first commit

qingyun-framework/qingyun-security/pom.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <parent>
+        <groupId>com.qingyun</groupId>
+        <artifactId>qingyun-framework</artifactId>
+        <version>4.7.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>qingyun-security</artifactId>
+    <description>安全</description>
+    <packaging>jar</packaging>
+
+
+     <dependencies>
+
+         <dependency>
+             <groupId>com.qingyun</groupId>
+             <artifactId>qingyun-common</artifactId>
+         </dependency>
+
+     </dependencies>
+
+
+
+</project>

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/config/SaConfig.java

@@ -0,0 +1,51 @@
+package com.qingyun.security.satoken.config;
+
+import cn.dev33.satoken.dao.SaTokenDao;
+import cn.dev33.satoken.interceptor.SaInterceptor;
+import cn.dev33.satoken.jwt.StpLogicJwtForSimple;
+import cn.dev33.satoken.router.SaRouter;
+import cn.dev33.satoken.stp.StpInterface;
+import cn.dev33.satoken.stp.StpLogic;
+import cn.dev33.satoken.stp.StpUtil;
+import com.qingyun.common.utils.spring.SpringUtils;
+import com.qingyun.security.satoken.dao.PlusSaTokenDao;
+import com.qingyun.security.satoken.service.SaPermissionImpl;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * sa-token 配置
+ *
+ * @author jianlu
+ */
+@Configuration
+public class SaConfig  {
+
+
+    @Bean
+    public StpLogic getStpLogicJwt() {
+        // Sa-Token 整合 jwt (简单模式)
+        return new StpLogicJwtForSimple();
+    }
+
+    /**
+     * 权限接口实现(使用bean注入方便用户替换)
+     */
+    @Bean
+    public StpInterface stpInterface() {
+        return new SaPermissionImpl();
+    }
+
+    /**
+     * 自定义dao层存储
+     */
+    @Bean
+    public SaTokenDao saTokenDao() {
+        return new PlusSaTokenDao();
+    }
+
+}

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/config/properties/SecurityProperties.java

@@ -0,0 +1,23 @@
+package com.qingyun.security.satoken.config.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+/**
+ * Security 配置属性
+ *
+ * @author jianlu
+ */
+@Data
+@Component
+@ConfigurationProperties(prefix = "security")
+public class SecurityProperties {
+
+    /**
+     * 排除路径
+     */
+    private String[] excludes;
+
+
+}

