first commit

qiaoba-auth/src/main/java/com/qiaoba/auth/service/OnlineUserService.java

@@ -25,8 +25,9 @@ public interface OnlineUserService {
      *
      * @param username 登录账号
      * @param deviceSn 设备号
+     * @param deleteOwn 是否是删除自己
      */
-    void deleteOne(String username, String deviceSn);
+    void deleteOne(String username, String deviceSn, Boolean deleteOwn);
 
     /**
      * 删除(强退)
@@ -60,4 +61,5 @@ public interface OnlineUserService {
      * @return 结果
      */
     Boolean checkIsLastLogged(String username, String deviceSn);
+
 }

qiaoba-auth/src/main/java/com/qiaoba/auth/service/impl/AuthConfigServiceImpl.java

@@ -0,0 +1,60 @@
+package com.qiaoba.auth.service.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.qiaoba.api.auth.service.AuthConfigApiService;
+import com.qiaoba.auth.constants.SecurityConstant;
+import com.qiaoba.common.base.constants.ConfigConstant;
+import com.qiaoba.common.base.exceptions.ServiceException;
+import com.qiaoba.common.redis.service.RedisService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+/**
+ * 安全配置 服务层实现
+ *
+ * @author ailanyin
+ * @version 1.0
+ * @since 2023-05-28 15:09:34
+ */
+@Service
+@RequiredArgsConstructor
+public class AuthConfigServiceImpl implements AuthConfigApiService {
+
+    private final RedisService redisService;
+
+    @Override
+    public Boolean checkAllowBothOnline() {
+        return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.ALLOW_BOTH_ONLINE_KEY));
+    }
+
+    @Override
+    public Boolean getCaptchaConfig() {
+        return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.CAPTCHA_ON_OFF_KEY));
+    }
+
+    @Override
+    public Boolean getRegisterConfig() {
+        return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.REGISTER_ON_OFF_KEY));
+    }
+
+    @Override
+    public void validateCaptcha(String code, String uuid) {
+        if (getCaptchaConfig()) {
+            if (StrUtil.isBlank(code) || StrUtil.isBlank(uuid)) {
+                throw new ServiceException("验证码或uuid获取失败！");
+            }
+            try {
+                if (!redisService.hasKey(SecurityConstant.CAPTCHA_KEY + uuid)) {
+                    throw new ServiceException("验证码已经过期失效！");
+                } else {
+                    if (!code.equalsIgnoreCase(redisService.get(SecurityConstant.CAPTCHA_KEY + uuid).toString())) {
+                        throw new ServiceException("验证码输入错误！");
+                    }
+                }
+
+            } finally {
+                redisService.del(SecurityConstant.CAPTCHA_KEY + uuid);
+            }
+        }
+    }
+}

qiaoba-auth/src/main/java/com/qiaoba/auth/service/impl/OnlineUserServiceImpl.java

@@ -4,13 +4,16 @@ import cn.hutool.core.util.StrUtil;
 import com.qiaoba.api.auth.service.SysUserDetailsApiService;
 import com.qiaoba.auth.constants.SecurityConstant;
 import com.qiaoba.auth.entity.OnlineUser;
+import com.qiaoba.auth.entity.dto.OnlineUserDto;
 import com.qiaoba.auth.service.OnlineUserService;
 import com.qiaoba.auth.utils.TokenUtil;
 import com.qiaoba.common.base.constants.BaseConstant;
+import com.qiaoba.common.base.exceptions.ServiceException;
 import com.qiaoba.common.redis.service.RedisService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -28,16 +31,21 @@ public class OnlineUserServiceImpl implements OnlineUserService {
 
     private final RedisService redisService;
     private final SysUserDetailsApiService sysUserDetailsApiService;
+    private final HttpServletRequest request;
+
 
     @Override
     public void insert(OnlineUser onlineUser) {
-        // key: username:deviceSn
-        // value: onlineUser
         redisService.set(handleKey(onlineUser.getUsername(), onlineUser.getDeviceSn()), onlineUser, TokenUtil.expireTime * 3600);
     }
 
     @Override
-    public void deleteOne(String username, String deviceSn) {
+    public void deleteOne(String username, String deviceSn, Boolean deleteOwn) {
+
+        if (!deleteOwn && isOwn(deviceSn)) {
+            throw new ServiceException("禁止踢出自己！");
+        }
+
         if (deviceSn.equals(redisService.get(SecurityConstant.LOGGED_USER_REDIS_KEY + username))) {
             redisService.del(SecurityConstant.LOGGED_USER_REDIS_KEY + username);
         }
@@ -69,8 +77,7 @@ public class OnlineUserServiceImpl implements OnlineUserService {
         List<OnlineUser> users = new ArrayList<>();
         Collection<String> keys = redisService.getKeys(key);
         for (String temp : keys) {
-            temp = temp.replace("tenant_1:", "");
-            users.add(redisService.getObject(temp, OnlineUser.class));
+            users.add(redisService.getObject(redisService.removeTenantPrefix(temp), OnlineUser.class));
         }
         return users;
     }
@@ -84,4 +91,10 @@ public class OnlineUserServiceImpl implements OnlineUserService {
     private String handleKey(String key, String deviceSn) {
         return SecurityConstant.ONLINE_USER_REDIS_KEY + key + BaseConstant.COLON_JOIN_STR + deviceSn;
     }
+
+    private Boolean isOwn(String deviceSn) {
+        String token = TokenUtil.getToken(request, false);
+        OnlineUserDto dto = TokenUtil.getUsernameAndDeviceSn(token);
+        return deviceSn.equals(dto.getDeviceSn());
+    }
 }