用户资料和用户token操作相关改造

ae29eb07 · 唐峰 · 81634cff · ae29eb07 · ae29eb07 · ae29eb07
Commit ae29eb07 authored Jul 11, 2023 by 唐峰
6 changed files
--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
@@ -520,8 +520,11 @@ public class UserController implements IBaseController {
     * @yapi http://yapi.quantgroups.com/project/17/interface/api/9191
     */
    @RequestMapping("/token")
-    public JsonResult token(@RequestParam String token, @RequestParam(required = false) Integer tenantId) {
+    public JsonResult token(@RequestParam String token, @RequestParam(required = false) Integer tenantId,@RequestHeader(value =Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantIdHeader) {
+        if (tenantId == null) {
+            tenantId = tenantIdHeader;
+        }
        Map<String, Object> result = new HashMap<>();
        result.put("exist", false);
        if (StringUtils.isEmpty(token)) {
@@ -544,6 +547,11 @@ public class UserController implements IBaseController {
            }
        }
        User user = sessionStruct.getValues().getUser();
+        if (user.getTenantId() == null || !user.getEnable().equals(tenantId)) {
+            log.info("当前token对应的用户非当前租户，userId:{},用户tenantId：{},入参tenantId:{},token:{}", user.getId(),user.getTenantId(),tenantId,token);
+            return JsonResult.buildSuccessResult(null, result);
+        }
        String phoneNo = user.getPhoneNo();
        result.put("phoneNo", phoneNo);
@@ -558,7 +566,11 @@ public class UserController implements IBaseController {
     * token 交换
     */
    @RequestMapping("/tokenExchange")
-    public JsonResult tokenExchange(@RequestParam String token, @RequestParam(required = false) Integer tenantId) {
+    public JsonResult tokenExchange(@RequestParam String token, @RequestParam(required = false) Integer tenantId,@RequestHeader(value =Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantIdHeader) {
+        if (tenantId == null) {
+            tenantId = tenantIdHeader;
+        }
        TokenExchange tokenExchange = new TokenExchange();
        if (StringUtils.isEmpty(token)) {
@@ -572,6 +584,11 @@ public class UserController implements IBaseController {
            return JsonResult.buildSuccessResult(null, tokenExchange);
        }
        User user = sessionStruct.getValues().getUser();
+        if (user.getTenantId() == null || !user.getEnable().equals(tenantId)) {
+            log.info("当前token对应的用户非当前租户，userId:{},用户tenantId：{},入参tenantId:{},token:{}", user.getId(),user.getTenantId(),tenantId,token);
+            return JsonResult.buildSuccessResult(null, tokenExchange);
+        }
        tokenExchange.setLoginProperties(JSONObject.toJSONString(sessionStruct.getValues().getLoginProperties()));
        tokenExchange.setUserId(user.getId());
        tokenExchange.setPhoneNo(user.getPhoneNo());

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
@@ -215,7 +215,7 @@ public class InnerController implements IBaseController {
     * @yapi http://yapi.quantgroups.com/project/17/interface/api/211
     */
    @RequestMapping("/user/save")
-    public JsonResult saveUser(String phoneNo, Long registeredFrom, Integer tenantId) {
+    public JsonResult saveUser(String phoneNo, Long registeredFrom, Integer tenantId,@RequestHeader(value =Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantIdHeader) {
        log.info("保存用户,phoneNo:{},registeredFrom:{}", phoneNo, registeredFrom);
        //参数验证
        if (StringUtils.isBlank(phoneNo)) {
@@ -225,7 +225,7 @@ public class InnerController implements IBaseController {
            registeredFrom = 0L;
        }
        if (tenantId == null) {
-            tenantId = TenantUtil.TENANT_DEFAULT;
+            tenantId = tenantIdHeader;
        }
        User user = userService.findByPhoneWithCache(phoneNo,tenantId);
@@ -257,7 +257,9 @@ public class InnerController implements IBaseController {
            String phoneNo,
            @ChineseName @RequestParam String name,
            String idNo,
