From 4b86cf6bbe5a7204a801169398fa836e8e06c109 Mon Sep 17 00:00:00 2001
From: guoshilong <123456>
Date: Wed, 14 Dec 2022 17:04:36 +0800
Subject: [PATCH] Merge remote-tracking branch 'refs/remotes/origin/master'

---
 src/main/java/org/springblade/modules/auth/utils/TokenUtil.java |  169 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 169 insertions(+), 0 deletions(-)

diff --git a/src/main/java/org/springblade/modules/auth/utils/TokenUtil.java b/src/main/java/org/springblade/modules/auth/utils/TokenUtil.java
new file mode 100644
index 0000000..d96dff7
--- /dev/null
+++ b/src/main/java/org/springblade/modules/auth/utils/TokenUtil.java
@@ -0,0 +1,169 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 庄骞 (smallchill@163.com)
+ */
+package org.springblade.modules.auth.utils;
+
+import org.springblade.common.constant.TenantConstant;
+import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.log.exception.ServiceException;
+import org.springblade.core.secure.TokenInfo;
+import org.springblade.core.secure.utils.SecureUtil;
+import org.springblade.core.tenant.BladeTenantProperties;
+import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.support.Kv;
+import org.springblade.core.tool.utils.*;
+import org.springblade.modules.system.entity.Tenant;
+import org.springblade.modules.system.entity.User;
+import org.springblade.modules.system.entity.UserInfo;
+
+import javax.servlet.http.HttpServletResponse;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 认证工具类
+ *
+ * @author Chill
+ */
+public class TokenUtil {
+
+	public final static String DEPT_HEADER_KEY = "Dept-Id";
+	public final static String ROLE_HEADER_KEY = "Role-Id";
+	public final static String CAPTCHA_HEADER_KEY = "Captcha-Key";
+	public final static String CAPTCHA_HEADER_CODE = "Captcha-Code";
+	public final static String CAPTCHA_NOT_CORRECT = "验证码不正确";
+	public final static String TENANT_HEADER_KEY = "Tenant-Id";
+	public final static String DEFAULT_TENANT_ID = "000000";
+	public final static String USER_TYPE_HEADER_KEY = "User-Type";
+	public final static String DEFAULT_USER_TYPE = "web";
+	public final static String TOKEN_NOT_PERMISSION = "令牌授权已过期";
+	public final static String USER_NOT_FOUND = "用户名或密码错误";
+	public final static String USER_HAS_NO_ROLE = "未获得用户的角色信息";
+	public final static String USER_HAS_NO_TENANT = "未获得用户的租户信息";
+	public final static String USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员";
+	public final static String USER_HAS_TOO_MANY_FAILS = "登录错误次数过多,请稍后再试";
+	public final static String HEADER_KEY = "Authorization";
+	public final static String HEADER_PREFIX = "Basic ";
+	public final static String DEFAULT_AVATAR = "https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png";
+
+	private static BladeTenantProperties tenantProperties;
+
+	/**
+	 * 获取租户配置
+	 *
+	 * @return tenantProperties
+	 */
+	private static BladeTenantProperties getTenantProperties() {
+		if (tenantProperties == null) {
+			tenantProperties = SpringUtil.getBean(BladeTenantProperties.class);
+		}
+		return tenantProperties;
+	}
+
+	/**
+	 * 创建认证token
+	 *
+	 * @param userInfo 用户信息
+	 * @return token
+	 */
+	public static Kv createAuthInfo(UserInfo userInfo) {
+		Kv authInfo = Kv.create();
+		User user = userInfo.getUser();
+		//设置jwt参数
+		Map<String, Object> param = new HashMap<>(16);
+		param.put(TokenConstant.TOKEN_TYPE, TokenConstant.ACCESS_TOKEN);
