单账号登录限制

c5ed5b2d · 陈健智 · 3f8c9466 · c5ed5b2d · c5ed5b2d · c5ed5b2d
Commit c5ed5b2d authored Dec 17, 2024 by 陈健智
6 changed files
--- a/src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java
+++ b/src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java
@@ -2,11 +2,13 @@ package com.zhiwei.brandkbs2.auth;

 import com.alibaba.fastjson.JSON;
 import com.zhiwei.brandkbs2.common.GenericAttribute;
+import com.zhiwei.brandkbs2.common.RedisKeyPrefix;
 import com.zhiwei.brandkbs2.enmus.RoleEnum;
 import com.zhiwei.brandkbs2.model.CommonCodeEnum;
 import com.zhiwei.brandkbs2.model.ResponseResult;
 import com.zhiwei.brandkbs2.pojo.UserInfo;
 import com.zhiwei.brandkbs2.service.UserService;
+import com.zhiwei.brandkbs2.util.RedisUtil;
 import com.zhiwei.brandkbs2.util.Tools;
 import com.zhiwei.middleware.auth.util.JwtUtil;
 import org.apache.logging.log4j.LogManager;
@@ -17,6 +19,7 @@ import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
@@ -26,10 +29,13 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.PrintWriter;
 import java.lang.reflect.Method;
 import java.util.Collections;
 import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;

 /**
 * @author sjj
@@ -49,6 +55,9 @@ public class AuthAspect {
    @Resource(name = "userServiceImpl")
    private UserService UserService;

+    @Autowired
+    private RedisUtil redisUtil;
+
    @Pointcut("execution(com.zhiwei.brandkbs2.model.ResponseResult com.zhiwei.brandkbs2.controller..*.*(..))")
 //  @Pointcut("within(com.zhiwei.brandkbs2.controller..*)")
    public void auth() {
@@ -82,6 +91,10 @@ public class AuthAspect {
                    log.error("token解析异常,uri:{},methodName:{},token:{}", uri, methodName, token);
                } else {
                    String uid = tokenInfo.get(GenericAttribute.USER_ID).toString();
+                    // session单账号登录限制校验
+                    if (!checkSession(request, uid)){
+                        return joinPoint.proceed();
+                    }
                    UserInfo userInfo = UserService.queryUserInfo(uid, request.getHeader("pid"));
                    if (null == userInfo) {
                        userInfo = new UserInfo().setUserId(uid).setProjectId(request.getHeader("pid"));
@@ -100,6 +113,21 @@ public class AuthAspect {
        return joinPoint.proceed();
    }

+    private Boolean checkSession(HttpServletRequest request, String uid) {
+        // 小程序端不限制
+        if (request.getRequestURI().contains("/brandkbs/mobile/")){
+            return true;
+        }
+        HttpSession session = request.getSession();
+        String sessionId = session.getId();
+        String cacheSessionId = redisUtil.get(RedisKeyPrefix.userSessionKey(uid));
+        if (null == cacheSessionId) {
+            redisUtil.setExpire(RedisKeyPrefix.userSessionKey(uid), sessionId, 7, TimeUnit.DAYS);
+        }
+        // 已登录状态
+        return null == cacheSessionId || Objects.equals(sessionId, cacheSessionId);
+    }
+
    //    @Around("auth()")
    public Object aroundCheckToken(ProceedingJoinPoint joinPoint) throws Throwable {
        Signature signature = joinPoint.getSignature();

--- a/src/main/java/com/zhiwei/brandkbs2/common/RedisKeyPrefix.java
+++ b/src/main/java/com/zhiwei/brandkbs2/common/RedisKeyPrefix.java
@@ -128,6 +128,8 @@ public class RedisKeyPrefix {

    public static final String AI_SEARCH_QUESTION = "BRANDKBS:AI:SEARCH:QUESTION:";

+    public static final String USER_SESSION = "BRANDKBS:USER:SESSION:";
+
    public static String projectWarnHotTopKeyAll(String projectId, String type) {
        return RedisKeyPrefix.generateRedisKey(RedisKeyPrefix.PROJECT_WARN_HOT_TOP, projectId, Tools.concat(type, "*"));
    }
@@ -168,6 +170,10 @@ public class RedisKeyPrefix {
        return RedisKeyPrefix.generateRedisKey(RedisKeyPrefix.HOT_SUPPLEMENT_WORD, projectId);
    }

+    public static String userSessionKey(String userId) {
+        return RedisKeyPrefix.generateRedisKey(RedisKeyPrefix.USER_SESSION, userId);
+    }
+
    private static String generateRedisKey(String... keys) {
        Objects.requireNonNull(keys);
        boolean contains = keys[0].endsWith(":");

