【7.6.0】【auth】调整登录接口，移除cookie的创建

2023-05-11 22:38:59 +08:00 · 2023-05-11 22:38:59 +08:00 · e377ef5a90
parent c408bb2e0f
commit e377ef5a90
11 changed files with 12 additions and 201 deletions
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/SessionManagerApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/SessionManagerApi.java
@ -48,7 +48,7 @@ public interface SessionManagerApi {
     * @author fengshuonan
     * @since 2020/10/19 16:47
     */
-    void createSession(String token, LoginUser loginUser, Boolean createCookie);
+    void createSession(String token, LoginUser loginUser);

    /**
     * 更新当前会话的loginUser对象的内容
@ -109,16 +109,6 @@ public interface SessionManagerApi {
     */
    void refreshSession(String token);

-    /**
-     * 销毁当前用户对应的会话cookie
-     * <p>
-     * 一般用在单体不分离版本中
-     *
-     * @author fengshuonan
-     * @since 2021/1/2 20:25
-     */
-    void destroySessionCookie();
-
    /**
     * 获取在线用户列表
     *
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/cookie/SessionCookieCreator.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/cookie/SessionCookieCreator.java
@ -1,65 +0,0 @@
-/*
- * Copyright [2020-2030] [https://www.stylefeng.cn]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
- *
- * 1.请不要删除和修改根目录下的LICENSE文件。
- * 2.请不要删除和修改Guns源码头部的版权声明。
- * 3.请保留源码和相关描述文件的项目出处，作者声明等。
- * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
- * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
- * 6.若您的项目无法满足以上几点，可申请商业授权
- */
-package cn.stylefeng.roses.kernel.auth.api.cookie;
-
-import javax.servlet.http.Cookie;
-
-/**
- * cookie的创建器，用在session创建时，给httpServletResponse添加cookie
- * <p>
- * 每个公司情况不一样，所以预留拓展接口
- *
- * @author fengshuonan
- * @since 2020/12/27 13:28
- */
-public abstract class SessionCookieCreator {
-
-    /**
-     * 创建cookie的操作
-     * <p>
-     * 这里不要重写这个方法，重写后名称对不上可能导致登录后权限校验失败
-     *
-     * @param cookieName            cookie的名称
-     * @param cookieValue           cookie的值
-     * @param sessionExpiredSeconds cookie过期时间
-     * @author fengshuonan
-     * @since 2020/12/27 13:29
-     */
-    public Cookie createCookie(String cookieName, String cookieValue, Integer sessionExpiredSeconds) {
-        Cookie cookie = new Cookie(cookieName, cookieValue);
-        cookie.setMaxAge(sessionExpiredSeconds);
-        this.expandCookieProp(cookie);
-        return cookie;
-    }
-
-    /**
-     * 拓展cookie的配置
-     *
-     * @author fengshuonan
-     * @since 2020/12/27 13:41
-     */
-    public abstract void expandCookieProp(Cookie cookie);
-
-}
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/auth/LoginRequest.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/auth/LoginRequest.java
@ -74,12 +74,6 @@ public class LoginRequest extends BaseRequest {
    @ChineseDescription("用户输入的验证码的值")
    private String verCode;

-    /**
-     * 是否写入cookie会话信息
-     */
-    @ChineseDescription("是否写入cookie会话信息")
-    private Boolean createCookie = false;
-
    /**
     * 租户编码
     */
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@ -216,7 +216,6 @@ public class AuthServiceImpl implements AuthServiceApi {
        }

        logoutWithToken(token);
-        sessionManagerApi.destroySessionCookie();
    }

    @Override
@ -428,7 +427,7 @@ public class AuthServiceImpl implements AuthServiceApi {
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());

            // 10. 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, loginRequest.getCreateCookie());
+            sessionManagerApi.createSession(jwtToken, loginUser);

            // 11. 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/DefaultSessionManager.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/DefaultSessionManager.java
@ -25,20 +25,14 @@
 package cn.stylefeng.roses.kernel.auth.session;

 import cn.hutool.core.bean.BeanUtil;
-import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
-import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
-import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.message.api.expander.WebSocketConfigExpander;
 import cn.stylefeng.roses.kernel.rule.callback.ConfigUpdateCallback;
-import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;

-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
 import java.util.*;

 import static cn.stylefeng.roses.kernel.message.api.constants.MessageConstants.WEB_SOCKET_WS_URL_CONFIG_CODE;
@ -74,23 +68,16 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
     */
    private final Long sessionExpiredSeconds;

