/*
|
* Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
|
*
|
* Redistribution and use in source and binary forms, with or without
|
* modification, are permitted provided that the following conditions are met:
|
*
|
* Redistributions of source code must retain the above copyright notice,
|
* this list of conditions and the following disclaimer.
|
* Redistributions in binary form must reproduce the above copyright
|
* notice, this list of conditions and the following disclaimer in the
|
* documentation and/or other materials provided with the distribution.
|
* Neither the name of the dreamlu.net developer nor the names of its
|
* contributors may be used to endorse or promote products derived from
|
* this software without specific prior written permission.
|
* Author: Chill 庄骞 (smallchill@163.com)
|
*/
|
package org.springblade.modules.auth.utils;
|
|
import org.springblade.common.cache.CacheNames;
|
import org.springblade.common.constant.TenantConstant;
|
import org.springblade.core.launch.constant.TokenConstant;
|
import org.springblade.core.log.exception.ServiceException;
|
import org.springblade.core.redis.cache.BladeRedis;
|
import org.springblade.core.secure.TokenInfo;
|
import org.springblade.core.secure.utils.SecureUtil;
|
import org.springblade.core.tenant.BladeTenantProperties;
|
import org.springblade.core.tool.constant.BladeConstant;
|
import org.springblade.core.tool.jackson.JsonUtil;
|
import org.springblade.core.tool.support.Kv;
|
import org.springblade.core.tool.utils.*;
|
import org.springblade.modules.system.entity.Tenant;
|
import org.springblade.modules.system.entity.User;
|
import org.springblade.modules.system.entity.UserInfo;
|
|
import javax.servlet.http.HttpServletResponse;
|
import java.time.Duration;
|
import java.util.Date;
|
import java.util.HashMap;
|
import java.util.Map;
|
|
/**
|
* 认证工具类
|
*
|
* @author Chill
|
*/
|
public class TokenUtil {
|
|
public final static String DEPT_HEADER_KEY = "Dept-Id";
|
public final static String ROLE_HEADER_KEY = "Role-Id";
|
public final static String CAPTCHA_HEADER_KEY = "Captcha-Key";
|
public final static String CAPTCHA_HEADER_CODE = "Captcha-Code";
|
public final static String CAPTCHA_NOT_CORRECT = "验证码不正确";
|
public final static String TENANT_HEADER_KEY = "Tenant-Id";
|
public final static String DEFAULT_TENANT_ID = "000000";
|
public final static String USER_TYPE_HEADER_KEY = "User-Type";
|
public final static String DEFAULT_USER_TYPE = "web";
|
public final static String TOKEN_NOT_PERMISSION = "令牌授权已过期";
|
public final static String USER_NOT_FOUND = "用户名或密码错误";
|
public final static String USER_HAS_NO_ROLE = "未获得用户的角色信息";
|
public final static String USER_HAS_NO_TENANT = "未获得用户的租户信息";
|
public final static String USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员";
|
public final static String USER_HAS_TOO_MANY_FAILS = "登录错误次数过多,请稍后再试";
|
public final static String HEADER_KEY = "Authorization";
|
public final static String HEADER_PREFIX = "Basic ";
|
public final static String DEFAULT_AVATAR = "https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png";
|
|
private static BladeTenantProperties tenantProperties;
|
|
/**
|
* 获取租户配置
|
*
|
* @return tenantProperties
|
*/
|
private static BladeTenantProperties getTenantProperties() {
|
if (tenantProperties == null) {
|
tenantProperties = SpringUtil.getBean(BladeTenantProperties.class);
|
}
|
return tenantProperties;
|
}
|
|
/**
|
* 创建认证token
|
*
|
* @param userInfo 用户信息
|
* @return token
|
*/
|
