update previous code.

4af777a0 · 王亮 · a6d30a2a · 4af777a0 · 4af777a0 · 4af777a0
Commit 4af777a0 authored Jul 13, 2023 by 王亮
6 changed files
--- a/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
 package cn.quantgroup.xyqb.aspect.limit;

 import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.constant.UserConstant;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.LoginProperties;
@@ -81,25 +82,33 @@ public class PasswordFreeAccessValidateAdvisor {
        }
        // 当前请求的Token
        String token = request.getHeader(Constants.X_AUTH_TOKEN);
+        int tenantId= UserConstant.defaultTenantId;
+        String tenantIdString = request.getHeader(Constants.X_AUTH_TENANT);
+        if(StringUtils.isNotEmpty(tenantIdString)){
+            tenantId = Integer.parseInt(tenantIdString);
+        }
+
+
+
+
 //        if (StringUtils.length(token) != Constants.TOKEN_LENGTH) {
 //            log.info("非法请求 - 无效token, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
 //            return false;
 //        }

        // 当前session
-        SessionStruct session = XyqbSessionContextHolder.getXSessionFromRedis(token);
+        SessionStruct session = XyqbSessionContextHolder.getXSessionFromRedis(token,tenantId);
        if (Objects.isNull(session) || Objects.isNull(session.getValues()) || Objects.isNull(session.getValues().getUser())) {
            log.info("非法请求 - 未登录, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
            return false;
        }

        // 获取头部qg-tenant-id
-        String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
        LoginProperties loginProperties = session.getValues().getLoginProperties();
        // 如果token Session tenantId 不为空
        if (!Objects.isNull(loginProperties.getTenantId())) {
            // 如果头部没有tenantId参数
-            if (StringUtils.isBlank(tenantId)) {
+            if (StringUtils.isBlank(tenantIdString)) {
                // 如果 token Session tenantId 不是默认羊小咩, 那么拒绝登陆
                if (!loginProperties.getTenantId().equals(TenantUtil.TENANT_DEFAULT)) {
                    log.info("非法请求 - 错误租户, token={}, phoneNo={}, userId={}, clientIp={}, tenantId={}, loginTenantId={}", token, phoneNo, userId, clientIp, tenantId, loginProperties.getTenantId().toString());
@@ -114,7 +123,7 @@ public class PasswordFreeAccessValidateAdvisor {
            }
        } else {
            // 如果token seesion tenantId 为空, tenantId不为空，并且不是默认羊小咩
-           if(!StringUtils.isBlank(tenantId) && !TenantUtil.TENANT_DEFAULT.toString().equals(tenantId))  {
+           if(!StringUtils.isBlank(tenantIdString) && !TenantUtil.TENANT_DEFAULT.toString().equals(tenantId))  {
               log.info("非法请求 - 错误租户, token={}, phoneNo={}, userId={}, clientIp={}, tenantId={}", token, phoneNo, userId, clientIp, tenantId);
               return false;
           }

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserApiController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserApiController.java
@@ -72,14 +72,20 @@ public class UserApiController {
            return JsonResult.buildErrorStateResult("token regular invalid ", token);
        }
        String tokenKey = Constants.SESSION_PREFIX + token;
-        String tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
+
+        String tokenKey2;
+        if (tenantId == null || UserConstant.defaultTenantId.equals(tenantId)) {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
+        } else {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + token;
+        }
        // 判断token是否存在
        boolean exist = stringRedisTemplate.hasKey(tokenKey) || stringRedisTemplate.hasKey(tokenKey2);
        log.info("检查token:[{}]有效性[{}]，延续生命期[{}]", token, exist, prolong);
        /* token存在且需要延续时，进一步判断session是否有效，有效时，自动续期 */
        if (Boolean.logicalAnd(exist, prolong)) {
            // 获取session信息
-            SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(token);
+            SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(token,tenantId);
            if (Objects.isNull(sessionStruct)) {
                log.info("延续token:[{}]生命期,result：[{}],SessionStruct：{}", token, false, sessionStruct);
                /* 如果没有获取到session信息则返回错误信息 */

--- a/src/main/java/cn/quantgroup/xyqb/filter/InnerInterceptor.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/InnerInterceptor.java
@@ -45,7 +45,7 @@ public class InnerInterceptor implements HandlerInterceptor {
            throw new BizException(BizExceptionEnum.UN_EXIT_STMS_TOKEN);
        }

-        SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(stmsToken);
+        SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(stmsToken,Integer.valueOf(tenantId));

        if (sessionStruct == null) {
            OauthResult oauthResult = stmsRemoteService.checkToken(stmsToken);

