state) {
return AuthCallback.builder().code(code).state(state).build();
}
}

View File

@ -1,4 +1,4 @@
package cn.iocoder.yudao.adminserver.modules.system.service.user; package cn.iocoder.yudao.adminserver.modules.system.service.user.impl;
import cn.hutool.core.collection.CollUtil; import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.io.IoUtil; import cn.hutool.core.io.IoUtil;
@ -12,11 +12,11 @@ import cn.iocoder.yudao.adminserver.modules.system.convert.user.SysUserConvert;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysDeptDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysDeptDO;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysPostDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysPostDO;
import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysUserDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.user.SysUserDO;
import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.social.SysUserSocialMapper;
import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.user.SysUserMapper; import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.user.SysUserMapper;
import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysDeptService; import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysDeptService;
import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysPostService; import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysPostService;
import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService;
import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserService;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum; import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.exception.ServiceException; import cn.iocoder.yudao.framework.common.exception.ServiceException;
import cn.iocoder.yudao.framework.common.pojo.PageResult; import cn.iocoder.yudao.framework.common.pojo.PageResult;
@ -49,8 +49,6 @@ public class SysUserServiceImpl implements SysUserService {
@Resource @Resource
private SysUserMapper userMapper; private SysUserMapper userMapper;
@Resource
private SysUserSocialMapper userSocialMapper;
@Resource @Resource
private SysDeptService deptService; private SysDeptService deptService;
@ -218,7 +216,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkUserExists(Long id) { public void checkUserExists(Long id) {
if (id == null) { if (id == null) {
return; return;
} }
@ -229,7 +227,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkUsernameUnique(Long id, String username) { public void checkUsernameUnique(Long id, String username) {
if (StrUtil.isBlank(username)) { if (StrUtil.isBlank(username)) {
return; return;
} }
@ -247,7 +245,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkEmailUnique(Long id, String email) { public void checkEmailUnique(Long id, String email) {
if (StrUtil.isBlank(email)) { if (StrUtil.isBlank(email)) {
return; return;
} }
@ -265,7 +263,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkMobileUnique(Long id, String mobile) { public void checkMobileUnique(Long id, String mobile) {
if (StrUtil.isBlank(mobile)) { if (StrUtil.isBlank(mobile)) {
return; return;
} }
@ -283,7 +281,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkDeptEnable(Long deptId) { public void checkDeptEnable(Long deptId) {
if (deptId == null) { // 允许不选择 if (deptId == null) { // 允许不选择
return; return;
} }
@ -297,7 +295,7 @@ public class SysUserServiceImpl implements SysUserService {
} }
@VisibleForTesting @VisibleForTesting
void checkPostEnable(Set<Long> postIds) { public void checkPostEnable(Set<Long> postIds) {
if (CollUtil.isEmpty(postIds)) { // 允许不选择 if (CollUtil.isEmpty(postIds)) { // 允许不选择
return; return;
} }
@ -324,7 +322,7 @@ public class SysUserServiceImpl implements SysUserService {
* @param oldPassword 旧密码 * @param oldPassword 旧密码
*/ */
@VisibleForTesting @VisibleForTesting
void checkOldPassword(Long id, String oldPassword) { public void checkOldPassword(Long id, String oldPassword) {
SysUserDO user = userMapper.selectById(id); SysUserDO user = userMapper.selectById(id);
if (user == null) { if (user == null) {
throw exception(USER_NOT_EXISTS); throw exception(USER_NOT_EXISTS);

View File

@ -185,4 +185,6 @@ justauth:
agent-id: 1000004 agent-id: 1000004
ignore-check-redirect-uri: true ignore-check-redirect-uri: true
cache: cache:
type: default type: REDIS
prefix: 'social_auth_state:' # 缓存前缀,目前只对 Redis 缓存生效,默认 JUSTAUTH::STATE::
timeout: 24h # 超时时长,目前只对 Redis 缓存生效,默认 3 分钟

View File

@ -41,7 +41,7 @@ import cn.iocoder.yudao.adminserver.modules.system.enums.common.SysSexEnum;
import cn.iocoder.yudao.adminserver.modules.system.service.auth.impl.SysUserSessionServiceImpl; import cn.iocoder.yudao.adminserver.modules.system.service.auth.impl.SysUserSessionServiceImpl;
import cn.iocoder.yudao.adminserver.modules.system.service.dept.impl.SysDeptServiceImpl; import cn.iocoder.yudao.adminserver.modules.system.service.dept.impl.SysDeptServiceImpl;
import cn.iocoder.yudao.adminserver.modules.system.service.logger.impl.SysLoginLogServiceImpl; import cn.iocoder.yudao.adminserver.modules.system.service.logger.impl.SysLoginLogServiceImpl;
import cn.iocoder.yudao.adminserver.modules.system.service.user.SysUserServiceImpl; import cn.iocoder.yudao.adminserver.modules.system.service.user.impl.SysUserServiceImpl;
import cn.iocoder.yudao.framework.test.core.util.AssertUtils; import cn.iocoder.yudao.framework.test.core.util.AssertUtils;
import cn.iocoder.yudao.framework.test.core.util.RandomUtils; import cn.iocoder.yudao.framework.test.core.util.RandomUtils;
import cn.iocoder.yudao.framework.common.util.object.ObjectUtils; import cn.iocoder.yudao.framework.common.util.object.ObjectUtils;

View File

@ -3,6 +3,7 @@ package cn.iocoder.yudao.adminserver.modules.system.service.user;
import cn.hutool.core.collection.CollUtil; import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.RandomUtil; import cn.hutool.core.util.RandomUtil;
import cn.iocoder.yudao.adminserver.BaseDbUnitTest; import cn.iocoder.yudao.adminserver.BaseDbUnitTest;
import cn.iocoder.yudao.adminserver.modules.system.service.user.impl.SysUserServiceImpl;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum; import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.pojo.PageResult; import cn.iocoder.yudao.framework.common.pojo.PageResult;
import cn.iocoder.yudao.adminserver.modules.infra.service.file.InfFileService; import cn.iocoder.yudao.adminserver.modules.infra.service.file.InfFileService;