-    /**
-     * cookie的创建器，用在session创建时，给response添加cookie
-     */
-    private final SessionCookieCreator sessionCookieCreator;
-
    public DefaultSessionManager(CacheOperatorApi<LoginUser> loginUserCache,
                                 CacheOperatorApi<Set<String>> allPlaceLoginTokenCache,
-                                 Long sessionExpiredSeconds,
-                                 SessionCookieCreator sessionCookieCreator) {
+                                 Long sessionExpiredSeconds) {
        this.loginUserCache = loginUserCache;
        this.allPlaceLoginTokenCache = allPlaceLoginTokenCache;
        this.sessionExpiredSeconds = sessionExpiredSeconds;
-        this.sessionCookieCreator = sessionCookieCreator;
    }

    @Override
-    public void createSession(String token, LoginUser loginUser, Boolean createCookie) {
+    public void createSession(String token, LoginUser loginUser) {

        // 装配用户信息的缓存
        loginUserCache.put(token, loginUser, sessionExpiredSeconds);
@ -102,15 +89,6 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
        }
        theUserTokens.add(token);
        allPlaceLoginTokenCache.put(loginUser.getUserId().toString(), theUserTokens);
-
-        // 如果开启了cookie存储会话信息，则需要给HttpServletResponse添加一个cookie
-        if (createCookie) {
-            String sessionCookieName = AuthConfigExpander.getSessionCookieName();
-            Cookie cookie = sessionCookieCreator.createCookie(sessionCookieName, token, Convert.toInt(AuthConfigExpander.getAuthJwtTimeoutSeconds()));
-            HttpServletResponse response = HttpServletUtil.getResponse();
-            response.addCookie(cookie);
-        }
-
    }

    @Override
@ -193,15 +171,6 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
        }
    }

-    @Override
-    public void destroySessionCookie() {
-        // 如果开启了cookie存储会话信息，则需要给HttpServletResponse添加一个cookie
-        String sessionCookieName = AuthConfigExpander.getSessionCookieName();
-        Cookie cookie = sessionCookieCreator.createCookie(sessionCookieName, null, 0);
-        HttpServletResponse response = HttpServletUtil.getResponse();
-        response.addCookie(cookie);
-    }
-
    @Override
    public List<LoginUser> onlineUserList() {
        Map<String, LoginUser> allKeyValues = loginUserCache.getAllKeyValues();
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cookie/DefaultSessionCookieCreator.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cookie/DefaultSessionCookieCreator.java
@ -1,47 +0,0 @@
-/*
- * Copyright [2020-2030] [https://www.stylefeng.cn]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
- *
- * 1.请不要删除和修改根目录下的LICENSE文件。
- * 2.请不要删除和修改Guns源码头部的版权声明。
- * 3.请保留源码和相关描述文件的项目出处，作者声明等。
- * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
- * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
- * 6.若您的项目无法满足以上几点，可申请商业授权
- */
-package cn.stylefeng.roses.kernel.auth.session.cookie;
-
-import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
-
-import javax.servlet.http.Cookie;
-
-/**
- * 默认的cookie创建
- * <p>
- * 这里预留了expandCookieProp的接口可以拓展cookie的属性
- *
- * @author fengshuonan
- * @since 2020/12/27 13:29
- */
-public class DefaultSessionCookieCreator extends SessionCookieCreator {
-
-    @Override
-    public void expandCookieProp(Cookie cookie) {
-        cookie.setHttpOnly(true);
-        cookie.setPath("/");
-    }
-
-}
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/AuthAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/AuthAutoConfiguration.java
@ -25,7 +25,6 @@
 package cn.stylefeng.roses.kernel.auth.starter;

 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
-import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordTransferEncryptApi;
@ -34,7 +33,6 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.auth.password.BcryptPasswordStoredEncrypt;
 import cn.stylefeng.roses.kernel.auth.password.RsaPasswordTransferEncrypt;
 import cn.stylefeng.roses.kernel.auth.session.DefaultSessionManager;
-import cn.stylefeng.roses.kernel.auth.session.cookie.DefaultSessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.session.timer.ClearInvalidLoginUserCacheTimer;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.jwt.JwtTokenOperator;
@ -103,18 +101,6 @@ public class AuthAutoConfiguration {
        return new RsaPasswordTransferEncrypt(pwdRsaSecretProperties.getPublicKey(), pwdRsaSecretProperties.getPrivateKey());
    }

