优化登录Token生成实体

README.md

@@ -58,10 +58,16 @@ http://xxxx.com/api/log/stream/watch?sign={配置文件固定密钥}
 注意：`@Anonymous` 下不可调用，否则会抛出错误
 ```java
 /*
- * 权限工具类
- * SecurityUtil.hasPermission("3.2.1")
- * SecurityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"))
- * SecurityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"), MatchType.OR)
+ * (不需要实例化)
+ * SecurityUtil.getUserId()
+ * 
+ * (需要实例化)
+ * @Autowired
+ * private SecurityUtil securityUtil;
+ * 
+ * securityUtil.hasPermission("3.2.1")
+ * securityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"))
+ * securityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"), MatchType.OR)
  *
  * 权限注解
  * @PreAuthorize("@sr.hasPermission('3.2.1')")

src/main/java/com/backendsys/modules/common/config/security/entity/SecurityUserInfo.java

@@ -15,5 +15,5 @@ public class SecurityUserInfo {
     private String token_expiration;
     private String target;
     private List<Map<String, Object>> roles;
-    private List<String> permission_ids;
+//    private List<String> permission_ids;
 }

src/main/java/com/backendsys/modules/common/config/security/utils/SecurityUtil.java

@@ -38,8 +38,6 @@ import java.util.List;
 @Service("sr")
 public class SecurityUtil {
 
-    @Value("${REDIS_LOGIN_TOKEN_PREFIX}")
-    private String REDIS_LOGIN_TOKEN_PREFIX;
     @Value("${REDIS_LOGIN_PERMISSION_PREFIX}")
     private String REDIS_LOGIN_PERMISSION_PREFIX;
 
@@ -47,12 +45,12 @@ public class SecurityUtil {
     private RedisUtil redisUtil;
 
     private static final String SECRET_KEY = "452948404D635166546A576E5A7134743777217A25432A462D4A614E64526755";
+
     private static SecretKey getSignInKey() {
         byte[] bytes = Base64.getDecoder().decode(SECRET_KEY.getBytes(StandardCharsets.UTF_8));
         return new SecretKeySpec(bytes, "HmacSHA256");
     }
 
-
     /**
      * 获得当前登录用户ID
      */
@@ -86,34 +84,48 @@ public class SecurityUtil {
         securityUserInfo.setTarget(target);
         return securityUserInfo;
     }
+    /**
+     * 判断是否超级管理员
+     */
+    public static Boolean isSuper() {
+        SecurityUserInfo userInfo = getUserInfo();
+        return userInfo.getIs_super() == 1;
+    }
 
+//    public static Boolean hasPermission(String permission) {
+//        SecurityUserInfo userInfo = getUserInfo();
+//        List<String> permission_ids = userInfo.getPermission_ids();
+//        return permission_ids.contains(permission);
+//    }
 
     /**
      * 判断是否具备权限 (单个)
      * - SecurityUtil.hasPermission("3.2.1")
      */
-    public static Boolean hasPermission(String permission) {
+    private List<String> getPermissionIds() {
         SecurityUserInfo userInfo = getUserInfo();
+        String uuid = userInfo.getLast_login_uuid();
+        String redis_key = REDIS_LOGIN_PERMISSION_PREFIX + uuid;
+        String permission_ids_str = redisUtil.getCacheObject(redis_key);
+        List<String> permission_ids = Arrays.asList(permission_ids_str.split(","));
+        return permission_ids;
+    }
 
-//        String uuid = securityUserInfo.getLast_login_uuid();
-//        String redis_key = REDIS_LOGIN_PERMISSION_PREFIX + uuid;
-//        String permission_ids = redisUtil.getCacheObject(redis_key);
-//        List<String> permission_ids_list = Arrays.asList(permission_ids.split(","));
-//
-//        return permission_ids_list.contains(permission);
-
-        List<String> permission_ids = userInfo.getPermission_ids();
+    public Boolean hasPermission(String permission) {
+        if (isSuper()) return true;
+        List<String> permission_ids = getPermissionIds();
         return permission_ids.contains(permission);
     }
+
     /**
      * 判断是否具备用户权限 (多个) (默认 AND)
      * - SecurityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"))
      * - SecurityUtil.hasPermissions(Arrays.asList("3.2.1", "3.2.2"), MatchType.OR)
      * - 注意：权限储存在Token中，更新权限需要重新登录
      */
-    public static Boolean hasPermissions(List<String> permis, MatchType matchType) {
-        SecurityUserInfo userInfo = getUserInfo();
-        List<String> permission_ids = userInfo.getPermission_ids();
