diff --git a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java index 9032d276..2ed4ed49 100644 --- a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java +++ b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java @@ -6,7 +6,6 @@ import cn.hutool.core.util.ObjectUtil; import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.request.AuthRequest; @@ -87,7 +86,7 @@ public class AuthController { } /** - * 认证授权 + * 第三方登录请求 * * @param source 登录来源 * @return 结果 @@ -98,36 +97,31 @@ public class AuthController { if (ObjectUtil.isNull(obj)) { return R.fail(source + "平台账号暂不支持"); } - AuthRequest authRequest = SocialUtils.getAuthRequest(source, - obj.getClientId(), - obj.getClientSecret(), - obj.getRedirectUri()); + AuthRequest authRequest = SocialUtils.getAuthRequest(source, socialProperties); String authorizeUrl = authRequest.authorize(AuthStateUtils.createState()); return R.ok(authorizeUrl); } /** * 第三方登录回调业务处理 - * - * @param source 登录来源 - * @param callback 授权响应实体 + * 绑定授权 + * @param loginBody * @return 结果 */ @SuppressWarnings("unchecked") - @GetMapping("/social-login") - public R socialLogin(String source, AuthCallback callback) { - SocialLoginConfigProperties obj = socialProperties.getType().get(source); - if (ObjectUtil.isNull(obj)) { - return R.fail(source + "平台账号暂不支持"); - } - AuthRequest authRequest = SocialUtils.getAuthRequest(source, - obj.getClientId(), - obj.getClientSecret(), - obj.getRedirectUri()); - AuthResponse response = authRequest.login(callback); - return loginService.socialLogin(source, response); + @PostMapping("/social/callback") + public R socialLogin(@RequestBody LoginBody loginBody) { + // 获取第三方登录信息 + AuthResponse response = SocialUtils.loginAuth(loginBody, socialProperties); + AuthUser authUserData = response.getData(); + // 判断授权响应是否成功 + if (!response.ok()) { + return R.fail(response.getMsg()); + } + return loginService.sociaRegister(authUserData); } + /** * 取消授权 * diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java b/ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java index 88500b22..4da2bb02 100644 --- a/ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java +++ b/ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java @@ -1,14 +1,12 @@ package org.dromara.web.service; import cn.dev33.satoken.exception.NotLoginException; -import cn.dev33.satoken.stp.SaLoginModel; import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.util.ObjectUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthUser; import org.dromara.common.core.constant.Constants; import org.dromara.common.core.constant.GlobalConstants; @@ -16,12 +14,14 @@ import org.dromara.common.core.constant.TenantConstants; import org.dromara.common.core.domain.R; import org.dromara.common.core.domain.dto.RoleDTO; import org.dromara.common.core.domain.model.LoginUser; -import org.dromara.common.core.enums.DeviceType; import org.dromara.common.core.enums.LoginType; import org.dromara.common.core.enums.TenantStatus; import org.dromara.common.core.enums.UserStatus; import org.dromara.common.core.exception.user.UserException; -import org.dromara.common.core.utils.*; +import org.dromara.common.core.utils.DateUtils; +import org.dromara.common.core.utils.MessageUtils; +import org.dromara.common.core.utils.ServletUtils; +import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.log.event.LogininforEvent; import org.dromara.common.redis.utils.RedisUtils; import org.dromara.common.satoken.utils.LoginHelper; @@ -29,13 +29,13 @@ import org.dromara.common.tenant.exception.TenantException; import org.dromara.common.tenant.helper.TenantHelper; import org.dromara.system.domain.SysUser; import org.dromara.system.domain.bo.SysSocialBo; -import org.dromara.system.domain.vo.SysSocialVo; import org.dromara.system.domain.vo.SysTenantVo; import org.dromara.system.domain.vo.SysUserVo; import org.dromara.system.mapper.SysUserMapper; import org.dromara.system.service.ISysPermissionService; import org.dromara.system.service.ISysSocialService; import org.dromara.system.service.ISysTenantService; +import org.dromara.web.domain.vo.LoginVo; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -66,67 +66,26 @@ public class SysLoginService { private final ISysSocialService sysSocialService; private final SysUserMapper userMapper; - /** - * 社交登录 - * - * @param source 登录来源 - * @param authUser 授权响应实体 - * @return 统一响应实体 - */ - public R socialLogin(String source, AuthResponse authUser) { - // 判断授权响应是否成功 - if (!authUser.ok()) { - return