-            String email, String qq,@RequestHeader(value = Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantId
+            String email,
+            String qq,
+            @RequestHeader(value = Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantId
    ) {
        log.info(
                "保存用户详细信息,[saveUserDetail] userId:{},phoneNo:{},name:{},idNo:{},email:{},qq:{}",
@@ -321,7 +323,10 @@ public class InnerController implements IBaseController {
     */
    @AccessForbiddenValidator
    @RequestMapping("/user_detail/search/userId")
-    public JsonResult findUserDetailByUserId(Long userId, Integer tenantId) {
+    public JsonResult findUserDetailByUserId(Long userId, Integer tenantId,@RequestHeader(value =Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantIdHeader) {
+        if (tenantId == null) {
+            tenantId = tenantIdHeader;
+        }
        UserInfoEntity userDetail = null;
        // 增加容错性，防备DB中存在的脏数据触发异常
        if (userId != null && userId > 0) {

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/center/UserCenterController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/center/UserCenterController.java
@@ -116,21 +116,21 @@ public class UserCenterController {
        if (null == userId || userId == 0L) {
            return JsonResult.buildErrorStateResult("该用户不存在", null);
        }
-        UserAttached userAttached = userCenterService.saveUserNick(userId, nick);
+        UserAttached userAttached = userCenterService.saveUserNick(userId, nick,tenantId);
        return JsonResult.buildSuccessResult(null, userAttached.getNick());
    }
    @RequestMapping("/kdsp/saveNick")
-    public JsonResult saveUserNickForKdsp(Long userId, String nick) {
+    public JsonResult saveUserNickForKdsp(Long userId, String nick, @RequestHeader(value =Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantId) {
        if (null == userId || userId == 0L) {
            return JsonResult.buildErrorStateResult("该用户不存在", null);
        }
-        UserAttached userAttached = userCenterService.saveUserNick(userId, nick);
+        UserAttached userAttached = userCenterService.saveUserNick(userId, nick,tenantId);
        return JsonResult.buildSuccessResult(null, userAttached.getNick());
    }
    @RequestMapping("/kdsp/save/avatar")
-    public JsonResult saveUserAvatarAddrForKdsp(Long userId, String avatarUrl) {
+    public JsonResult saveUserAvatarAddrForKdsp(Long userId, String avatarUrl,@RequestHeader(value = Constants.X_AUTH_TENANT,defaultValue = UserConstant.defaultTenantIdString) Integer tenantId) {
        if (StringUtils.isBlank(avatarUrl)) {
            log.error("参数不合法:avatarUrl:{}}", avatarUrl );
            return JsonResult.buildErrorStateResult("参数不合法", null);
@@ -138,7 +138,7 @@ public class UserCenterController {
        if (null == userId || userId == 0L) {
            return JsonResult.buildErrorStateResult("该用户不存在", null);
        }
-        UserAttached userAttached = userCenterService.saveUserAvatar(userId, avatarUrl);
+        UserAttached userAttached = userCenterService.saveUserAvatar(userId, avatarUrl,tenantId);
        if (null == userAttached) {
            log.error("保存用户头像昵称失败.");
            return JsonResult.buildErrorStateResult("信息保存失败,请稍后再试.", null);
@@ -166,7 +166,7 @@ public class UserCenterController {
        if (StringUtils.isBlank(avatarUrl)) {
            avatarUrl = Constants.UserAvatar.AVATAR_DEFAULT;
        }
-        UserAttached userAttached = userCenterService.saveUserAvatar(userId, avatarUrl);
+        UserAttached userAttached = userCenterService.saveUserAvatar(userId, avatarUrl,tenantId);
        if (null == userAttached) {
            log.error("保存用户头像昵称失败.");
            return JsonResult.buildErrorStateResult("信息保存失败,请稍后再试.", null);

--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
@@ -302,11 +302,16 @@ public class SessionServiceImpl implements ISessionService {
        if (null != sessionStruct) {
+            SessionValue values = sessionStruct.getValues();
