Merge branch 'release' into 'master'

Release

See merge request !610

src/main/java/com/zhiwei/brandkbs2/auth/AuthAspect.java

@@ -11,6 +11,7 @@ import com.zhiwei.brandkbs2.service.UserService;
 import com.zhiwei.brandkbs2.util.RedisUtil;
 import com.zhiwei.brandkbs2.util.Tools;
 import com.zhiwei.middleware.auth.util.JwtUtil;
+import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -92,9 +93,13 @@ public class AuthAspect {
                 } else {
                     String uid = tokenInfo.get(GenericAttribute.USER_ID).toString();
                     // session单账号登录限制校验
-//                    if (!checkSession(request, uid)){
-//                        return joinPoint.proceed();
-//                    }
+                    Pair<Boolean, String> pair = checkSession(request, uid);
+                    if (!pair.getLeft()){
+                        if (null != pair.getRight()) {
+                            UserThreadLocal.set(new UserInfo().setIsOtherLogin(true).setIpAddress(pair.getRight()));
+                        }
+                        return joinPoint.proceed();
+                    }
                     UserInfo userInfo = UserService.queryUserInfo(uid, request.getHeader("pid"));
                     if (null == userInfo) {
                         userInfo = new UserInfo().setUserId(uid).setProjectId(request.getHeader("pid"));
@@ -113,19 +118,27 @@ public class AuthAspect {
         return joinPoint.proceed();
     }
 
-    private Boolean checkSession(HttpServletRequest request, String uid) {
+    /**
+     * 比对登录时的sessionId与缓存中（当前登录中）的sessionId 限制单账号登录
+     * @param request
+     * @param uid
+     * @return
+     */
+    private Pair<Boolean, String> checkSession(HttpServletRequest request, String uid) {
         // 小程序端不限制
         if (request.getRequestURI().contains("/brandkbs/mobile/")){
-            return true;
+            return Pair.of(true, null);
         }
         HttpSession session = request.getSession();
         String sessionId = session.getId();
-        String cacheSessionId = redisUtil.get(RedisKeyPrefix.userSessionKey(uid));
-        if (null == cacheSessionId) {
-            redisUtil.setExpire(RedisKeyPrefix.userSessionKey(uid), sessionId, 7, TimeUnit.DAYS);
+        // 缓存中为当前登录中的用户sessionId、ip地址
+        String sessionIdAndIp = redisUtil.get(RedisKeyPrefix.userSessionKey(uid));
+        if (null == sessionIdAndIp){
+            return Pair.of(false, null);
         }
+        String[] split = sessionIdAndIp.split("_");
         // 已登录状态
-        return null == cacheSessionId || Objects.equals(sessionId, cacheSessionId);
+        return Pair.of(Objects.equals(sessionId, split[0]), split[1]);
     }
 
     //    @Around("auth()")

src/main/java/com/zhiwei/brandkbs2/auth/UserThreadLocal.java

@@ -48,9 +48,15 @@ public class UserThreadLocal {
     }
 
     private static void checkExist() {
+        // 登录信息过期
         if (null == TOKEN_USER_INFO.get()) {
             ExceptionCast.cast(LoginCodeEnum.LOGIN_EXPIRED_ERROR);
         }
+        // 异地登录
+        if (null != TOKEN_USER_INFO.get().getIsOtherLogin() && TOKEN_USER_INFO.get().getIsOtherLogin()){
+            String message = String.format("您的账号已在别处登陆（登陆地址：%s），您已被强制下线！如果这不是您本人操作，请立即检查账号安全。", TOKEN_USER_INFO.get().getIpAddress());
+            LoginCodeEnum.LOGIN_OTHER_ERROR.setMessage(message);
+            ExceptionCast.cast(LoginCodeEnum.LOGIN_OTHER_ERROR);
+        }
     }
-
 }

src/main/java/com/zhiwei/brandkbs2/common/GlobalPojo.java

@@ -6,6 +6,7 @@ import com.zhiwei.brandkbs2.dao.ChannelRecordRefreshTaskDao;
 import com.zhiwei.brandkbs2.pojo.*;
 import com.zhiwei.brandkbs2.service.ChannelService;
 import com.zhiwei.brandkbs2.service.SystemInfoService;
+import com.zhiwei.brandkbs2.util.RedisUtil;
 import com.zhiwei.brandkbs2.util.Tools;
 import com.zhiwei.middleware.automaticmark.graphs.Graphs;
 import com.zhiwei.qbjc.bean.pojo.common.MessagePlatform;
@@ -14,6 +15,7 @@ import com.zhiwei.brandkbs2.dao.HighlightWordDao;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.mongodb.core.query.Criteria;
 import org.springframework.data.mongodb.core.query.Query;
@@ -54,6 +56,9 @@ public class GlobalPojo {
     @Resource(name = "channelServiceImpl")
     private ChannelService channelService;
 