R.fail("对不起,授权信息验证不通过,请退出重试!"); - } - AuthUser authUserData = authUser.getData(); - SysSocialVo social = sysSocialService.selectByAuthId(authUserData.getSource() + authUserData.getUuid()); - if (ObjectUtil.isNotNull(social)) { - SysUser user = userMapper.selectOne(new LambdaQueryWrapper() - .eq(SysUser::getUserId, social.getUserId())); - // 执行登录和记录登录信息操作 - return loginAndRecord(user.getTenantId(), user.getUserName(), authUserData); - } else { - // 判断是否已登录 - if (!StpUtil.isLogin()) { - return R.fail("授权失败,请先登录才能绑定"); - } - SysSocialBo bo = new SysSocialBo(); - bo.setUserId(LoginHelper.getUserId()); - bo.setAuthId(authUserData.getSource() + authUserData.getUuid()); - bo.setSource(authUserData.getSource()); - bo.setUserName(authUserData.getUsername()); - bo.setNickName(authUserData.getNickname()); - bo.setAvatar(authUserData.getAvatar()); - bo.setOpenId(authUserData.getUuid()); - BeanUtils.copyProperties(authUserData.getToken(), bo); - sysSocialService.insertByBo(bo); - SysUserVo sysUser = loadUserByUsername(LoginHelper.getTenantId(), LoginHelper.getUsername()); - // 执行登录和记录登录信息操作 - return loginAndRecord(sysUser.getTenantId(), sysUser.getUserName(), authUserData); - } - } /** - * 执行登录和记录登录信息操作 - * - * @param tenantId 租户ID - * @param userName 用户名 - * @param authUser 授权用户信息 + * 绑定第三方用户 + * @param authUserData 授权响应实体 * @return 统一响应实体 */ - private R loginAndRecord(String tenantId, String userName, AuthUser authUser) { - checkTenant(tenantId); - SysUserVo user = loadUserByUsername(tenantId, userName); - SaLoginModel model = new SaLoginModel(); - model.setDevice(DeviceType.PC.getDevice()); - // 生成token - LoginHelper.login(buildLoginUser(user), model); - recordLogininfor(user.getTenantId(), userName, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")); - recordLoginInfo(user.getUserId()); - return R.ok(StpUtil.getTokenValue()); + public R sociaRegister(AuthUser authUserData ){ + SysSocialBo bo = new SysSocialBo(); + bo.setUserId(LoginHelper.getUserId()); + bo.setAuthId(authUserData.getSource() + authUserData.getUuid()); + bo.setOpenId(authUserData.getUuid()); + bo.setUserName(authUserData.getUsername()); + BeanUtils.copyProperties(authUserData, bo); + BeanUtils.copyProperties(authUserData.getToken(), bo); + sysSocialService.insertByBo(bo); + return R.ok(); } + /** * 退出登录 */ diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/socialAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/socialAuthStrategy.java new file mode 100644 index 00000000..c7599eb0 --- /dev/null +++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/socialAuthStrategy.java @@ -0,0 +1,109 @@ +package org.dromara.web.service.impl; + +import cn.dev33.satoken.stp.SaLoginModel; +import cn.dev33.satoken.stp.StpUtil; +import cn.hutool.core.util.ObjectUtil; +import cn.hutool.core.util.StrUtil; +import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import me.zhyd.oauth.model.AuthResponse; +import me.zhyd.oauth.model.AuthUser; +import org.dromara.common.core.constant.Constants; +import org.dromara.common.core.domain.model.LoginBody; +import org.dromara.common.core.domain.model.SocialLogin; +import org.dromara.common.core.exception.ServiceException; +import org.dromara.common.core.utils.MessageUtils; +import org.dromara.common.core.utils.ValidatorUtils; +import org.dromara.common.core.validate.auth.SocialGroup; +import org.dromara.common.satoken.utils.LoginHelper; +import org.dromara.common.social.config.properties.SocialProperties; +import org.dromara.common.social.utils.SocialUtils; +import org.dromara.system.domain.SysClient; +import org.dromara.system.domain.SysUser; +import org.dromara.system.domain.vo.SysSocialVo; +import org.dromara.system.mapper.SysUserMapper; +import org.dromara.system.service.ISysSocialService; +import org.dromara.web.domain.vo.LoginVo; +import org.dromara.web.service.IAuthStrategy; +import org.dromara.web.service.SysLoginService; +import org.springframework.stereotype.Service; + +/** + * 第三方授权策略 + * + * @author thiszhc is 三三 + */ +@Slf4j +@Service("social" + IAuthStrategy.BASE_NAME) +@RequiredArgsConstructor +public class socialAuthStrategy implements IAuthStrategy { + + private final SocialProperties socialProperties; + private final ISysSocialService sysSocialService; + private final SysUserMapper userMapper; + private final SysLoginService loginService; + + + @Override + public void validate(LoginBody loginBody) { + ValidatorUtils.validate(loginBody, SocialGroup.class); + } + + /** + * 登录-第三方授权登录 + * @param clientId 客户端id + * @param loginBody 