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/dao/PlusSaTokenDao.java

@@ -0,0 +1,176 @@
+package com.qingyun.security.satoken.dao;
+
+import cn.dev33.satoken.dao.SaTokenDao;
+import cn.dev33.satoken.util.SaFoxUtil;
+import com.qingyun.common.utils.redis.RedisUtils;
+
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Sa-Token持久层接口(使用框架自带RedisUtils实现 协议统一)
+ *
+ * @author jianlu
+ */
+public class PlusSaTokenDao implements SaTokenDao {
+
+    /**
+     * 获取Value，如无返空
+     */
+    @Override
+    public String get(String key) {
+        return RedisUtils.getCacheObject(key);
+    }
+
+    /**
+     * 写入Value，并设定存活时间 (单位: 秒)
+     */
+    @Override
+    public void set(String key, String value, long timeout) {
+        if (timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE) {
+            return;
+        }
+        // 判断是否为永不过期
+        if (timeout == SaTokenDao.NEVER_EXPIRE) {
+            RedisUtils.setCacheObject(key, value);
+        } else {
+            RedisUtils.setCacheObject(key, value, Duration.ofSeconds(timeout));
+        }
+    }
+
+    /**
+     * 修修改指定key-value键值对 (过期时间不变)
+     */
+    @Override
+    public void update(String key, String value) {
+        long expire = getTimeout(key);
+        // -2 = 无此键
+        if (expire == SaTokenDao.NOT_VALUE_EXPIRE) {
+            return;
+        }
+        this.set(key, value, expire);
+    }
+
+    /**
+     * 删除Value
+     */
+    @Override
+    public void delete(String key) {
+        RedisUtils.deleteObject(key);
+    }
+
+    /**
+     * 获取Value的剩余存活时间 (单位: 秒)
+     */
+    @Override
+    public long getTimeout(String key) {
+        long timeout = RedisUtils.getTimeToLive(key);
+        return timeout < 0 ? timeout : timeout / 1000;
+    }
+
+    /**
+     * 修改Value的剩余存活时间 (单位: 秒)
+     */
+    @Override
+    public void updateTimeout(String key, long timeout) {
+        // 判断是否想要设置为永久
+        if (timeout == SaTokenDao.NEVER_EXPIRE) {
+            long expire = getTimeout(key);
+            if (expire == SaTokenDao.NEVER_EXPIRE) {
+                // 如果其已经被设置为永久，则不作任何处理
+            } else {
+                // 如果尚未被设置为永久，那么再次set一次
+                this.set(key, this.get(key), timeout);
+            }
+            return;
+        }
+        RedisUtils.expire(key, Duration.ofSeconds(timeout));
+    }
+
+
+    /**
+     * 获取Object，如无返空
+     */
+    @Override
+    public Object getObject(String key) {
+        return RedisUtils.getCacheObject(key);
+    }
+
+    /**
+     * 写入Object，并设定存活时间 (单位: 秒)
+     */
+    @Override
+    public void setObject(String key, Object object, long timeout) {
+        if (timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE) {
+            return;
+        }
+        // 判断是否为永不过期
+        if (timeout == SaTokenDao.NEVER_EXPIRE) {
+            RedisUtils.setCacheObject(key, object);
+        } else {
+            RedisUtils.setCacheObject(key, object, Duration.ofSeconds(timeout));
+        }
+    }
+
+    /**
+     * 更新Object (过期时间不变)
+     */
+    @Override
+    public void updateObject(String key, Object object) {
+        long expire = getObjectTimeout(key);
+        // -2 = 无此键
+        if (expire == SaTokenDao.NOT_VALUE_EXPIRE) {
+            return;
+        }
+        this.setObject(key, object, expire);
+    }
+
+    /**
+     * 删除Object
+     */
+    @Override
+    public void deleteObject(String key) {
+        RedisUtils.deleteObject(key);
+    }
+
+    /**
+     * 获取Object的剩余存活时间 (单位: 秒)
+     */
+    @Override
+    public long getObjectTimeout(String key) {
+        long timeout = RedisUtils.getTimeToLive(key);
+        return timeout < 0 ? timeout : timeout / 1000;
+    }
+
+    /**
+     * 修改Object的剩余存活时间 (单位: 秒)
+     */
+    @Override
+    public void updateObjectTimeout(String key, long timeout) {
+        // 判断是否想要设置为永久
+        if (timeout == SaTokenDao.NEVER_EXPIRE) {
+            long expire = getObjectTimeout(key);
+            if (expire == SaTokenDao.NEVER_EXPIRE) {
+                // 如果其已经被设置为永久，则不作任何处理
+            } else {
+                // 如果尚未被设置为永久，那么再次set一次
+                this.setObject(key, this.getObject(key), timeout);
+            }
+            return;
+        }
+        RedisUtils.expire(key, Duration.ofSeconds(timeout));
+    }
+
+
+    /**
+     * 搜索数据
+     */
+    @Override
+    public List<String> searchData(String prefix, String keyword, int start, int size, boolean sortType) {
+        Collection<String> keys = RedisUtils.keys(prefix + "*" + keyword + "*");
+        List<String> list = new ArrayList<>(keys);
+        return SaFoxUtil.searchList(list, start, size, sortType);
+    }
+}

