|
|
package cn.mb.cloud.auth.endpoint;
|
|
import cn.hutool.core.util.StrUtil;
|
import cn.mb.cloud.auth.security.component.MbCloudAuthUser;
|
import cn.mb.cloud.common.cache.RedisFastJsonTemplate;
|
import cn.mb.cloud.common.core.constant.SecurityConstants;
|
import cn.mb.cloud.common.core.util.ResponseData;
|
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
import lombok.AllArgsConstructor;
|
import org.springframework.cache.CacheManager;
|
import org.springframework.data.redis.core.ConvertingCursor;
|
import org.springframework.data.redis.core.Cursor;
|
import org.springframework.data.redis.core.ScanOptions;
|
import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
|
import org.springframework.data.redis.serializer.RedisSerializer;
|
import org.springframework.data.redis.serializer.StringRedisSerializer;
|
import org.springframework.http.HttpHeaders;
|
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.token.TokenStore;
|
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.servlet.ModelAndView;
|
|
import javax.servlet.http.HttpServletRequest;
|
import java.util.ArrayList;
|
import java.util.HashSet;
|
import java.util.List;
|
|
/**
|
* @author jason
|
* 删除token端点
|
*/
|
@RestController
|
@AllArgsConstructor
|
@RequestMapping("/token")
|
public class CloudTokenEndpoint {
|
private static final String OAUTH_ACCESS_KEY_PREFIX = "oauth2_auth_to_access:";
|
private final TokenStore tokenStore;
|
private final RedisFastJsonTemplate redisTemplate;
|
private final CacheManager cacheManager;
|
|
/**
|
* 认证页面
|
*
|
* @return ModelAndView
|
*/
|
@GetMapping("/login")
|
public ModelAndView require() {
|
return new ModelAndView("ftl/login");
|
}
|
|
/**
|
* 退出token
|
*
|
* @param authHeader Authorization
|
*/
|
@PostMapping("/logout")
|
public ResponseData logout(@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authHeader, HttpServletRequest request) {
|
if (StrUtil.isBlank(authHeader)) {
|
return ResponseData.fail("退出失败,token 为空");
|
}
|
|
String tokenValue = authHeader.replace(OAuth2AccessToken.BEARER_TYPE, StrUtil.EMPTY).trim();
|
OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue);
|
if (accessToken == null || StrUtil.isBlank(accessToken.getValue())) {
|
return ResponseData.fail("退出失败,token 无效");
|
}
|
|
OAuth2Authentication auth2Authentication = tokenStore.readAuthentication(accessToken);
|
cacheManager.getCache("user_details").evict(auth2Authentication.getName());
|
tokenStore.removeAccessToken(accessToken);
|
return ResponseData.success(Boolean.TRUE);
|
}
|
|
/**
|
* 获取用户的授权码
|
*
|
* @param authHeader
|
* @return
|
*/
|
@GetMapping("user/permissions")
|
public ResponseData findUserPermissionKey(@RequestHeader(value = HttpHeaders.AUTHORIZATION,
|
required = false) String authHeader) {
|
|
if (StrUtil.isBlank(authHeader)) {
|
return ResponseData.fail("token 为空");
|
}
|
|
String tokenValue = authHeader.replace(OAuth2AccessToken.BEARER_TYPE, StrUtil.EMPTY).trim();
|
OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue);
|
if (accessToken == null || StrUtil.isBlank(accessToken.getValue())) {
|
return ResponseData.fail("token 无效");
|
}
|
|
OAuth2Authentication auth2Authentication = tokenStore.readAuthentication(accessToken);
|
MbCloudAuthUser mbCloudAuthUser = (MbCloudAuthUser) auth2Authentication.getPrincipal();
|
|
HashSet<String> permissions = (HashSet<String>) redisTemplate.opsForValue().
|
get(SecurityConstants.CACHE_USER_PERMISSIONS_KEY + "key:" + mbCloudAuthUser.getId());
|
return ResponseData.success(permissions);
|
}
|
|
|
/**
|
* 令牌管理调用
|
*
|
* @param token token
|
* @return
|
*/
|
@GetMapping("del/{token}")
|
public ResponseData<Boolean> delToken(@PathVariable("token") String token) {
|
OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(token);
|
tokenStore.removeAccessToken(oAuth2AccessToken);
|
return ResponseData.success();
|
}
|
|
|
/**
|
* 查询token
|
*
|
* @param page 分页参数
|
* @return
|
*/
|
@GetMapping("/page")
|
public ResponseData<Page> tokenList(Page page) {
|
//根据分页参数获取对应数据
|
String key = String.format("%s*", OAUTH_ACCESS_KEY_PREFIX);
|
List<String> pages = findKeysForPage(key, page.getCurrent(), page.getSize());
|
|
redisTemplate.setKeySerializer(new StringRedisSerializer());
|
redisTemplate.setValueSerializer(new JdkSerializationRedisSerializer());
|
page.setRecords(redisTemplate.opsForValue().multiGet(pages));
|
page.setTotal(Long.valueOf(redisTemplate.keys(key).size()));
|
return ResponseData.success(page);
|
}
|
|
|
private List<String> findKeysForPage(String patternKey, Long pageNum, Long pageSize) {
|
ScanOptions options = ScanOptions.scanOptions().match(patternKey).build();
|
RedisSerializer<String> redisSerializer = (RedisSerializer<String>) redisTemplate.getKeySerializer();
|
Cursor cursor = (Cursor) redisTemplate.executeWithStickyConnection
|
(redisConnection -> new ConvertingCursor<>(redisConnection.scan(options), redisSerializer::deserialize));
|
List<String> result = new ArrayList<>();
|
int tmpIndex = 0;
|
long startIndex = (pageNum - 1) * pageSize;
|
long end = pageNum * pageSize;
|
|
assert cursor != null;
|
while (cursor.hasNext()) {
|
if (tmpIndex >= startIndex && tmpIndex < end) {
|
result.add(cursor.next().toString());
|
tmpIndex++;
|
continue;
|
}
|
if (tmpIndex >= end) {
|
break;
|
}
|
tmpIndex++;
|
cursor.next();
|
}
|
return result;
|
}
|
|
|
}
|
