refactor/重构鉴权逻辑

Author: freestylefly

pmhub-auth/src/main/java/com/laigeoffer/pmhub/auth/controller/LoginController.java

@@ -1,7 +1,6 @@
 package com.laigeoffer.pmhub.auth.controller;
 
 import com.laigeoffer.pmhub.auth.service.SysLoginService;
-import com.laigeoffer.pmhub.base.core.constant.Constants;
 import com.laigeoffer.pmhub.base.core.core.domain.AjaxResult;
 import com.laigeoffer.pmhub.base.core.core.domain.R;
 import com.laigeoffer.pmhub.base.core.core.domain.model.LoginBody;
@@ -38,14 +37,12 @@ public class LoginController {
     private SysLoginService sysLoginService;
 
     @PostMapping("login")
-    public AjaxResult login(@RequestBody LoginBody form) {
+    public R<?> login(@RequestBody LoginBody form) {
         AjaxResult ajax = success();
         // 用户登录
         LoginUser userInfo = sysLoginService.login(form.getUsername(), form.getPassword());
-        String token =  tokenService.createToken(userInfo);
-        ajax.put(Constants.TOKEN, token);
         // 获取登录token
-        return ajax;
+        return R.ok(tokenService.createToken(userInfo));
     }
 
     @DeleteMapping("logout")

pmhub-base/pmhub-base-core/src/main/java/com/laigeoffer/pmhub/base/core/constant/CacheConstants.java

@@ -9,7 +9,7 @@ public class CacheConstants {
     /**
      * 登录用户 redis key
      */
-    public static final String LOGIN_TOKEN_KEY = "login_tokens:";
+    public static final String LOGIN_TOKEN_KEY = "user_key:";
 
     /**
      * 验证码 redis key

pmhub-base/pmhub-base-core/src/main/java/com/laigeoffer/pmhub/base/core/constant/SecurityConstants.java

@@ -3,7 +3,7 @@
 /**
  * 权限相关通用常量
  * 
- * @author ruoyi
+ * @author canghe
  */
 public class SecurityConstants
 {

pmhub-base/pmhub-base-core/src/main/java/com/laigeoffer/pmhub/base/core/constant/TokenConstants.java

@@ -20,6 +20,6 @@ public class TokenConstants
     /**
      * 令牌秘钥
      */
-    public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
+    public final static String SECRET = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz";
 
 }

pmhub-base/pmhub-base-core/src/main/java/com/laigeoffer/pmhub/base/core/core/domain/model/LoginUser.java

@@ -19,6 +19,11 @@ public class LoginUser implements Serializable {
      */
     private Long userId;
 
+    /**
+     * 用户名
+     */
+    private String username;
+
     /**
      * 部门ID
      */
@@ -95,6 +100,10 @@ public Long getUserId() {
         return userId;
     }
 
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
     public void setUserId(Long userId) {
         this.userId = userId;
     }

pmhub-base/pmhub-base-core/src/main/java/com/laigeoffer/pmhub/base/core/utils/ServletUtils.java

@@ -220,6 +220,16 @@ public static Map<String, String> getHeaders(HttpServletRequest request)
         return map;
     }
 
+    public static String getHeader(HttpServletRequest request, String name)
+    {
+        String value = request.getHeader(name);
+        if (StringUtils.isEmpty(value))
+        {
+            return StringUtils.EMPTY;
+        }
+        return urlDecode(value);
+    }
+
     /**
      * 设置webflux模型响应
      *

pmhub-base/pmhub-base-security/src/main/java/com/laigeoffer/pmhub/base/security/interceptor/HeaderInterceptor.java

@@ -3,9 +3,10 @@
 import com.laigeoffer.pmhub.base.core.constant.SecurityConstants;
 import com.laigeoffer.pmhub.base.core.context.SecurityContextHolder;
 import com.laigeoffer.pmhub.base.core.core.domain.model.LoginUser;
-import com.laigeoffer.pmhub.base.security.utils.SecurityUtils;
+import com.laigeoffer.pmhub.base.core.utils.ServletUtils;
 import com.laigeoffer.pmhub.base.core.utils.StringUtils;
 import com.laigeoffer.pmhub.base.security.auth.AuthUtil;
+import com.laigeoffer.pmhub.base.security.utils.SecurityUtils;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;
 