--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
 package cn.quantgroup.xyqb.service.session.impl;

 import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.constant.UserConstant;
 import cn.quantgroup.xyqb.constant.enums.RecordType;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.entity.UserTag;
@@ -64,10 +65,10 @@ public class SessionServiceImpl implements ISessionService {
     */
    @Override
    public AuthBean createSession(User user, LoginProperties properties, int loginType, Integer tenantId) {
-       return this.createSession(user,properties,loginType,tenantId,true);
+        return this.createSession(user, properties, loginType, tenantId, true);
    }

-    public AuthBean createSession(User user, LoginProperties properties, int loginType,Integer tenantId,boolean send){
+    public AuthBean createSession(User user, LoginProperties properties, int loginType, Integer tenantId, boolean send) {
        //找到用户
        //TODO: 使用userId
        String sessionId = findSessionIdByUserIdLoginProperties(user.getId(), properties, tenantId);
@@ -79,6 +80,7 @@ public class SessionServiceImpl implements ISessionService {
            sessionStruct.setAttribute("channelId", String.valueOf(properties.getChannelId()));
            sessionStruct.setAttribute("createdFrom", String.valueOf(properties.getCreatedFrom()));
            sessionStruct.setAttribute("appChannel", String.valueOf(properties.getAppChannel()));
+            sessionStruct.setTenantId(tenantId);
            sessionStruct.getValues().setLoginProperties(properties);
            persistSession(sessionStruct.getSid(), sessionStruct.getValues(), tenantId);
        } else {
@@ -95,7 +97,7 @@ public class SessionServiceImpl implements ISessionService {
        // 添加登陆日志
        loginRecordService.saveLoginRecord(user.getId(), RecordType.LOGINRECORD.getName(), loginType);

-        if(send){
+        if (send) {
            //更新user_tag记录
            applicationEventPublisher.publishEvent(new UserLoginEvent(this, UserTag.builder()
                    .userId(user.getId()).registeredFrom(sessionStruct.getRegisteredFrom()).tenantId(user.getTenantId()).build()));
@@ -142,12 +144,25 @@ public class SessionServiceImpl implements ISessionService {
        } else if (properties.getTenantId().equals(0) || TenantUtil.TENANT_DEFAULT.equals(properties.getTenantId())) {
            return Constants.Session.USER_SESSION_ID_CACHE + ":" + userId + ":" + properties.getMerchantName() + ":" + properties.getCreatedFrom();
        } else {
-            return Constants.Session.USER_SESSION_ID_CACHE + ":" + userId + ":" + properties.getMerchantName() + ":" + properties.getCreatedFrom() + ":" + properties.getTenantId();
+            Integer key;
+            if (tenantId != null) {
+                key = tenantId;
+            } else {
+                key = properties.getTenantId();
+            }
+            return Constants.Session.USER_SESSION_ID_CACHE + ":" + userId + ":" + properties.getMerchantName() + ":" + properties.getCreatedFrom() + ":" + key;
        }
    }

    private String findSessionValueBySessionId(String sessionId, Integer tenantId) {
-        String result = stringRedisTemplate.opsForValue().get(Constants.Session.USER_SESSION_CACHE + sessionId);
+        String tokenKey2;
+        if (tenantId == null || UserConstant.defaultTenantId.equals(tenantId)) {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + sessionId;
+        } else {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + sessionId;
+        }
+
+        String result = stringRedisTemplate.opsForValue().get(tokenKey2);
        return StringUtils.defaultString(result, "");
    }

@@ -190,24 +205,31 @@ public class SessionServiceImpl implements ISessionService {
            sessionValue = new SessionValue();
        }

-        if(sessionValue.getLoginProperties()==null){
+        if (sessionValue.getLoginProperties() == null) {
            sessionValue.setLoginProperties(new LoginProperties());
        }


-        LoginProperties  loginProperties= sessionValue.getLoginProperties();
+        LoginProperties loginProperties = sessionValue.getLoginProperties();
        loginProperties.setTenantId(tenantId);
        sessionValue.setLoginProperties(loginProperties);