public static Kv createAuthInfo(UserInfo userInfo) {
|
Kv authInfo = Kv.create();
|
User user = userInfo.getUser();
|
//设置jwt参数
|
Map<String, Object> param = new HashMap<>(16);
|
param.put(TokenConstant.TOKEN_TYPE, TokenConstant.ACCESS_TOKEN);
|
param.put(TokenConstant.TENANT_ID, user.getTenantId());
|
param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
|
param.put(TokenConstant.DEPT_ID, user.getDeptId());
|
param.put(TokenConstant.POST_ID, user.getPostId());
|
param.put(TokenConstant.ROLE_ID, user.getRoleId());
|
param.put(TokenConstant.OAUTH_ID, userInfo.getOauthId());
|
param.put(TokenConstant.ACCOUNT, user.getAccount());
|
param.put(TokenConstant.USER_NAME, user.getAccount());
|
param.put(TokenConstant.NICK_NAME, user.getRealName());
|
param.put(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()));
|
param.put(TokenConstant.DETAIL, userInfo.getDetail());
|
|
//拼装accessToken
|
try {
|
TokenInfo accessToken = SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.ACCESS_TOKEN);
|
//返回accessToken
|
return authInfo.set(TokenConstant.TENANT_ID, user.getTenantId())
|
.set(TokenConstant.USER_ID, Func.toStr(user.getId()))
|
.set(TokenConstant.DEPT_ID, user.getDeptId())
|
.set(TokenConstant.POST_ID, user.getPostId())
|
.set(TokenConstant.ROLE_ID, user.getRoleId())
|
.set(TokenConstant.OAUTH_ID, userInfo.getOauthId())
|
.set(TokenConstant.ACCOUNT, user.getAccount())
|
.set(TokenConstant.USER_NAME, user.getAccount())
|
.set(TokenConstant.NICK_NAME, user.getRealName())
|
.set(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()))
|
.set(TokenConstant.AVATAR, Func.toStr(user.getAvatar(), TokenConstant.DEFAULT_AVATAR))
|
.set(TokenConstant.ACCESS_TOKEN, accessToken.getToken())
|
.set(TokenConstant.REFRESH_TOKEN, createRefreshToken(userInfo).getToken())
|
.set(TokenConstant.TOKEN_TYPE, TokenConstant.BEARER)
|
.set(TokenConstant.EXPIRES_IN, accessToken.getExpire())
|
.set(TokenConstant.DETAIL, userInfo.getDetail())
|
.set(TokenConstant.LICENSE, TokenConstant.LICENSE_NAME);
|
} catch (Exception ex) {
|
return authInfo.set("error_code", HttpServletResponse.SC_UNAUTHORIZED).set("error_description", ex.getMessage());
|
}
|
}
|
|
/**
|
* 创建refreshToken
|
*
|
* @param userInfo 用户信息
|
* @return refreshToken
|
*/
|
private static TokenInfo createRefreshToken(UserInfo userInfo) {
|
User user = userInfo.getUser();
|
Map<String, Object> param = new HashMap<>(16);
|
param.put(TokenConstant.TOKEN_TYPE, TokenConstant.REFRESH_TOKEN);
|
param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
|
param.put(TokenConstant.DEPT_ID, Func.toStr(user.getDeptId()));
|
param.put(TokenConstant.ROLE_ID, Func.toStr(user.getRoleId()));
|
return SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.REFRESH_TOKEN);
|
}
|
|
/**
|
* 判断租户权限
|
*
|
* @param tenant 租户信息
|
* @return boolean
|
*/
|
public static boolean judgeTenant(Tenant tenant) {
|
if (tenant == null) {
|
throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT);
|
}
|
if (StringUtil.equalsIgnoreCase(tenant.getTenantId(), BladeConstant.ADMIN_TENANT_ID)) {
|
return false;
|
}
|
Date expireTime = tenant.getExpireTime();
|
if (getTenantProperties().getLicense()) {
|
String licenseKey = tenant.getLicenseKey();
|
String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
|
expireTime = JsonUtil.parse(decrypt, Tenant.class).getExpireTime();
|
}
|
if (expireTime != null && expireTime.before(DateUtil.now())) {
|
throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
|
}
|
return false;
|
}
|
|
}
|