@@ -28,9 +29,9 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
             return true;
         }
 
-//        SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
-//        SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
-//        SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
+        SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
+        SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
+        SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
 
         String token = SecurityUtils.getToken();
         if (StringUtils.isNotEmpty(token))

pmhub-base/pmhub-base-security/src/main/java/com/laigeoffer/pmhub/base/security/service/TokenService.java

@@ -3,6 +3,7 @@
 import com.laigeoffer.pmhub.base.core.config.redis.RedisService;
 import com.laigeoffer.pmhub.base.core.constant.CacheConstants;
 import com.laigeoffer.pmhub.base.core.constant.Constants;
+import com.laigeoffer.pmhub.base.core.constant.SecurityConstants;
 import com.laigeoffer.pmhub.base.core.core.domain.model.LoginUser;
 import com.laigeoffer.pmhub.base.core.utils.JwtUtils;
 import com.laigeoffer.pmhub.base.core.utils.ServletUtils;
@@ -41,6 +42,9 @@ public class TokenService {
     protected static final long MILLIS_SECOND = 1000;
     protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;
     private static final Long MILLIS_MINUTE_TEN = 20 * 60 * 1000L;
+
+    private final static String ACCESS_TOKEN = CacheConstants.LOGIN_TOKEN_KEY;
+
     // 令牌自定义标识
     @Value("${token.header}")
     private String header;
@@ -133,19 +137,29 @@ public void delLoginUser(String token) {
 
     /**
      * 创建令牌
-     *
-     * @param loginUser 用户信息
-     * @return 令牌
      */
-    public String createToken(LoginUser loginUser) {
+    public Map<String, Object> createToken(LoginUser loginUser)
+    {
         String token = IdUtils.fastUUID();
+        Long userId = loginUser.getUser().getUserId();
+        String userName = loginUser.getUser().getUserName();
         loginUser.setToken(token);
-        setUserAgent(loginUser);
+        loginUser.setUserId(userId);
+        loginUser.setUsername(userName);
+        loginUser.setIpaddr(IpUtils.getIpAddr());
         refreshToken(loginUser);
 
-        Map<String, Object> claims = new HashMap<>();
-        claims.put(Constants.LOGIN_USER_KEY, token);
-        return createToken(claims);
+        // Jwt存储信息
+        Map<String, Object> claimsMap = new HashMap<String, Object>();
+        claimsMap.put(SecurityConstants.USER_KEY, token);
+        claimsMap.put(SecurityConstants.DETAILS_USER_ID, userId);
+        claimsMap.put(SecurityConstants.DETAILS_USERNAME, userName);
+
+        // 接口返回信息
+        Map<String, Object> rspMap = new HashMap<String, Object>();
+        rspMap.put("access_token", JwtUtils.createToken(claimsMap));
+        rspMap.put("expires_in", expireTime);
+        return rspMap;
     }
 
 
@@ -308,7 +322,7 @@ private String getToken(HttpServletRequest request) {
         return token;
     }
 
-    private String getTokenKey(String uuid) {
-        return CacheConstants.LOGIN_TOKEN_KEY + uuid;
+    private String getTokenKey(String token) {
+        return ACCESS_TOKEN + token;
     }
 }

pmhub-gateway/src/main/java/com/laigeoffer/pmhub/gateway/filter/AuthFilter.java

@@ -71,7 +71,7 @@ public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         addHeader(mutate, SecurityConstants.USER_KEY, userkey);
         addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
         addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
-        // 内部请求来源参数清除
+        // 内部请求来源参数清除（防止网关携带内部请求标识，造成系统安全风险）
         removeHeader(mutate, SecurityConstants.FROM_SOURCE);
         return chain.filter(exchange.mutate().request(mutate.build()).build());
     }

pmhub-modules/pmhub-system/src/main/java/com/laigeoffer/pmhub/system/controller/SysUserController.java

@@ -103,7 +103,6 @@ public void importTemplate(HttpServletResponse response) {
     /**
      * 根据用户编号获取详细信息
      */
-    @InnerAuth
     @RequiresPermissions("system:user:query")
     @GetMapping(value = {"/", "/{userId}"})
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) {