+    @Autowired
+    private RedisUtil redisUtil;
+
     /**
      * 监测系统平台
      **/
@@ -133,6 +138,8 @@ public class GlobalPojo {
 
     private void initPojo() throws IOException {
         CHINA_AREA_TAGS = JSONArray.parseArray(Tools.readJsonFile(chinaAreaTag.getInputStream()));
+        deleteUserSessionInfo();
+        updateIncompleteChannelRecordTask();
     }
 
     private void updatePojo(String logMsg) {
@@ -149,7 +156,6 @@ public class GlobalPojo {
             COMMON_SENSITIVE_CHANNEL = systemInfoService.getCommonSensitiveChannel();
             BYTEDANCE_CHANNEL_INFLUENCE = systemInfoService.getByteDanceChannelInfluence();
             updateHighlightGraphs();
-            updateIncompleteChannelRecordTask();
             log.info("{}-获取PLATFORMS-size:{},TAGS-size:{},LINKED_GROUP_ID_TAGS:{},CHANNEL_TAGS:{},MEDIA_TYPE:{},PROJECT_MAP:{},YUQING-PROJECTS-size:{},PROJECT_EMOTION_CHANNEL_DATA-size:{},PROJECT_SENSITIVE_CHANNEL-size:{}, COMMON_SENSITIVE_CHANNEL-size:{},BYTEDANCE_CHANNEL_INFLUENCE-size:{}", logMsg, PLATFORMS.size(), TAGS.size(),
                     LINKED_GROUP_ID_TAGS.size(), CHANNEL_TAGS.size(), MEDIA_TYPE.size(), PROJECT_MAP.size(), YU_QING_PROJECTS.size(), PROJECT_EMOTION_CHANNEL_DATA.size(), PROJECT_SENSITIVE_CHANNEL.size(), COMMON_SENSITIVE_CHANNEL.size(), BYTEDANCE_CHANNEL_INFLUENCE.size());
         } catch (Exception e) {
@@ -157,6 +163,9 @@ public class GlobalPojo {
         }
     }
 
+    /**
+     * 重启未完成的渠道记录更新任务
+     */
     private void updateIncompleteChannelRecordTask(){
         List<ChannelRecordRefreshTask> tasks = channelRecordRefreshTaskDao.findList(new Query(Criteria.where("status").is(ChannelRecordRefreshTask.TaskStatus.UPDATING.getStatus())));
         if (CollectionUtils.isEmpty(tasks)){
@@ -170,6 +179,14 @@ public class GlobalPojo {
         }
     }
 
+    /**
+     * 清空用户sessionId缓存
+     */
+    private void deleteUserSessionInfo(){
+        Set<String> keys = redisUtil.keys(RedisKeyPrefix.USER_SESSION + "*");
+        redisUtil.delete(keys);
+    }
+
     private void updateHighlightGraphs() {
         PROJECT_MAP.forEach((key, project) -> {
             String id = project.getId();

src/main/java/com/zhiwei/brandkbs2/enmus/response/LoginCodeEnum.java

@@ -49,7 +49,11 @@ public enum LoginCodeEnum implements ResultCode {
     /**
      * 登录信息过期
      */
-    LOGIN_EXPIRED_ERROR(false, 1010, "登录信息过期,请重新登陆", 200);
+    LOGIN_EXPIRED_ERROR(false, 1010, "登录信息过期,请重新登陆", 200),
+    /**
+     * 异地登陆
+     */
+    LOGIN_OTHER_ERROR(false, 1011, "您的账号已在别处登陆（登陆地址：%s），您已被强制下线！如果这不是您本人操作，请立即检查账号安全。", 200);
 
     /**
      * 操作是否成功
@@ -62,7 +66,7 @@ public enum LoginCodeEnum implements ResultCode {
     /**
      * 提示信息
      */
-    final String message;
+    String message;
     /**
      * 聚合状态码
      */
@@ -94,4 +98,8 @@ public enum LoginCodeEnum implements ResultCode {
     public int aggCode() {
         return aggCode;
     }
+
+    public void setMessage(String message){
+        this.message = message;
+    }
 }

src/main/java/com/zhiwei/brandkbs2/pojo/UserInfo.java

@@ -24,6 +24,20 @@ public class UserInfo {
     private Long expiredTime;
     private long phoneNumber;
 