        sessionValue.setLastAccessTime(current);
        String json = JSON.toJSONString(sessionValue);
-        stringRedisTemplate.opsForValue().set(Constants.Session.USER_SESSION_CACHE + token, json,
+        String key;
+        if (tenantId == null || UserConstant.defaultTenantId.equals(tenantId)) {
+            key = Constants.Session.USER_SESSION_CACHE + token;
+        } else {
+            key = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + token;
+        }
+
+        stringRedisTemplate.opsForValue().set(key, json,
                time, TimeUnit.SECONDS);
-        if(sessionValue.getUser()!=null){
-            String key = generateLoginPropertiesKey(sessionValue.getUser().getId(), sessionValue.getLoginProperties(), tenantId);
-            stringRedisTemplate.opsForValue().set(key, token, time, TimeUnit.SECONDS);
+        if (sessionValue.getUser() != null) {
+            String generateLoginPropertiesKey = generateLoginPropertiesKey(sessionValue.getUser().getId(), sessionValue.getLoginProperties(), tenantId);
+            stringRedisTemplate.opsForValue().set(generateLoginPropertiesKey, token, time, TimeUnit.SECONDS);
            log.info("[Session生命期延续],token:{},有效期:[24Hour]", token);
-            setUserIdTokenKeys(sessionValue.getUser().getId(), key, tenantId);
+            setUserIdTokenKeys(sessionValue.getUser().getId(), generateLoginPropertiesKey, tenantId);
        }
    }

@@ -272,7 +294,13 @@ public class SessionServiceImpl implements ISessionService {
    }

    private String getUserTokenKey(String token, Integer tenantId) {
-        return Constants.Session.USER_SESSION_CACHE + token;
+        String tokenKey2;
+        if (tenantId == null || UserConstant.defaultTenantId.equals(tenantId)) {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
+        } else {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + token;
+        }
+        return tokenKey2;
    }

    /**
@@ -330,8 +358,14 @@ public class SessionServiceImpl implements ISessionService {
                return;
            }

-            stringRedisTemplate.delete(Constants.Session.USER_SESSION_CACHE + sessionStruct.getSid());
+            String tokenKey2;
+            if (UserConstant.defaultTenantId.equals(tenantId)) {
+                tokenKey2 = Constants.Session.USER_SESSION_CACHE + sessionStruct.getSid();
+            } else {
+                tokenKey2 = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + sessionStruct.getSid();
+            }

+            stringRedisTemplate.delete(tokenKey2);


            String key = generateLoginPropertiesKey(user.getId(), values.getLoginProperties(), tenantId);
@@ -347,7 +381,15 @@ public class SessionServiceImpl implements ISessionService {
        Timestamp current = new Timestamp(System.currentTimeMillis());
        sessionValue.setLastAccessTime(current);
        String json = JSON.toJSONString(sessionValue);
-        stringRedisTemplate.opsForValue().set(Constants.Session.USER_SESSION_CACHE + token, json,
+
+        String tokenKey2;
+        if (UserConstant.defaultTenantId.equals(tenantId)) {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
+        } else {
+            tokenKey2 = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + token;
+        }
+
+        stringRedisTemplate.opsForValue().set(tokenKey2, json,
                Constants.Session.SESSION_VALID_TIME, TimeUnit.SECONDS);
        String key = generateLoginPropertiesKey(sessionValue.getUser().getId(), sessionValue.getLoginProperties(), tenantId);
        stringRedisTemplate.opsForValue().set(key, token, expire, TimeUnit.SECONDS);

--- a/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
+++ b/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
 package cn.quantgroup.xyqb.session;

 import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.constant.UserConstant;
 import cn.quantgroup.xyqb.model.LoginProperties;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.model.session.SessionValue;
@@ -124,7 +125,12 @@ public class XyqbSessionContextHolder {
    public static SessionStruct getXSessionFromRedis() {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        String token = request.getHeader(Constants.X_AUTH_TOKEN);
-        return getXSessionFromRedis(token);
+        int tenantId= UserConstant.defaultTenantId;
+        String tenantIdString = request.getHeader(Constants.X_AUTH_TENANT);
+        if(StringUtils.isNotEmpty(tenantIdString)){
+            tenantId = Integer.parseInt(tenantIdString);
+        }
+        return getXSessionFromRedis(token,tenantId);
    }

    public static String getXSessionFromTenantRedis() {
@@ -132,8 +138,14 @@ public class XyqbSessionContextHolder {
        return request.getHeader(Constants.X_AUTH_TENANT);
    }

-    public static SessionStruct getXSessionFromRedis(String token) {
-        String linkToken = Constants.Session.USER_SESSION_CACHE + token;
+    public static SessionStruct getXSessionFromRedis(String token,Integer tenantId) {
+        String linkToken;
+        if (UserConstant.defaultTenantId.equals(tenantId)) {
+            linkToken = Constants.Session.USER_SESSION_CACHE + token;
+        } else {
+            linkToken = Constants.Session.USER_SESSION_CACHE + tenantId + ":" + token;
+        }
+
        String result = redisTemplate.opsForValue().get(linkToken);
        if (StringUtils.isEmpty(result)) {
            log.warn("[XyqbSessionContextHolder][getXSessionFromRedis] session data 未找到：Tokekn:{},linkTokekn:{},sessionValue:{}", token, linkToken, result);