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/handler/AllUrlHandler.java

@@ -0,0 +1,41 @@
+package com.qingyun.security.satoken.handler;
+
+import cn.hutool.core.util.ReUtil;
+import com.qingyun.common.utils.spring.SpringUtils;
+import lombok.Data;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+import java.util.*;
+import java.util.regex.Pattern;
+
+/**
+ * 获取所有Url配置
+ *
+ * @author jianlu
+ */
+@Data
+@Component
+public class AllUrlHandler implements InitializingBean {
+
+    private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");
+
+    private List<String> urls = new ArrayList<>();
+
+    @Override
+    public void afterPropertiesSet() {
+        Set<String> set = new HashSet<>();
+        RequestMappingHandlerMapping mapping = SpringUtils.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
+        Map<RequestMappingInfo, HandlerMethod> map = mapping.getHandlerMethods();
+        map.keySet().forEach(info -> {
+            // 获取注解上边的 path 替代 path variable 为 *
+            Objects.requireNonNull(info.getPathPatternsCondition().getPatterns())
+                .forEach(url -> set.add(ReUtil.replaceAll(url.getPatternString(), PATTERN, "*")));
+        });
+        urls.addAll(set);
+    }
+
+}

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/listener/UserActionListener.java

@@ -0,0 +1,139 @@
+package com.qingyun.security.satoken.listener;
+
+import cn.dev33.satoken.config.SaTokenConfig;
+import cn.dev33.satoken.listener.SaTokenListener;
+import cn.dev33.satoken.stp.SaLoginModel;
+import cn.hutool.http.useragent.UserAgent;
+import cn.hutool.http.useragent.UserAgentUtil;
+import com.qingyun.common.constant.CacheConstants;
+import com.qingyun.common.core.domain.dto.UserOnlineDTO;
+import com.qingyun.common.core.domain.model.LoginUser;
+import com.qingyun.common.enums.UserType;
+import com.qingyun.common.helper.LoginHelper;
+import com.qingyun.common.utils.ServletUtils;
+import com.qingyun.common.utils.ip.AddressUtils;
+import com.qingyun.common.utils.redis.RedisUtils;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import java.time.Duration;
+
+/**
+ * 用户行为 侦听器的实现
+ *
+ * @author jianlu
+ */
+@RequiredArgsConstructor
+@Component
+@Slf4j
+public class UserActionListener implements SaTokenListener {
+
+    private final SaTokenConfig tokenConfig;
+
+    /**
+     * 每次登录时触发
+     */
+    @Override
+    public void doLogin(String loginType, Object loginId, String tokenValue, SaLoginModel loginModel) {
+        UserType userType = UserType.getUserType(loginId.toString());
+        if (userType == UserType.SYS_USER) {
+            UserAgent userAgent = UserAgentUtil.parse(ServletUtils.getRequest().getHeader("User-Agent"));
+            String ip = ServletUtils.getClientIP();
+            LoginUser user = LoginHelper.getLoginUser();
+            UserOnlineDTO dto = new UserOnlineDTO();
+            dto.setIpaddr(ip);
+            dto.setLoginLocation(AddressUtils.getRealAddressByIP(ip));
+            dto.setBrowser(userAgent.getBrowser().getName());
+            dto.setOs(userAgent.getOs().getName());
+            dto.setLoginTime(System.currentTimeMillis());
+            dto.setTokenId(tokenValue);
+            dto.setUserName(user.getUsername());
+            dto.setDeptName(user.getDeptName());
+            if(tokenConfig.getTimeout() == -1) {
+                RedisUtils.setCacheObject(CacheConstants.ONLINE_TOKEN_KEY + tokenValue, dto);
+            } else {
+                RedisUtils.setCacheObject(CacheConstants.ONLINE_TOKEN_KEY + tokenValue, dto, Duration.ofSeconds(tokenConfig.getTimeout()));
+            }
+            log.info("user doLogin, userId:{}, token:{}", loginId, tokenValue);
+        } else if (userType == UserType.APP_USER) {
+            // app端 自行根据业务编写
+        }
+    }
+
+    /**
+     * 每次注销时触发
+     */
+    @Override
+    public void doLogout(String loginType, Object loginId, String tokenValue) {
+        RedisUtils.deleteObject(CacheConstants.ONLINE_TOKEN_KEY + tokenValue);
+        log.info("user doLogout, userId:{}, token:{}", loginId, tokenValue);
+    }
+
+    /**
+     * 每次被踢下线时触发
+     */
+    @Override
+    public void doKickout(String loginType, Object loginId, String tokenValue) {
+        RedisUtils.deleteObject(CacheConstants.ONLINE_TOKEN_KEY + tokenValue);
+        log.info("user doLogoutByLoginId, userId:{}, token:{}", loginId, tokenValue);
+    }
+
+    /**
+     * 每次被顶下线时触发
+     */
+    @Override
+    public void doReplaced(String loginType, Object loginId, String tokenValue) {
+        RedisUtils.deleteObject(CacheConstants.ONLINE_TOKEN_KEY + tokenValue);
+        log.info("user doReplaced, userId:{}, token:{}", loginId, tokenValue);
+    }
+
+    /**
+     * 每次被封禁时触发
+     */
+    @Override
+    public void doDisable(String loginType, Object loginId, String service, int level, long disableTime) {
+    }
+
+    /**
+     * 每次被解封时触发
+     */
+    @Override
+    public void doUntieDisable(String loginType, Object loginId, String service) {
+    }
+
+    /**
+     * 每次打开二级认证时触发
+     */
+    @Override
+    public void doOpenSafe(String loginType, String tokenValue, String service, long safeTime) {
+    }
+
+    /**
+     * 每次创建Session时触发
+     */
+    @Override
+    public void doCloseSafe(String loginType, String tokenValue, String service) {
+    }
+
+    /**
+     * 每次创建Session时触发
+     */
+    @Override
+    public void doCreateSession(String id) {
+    }
+
+    /**
+     * 每次注销Session时触发
+     */
+    @Override
+    public void doLogoutSession(String id) {
+    }
+
+    /**
+     * 每次Token续期时触发
+     */
+    @Override
+    public void doRenewTimeout(String tokenValue, Object loginId, long timeout) {
+    }
+}

