登录TOKEN REDIS存储校验调整;

a7321f5f · 张国柄 · 854b0a3c · a7321f5f · a7321f5f · a7321f5f
Commit a7321f5f authored Jun 04, 2021 by 张国柄
4 changed files
--- a/liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/controller/AdamLoginController.java
+++ b/liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/controller/AdamLoginController.java
@@ -29,7 +29,6 @@ import org.springframework.util.DigestUtils;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.web.bind.annotation.*;
-import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -43,12 +42,12 @@ import java.util.Objects;
 @RequestMapping("")
 public class AdamLoginController {
    @Autowired
-    Environment environment;
+    Environment env;
-    @Autowired
-    JwtValidator jwtValidator;
    @Autowired
    RedisUtil redisUtil;
    @Autowired
+    JwtValidator jwtValidator;
+    @Autowired
    DefaultAcsClient defaultAcsClient;
    @Autowired
    IAdamUserService adamUserService;
@@ -130,13 +129,7 @@ public class AdamLoginController {
            loginInfoVo.setMemberSimpleVo(adamRdmService.getMemberSimpleVo());
 //        }
        loginInfoVo.setUserInfo(userInfoVo);
+        loginInfoVo.setToken(this.ssoProcess(userInfoVo));
-        Map<String, Object> claimsMap = new HashMap<>();
-        claimsMap.put("sub", userInfoVo.getUid());
-        // TODO: 2021/5/25 修改手机号更新TOKEN
-        claimsMap.put("mobile", userInfoVo.getMobile());
-        claimsMap.put("nickname", userInfoVo.getNickname());
-        loginInfoVo.setToken(this.ssoProcess(claimsMap));
        return ResponseDto.success(loginInfoVo);
    }
@@ -164,12 +157,7 @@ public class AdamLoginController {
            loginInfoVo.setMemberSimpleVo(adamRdmService.getMemberSimpleVo());
 //        }
        loginInfoVo.setUserInfo(userInfoVo);
+        loginInfoVo.setToken(this.ssoProcess(userInfoVo));
-        Map<String, Object> claimsMap = new HashMap<>();
-        claimsMap.put("sub", userInfoVo.getUid());
-        claimsMap.put("mobile", userInfoVo.getMobile());
-        claimsMap.put("nickname", userInfoVo.getNickname());
-        loginInfoVo.setToken(this.ssoProcess(claimsMap));
        return ResponseDto.success(AdamLoginInfoVo.getNew());
    }
@@ -191,51 +179,44 @@ public class AdamLoginController {
            loginInfoVo.setUserMemberVo(adamRdmService.getUserMemberVoByUid(uid));
            loginInfoVo.setMemberSimpleVo(adamRdmService.getMemberSimpleVo());
        } else {// 新账号注册
-            if (!this.checkSmsCode(parameter.getMobile(), parameter.getCode())) return ResponseDto.failure(ErrorMapping.get("10002"));
+            if (!this.checkSmsCode(parameter.getMobile(), parameter.getCode()))
+                return ResponseDto.failure(ErrorMapping.get("10002"));
            AdamUserInfoVo registerUserInfo = adamUserService.register(parameter);
            loginInfoVo.setUserInfo(registerUserInfo);
            loginInfoVo.setThirdPartInfo(adamRdmService.getThirdPartVoListByUid(registerUserInfo.getUid()));
            loginInfoVo.setMemberSimpleVo(adamRdmService.getMemberSimpleVo());
        }
+        loginInfoVo.setToken(this.ssoProcess(loginInfoVo.getUserInfo()));
-        Map<String, Object> claimsMap = new HashMap<>();
-        claimsMap.put("sub", loginInfoVo.getUserInfo().getUid());
-        claimsMap.put("mobile", loginInfoVo.getUserInfo().getMobile());
-        claimsMap.put("nickname", loginInfoVo.getUserInfo().getNickname());
-        loginInfoVo.setToken(this.ssoProcess(claimsMap));
        return ResponseDto.success(loginInfoVo);
    }
    @ApiOperationSupport(order = 6)
    @ApiOperation(value = "登出")
    @PostMapping(value = {"out"})
-    public ResponseDto<Object> logout(HttpServletRequest request) {
+    public void logout() {
-        String uToken = request.getHeader(CurrentUtil.uToken);
+        log.info("###logout:uid:{}\ntoken:{}", CurrentUtil.getCurrentUid(), CurrentUtil.getToken());
-        log.info("###logout:uid:{}\ntoken:{}\nuToken:{}", CurrentUtil.getCurrentUid(), CurrentUtil.getToken(), uToken);
-        String ssoKeyUidM5Token = jwtValidator.getSsoRedisKey().concat(CurrentUtil.getCurrentUid()).concat(
+        redisUtil.del(jwtValidator.getSsoRedisKey().concat(CurrentUtil.getCurrentUid()));
-                DigestUtils.md5DigestAsHex(uToken.getBytes(StandardCharsets.UTF_8))
-        );
-        redisUtil.set(ssoKeyUidM5Token, false);
-        return ResponseDto.success();
    }
    @ApiOperationSupport(order = 7)
    @ApiOperation(value = "注销")
    @PostMapping(value = {"close"})