登录信息 + * @param client 客户端信息 + */ + @Override + public LoginVo login(String clientId, LoginBody loginBody, SysClient client) { + AuthResponse response = SocialUtils.loginAuth(loginBody,socialProperties); + if (!response.ok()) { + throw new ServiceException(response.getMsg()); + } + AuthUser authUserData = response.getData(); + SysSocialVo social = sysSocialService.selectByAuthId(authUserData.getSource() + authUserData.getUuid()); + if (!ObjectUtil.isNotNull(social)) { + throw new ServiceException("你还没有绑定第三方账号,绑定后才可以登录!"); + }//验证授权表里面的租户id是否包含当前租户id + if (ObjectUtil.isNotNull(social) && StrUtil.isNotBlank(social.getTenantId()) + && !social.getTenantId().contains(loginBody.getTenantId())) { + throw new ServiceException("对不起,你没有权限登录当前租户!"); + } + return loadinUser(social, client); + } + + /** + * 登录用户信息 + * + * @param social + * @param client + * @return + */ + private LoginVo loadinUser(SysSocialVo social, SysClient client) { + SysUser user = userMapper.selectOne(new LambdaQueryWrapper() + .eq(SysUser::getUserId, social.getUserId())); + SocialLogin loginUser = new SocialLogin(); + loginUser.setUserId(user.getUserId()); + loginUser.setTenantId(user.getTenantId()); + loginUser.setUsername(user.getUserName()); + loginUser.setUserType(user.getUserType()); + // 执行登录 + SaLoginModel model = new SaLoginModel(); + model.setDevice(client.getDeviceType()); + // 自定义分配 不同用户体系 不同 token 授权时间 不设置默认走全局 yml 配置 + // 例如: 后台用户30分钟过期 app用户1天过期 + model.setTimeout(client.getTimeout()); + model.setActiveTimeout(client.getActiveTimeout()); + // 生成token + LoginHelper.login(loginUser, model); + + loginService.recordLogininfor(loginUser.getTenantId(), user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")); + loginService.recordLoginInfo(user.getUserId()); + LoginVo loginVo = new LoginVo(); + loginVo.setAccessToken(StpUtil.getTokenValue()); + return loginVo; + } + +} diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/LoginBody.java b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/LoginBody.java index 09842a93..cdff7738 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/LoginBody.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/LoginBody.java @@ -3,10 +3,7 @@ package org.dromara.common.core.domain.model; import jakarta.validation.constraints.Email; import org.dromara.common.core.constant.UserConstants; import lombok.Data; -import org.dromara.common.core.validate.auth.EmailGroup; -import org.dromara.common.core.validate.auth.PasswordGroup; -import org.dromara.common.core.validate.auth.SmsGroup; -import org.dromara.common.core.validate.auth.WechatGroup; +import org.dromara.common.core.validate.auth.*; import org.hibernate.validator.constraints.Length; import jakarta.validation.constraints.NotBlank; @@ -103,4 +100,21 @@ public class LoginBody { @NotBlank(message = "{xcx.code.not.blank}", groups = {WechatGroup.class}) private String xcxCode; + /** + * 第三方登录平台 + */ + @NotBlank(message = "{social.source.not.blank}" , groups = {SocialGroup.class}) + private String source; + + /** + * 第三方登录code + */ + @NotBlank(message = "{social.code.not.blank}" , groups = {SocialGroup.class}) + private String socialCode; + + /** + * 第三方登录socialState + */ + @NotBlank(message = "{social.state.not.blank}" , groups = {SocialGroup.class}) + private String socialState; } diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/SocialLogin.java b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/SocialLogin.java new file mode 100644 index 00000000..5666bce5 --- /dev/null +++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/domain/model/SocialLogin.java @@ -0,0 +1,21 @@ +package org.dromara.common.core.domain.model; + +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; + +/** + * 第三方登录用户身份权限 + * + * @author thiszhc is 三三 + */ +@Data +@EqualsAndHashCode(callSuper = true) +@NoArgsConstructor +public class SocialLogin extends LoginUser{ + + /** + * openid + */ + private String openid; +} diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/validate/auth/SocialGroup.java b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/validate/auth/SocialGroup.java new file mode 100644 index 00000000..2b19ffe3 --- /dev/null +++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/validate/auth/SocialGroup.java @@ -0,0 +1,4 @@ +package org.dromara.common.core.validate.auth; + +public interface SocialGroup { +} diff --git a/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java b/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java index a11520b0..f24ea04c 100644 --- a/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java +++ b/ruoyi-common/ruoyi-common-social/src/main/java/org/dromara/common/social/utils/SocialUtils.java @@ -1,18 +1,38 @@ package org.dromara.common.social.utils; +import cn.hutool.core.util.ObjectUtil; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; +import me.zhyd.oauth.model.AuthResponse; +import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.request.