+    public Boolean hasPermissions(List<String> permis, MatchType matchType) {
+        if (isSuper()) return true;
+        List<String> permission_ids = getPermissionIds();
         if (matchType.equals(MatchType.AND)) {
             return permis.stream().allMatch(permission_ids::contains);
         } else if (matchType.equals(MatchType.OR)) {
@@ -121,24 +133,8 @@ public class SecurityUtil {
         }
         return false;
     }
-    public static Boolean hasPermissions(List<String> permissions) {
-        return hasPermissions(permissions, MatchType.AND);
+    public Boolean hasPermissions(List<String> permis) {
+        return hasPermissions(permis, MatchType.AND);
     }
 
-
-    /**
-     * 判断是否超级管理员
-     */
-    public static Boolean isSuper() {
-        SecurityUserInfo userInfo = getUserInfo();
-        return userInfo.getIs_super() == 1;
-    }
-
-
-//    public static Object getPrincipal() {
-//        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-//        Object principal = authentication.getPrincipal();
-//        return principal;
-//    }
-
 }

src/main/java/com/backendsys/modules/common/config/security/utils/TokenUtil.java

@@ -1,6 +1,7 @@
 package com.backendsys.modules.common.config.security.utils;
 
 import cn.hutool.core.convert.Convert;
+import cn.hutool.core.util.StrUtil;
 import io.jsonwebtoken.Claims;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -15,11 +16,14 @@ import org.springframework.util.StringUtils;
 
 @Service
 public class TokenUtil {
+
     @Autowired
     private JwtUtil jwtUtil;
     @Autowired
     private StringRedisTemplate stringRedisTemplate;
 
+    @Value("${REDIS_LOGIN_PERMISSION_PREFIX}")
+    private String REDIS_LOGIN_PERMISSION_PREFIX;
 
     @Value("${REDIS_LOGIN_TOKEN_PREFIX}")
     private String REDIS_LOGIN_TOKEN_PREFIX;
@@ -43,10 +47,11 @@ public class TokenUtil {
     }
 
     /**
-     * 删除 Redis 中的 Token 信息 (退出登录)
+     * 删除旧的登录缓存
      */
-    public void deleteRedisToken() {
-        stringRedisTemplate.delete(REDIS_LOGIN_TOKEN_PREFIX + getLoginUUID());
+    public void deleteRedisLoginToken(String uuid) {
+        stringRedisTemplate.delete(REDIS_LOGIN_TOKEN_PREFIX + (StrUtil.isNotEmpty(uuid) ? uuid : getLoginUUID()));
+        stringRedisTemplate.delete(REDIS_LOGIN_PERMISSION_PREFIX + (StrUtil.isNotEmpty(uuid) ? uuid : getLoginUUID()));
     }
 
     /**

src/main/java/com/backendsys/modules/system/controller/SysUserController.java

@@ -28,6 +28,9 @@ public class SysUserController {
      * TODO 2.审核用户，需要单独的表做审核记录，不能直接改字段
      */
 
+    @Autowired
+    private SecurityUtil securityUtil;
+
     @Autowired
     private SysUserV2Service sysUserV2Service;
 
@@ -61,9 +64,11 @@ public class SysUserController {
         // 查询他人的用户信息
         // - 查询自己 (无需权限)
         // - 查询他人 (需要权限或超级管理员)
-        if (!user_id.equals(SecurityUtil.getUserId()) && !SecurityUtil.hasPermission("3.2.1.2") && !SecurityUtil.isSuper()) {
+        System.out.println("SecurityUtil.isSuper(): " + SecurityUtil.isSuper());
+        if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.2.1.2") && !SecurityUtil.isSuper()) {
             throw new CustException(SecurityEnum.NOAUTH);
         }
+
         return Result.success().put("data", sysUserV2Service.selectUserInfoSimple(user_id));
     }
 
@@ -96,7 +101,7 @@ public class SysUserController {
         // 编辑他人的用户信息
         // - 编辑自己 (无需权限)
         // - 编辑他人 (需要子权限或超级管理员)
-        if (!user_id.equals(SecurityUtil.getUserId()) && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
+        if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
             throw new CustException(SecurityEnum.NOAUTH);
         }
         // 防止手动更新字段
@@ -122,7 +127,7 @@ public class SysUserController {
         // 编辑他人的用户信息
         // - 编辑自己 (无需权限)
         // - 编辑他人 (需要子权限或超级管理员)
-        if (!user_id.equals(SecurityUtil.getUserId()) && !SecurityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
+        if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.2.3.2") && !SecurityUtil.isSuper()) {
             throw new CustException(SecurityEnum.NOAUTH);