-    public ResponseDto<Object> close(HttpServletRequest request) {
+    public ResponseDto<Object> close() {
        log.info("###close:uid:{}", CurrentUtil.getCurrentUid());
        adamUserService.close(CurrentUtil.getCurrentUid());
-        return this.logout(request);
+        this.logout();
+        return ResponseDto.success();
    }
    /* ---------------------------- Internal Method ---------------------------- */
    private boolean checkSmsCode(String mobile, String code) {
-        if (Arrays.asList("dev", "test").contains(environment.getProperty("spring.profiles.active"))) {
+        if (Arrays.asList("dev", "test").contains(env.getProperty("spring.profiles.active"))) {
            return "111111".equals(code);
        }
@@ -275,18 +256,20 @@ public class AdamLoginController {
        return null;
    }
-    private String ssoProcess(Map<String, Object> claimsMap) {
+    private String ssoProcess(AdamUserInfoVo userInfoVo) {
-        String uid = (String) claimsMap.get("sub");
+        Map<String, Object> claimsMap = new HashMap<>();
+        claimsMap.put("sub", userInfoVo.getUid());
-        String uidSso = jwtValidator.getSsoRedisKey().concat(uid);
+        // TODO: 2021/5/25 修改手机号更新TOKEN
+        claimsMap.put("mobile", userInfoVo.getMobile());
-//        redisUtil.delKeysByPrefix(uidSso);
+        claimsMap.put("nickname", userInfoVo.getNickname());
        String token = jwtValidator.create(claimsMap);
-        String ssoKey = uidSso.concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
+        redisUtil.set(
+                jwtValidator.getSsoRedisKey().concat(userInfoVo.getUid()),
-        redisUtil.set(ssoKey, true, jwtValidator.getExpireTtl() * 60);
+                DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)),
+                jwtValidator.getExpireTtl() * 60
+        );
        return token;
    }

--- a/liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/service/impl/AdamRdmServiceImpl.java
+++ b/liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/service/impl/AdamRdmServiceImpl.java
@@ -212,7 +212,7 @@ public class AdamRdmServiceImpl implements IAdamRdmService {
    @Override
    public void delUserMemberVoByUid(String uid) {
-        redisUtil.del(AdamRedisConst.INFO_USER_MEMBER.concat(uid));;
+        redisUtil.del(AdamRedisConst.INFO_USER_MEMBER.concat(uid));
    }
    @Override

--- a/liquidnet-bus-service/liquidnet-service-kylin/liquidnet-service-kylin-impl/src/main/java/com/liquidnet/service/kylin/controller/KylinStationController.java
+++ b/liquidnet-bus-service/liquidnet-service-kylin/liquidnet-service-kylin-impl/src/main/java/com/liquidnet/service/kylin/controller/KylinStationController.java
@@ -85,20 +85,17 @@ public class KylinStationController {
    @ApiOperation(value = "登出")
    @PostMapping("out")
-    public ResponseDto<String> out() {
+    public void out() {
        String checkUserId = CurrentUtil.getCurrentUid();
        String token = CurrentUtil.getToken();
-        String ssoKeyUidM5Token = jwtValidator.getSsoRedisKey().concat(CurrentUtil.getCurrentUid()).concat(
+        String ssoUidM5TokenKey = jwtValidator.getSsoRedisKey()
-                DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8))
+                .concat(checkUserId).concat(":").concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
-        );
-        log.info("###logout:checkUserId:{}\nssoKey:{}\ntoken:{}", checkUserId, ssoKeyUidM5Token, token);
-        redisUtil.set(ssoKeyUidM5Token, false);
+        log.info("###logout:checkUserId:{}\nssoKey:{}\ntoken:{}", checkUserId, ssoUidM5TokenKey, token);
-        return ResponseDto.success();
+        redisUtil.set(ssoUidM5TokenKey, 0);
    }
    /* ------------------------------------------------------------------ */
@@ -400,20 +397,18 @@ public class KylinStationController {
    }
    private ResponseDto<KylinStationLoginVo> loginAuthentication(KylinCheckUserVo checkUserVo) {
-        String uid = checkUserVo.getCheckUserId();
-        String ssoKeyUid = jwtValidator.getSsoRedisKey().concat(uid);
        Map<String, Object> claimsMap = new HashMap<>();
-        claimsMap.put("sub", uid);
+        claimsMap.put("sub", checkUserVo.getCheckUserId());
        claimsMap.put("mobile", checkUserVo.getMobile());
        claimsMap.put("nickname", checkUserVo.getName());
        String token = jwtValidator.create(claimsMap);
-        String ssoKeyUidM5Token = ssoKeyUid.concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