*; +import org.dromara.common.core.domain.model.LoginBody; +import org.dromara.common.social.config.properties.SocialLoginConfigProperties; +import org.dromara.common.social.config.properties.SocialProperties; /** * 认证授权工具类 * * @author thiszhc */ -public class SocialUtils { +public class SocialUtils { + public static AuthResponse loginAuth(LoginBody loginBody, SocialProperties socialProperties) throws AuthException { + AuthRequest authRequest = getAuthRequest(loginBody.getSource(), socialProperties); + AuthCallback callback = new AuthCallback(); + callback.setCode(loginBody.getSocialCode()); + callback.setState(loginBody.getSocialState()); + return authRequest.login(callback); + } - public static AuthRequest getAuthRequest(String source, String clientId, - String clientSecret, String redirectUri) throws AuthException { + public static AuthRequest getAuthRequest(String source,SocialProperties socialProperties) throws AuthException { + SocialLoginConfigProperties obj = socialProperties.getType().get(source); + if (ObjectUtil.isNull(obj)) { + throw new AuthException("不支持的第三方登录类型"); + } + String clientId = obj.getClientId(); + String clientSecret = obj.getClientSecret(); + String redirectUri = obj.getRedirectUri(); AuthRequest authRequest = null; switch (source.toLowerCase()) { case "dingtalk" -> @@ -45,13 +65,15 @@ public class SocialUtils { case "alipay" -> // 支付宝在创建回调地址时,不允许使用localhost或者127.0.0.1,所以这儿的回调地址使用的局域网内的ip authRequest = new AuthAlipayRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret) - .alipayPublicKey("").redirectUri(redirectUri).build()); + .redirectUri(redirectUri).build()); case "qq" -> authRequest = new AuthQqRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret) .redirectUri(redirectUri).build()); case "wechat_open" -> authRequest = new AuthWeChatOpenRequest(AuthConfig.builder().clientId(clientId) .clientSecret(clientSecret).redirectUri(redirectUri).build()); case "csdn" -> + //注意,经咨询CSDN官方客服得知,CSDN的授权开放平台已经下线。如果以前申请过的应用,可以继续使用,但是不再支持申请新的应用。 + // so, 本项目中的CSDN登录只能针对少部分用户使用了 authRequest = new AuthCsdnRequest(AuthConfig.builder().clientId(clientId).clientSecret(clientSecret) .redirectUri(redirectUri).build()); case "taobao" -> diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysSocialBo.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysSocialBo.java index d3b32e00..7784271b 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysSocialBo.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysSocialBo.java @@ -57,9 +57,8 @@ public class SysSocialBo extends TenantEntity { private String refreshToken; /** - * 用户的 open id + * 平台唯一id */ - @NotBlank(message = "用户的 open id不能为空", groups = { AddGroup.class, EditGroup.class }) private String openId; /** @@ -139,4 +138,5 @@ public class SysSocialBo extends TenantEntity { private String oauthTokenSecret; + } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/vo/SysSocialVo.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/vo/SysSocialVo.java index 2a72efe0..8a00cc38 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/vo/SysSocialVo.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/vo/SysSocialVo.java @@ -73,7 +73,7 @@ public class SysSocialVo implements Serializable { /** * 用户的 open id */ - @ExcelProperty(value = "用户的 open id") + @ExcelProperty(value = "平台的唯一id") private String openId; /** diff --git a/script/sql/ry_vue_5.X.sql b/script/sql/ry_vue_5.X.sql index b369b4ea..1aad1d5a 100644 --- a/script/sql/ry_vue_5.X.sql +++ b/script/sql/ry_vue_5.X.sql @@ -7,9 +7,9 @@ create table sys_social id bigint not null comment '主键', user_id bigint not null comment '用户ID', tenant_id varchar(20) default null comment '租户id', - auth_id varchar(255) not null comment '授权+授权openid', + auth_id varchar(255) not null comment '平台+平台唯一id', source varchar(255) not null comment '用户来源', - open_id varchar(255) default null comment '原生open id', + open_id varchar(255) default null comment '平台编号唯一id', user_name varchar(30) not null comment '登录账号', nick_name varchar(30) default '' comment '用户昵称', email varchar(255) default '' comment '用户邮箱',