         }
 
@@ -192,7 +197,7 @@ public class SysUserController {
         // 查询他人的用户信息
         // - 查询自己 (无需权限)
         // - 查询他人 (需要子权限或超级管理员)
-        if (!user_id.equals(SecurityUtil.getUserId()) && !SecurityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) {
+        if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) {
             throw new CustException(SecurityEnum.NOAUTH);
         }
 
@@ -214,7 +219,7 @@ public class SysUserController {
         // 查询他人的用户信息
         // - 查询自己 (无需权限)
         // - 查询他人 (需要子权限或超级管理员)
-        if (!user_id.equals(SecurityUtil.getUserId()) && !SecurityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) {
+        if (!user_id.equals(SecurityUtil.getUserId()) && !securityUtil.hasPermission("3.4.1.2") && !SecurityUtil.isSuper()) {
             throw new CustException(SecurityEnum.NOAUTH);
         }
 

src/main/java/com/backendsys/modules/system/service/impl/SysAuthV2ServiceImpl.java

@@ -1,14 +1,12 @@
 package com.backendsys.modules.system.service.impl;
 
 import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
 import com.backendsys.exception.CustException;
 import com.backendsys.modules.common.config.redis.utils.RedisUtil;
 import com.backendsys.modules.common.config.security.entity.SecurityUserInfo;
-import com.backendsys.modules.common.config.security.utils.CaptchaUtil;
-import com.backendsys.modules.common.config.security.utils.CountUtilV2;
-import com.backendsys.modules.common.config.security.utils.HttpRequestUtil;
-import com.backendsys.modules.common.config.security.utils.JwtUtil;
+import com.backendsys.modules.common.config.security.utils.*;
 import com.backendsys.modules.system.dao.SysMobileAreaDao;
 import com.backendsys.modules.system.dao.SysUserDao;
 import com.backendsys.modules.system.dao.SysUserInfoDao;
@@ -41,6 +39,8 @@ public class SysAuthV2ServiceImpl implements SysAuthV2Service {
     @Autowired
     private RedisUtil redisUtil;
     @Autowired
+    private TokenUtil tokenUtil;
+    @Autowired
     private HttpRequestUtil httpRequestUtil;
     @Autowired
     private CountUtilV2 countUtilV2;
@@ -128,9 +128,11 @@ public class SysAuthV2ServiceImpl implements SysAuthV2Service {
         // [查询] 登录的用户信息
         SysUserInfo sysUserInfo = sysUserV2Service.selectUserInfo(user_id);
 
-        // 清除缓存
-        redisUtil.delete(httpRequestUtil.getKaptchaKey());                       // 删除图形验证码
-        redisUtil.delete(REDIS_LOGIN_TOKEN_PREFIX + sysUserInfo.getLast_login_uuid());   // 删除旧的登录缓存 (Redis)
+        // 删除图形验证码缓存
+        redisUtil.delete(httpRequestUtil.getKaptchaKey());
+
+        // 删除旧的登录缓存
+        tokenUtil.deleteRedisLoginToken(sysUserInfo.getLast_login_uuid());
 
         // 判断用户是否审核
         Integer audit_status = sysUserInfo.getAudit_status();
@@ -160,16 +162,6 @@ public class SysAuthV2ServiceImpl implements SysAuthV2Service {
         // 生成 Token
         SecurityUserInfo securityUserInfo = JSONUtil.toBean(JSONUtil.parseObj(sysUserInfo), SecurityUserInfo.class);
 
-
-
-
-        // (Permission 导致 Token 太长了)
-//        securityUserInfo.setPermission_ids(new ArrayList<>());
-
-
-
-
-
         String token = jwtUtil.createSystemJwtToken(securityUserInfo);
         String token_redis_key = REDIS_LOGIN_TOKEN_PREFIX + uuid;
         sysUserInfo.setToken(token);
@@ -177,12 +169,11 @@ public class SysAuthV2ServiceImpl implements SysAuthV2Service {
         // [Redis] 将 Token 存入缓存
         redisUtil.setCacheObject(token_redis_key, token, token_duration, TimeUnit.MILLISECONDS);
 
-
-//        // [Redis] 将 Permission 存入存存
-//        List<String> permission_ids_list = sysUserInfo.getPermission_ids();
-//        String permission_ids = String.join(",", permission_ids_list);
-//        String permission_redis_key = REDIS_LOGIN_PERMISSION_PREFIX + uuid;
-//        redisUtil.setCacheObject(permission_redis_key, permission_ids, token_duration, TimeUnit.MILLISECONDS);
+        // [Redis] 将 Permission 存入缓存
+        List<String> permission_ids_list = sysUserInfo.getPermission_ids();
+        String permission_ids = String.join(",", permission_ids_list);