--- a/src/main/java/com/zhiwei/brandkbs2/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/zhiwei/brandkbs2/service/impl/UserServiceImpl.java
@@ -3,7 +3,9 @@ package com.zhiwei.brandkbs2.service.impl;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.zhiwei.brandkbs2.auth.UserThreadLocal;
+import com.zhiwei.brandkbs2.common.GenericAttribute;
 import com.zhiwei.brandkbs2.common.GlobalPojo;
+import com.zhiwei.brandkbs2.common.RedisKeyPrefix;
 import com.zhiwei.brandkbs2.config.Constant;
 import com.zhiwei.brandkbs2.dao.ProjectDao;
 import com.zhiwei.brandkbs2.dao.UserDao;
@@ -24,8 +26,10 @@ import com.zhiwei.brandkbs2.pojo.vo.PageVO;
 import com.zhiwei.brandkbs2.service.UserCenterService;
 import com.zhiwei.brandkbs2.service.UserService;
 import com.zhiwei.brandkbs2.util.MongoUtil;
+import com.zhiwei.brandkbs2.util.RedisUtil;
 import com.zhiwei.brandkbs2.util.Tools;
 import com.zhiwei.middleware.auth.pojo.CenterUser;
+import com.zhiwei.middleware.auth.util.JwtUtil;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -38,9 +42,13 @@ import org.springframework.http.HttpEntity;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;

 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 import java.util.*;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Collectors;

@@ -87,6 +95,12 @@ public class UserServiceImpl implements UserService {
    @Autowired
    private RestTemplate restTemplate;

+    @Autowired
+    private RedisUtil redisUtil;
+
+    @Value("${jwt.key}")
+    private String jwtKey;
+
    @Override
    public UserInfo login() {
        String uid = UserThreadLocal.getUserId();
@@ -367,13 +381,27 @@ public class UserServiceImpl implements UserService {

    @Override
    public boolean checkUserRoles() {
-        User user = userDao.findOneById(UserThreadLocal.getUserId());
+        String uid = saveLoginUserSession();
+        User user = userDao.findOneById(uid);
        if (null == user) {
            return false;
        }
        return user.isSuperAdmin() || !CollectionUtils.isEmpty(user.getRoles());
    }

+    /**
+     * 记录登录用户的session 用于单账号登录限制session校验
+     * @return
+     */
+    private String saveLoginUserSession(){
+        ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes());
+        HttpServletRequest request = Objects.requireNonNull(servletRequestAttributes).getRequest();
+        Map<String, Object> map = JwtUtil.unsign(request.getHeader(jwtKey), Map.class);
+        String userId = map.get(GenericAttribute.USER_ID).toString();
+        redisUtil.setExpire(RedisKeyPrefix.userSessionKey(userId), request.getSession().getId(), 7, TimeUnit.DAYS);
+        return userId;
+    }
+
    @Override
    public void resetBind(String username) {
        String uid = UserThreadLocal.getUserId();

--- a/src/main/resources/application-dev.properties
+++ b/src/main/resources/application-dev.properties
@@ -16,6 +16,8 @@ brandkbs.head.url=/usr/local/sources/brandkbs2/head/
 brandkbs.image.url=https://brandkbs.test.zhiweidata.com/brandkbs/images/
 #\u56FE\u7247\u8D44\u6E90\u8DEF\u5F84
 cbs.imagesPath=file:${brandkbs.img.url},file:${brandkbs.head.url}
+#session\u8FC7\u671F\u65F6\u95F4
+server.servlet.session.timeout=604800

 #redis
 spring.redis.host=192.168.0.39

--- a/src/main/resources/application-local.properties
+++ b/src/main/resources/application-local.properties
@@ -16,6 +16,8 @@ brandkbs.head.url=D:\\ExcelTest\\
 brandkbs.image.url=https://brandkbs.zhiweidata.com/brandkbs/images/
 #\u56FE\u7247\u8D44\u6E90\u8DEF\u5F84
 cbs.imagesPath=file:${brandkbs.img.url},file:${brandkbs.head.url}
+#session\u8FC7\u671F\u65F6\u95F4
+server.servlet.session.timeout=604800

 #redis \u6D4B\u8BD5
 spring.redis.host=192.168.0.24

--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -16,6 +16,8 @@ brandkbs.head.url=/usr/local/sources/brandkbs2/head/
 brandkbs.image.url=https://brandkbs.zhiweidata.com/brandkbs/images/
 #\u56FE\u7247\u8D44\u6E90\u8DEF\u5F84
 cbs.imagesPath=file:${brandkbs.img.url},file:${brandkbs.head.url}
+#session\u8FC7\u671F\u65F6\u95F4
+server.servlet.session.timeout=604800

 #redis
 spring.redis.host=192.168.0.39