From 4b86cf6bbe5a7204a801169398fa836e8e06c109 Mon Sep 17 00:00:00 2001
From: guoshilong <123456>
Date: Wed, 14 Dec 2022 17:04:36 +0800
Subject: [PATCH] Merge remote-tracking branch 'refs/remotes/origin/master'

---
 src/main/java/org/springblade/modules/auth/granter/RefreshTokenGranter.java |  114 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 114 insertions(+), 0 deletions(-)

diff --git a/src/main/java/org/springblade/modules/auth/granter/RefreshTokenGranter.java b/src/main/java/org/springblade/modules/auth/granter/RefreshTokenGranter.java
new file mode 100644
index 0000000..a6deb6f
--- /dev/null
+++ b/src/main/java/org/springblade/modules/auth/granter/RefreshTokenGranter.java
@@ -0,0 +1,114 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.modules.auth.granter;
+
+import io.jsonwebtoken.Claims;
+import lombok.AllArgsConstructor;
+import org.springblade.core.jwt.JwtUtil;
+import org.springblade.core.jwt.props.JwtProperties;
+import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.log.exception.ServiceException;
+import org.springblade.core.secure.utils.AuthUtil;
+import org.springblade.core.tool.utils.Func;
+import org.springblade.core.tool.utils.StringUtil;
+import org.springblade.modules.auth.provider.ITokenGranter;
+import org.springblade.modules.auth.provider.TokenParameter;
+import org.springblade.modules.auth.utils.TokenUtil;
+import org.springblade.modules.system.entity.Tenant;
+import org.springblade.modules.system.entity.UserInfo;
+import org.springblade.modules.system.service.IRoleService;
+import org.springblade.modules.system.service.ITenantService;
+import org.springblade.modules.system.service.IUserService;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * RefreshTokenGranter
+ *
+ * @author Chill
+ */
+@Component
+@AllArgsConstructor
+public class RefreshTokenGranter implements ITokenGranter {
+
+	public static final String GRANT_TYPE = "refresh_token";
+
+	private final IUserService userService;
+	private final IRoleService roleService;
+	private final ITenantService tenantService;
+	private final JwtProperties jwtProperties;
+
+	@Override
+	public UserInfo grant(TokenParameter tokenParameter) {
+		String tenantId = tokenParameter.getArgs().getStr("tenantId");
+		String grantType = tokenParameter.getArgs().getStr("grantType");
+		String refreshToken = tokenParameter.getArgs().getStr("refreshToken");
+		String deptId = tokenParameter.getArgs().getStr("deptId");
+		String roleId = tokenParameter.getArgs().getStr("roleId");
+		UserInfo userInfo = null;
+		if (Func.isNoneBlank(grantType, refreshToken) && grantType.equals(TokenConstant.REFRESH_TOKEN)) {
+			// 判断令牌合法性
+			if (!judgeRefreshToken(grantType, refreshToken)) {
+				throw new ServiceException(TokenUtil.TOKEN_NOT_PERMISSION);
+			}
+			Claims claims = AuthUtil.parseJWT(refreshToken);
+			if (claims != null) {
+				String tokenType = Func.toStr(claims.get(TokenConstant.TOKEN_TYPE));
+				if (tokenType.equals(TokenConstant.REFRESH_TOKEN)) {
+					// 获取租户信息
+					Tenant tenant = tenantService.getByTenantId(tenantId);
+					if (TokenUtil.judgeTenant(tenant)) {
+						throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
+					}
+					// 获取用户信息
+					userInfo = userService.userInfo(Func.toLong(claims.get(TokenConstant.USER_ID)));
+					// 设置多部门信息
+					if (Func.isNotEmpty(deptId) && userInfo.getUser().getDeptId().contains(deptId)) {
+						userInfo.getUser().setDeptId(deptId);
+					}
+					// 设置多角色信息
+					if (Func.isNotEmpty(roleId) && userInfo.getUser().getRoleId().contains(roleId)) {
+						userInfo.getUser().setRoleId(roleId);
+						List<String> roleAliases = roleService.getRoleAliases(roleId);
+						userInfo.setRoles(roleAliases);
+					}
+				}
+			}
+		}
+		return userInfo;
+	}
+
+	/**
+	 * 校验refreshToken合法性
+	 *
+	 * @param grantType    认证类型
+	 * @param refreshToken refreshToken
+	 */
+	private boolean judgeRefreshToken(String grantType, String refreshToken) {
+		if (jwtProperties.getState() && jwtProperties.getSingle()) {
+			Claims claims = JwtUtil.parseJWT(refreshToken);
+			String tenantId = String.valueOf(claims.get("tenant_id"));
+			String userId = String.valueOf(claims.get("user_id"));
+			String token = JwtUtil.getRefreshToken(tenantId, userId, refreshToken);
+			return StringUtil.equalsIgnoreCase(token, refreshToken);
+		}
+		return true;
+	}
+
+
+}

--
Gitblit v1.9.3