qingyun-framework/qingyun-security/src/main/java/com/qingyun/security/satoken/service/SaPermissionImpl.java

@@ -0,0 +1,47 @@
+package com.qingyun.security.satoken.service;
+
+import cn.dev33.satoken.stp.StpInterface;
+import com.qingyun.common.core.domain.model.LoginUser;
+import com.qingyun.common.enums.UserType;
+import com.qingyun.common.helper.LoginHelper;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * sa-token 权限管理实现类
+ *
+ * @author jianlu
+ */
+public class SaPermissionImpl implements StpInterface {
+
+    /**
+     * 获取菜单权限列表
+     */
+    @Override
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        LoginUser loginUser = LoginHelper.getLoginUser();
+        UserType userType = UserType.getUserType(loginUser.getUserType());
+        if (userType == UserType.SYS_USER) {
+            return new ArrayList<>(loginUser.getMenuPermission());
+        } else if (userType == UserType.APP_USER) {
+            // 其他端 自行根据业务编写
+        }
+        return new ArrayList<>();
+    }
+
+    /**
+     * 获取角色权限列表
+     */
+    @Override
+    public List<String> getRoleList(Object loginId, String loginType) {
+        LoginUser loginUser = LoginHelper.getLoginUser();
+        UserType userType = UserType.getUserType(loginUser.getUserType());
+        if (userType == UserType.SYS_USER) {
+            return new ArrayList<>(loginUser.getRolePermission());
+        } else if (userType == UserType.APP_USER) {
+            // 其他端 自行根据业务编写
+        }
+        return new ArrayList<>();
+    }
+}