+            User user = values.getUser();
+            if (!user.getTenantId().equals(tenantId)) {
+                log.info("登出失败，token对应的用户和租户信息不匹配，token:{} , user: {}", token, JSON.toJSONString(user));
+                return;
+            }
            stringRedisTemplate.delete(Constants.Session.USER_SESSION_CACHE + sessionStruct.getSid());
-            SessionValue values = sessionStruct.getValues();
-            User user = values.getUser();
            String key = generateLoginPropertiesKey(user.getId(), values.getLoginProperties(),tenantId);

--- a/src/main/java/cn/quantgroup/xyqb/service/user/UserCenterService.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/UserCenterService.java
@@ -28,18 +28,20 @@ public interface UserCenterService {
     *
     * @param userId - 用户主键
     * @param avatar - 头像url地址
+     * @param tenantId 租户ID
     * @return
     */
-    UserAttached saveUserAvatar(long userId, String avatar);
+    UserAttached saveUserAvatar(long userId, String avatar,Integer tenantId);
    /**
     * 保存用户昵称
     *
     * @param userId - 用户主键
     * @param nick   - 昵称
+     * @param tenantId - 租户ID
     * @return
     */
-    UserAttached saveUserNick(long userId, String nick);
+    UserAttached saveUserNick(long userId, String nick,Integer tenantId);
    List<UserAttached> queryUserAttachListLimit(Long id);
 }
--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserCenterServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserCenterServiceImpl.java
@@ -2,11 +2,15 @@ package cn.quantgroup.xyqb.service.user.impl;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.entity.UserAttached;
+import cn.quantgroup.xyqb.entity.UserInfoEntity;
 import cn.quantgroup.xyqb.repository.IUserAttachedRepository;
+import cn.quantgroup.xyqb.repository.IUserInfoRepository;
 import cn.quantgroup.xyqb.repository.IUserRepository;
+import cn.quantgroup.xyqb.service.user.IUserService;
 import cn.quantgroup.xyqb.service.user.UserCenterService;
 import cn.quantgroup.xyqb.util.EmojiUtil;
 import cn.quantgroup.xyqb.util.TenantUtil;
+import com.google.common.collect.Lists;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -30,6 +34,8 @@ public class UserCenterServiceImpl implements UserCenterService {
    @Autowired
    private IUserAttachedRepository userAttachedRepository;
+    @Autowired
+    private IUserInfoRepository userInfoRepository;
    @Autowired
    private IUserRepository userRepository;
@@ -42,42 +48,66 @@ public class UserCenterServiceImpl implements UserCenterService {
    @Override
    public List<UserAttached> searchUserAttachedListByUserId(List<Long> userIds, Integer tenantId) {
-        return userAttachedRepository.findByUserIdIn(userIds);
+        List<UserInfoEntity> userInfoEntityList = userInfoRepository.findByTenantIdAndUserIdIn(tenantId, userIds);
+        if (CollectionUtils.isEmpty(userInfoEntityList)) {
+            return Lists.newArrayList();
+        }
+        List<UserAttached> list = Lists.newArrayList();
+        userInfoEntityList.stream().forEach(e -> {
+            UserAttached userAttached = new UserAttached();
+            userAttached.setUserId(e.getUserId());
+            userAttached.setNick(e.getName());
+            userAttached.setAvatar(e.getPhoto());
+            list.add(userAttached);
+        });
+        return list;
    }
    @Override
-    @CacheEvict(value = "userAttachedCache", key = "'xyqbUserAttached' + #userId", cacheManager = "cacheManager")
+    @CacheEvict(value = "userAttachedCache", key = "'xyqbUserAttached' + #userId +'-'+#tenantId+'-'+#tenantId", cacheManager = "cacheManager")
-    public UserAttached saveUserAvatar(long userId, String avatar) {
+    public UserAttached saveUserAvatar(long userId, String avatar, Integer tenantId) {
-        UserAttached userAttached = userAttachedRepository.findByUserId(userId);
+        UserInfoEntity userAttached = userInfoRepository.findByUserIdAndTenantId(userId, tenantId);
        if (Objects.isNull(userAttached)) {