+        String ssoUidM5TokenKey = jwtValidator.getSsoRedisKey()
+                .concat(checkUserVo.getCheckUserId())
+                .concat(":").concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
-        redisUtil.set(ssoKeyUidM5Token, true, jwtValidator.getExpireTtl() * 60);
+        redisUtil.set(ssoUidM5TokenKey, 1, jwtValidator.getExpireTtl() * 60);
        KylinStationLoginVo stationLoginVo = KylinStationLoginVo.getNew();
        stationLoginVo.setUid(checkUserVo.getCheckUserId());

--- a/liquidnet-bus-support/liquidnet-support-zuul/src/main/java/com/liquidnet/support/zuul/filter/GlobalAuthFilter.java
+++ b/liquidnet-bus-support/liquidnet-support-zuul/src/main/java/com/liquidnet/support/zuul/filter/GlobalAuthFilter.java
@@ -35,6 +35,8 @@ public class GlobalAuthFilter extends ZuulFilter {
    private List<String> excludeUrl;
    private List<String> excludeUrlPattern;
+    private static final String KYLIN_STATION_JWT_VALID = "/kylin/station/**";
    private static final String CONTENT_TYPE = "application/json;charset=utf-8";
    private static final String AUTHORIZATION = "authorization";
    private static final String TOKEN_STATUS = "token_status";
@@ -80,6 +82,8 @@ public class GlobalAuthFilter extends ZuulFilter {
                ctx.addZuulRequestHeader(TOKEN_STATUS, TOKEN_ILLEGAL);
            }
            ctx.addZuulRequestHeader(CurrentUtil.uToken, token);
+        } else {
+            ctx.addZuulRequestHeader(TOKEN_STATUS, TOKEN_ILLEGAL);
        }
        String requestURI = ctxRequest.getRequestURI();
@@ -106,36 +110,43 @@ public class GlobalAuthFilter extends ZuulFilter {
    @Override
    public Object run() {
        RequestContext ctx = RequestContext.getCurrentContext();
        Map<String, String> zuulRequestHeaders = ctx.getZuulRequestHeaders();
-        String uToken = zuulRequestHeaders.get(CurrentUtil.uToken);
+        log.debug("lns.headers:{}", zuulRequestHeaders);
-        log.debug("headers:{}", zuulRequestHeaders);
+        String uToken = zuulRequestHeaders.get(CurrentUtil.uToken), uid;
+        if (StringUtils.isEmpty(uToken) || StringUtils.isEmpty(uid = zuulRequestHeaders.get(CurrentUtil.uID))) {
+            this.respHandler(ctx, zuulRequestHeaders.get(TOKEN_STATUS));
-        if (StringUtils.isEmpty(uToken)) {
+            return null;
-            respHandler(ctx, TOKEN_ILLEGAL);
+        }
-        } else {
+        if (PathMatchUtil.isPathMatch(KYLIN_STATION_JWT_VALID, ctx.getRequest().getRequestURI())) {// 专业版APP
-            String uid = zuulRequestHeaders.get(CurrentUtil.uID);
+            // adam:identity:sso:${uid}:MD5(${token})=${1-在线|0-离线}
+            String ssoUidM5TokenKey = jwtValidator.getSsoRedisKey()
-            if (StringUtils.isEmpty(uid)) {
+                    .concat(uid).concat(":").concat(DigestUtils.md5DigestAsHex(uToken.getBytes(StandardCharsets.UTF_8)));
-                respHandler(ctx, zuulRequestHeaders.get(TOKEN_STATUS));
+            Integer online = (Integer) redisUtil.get(ssoUidM5TokenKey);
+            if (null == online || online != 1) {
+                this.respHandler(ctx, TOKEN_INVALID);
            } else {
-                String ssoKeyUidM5Token = jwtValidator.getSsoRedisKey().concat(uid).concat(
+                ctx.setSendZuulResponse(true);
-                        DigestUtils.md5DigestAsHex(uToken.getBytes(StandardCharsets.UTF_8))
+            }
-                );
+        } else {
+            // adam:identity:sso:${uid}=MD5(${token})
-                if (redisUtil.hasKey(ssoKeyUidM5Token)) {// 是否存在SSO
+            String ssoKey = jwtValidator.getSsoRedisKey().concat(uid);
-                    if ((boolean) redisUtil.get(ssoKeyUidM5Token)) {// 是否在线
-                        ctx.setSendZuulResponse(true);
+            String md5Token = (String) redisUtil.get(ssoKey);
-                    } else {
-                        respHandler(ctx, TOKEN_INVALID);
+            if (StringUtils.isEmpty(md5Token)) {
-                    }
+                // 已离线
+                this.respHandler(ctx, TOKEN_INVALID);
+            } else {
+                // 与在线TOKEN比对
+                if (md5Token.equals(DigestUtils.md5DigestAsHex(uToken.getBytes(StandardCharsets.UTF_8)))) {
+                    // 一致则放行
+                    ctx.setSendZuulResponse(true);
                } else {
-                    respHandler(ctx, TOKEN_KICK);
+                    // 不一致则被踢下线
+                    this.respHandler(ctx, TOKEN_KICK);
                }
            }
        }