+    private Boolean isOtherLogin;
+
+    private String ipAddress;
+
+    public UserInfo setIsOtherLogin(Boolean isOtherLogin) {
+        this.isOtherLogin = isOtherLogin;
+        return this;
+    }
+
+    public UserInfo setIpAddress(String ipAddress) {
+        this.ipAddress = ipAddress;
+        return this;
+    }
+
     public UserInfo setUserId(String userId) {
         this.userId = userId;
         return this;

src/main/java/com/zhiwei/brandkbs2/service/impl/UserServiceImpl.java

@@ -9,6 +9,7 @@ import com.zhiwei.brandkbs2.common.RedisKeyPrefix;
 import com.zhiwei.brandkbs2.config.Constant;
 import com.zhiwei.brandkbs2.dao.ProjectDao;
 import com.zhiwei.brandkbs2.dao.UserDao;
+import com.zhiwei.brandkbs2.dao.UserLogRecordDao;
 import com.zhiwei.brandkbs2.dao.impl.UserOldDaoImpl;
 import com.zhiwei.brandkbs2.dao.impl.UserProjectOldDaoImpl;
 import com.zhiwei.brandkbs2.enmus.RoleEnum;
@@ -16,10 +17,7 @@ import com.zhiwei.brandkbs2.enmus.response.LoginCodeEnum;
 import com.zhiwei.brandkbs2.exception.ExceptionCast;
 import com.zhiwei.brandkbs2.model.CommonCodeEnum;
 import com.zhiwei.brandkbs2.model.ResponseResult;
-import com.zhiwei.brandkbs2.pojo.Project;
-import com.zhiwei.brandkbs2.pojo.User;
-import com.zhiwei.brandkbs2.pojo.UserInfo;
-import com.zhiwei.brandkbs2.pojo.UserRole;
+import com.zhiwei.brandkbs2.pojo.*;
 import com.zhiwei.brandkbs2.pojo.dto.UserDTO;
 import com.zhiwei.brandkbs2.pojo.vo.MobileLoginVO;
 import com.zhiwei.brandkbs2.pojo.vo.PageVO;
@@ -86,6 +84,9 @@ public class UserServiceImpl implements UserService {
     @Resource(name = "userCenterServiceImpl")
     private UserCenterService userCenterService;
 
+    @Resource(name = "UserLogRecordDao")
+    private UserLogRecordDao userLogRecordDao;
+
     @Value("${wx.accesstoken.url}")
     private String wechatAccessTokenUrl;
 
@@ -381,8 +382,8 @@ public class UserServiceImpl implements UserService {
 
     @Override
     public boolean checkUserRoles() {
-//        String uid = saveLoginUserSession();
-        User user = userDao.findOneById(UserThreadLocal.getUserId());
+        String uid = saveLoginUserSession();
+        User user = userDao.findOneById(uid);
         if (null == user) {
             return false;
         }
@@ -398,7 +399,29 @@ public class UserServiceImpl implements UserService {
         HttpServletRequest request = Objects.requireNonNull(servletRequestAttributes).getRequest();
         Map<String, Object> map = JwtUtil.unsign(request.getHeader(jwtKey), Map.class);
         String userId = map.get(GenericAttribute.USER_ID).toString();
-        redisUtil.setExpire(RedisKeyPrefix.userSessionKey(userId), request.getSession().getId(), 7, TimeUnit.DAYS);
+        String ipAddress = Tools.getIpAddress(request);
+        String sessionId = request.getSession().getId();
+        String str = sessionId + "_" + ipAddress;
+        // 当前缓存中的sessionIdAndIp
+        String sessionIdAndIp = redisUtil.get(RedisKeyPrefix.userSessionKey(userId));
+        // 记录异地登录
+        if (Objects.nonNull(sessionIdAndIp)){
+            String[] split = sessionIdAndIp.split("_");
+            // 比较ip地址sessionId 若不相等则记录为异地登录
+            if (!Objects.equals(sessionId, split[0]) && !Objects.equals(ipAddress, split[1])){
+                long now = System.currentTimeMillis();
+                String projectId = request.getHeader("pid");
+                UserInfo userInfo;
+                if (null != (userInfo = queryUserInfo(userId, projectId))) {
+                    String description = "异地登录：" + split[1] + "->" + ipAddress;
+                    userLogRecordDao.insertOne(new UserLogRecord(projectId, userId, userInfo.getNickname(), description, userInfo.getRoleId(), now, now, null),
+                            userLogRecordDao.generateCollectionName());
+                }else {
+                    log.error("异地登录操作记录-用户信息解析异常,projectId:{},userId:{},ip:{}->{}", projectId, userId, sessionIdAndIp, str);
+                }
+            }
+        }
+        redisUtil.setExpire(RedisKeyPrefix.userSessionKey(userId), str, 7, TimeUnit.DAYS);
         return userId;
     }