-            userAttached = createUserAttached(userId, avatar, null);
+            userAttached = createUserAttached(tenantId, userId, avatar, null);
        }
-        if (!Objects.equals(avatar, userAttached.getAvatar())) {
+        if (!Objects.equals(avatar, userAttached.getPhoto())) {
-            userAttached.setAvatar(avatar);
+            userAttached.setPhoto(avatar);
-            userAttached = userAttachedRepository.save(userAttached);
+            userAttached = userInfoRepository.save(userAttached);
        }
-        return userAttached;
+        UserAttached attached = new UserAttached();
+        attached.setUserId(userAttached.getUserId());
+        attached.setAvatar(userAttached.getPhoto());
+        attached.setNick(userAttached.getName());
+        return attached;
    }
    @Override
-    @CacheEvict(value = "userAttachedCache", key = "'xyqbUserAttached' + #userId", cacheManager = "cacheManager")
+    @CacheEvict(value = "userAttachedCache", key = "'xyqbUserAttached' + #userId +'-'+#tenantId", cacheManager = "cacheManager")
-    public UserAttached saveUserNick(long userId, String nick) {
+    public UserAttached saveUserNick(long userId, String nick,Integer tenantId) {
-        UserAttached userAttached = userAttachedRepository.findByUserId(userId);
+        UserInfoEntity userAttached = userInfoRepository.findByUserIdAndTenantId(userId, tenantId);
        // 替换所有,UTF-8编码时4字节的Emoji表情字符
        nick = EmojiUtil.filterUnicode4(nick);
        if (Objects.isNull(userAttached)) {
-            userAttached = createUserAttached(userId, null, nick);
+            userAttached = createUserAttached(tenantId,userId, null, nick);
        }
-        if (!Objects.equals(nick, userAttached.getNick())) {
-            userAttached.setNick(nick);
+        UserAttached attached = null;
+        if (!Objects.equals(nick, userAttached.getName())) {
+            userAttached.setName(nick);
            try {
-                userAttached = userAttachedRepository.save(userAttached);
+                userAttached = userInfoRepository.save(userAttached);
+                attached = new UserAttached();
+                attached.setUserId(userAttached.getUserId());
+                attached.setAvatar(userAttached.getPhoto());
+                attached.setNick(userAttached.getName());
            } catch (ConstraintViolationException e) {
                // Sql唯一约束异常（诱因是Form重复提交，因为该操作是幂等的，故此不需额外处理，可返回成功）
                log.error("Sql约束异常[uni_idx_user_id]重复提交Form是幂等操作，不影响处理结果", e);
            }
        }
-        return userAttached;
+        return attached;
    }
    @Override
@@ -93,17 +123,18 @@ public class UserCenterServiceImpl implements UserCenterService {
     * @param nick   - 昵称
     * @return
     */
-    private synchronized UserAttached createUserAttached(Long userId, String avatar, String nick) {
+    private synchronized UserInfoEntity createUserAttached(Integer tenantId, Long userId, String avatar, String nick) {
-        UserAttached userAttached = userAttachedRepository.findByUserId(userId);
+        //UserAttached userAttached = userAttachedRepository.findByUserId(userId);
+        UserInfoEntity userAttached = userInfoRepository.findByUserIdAndTenantId(userId, tenantId);
        // 更新实例
-        userAttached = Optional.ofNullable(userAttached).orElse(new UserAttached());
+        userAttached = Optional.ofNullable(userAttached).orElse(new UserInfoEntity());
        userAttached.setUserId(userId);
-        if (StringUtils.isBlank(userAttached.getAvatar())) {
+        if (StringUtils.isBlank(userAttached.getPhoto())) {
-            userAttached.setAvatar(avatar);
+            userAttached.setPhoto(avatar);
        }
-        if (StringUtils.isBlank(userAttached.getNick())) {
+        if (StringUtils.isBlank(userAttached.getName())) {
-            userAttached.setNick(nick);
+            userAttached.setName(nick);
        }
-        return userAttachedRepository.save(userAttached);
+        return userInfoRepository.save(userAttached);
    }
 }