+		param.put(TokenConstant.TENANT_ID, user.getTenantId());
+		param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
+		param.put(TokenConstant.DEPT_ID, user.getDeptId());
+		param.put(TokenConstant.POST_ID, user.getPostId());
+		param.put(TokenConstant.ROLE_ID, user.getRoleId());
+		param.put(TokenConstant.OAUTH_ID, userInfo.getOauthId());
+		param.put(TokenConstant.ACCOUNT, user.getAccount());
+		param.put(TokenConstant.USER_NAME, user.getAccount());
+		param.put(TokenConstant.NICK_NAME, user.getRealName());
+		param.put(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()));
+		param.put(TokenConstant.DETAIL, userInfo.getDetail());
+
+		//拼装accessToken
+		try {
+			TokenInfo accessToken = SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.ACCESS_TOKEN);
+			//返回accessToken
+			return authInfo.set(TokenConstant.TENANT_ID, user.getTenantId())
+				.set(TokenConstant.USER_ID, Func.toStr(user.getId()))
+				.set(TokenConstant.DEPT_ID, user.getDeptId())
+				.set(TokenConstant.POST_ID, user.getPostId())
+				.set(TokenConstant.ROLE_ID, user.getRoleId())
+				.set(TokenConstant.OAUTH_ID, userInfo.getOauthId())
+				.set(TokenConstant.ACCOUNT, user.getAccount())
+				.set(TokenConstant.USER_NAME, user.getAccount())
+				.set(TokenConstant.NICK_NAME, user.getRealName())
+				.set(TokenConstant.ROLE_NAME, Func.join(userInfo.getRoles()))
+				.set(TokenConstant.AVATAR, Func.toStr(user.getAvatar(), TokenConstant.DEFAULT_AVATAR))
+				.set(TokenConstant.ACCESS_TOKEN, accessToken.getToken())
+				.set(TokenConstant.REFRESH_TOKEN, createRefreshToken(userInfo).getToken())
+				.set(TokenConstant.TOKEN_TYPE, TokenConstant.BEARER)
+				.set(TokenConstant.EXPIRES_IN, accessToken.getExpire())
+				.set(TokenConstant.DETAIL, userInfo.getDetail())
+				.set(TokenConstant.LICENSE, TokenConstant.LICENSE_NAME);
+		} catch (Exception ex) {
+			return authInfo.set("error_code", HttpServletResponse.SC_UNAUTHORIZED).set("error_description", ex.getMessage());
+		}
+	}
+
+	/**
+	 * 创建refreshToken
+	 *
+	 * @param userInfo 用户信息
+	 * @return refreshToken
+	 */
+	private static TokenInfo createRefreshToken(UserInfo userInfo) {
+		User user = userInfo.getUser();
+		Map<String, Object> param = new HashMap<>(16);
+		param.put(TokenConstant.TOKEN_TYPE, TokenConstant.REFRESH_TOKEN);
+		param.put(TokenConstant.USER_ID, Func.toStr(user.getId()));
+		param.put(TokenConstant.DEPT_ID, Func.toStr(user.getDeptId()));
+		param.put(TokenConstant.ROLE_ID, Func.toStr(user.getRoleId()));
+		return SecureUtil.createJWT(param, "audience", "issuser", TokenConstant.REFRESH_TOKEN);
+	}
+
+	/**
+	 * 判断租户权限
+	 *
+	 * @param tenant 租户信息
+	 * @return boolean
+	 */
+	public static boolean judgeTenant(Tenant tenant) {
+		if (tenant == null) {
+			throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT);
+		}
+		if (StringUtil.equalsIgnoreCase(tenant.getTenantId(), BladeConstant.ADMIN_TENANT_ID)) {
+			return false;
+		}
+		Date expireTime = tenant.getExpireTime();
+		if (getTenantProperties().getLicense()) {
+			String licenseKey = tenant.getLicenseKey();
+			String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
+			expireTime = JsonUtil.parse(decrypt, Tenant.class).getExpireTime();
+		}
+		if (expireTime != null && expireTime.before(DateUtil.now())) {
+			throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
+		}
+		return false;
+	}
+
+}

--
Gitblit v1.9.3