+        String permission_redis_key = REDIS_LOGIN_PERMISSION_PREFIX + uuid;
+        redisUtil.setCacheObject(permission_redis_key, permission_ids, token_duration, TimeUnit.MILLISECONDS);
 
         return sysUserInfo;
     }

src/main/java/com/backendsys/modules/system/service/impl/SysUserV2ServiceImpl.java

@@ -4,6 +4,7 @@ import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
 import com.backendsys.exception.CustException;
 import com.backendsys.modules.common.config.redis.utils.RedisUtil;
+import com.backendsys.modules.common.config.security.utils.TokenUtil;
 import com.backendsys.modules.common.utils.MybatisUtil;
 import com.backendsys.modules.system.dao.*;
 import com.backendsys.modules.system.entity.*;
@@ -44,6 +45,8 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
     RedissonClient redissonClient;
     @Autowired
     private RedisUtil redisUtil;
+    @Autowired
+    private TokenUtil tokenUtil;
 
     @Autowired
     private SysUserDao sysUserDao;
@@ -256,8 +259,8 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
             // 当 status 状态为 -1(禁用) 时，同时清除登录状态
             Integer status = sysUserDTO.getStatus();
             if (status != null && status == -1) {
-                String last_login_uuid = sysUserDTO.getLast_login_uuid();
-                redisUtil.delete(REDIS_LOGIN_TOKEN_PREFIX + last_login_uuid);
+                // 删除旧的登录缓存
+                tokenUtil.deleteRedisLoginToken(sysUserDTO.getLast_login_uuid());
                 sysUserDTO.setLast_login_uuid("");
             }
 
@@ -395,9 +398,8 @@ public class SysUserV2ServiceImpl extends ServiceImpl<SysUserDao, SysUser> imple
             SysUserInfo sysUserInfo = sysUserInfoDao.selectOne(queryWrapper);
 
             if (sysUserInfo != null) {
-                // 清除缓存
-                String last_login_uuid = Convert.toStr(sysUserInfo.getLast_login_uuid());
-                if (StrUtil.isNotEmpty(last_login_uuid)) redisUtil.delete(REDIS_LOGIN_TOKEN_PREFIX + last_login_uuid);
+                // 删除旧的登录缓存
+                tokenUtil.deleteRedisLoginToken(sysUserInfo.getLast_login_uuid());
                 // 更新用户信息 (查询最后登录uuid，并清除)
                 Wrapper updateWrapper = new UpdateWrapper<SysUserInfo>().lambda().set(SysUserInfo::getLast_login_uuid, "").eq(SysUserInfo::getUser_id, user_id);
                 sysUserInfoDao.update(null, updateWrapper);

src/main/java/com/backendsys/service/System/SysAuthServiceImpl.java

@@ -294,7 +294,7 @@ public class SysAuthServiceImpl implements SysAuthService {
          if (sysUserSimple == null) {
             throw new CustException("手机号码不存在", ResultEnum.INVALID_CREDENTIALS.getCode());
         } else {
-            // 登录成功，销毁 smsCode
+            // 登录成功，销毁短信验证码
             redisUtil.delete(redisKey);
 
             // 登录成功回调
@@ -356,7 +356,7 @@ public class SysAuthServiceImpl implements SysAuthService {
                 String inviteCode = sysUserDTO.getInvite_code();
                 // .. 待做
 
-                // 注册成功，销毁 smsCode
+                // 注册成功，销毁短信验证码
                 redisUtil.delete(redisKey);
                 //
             }
@@ -428,7 +428,7 @@ public class SysAuthServiceImpl implements SysAuthService {
 
             sysUserMapper.updateUserPassword(updateDTO);
 
-            // 更改成功，销毁 smsCode
+            // 更改成功，销毁短信验证码
             redisUtil.delete(redisKey);
 
             return Map.of("user_id", updateDTO.getUser_id());
@@ -441,11 +441,11 @@ public class SysAuthServiceImpl implements SysAuthService {
      * 退出登录 (系统用户)
      */
     @Override
-    public Map<String, Object>  logout(HttpServletRequest request) {
+    public Map<String, Object> logout(HttpServletRequest request) {
         String token = tokenUtil.getToken(request);
         if (token != null && !token.isEmpty()) {
-            // 将 Token 作废
-            tokenUtil.deleteRedisToken();
+            // 删除旧的登录缓存
+            tokenUtil.deleteRedisLoginToken(null);
             return Map.of("message", "退出成功");
         }
         throw new CustException(ResultEnum.TOKEN_EMPTY_ERROR.getMessage(), ResultEnum.TOKEN_EMPTY_ERROR.getCode());