-    /**
-     * session cookie的创建
-     *
-     * @author fengshuonan
-     * @since 2020/12/27 15:48
-     */
-    @Bean
-    @ConditionalOnMissingBean(SessionCookieCreator.class)
-    public SessionCookieCreator sessionCookieCreator() {
-        return new DefaultSessionCookieCreator();
-    }
-
    /**
     * 默认的session缓存为内存缓存，方便启动
     * <p>
@ -127,7 +113,7 @@ public class AuthAutoConfiguration {
    @ConditionalOnMissingBean(SessionManagerApi.class)
    public SessionManagerApi sessionManagerApi(CacheOperatorApi<LoginUser> loginUserCache, CacheOperatorApi<Set<String>> allPlaceLoginTokenCache) {
        Long sessionExpiredSeconds = AuthConfigExpander.getSessionExpiredSeconds();
-        return new DefaultSessionManager(loginUserCache, allPlaceLoginTokenCache, sessionExpiredSeconds, sessionCookieCreator());
+        return new DefaultSessionManager(loginUserCache, allPlaceLoginTokenCache, sessionExpiredSeconds);
    }

    /**
--- a/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
+++ b/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
@ -156,8 +156,7 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
    @Override
    public LoginResponse login(LoginRequest loginRequest) {

-        // 不创建cookie，默认开启记住我（7天会话）
-        loginRequest.setCreateCookie(false);
+        // 默认开启记住我（7天会话）
        loginRequest.setRememberMe(true);

        // 验证拖拽验证码
@ -207,7 +206,7 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i

        synchronized (SESSION_OPERATE_LOCK) {
            // 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, loginRequest.getCreateCookie());
+            sessionManagerApi.createSession(jwtToken, loginUser);

            // 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/CaptchaController.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/CaptchaController.java
@ -47,7 +47,7 @@ import static cn.stylefeng.roses.kernel.rule.constants.RuleConstants.BASE64_IMG_
 */
@RestController
@ApiResource(name = "用户登录图形验证码", resBizType = ResBizTypeEnum.SYSTEM)
-public class KaptchaController {
+public class CaptchaController {

    @Resource
    private ImageCaptchaApi captchaApi;
@ -72,7 +72,7 @@ public class KaptchaController {
     * @author fengshuonan
     * @since 2021/7/5 12:00
     */
-    @GetResource(name = "获取图形验证码", path = "/dragCaptcha", requiredPermission = false, requiredLogin = false)
+    @GetResource(name = "获取拖拽验证码", path = "/dragCaptcha", requiredPermission = false, requiredLogin = false)
    public ResponseData<DragCaptchaImageDTO> dragCaptcha() {
        DragCaptchaImageDTO captcha = dragCaptchaApi.createCaptcha();
        captcha.setSrcImage(BASE64_IMG_PREFIX + captcha.getSrcImage());
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
@ -78,27 +78,13 @@ public class LoginController {
    private CacheOperatorApi<String> caClientTokenCacheApi;

    /**
-     * 用户登陆
+     * 用户登陆API
     *
     * @author fengshuonan
     * @since 2021/3/17 17:23
     */
-    @PostResource(name = "登陆", path = "/login", requiredLogin = false, requiredPermission = false)
-    public ResponseData<String> login(@RequestBody @Validated LoginRequest loginRequest) {
-        loginRequest.setCreateCookie(true);
-        LoginResponse loginResponse = authServiceApi.login(loginRequest);
-        return new SuccessResponseData<>(loginResponse.getToken());
-    }
-
-    /**
-     * 用户登陆(提供给分离版用的接口，不会写cookie)
-     *
-     * @author fengshuonan
-     * @since 2021/3/17 17:23
-     */
-    @PostResource(name = "登陆（分离版）", path = "/loginApi", requiredLogin = false, requiredPermission = false)
+    @PostResource(name = "用户登陆API", path = "/loginApi", requiredLogin = false, requiredPermission = false)
    public ResponseData<LoginResponse> loginApi(@RequestBody @Validated LoginRequest loginRequest) {
-        loginRequest.setCreateCookie(false);
        LoginResponse loginResponse = authServiceApi.login(loginRequest);
        return new SuccessResponseData<>(loginResponse);
    }
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
@ -666,7 +666,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());

            // 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, false);
+            sessionManagerApi.createSession(jwtToken, loginUser);

            // 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {