【7.6.0】【auth】调整登录接口，移除cookie的创建

2023-05-11 22:38:59 +08:00 · 2023-05-11 22:38:59 +08:00 · e377ef5a90
parent c408bb2e0f
commit e377ef5a90
11 changed files with 12 additions and 201 deletions
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/SessionManagerApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/SessionManagerApi.java
@ -48,7 +48,7 @@ public interface SessionManagerApi {
     * @author fengshuonan
     * @since 2020/10/19 16:47
     */
-    void createSession(String token, LoginUser loginUser, Boolean createCookie);
+    void createSession(String token, LoginUser loginUser);
    /**
     * 更新当前会话的loginUser对象的内容
@ -109,16 +109,6 @@ public interface SessionManagerApi {
     */
    void refreshSession(String token);
    /**
     * 销毁当前用户对应的会话cookie
     * <p>
     * 一般用在单体不分离版本中
     *
     * @author fengshuonan
     * @since 2021/1/2 20:25
     */
    void destroySessionCookie();
    /**
     * 获取在线用户列表
     *
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/cookie/SessionCookieCreator.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/cookie/SessionCookieCreator.java
@ -1,65 +0,0 @@
 /*
 * Copyright [2020-2030] [https://www.stylefeng.cn]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
 *
 * 1.请不要删除和修改根目录下的LICENSE文件。
 * 2.请不要删除和修改Guns源码头部的版权声明。
 * 3.请保留源码和相关描述文件的项目出处，作者声明等。
 * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
 * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
 * 6.若您的项目无法满足以上几点，可申请商业授权
 */
 package cn.stylefeng.roses.kernel.auth.api.cookie;
 import javax.servlet.http.Cookie;
 /**
 * cookie的创建器，用在session创建时，给httpServletResponse添加cookie
 * <p>
 * 每个公司情况不一样，所以预留拓展接口
 *
 * @author fengshuonan
 * @since 2020/12/27 13:28
 */
 public abstract class SessionCookieCreator {
    /**
     * 创建cookie的操作
     * <p>
     * 这里不要重写这个方法，重写后名称对不上可能导致登录后权限校验失败
     *
     * @param cookieName            cookie的名称
     * @param cookieValue           cookie的值
     * @param sessionExpiredSeconds cookie过期时间
     * @author fengshuonan
     * @since 2020/12/27 13:29
     */
    public Cookie createCookie(String cookieName, String cookieValue, Integer sessionExpiredSeconds) {
        Cookie cookie = new Cookie(cookieName, cookieValue);
        cookie.setMaxAge(sessionExpiredSeconds);
        this.expandCookieProp(cookie);
        return cookie;
    }
    /**
     * 拓展cookie的配置
     *
     * @author fengshuonan
     * @since 2020/12/27 13:41
     */
    public abstract void expandCookieProp(Cookie cookie);
 }
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/auth/LoginRequest.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/auth/LoginRequest.java
@ -74,12 +74,6 @@ public class LoginRequest extends BaseRequest {
    @ChineseDescription("用户输入的验证码的值")
    private String verCode;
    /**
     * 是否写入cookie会话信息
     */
    @ChineseDescription("是否写入cookie会话信息")
    private Boolean createCookie = false;
    /**
     * 租户编码
     */
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@ -216,7 +216,6 @@ public class AuthServiceImpl implements AuthServiceApi {
        }
        logoutWithToken(token);
        sessionManagerApi.destroySessionCookie();
    }
    @Override
@ -428,7 +427,7 @@ public class AuthServiceImpl implements AuthServiceApi {
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());
            // 10. 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, loginRequest.getCreateCookie());
+            sessionManagerApi.createSession(jwtToken, loginUser);
            // 11. 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/DefaultSessionManager.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/DefaultSessionManager.java
@ -25,20 +25,14 @@
 package cn.stylefeng.roses.kernel.auth.session;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.message.api.expander.WebSocketConfigExpander;
 import cn.stylefeng.roses.kernel.rule.callback.ConfigUpdateCallback;
 import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 import java.util.*;
 import static cn.stylefeng.roses.kernel.message.api.constants.MessageConstants.WEB_SOCKET_WS_URL_CONFIG_CODE;
@ -74,23 +68,16 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
     */
    private final Long sessionExpiredSeconds;
    /**
     * cookie的创建器，用在session创建时，给response添加cookie
     */
    private final SessionCookieCreator sessionCookieCreator;
    public DefaultSessionManager(CacheOperatorApi<LoginUser> loginUserCache,
                                 CacheOperatorApi<Set<String>> allPlaceLoginTokenCache,
-                                 Long sessionExpiredSeconds,
+                                 Long sessionExpiredSeconds) {
                                 SessionCookieCreator sessionCookieCreator) {
        this.loginUserCache = loginUserCache;
        this.allPlaceLoginTokenCache = allPlaceLoginTokenCache;
        this.sessionExpiredSeconds = sessionExpiredSeconds;
        this.sessionCookieCreator = sessionCookieCreator;
    }
    @Override
-    public void createSession(String token, LoginUser loginUser, Boolean createCookie) {
+    public void createSession(String token, LoginUser loginUser) {
        // 装配用户信息的缓存
        loginUserCache.put(token, loginUser, sessionExpiredSeconds);
@ -102,15 +89,6 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
        }
        theUserTokens.add(token);
        allPlaceLoginTokenCache.put(loginUser.getUserId().toString(), theUserTokens);
        // 如果开启了cookie存储会话信息，则需要给HttpServletResponse添加一个cookie
        if (createCookie) {
            String sessionCookieName = AuthConfigExpander.getSessionCookieName();
            Cookie cookie = sessionCookieCreator.createCookie(sessionCookieName, token, Convert.toInt(AuthConfigExpander.getAuthJwtTimeoutSeconds()));
            HttpServletResponse response = HttpServletUtil.getResponse();
            response.addCookie(cookie);
        }
    }
    @Override
@ -193,15 +171,6 @@ public class DefaultSessionManager implements SessionManagerApi, ConfigUpdateCal
        }
    }
    @Override
    public void destroySessionCookie() {
        // 如果开启了cookie存储会话信息，则需要给HttpServletResponse添加一个cookie
        String sessionCookieName = AuthConfigExpander.getSessionCookieName();
        Cookie cookie = sessionCookieCreator.createCookie(sessionCookieName, null, 0);
        HttpServletResponse response = HttpServletUtil.getResponse();
        response.addCookie(cookie);
    }
    @Override
    public List<LoginUser> onlineUserList() {
        Map<String, LoginUser> allKeyValues = loginUserCache.getAllKeyValues();
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cookie/DefaultSessionCookieCreator.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/session/cookie/DefaultSessionCookieCreator.java
@ -1,47 +0,0 @@
 /*
 * Copyright [2020-2030] [https://www.stylefeng.cn]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
 *
 * 1.请不要删除和修改根目录下的LICENSE文件。
 * 2.请不要删除和修改Guns源码头部的版权声明。
 * 3.请保留源码和相关描述文件的项目出处，作者声明等。
 * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
 * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
 * 6.若您的项目无法满足以上几点，可申请商业授权
 */
 package cn.stylefeng.roses.kernel.auth.session.cookie;
 import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
 import javax.servlet.http.Cookie;
 /**
 * 默认的cookie创建
 * <p>
 * 这里预留了expandCookieProp的接口可以拓展cookie的属性
 *
 * @author fengshuonan
 * @since 2020/12/27 13:29
 */
 public class DefaultSessionCookieCreator extends SessionCookieCreator {
    @Override
    public void expandCookieProp(Cookie cookie) {
        cookie.setHttpOnly(true);
        cookie.setPath("/");
    }
 }
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/AuthAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/AuthAutoConfiguration.java
@ -25,7 +25,6 @@
 package cn.stylefeng.roses.kernel.auth.starter;
 import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
 import cn.stylefeng.roses.kernel.auth.api.cookie.SessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordTransferEncryptApi;
@ -34,7 +33,6 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.auth.password.BcryptPasswordStoredEncrypt;
 import cn.stylefeng.roses.kernel.auth.password.RsaPasswordTransferEncrypt;
 import cn.stylefeng.roses.kernel.auth.session.DefaultSessionManager;
 import cn.stylefeng.roses.kernel.auth.session.cookie.DefaultSessionCookieCreator;
 import cn.stylefeng.roses.kernel.auth.session.timer.ClearInvalidLoginUserCacheTimer;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.jwt.JwtTokenOperator;
@ -103,18 +101,6 @@ public class AuthAutoConfiguration {
        return new RsaPasswordTransferEncrypt(pwdRsaSecretProperties.getPublicKey(), pwdRsaSecretProperties.getPrivateKey());
    }
    /**
     * session cookie的创建
     *
     * @author fengshuonan
     * @since 2020/12/27 15:48
     */
    @Bean
    @ConditionalOnMissingBean(SessionCookieCreator.class)
    public SessionCookieCreator sessionCookieCreator() {
        return new DefaultSessionCookieCreator();
    }
    /**
     * 默认的session缓存为内存缓存，方便启动
     * <p>
@ -127,7 +113,7 @@ public class AuthAutoConfiguration {
    @ConditionalOnMissingBean(SessionManagerApi.class)
    public SessionManagerApi sessionManagerApi(CacheOperatorApi<LoginUser> loginUserCache, CacheOperatorApi<Set<String>> allPlaceLoginTokenCache) {
        Long sessionExpiredSeconds = AuthConfigExpander.getSessionExpiredSeconds();
-        return new DefaultSessionManager(loginUserCache, allPlaceLoginTokenCache, sessionExpiredSeconds, sessionCookieCreator());
+        return new DefaultSessionManager(loginUserCache, allPlaceLoginTokenCache, sessionExpiredSeconds);
    }
    /**
--- a/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
+++ b/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
@ -156,8 +156,7 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
    @Override
    public LoginResponse login(LoginRequest loginRequest) {
-        // 不创建cookie，默认开启记住我（7天会话）
+        // 默认开启记住我（7天会话）
        loginRequest.setCreateCookie(false);
        loginRequest.setRememberMe(true);
        // 验证拖拽验证码
@ -207,7 +206,7 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
        synchronized (SESSION_OPERATE_LOCK) {
            // 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, loginRequest.getCreateCookie());
+            sessionManagerApi.createSession(jwtToken, loginUser);
            // 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/CaptchaController.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/CaptchaController.java
@ -47,7 +47,7 @@ import static cn.stylefeng.roses.kernel.rule.constants.RuleConstants.BASE64_IMG_
 */
@RestController
@ApiResource(name = "用户登录图形验证码", resBizType = ResBizTypeEnum.SYSTEM)
-public class KaptchaController {
+public class CaptchaController {
    @Resource
    private ImageCaptchaApi captchaApi;
@ -72,7 +72,7 @@ public class KaptchaController {
     * @author fengshuonan
     * @since 2021/7/5 12:00
     */
-    @GetResource(name = "获取图形验证码", path = "/dragCaptcha", requiredPermission = false, requiredLogin = false)
+    @GetResource(name = "获取拖拽验证码", path = "/dragCaptcha", requiredPermission = false, requiredLogin = false)
    public ResponseData<DragCaptchaImageDTO> dragCaptcha() {
        DragCaptchaImageDTO captcha = dragCaptchaApi.createCaptcha();
        captcha.setSrcImage(BASE64_IMG_PREFIX + captcha.getSrcImage());
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/LoginController.java
@ -78,27 +78,13 @@ public class LoginController {
    private CacheOperatorApi<String> caClientTokenCacheApi;
    /**
-     * 用户登陆
+     * 用户登陆API
     *
     * @author fengshuonan
     * @since 2021/3/17 17:23
     */
-    @PostResource(name = "登陆", path = "/login", requiredLogin = false, requiredPermission = false)
+    @PostResource(name = "用户登陆API", path = "/loginApi", requiredLogin = false, requiredPermission = false)
    public ResponseData<String> login(@RequestBody @Validated LoginRequest loginRequest) {
        loginRequest.setCreateCookie(true);
        LoginResponse loginResponse = authServiceApi.login(loginRequest);
        return new SuccessResponseData<>(loginResponse.getToken());
    }
    /**
     * 用户登陆(提供给分离版用的接口，不会写cookie)
     *
     * @author fengshuonan
     * @since 2021/3/17 17:23
     */
    @PostResource(name = "登陆（分离版）", path = "/loginApi", requiredLogin = false, requiredPermission = false)
    public ResponseData<LoginResponse> loginApi(@RequestBody @Validated LoginRequest loginRequest) {
        loginRequest.setCreateCookie(false);
        LoginResponse loginResponse = authServiceApi.login(loginRequest);
        return new SuccessResponseData<>(loginResponse);
    }
--- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
+++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
@ -666,7 +666,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());
            // 缓存用户信息，创建会话
-            sessionManagerApi.createSession(jwtToken, loginUser, false);
+            sessionManagerApi.createSession(jwtToken, loginUser);
            // 如果开启了单账号单端在线，则踢掉已经上线的该用户
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {