diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/config/Oauth2ClientProperties.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/config/Oauth2ClientProperties.java new file mode 100644 index 00000000..848f2fee --- /dev/null +++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/config/Oauth2ClientProperties.java @@ -0,0 +1,25 @@ +package com.ruoyi.auth.config; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.cloud.context.config.annotation.RefreshScope; +import org.springframework.context.annotation.Configuration; + +@Configuration +@RefreshScope +@ConfigurationProperties(prefix = "oauth2") +@Getter +@Setter +public class Oauth2ClientProperties { + + private String clientId; + private String clientSecret; + private String scope; + private String userAuthorizationUri; + private String accessTokenUri; + private String redirectUri; + private String logoutUri; + private String checkTokenUri; + private String loginPage; +} diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java index c53e91a3..4681a385 100644 --- a/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java +++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java @@ -2,12 +2,19 @@ package com.ruoyi.auth.controller; import javax.servlet.http.HttpServletRequest; +import com.alibaba.fastjson2.JSON; +import com.ruoyi.auth.config.Oauth2ClientProperties; +import com.ruoyi.auth.form.AccessTokenVo; import com.ruoyi.auth.form.LoginKeyBody; +import com.ruoyi.common.core.exception.ServiceException; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.bind.annotation.*; import com.ruoyi.auth.form.LoginBody; import com.ruoyi.auth.form.RegisterBody; import com.ruoyi.auth.service.SysLoginService; @@ -18,6 +25,9 @@ import com.ruoyi.common.security.auth.AuthUtil; import com.ruoyi.common.security.service.TokenService; import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.model.LoginUser; +import org.springframework.web.client.RestTemplate; + +import java.util.Map; /** * token 控制 @@ -33,6 +43,9 @@ public class TokenController @Autowired private SysLoginService sysLoginService; + @Autowired + private Oauth2ClientProperties oauth2ClientProperties; + @PostMapping("login") public R login(@RequestBody LoginBody form) { @@ -51,6 +64,64 @@ public class TokenController return R.ok(tokenService.createToken(userInfo)); } + @PostMapping("loginByOauth2") + public R loginByOauth2(@RequestBody Map params) + /** + * { + * "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZGVtby1hcHAiXSwiZXhwIjoxNzI5MTU0MTExLCJ1c2VyX25hbWUiOiJhZG1pbiIsImp0aSI6IjQzNGVkNmI0LWIzN2MtNDliMS04NTczLWZhNmU4YTg5YTUxYSIsImNsaWVudF9pZCI6IkFCQyIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.U591q4fUaUBtBt5Ex-S2daM7DIl9-Ov0MsveymNfHxI", + * "token_type": "bearer", + * "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiZGVtby1hcHAiXSwidXNlcl9uYW1lIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiYXRpIjoiNDM0ZWQ2YjQtYjM3Yy00OWIxLTg1NzMtZmE2ZThhODlhNTFhIiwiZXhwIjoxNzMxNjQ5OTY4LCJqdGkiOiJiODFhNmJkMC02ZDQzLTQ4M2QtOThmMy1hZWIxNDcyZDUwNzciLCJjbGllbnRfaWQiOiJBQkMifQ.0uMYVqW1G7j0chwxIdWGwpjDr12ogZPcD1iQfPsAs5k", + * "expires_in": 7198, + * "scope": "read write", + * "account_info": { + * "id": 1, + * "clientId": "ABC", + * "username": "admin", + * "mobile": "1232378743", + * "email": "abc@123.com" + * } + * } + */ + { + if (params.containsKey("code") && StringUtils.isNotBlank(params.get("code"))){ + RestTemplate restTemplate = new RestTemplate(); + String url = oauth2ClientProperties.getAccessTokenUri(); + HttpHeaders headers = new HttpHeaders(); + headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); + MultiValueMap map= new LinkedMultiValueMap<>(); + map.add("grant_type", "authorization_code"); + map.add("code", params.get("code")); + map.add("redirect_uri", oauth2ClientProperties.getRedirectUri()); + map.add("client_id", oauth2ClientProperties.getClientId()); + map.add("client_secret", oauth2ClientProperties.getClientSecret()); + + HttpEntity> request = new HttpEntity<>(map, headers); + ResponseEntity response = restTemplate.postForEntity(url, request, String.class); + String body = response.getBody(); + + AccessTokenVo accessTokenVo = JSON.parseObject(body, AccessTokenVo.class); + String accessToken = accessTokenVo.getAccess_token(); + AccessTokenVo.Account_info accountInfo = accessTokenVo.getAccount_info(); + + // 用户登录 + LoginUser userInfo = sysLoginService.login(accountInfo); + // 获取登录token + Map token = tokenService.createToken(userInfo); + token.put("checkTokenUri",oauth2ClientProperties.getCheckTokenUri()); + token.put("logoutUri",oauth2ClientProperties.getLogoutUri()); + token.put("oauth2AccessToken",accessToken); + return R.ok(token); + } + + throw new ServiceException("用户信息获取失败"); + } + + + @GetMapping("oauth2ClientInfo") + public R getClientInfo() { + return R.ok(JSON.toJSON(oauth2ClientProperties)); + } + @DeleteMapping("logout") public R logout(HttpServletRequest request) { diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/form/AccessTokenVo.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/form/AccessTokenVo.java new file mode 100644 index 00000000..2d47e1fc --- /dev/null +++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/form/AccessTokenVo.java @@ -0,0 +1,119 @@ +package com.ruoyi.auth.form; + +import java.io.Serializable; +import java.lang.Integer; +import java.lang.String; + +public class AccessTokenVo implements Serializable { + private String access_token; + + private String refresh_token; + + private String scope; + + private Account_info account_info; + + private String token_type; + + private Integer expires_in; + + public String getAccess_token() { + return this.access_token; + } + + public void setAccess_token(String access_token) { + this.access_token = access_token; + } + + public String getRefresh_token() { + return this.refresh_token; + } + + public void setRefresh_token(String refresh_token) { + this.refresh_token = refresh_token; + } + + public String getScope() { + return this.scope; + } + + public void setScope(String scope) { + this.scope = scope; + } + + public Account_info getAccount_info() { + return this.account_info; + } + + public void setAccount_info(Account_info account_info) { + this.account_info = account_info; + } + + public String getToken_type() { + return this.token_type; + } + + public void setToken_type(String token_type) { + this.token_type = token_type; + } + + public Integer getExpires_in() { + return this.expires_in; + } + + public void setExpires_in(Integer expires_in) { + this.expires_in = expires_in; + } + + public static class Account_info implements Serializable { + private String clientId; + + private String mobile; + + private Integer id; + + private String email; + + private String username; + + public String getClientId() { + return this.clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getMobile() { + return this.mobile; + } + + public void setMobile(String mobile) { + this.mobile = mobile; + } + + public Integer getId() { + return this.id; + } + + public void setId(Integer id) { + this.id = id; + } + + public String getEmail() { + return this.email; + } + + public void setEmail(String email) { + this.email = email; + } + + public String getUsername() { + return this.username; + } + + public void setUsername(String username) { + this.username = username; + } + } +} diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java index 1bf324a3..2e1a57e8 100644 --- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java +++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java @@ -1,5 +1,6 @@ package com.ruoyi.auth.service; +import com.ruoyi.auth.form.AccessTokenVo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import com.ruoyi.common.core.constant.CacheConstants; @@ -193,4 +194,62 @@ public class SysLoginService } return userInfo; } + + public LoginUser login(AccessTokenVo.Account_info accountInfo) { + + String username = accountInfo.getUsername(); + + // 用户名或密码为空 错误 + if (StringUtils.isAnyBlank(username)) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户/密码必须填写"); + throw new ServiceException("用户/密码必须填写"); + } + + // 用户名不在指定范围内 错误 + if (username.length() < UserConstants.USERNAME_MIN_LENGTH + || username.length() > UserConstants.USERNAME_MAX_LENGTH) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户名不在指定范围"); + throw new ServiceException("用户名不在指定范围"); + } + // IP黑名单校验 + String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST)); + if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr())) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "很遗憾,访问IP已被列入系统黑名单"); + throw new ServiceException("很遗憾,访问IP已被列入系统黑名单"); + } + // 查询用户信息 + R userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER); + + if (StringUtils.isNull(userResult) || StringUtils.isNull(userResult.getData())) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "登录用户不存在"); + throw new ServiceException("登录用户:" + username + " 不存在"); + // register(username, "123456"); +// userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER); + } + + if (R.FAIL == userResult.getCode()) + { + throw new ServiceException(userResult.getMsg()); + } + + LoginUser userInfo = userResult.getData(); + SysUser user = userResult.getData().getSysUser(); + if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除"); + throw new ServiceException("对不起,您的账号:" + username + " 已被删除"); + } + if (UserStatus.DISABLE.getCode().equals(user.getStatus())) + { + recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员"); + throw new ServiceException("对不起,您的账号:" + username + " 已停用"); + } + + recordLogService.recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功"); + return userInfo; + } } diff --git a/ruoyi-auth/src/main/resources/bootstrap.yml b/ruoyi-auth/src/main/resources/bootstrap.yml index 95a9dfdd..625b9b8f 100644 --- a/ruoyi-auth/src/main/resources/bootstrap.yml +++ b/ruoyi-auth/src/main/resources/bootstrap.yml @@ -13,17 +13,19 @@ spring: cloud: nacos: discovery: + namespace: cc149503-5508-4da9-a735-9505e2a91363 # 服务注册地址 - server-addr: nacos-ci4s.argo.svc:8848 + server-addr: 172.20.32.181:31203 username: nacos password: h1n2x3j4y5@ retry: enabled: true config: + namespace: cc149503-5508-4da9-a735-9505e2a91363 username: nacos password: h1n2x3j4y5@ # 配置中心地址 - server-addr: nacos-ci4s.argo.svc:8848 + server-addr: 172.20.32.181:31203 # 配置文件格式 file-extension: yml # 共享配置 @@ -36,6 +38,18 @@ spring: refresh: true redis: - host: 172.20.32.150 + host: 172.20.32.88 port: 6379 - password: \ No newline at end of file + password: + +oauth2: + url: http://172.20.32.106:8080 +# url: http://110.41.62.43:8088 + client-id: ci4s + client-secret: 123456 + user-authorization-uri: ${oauth2.url}/oauth/authorize + access-token-uri: ${oauth2.url}/oauth/token + logout-uri: ${oauth2.url}/logout + redirect-uri: http://172.20.32.83:8002/authorize + check-token-uri: ${oauth2.url}/oauth/check_token + login-page: ${oauth2.url}/login.html diff --git a/ruoyi-gateway/src/main/resources/bootstrap.yml b/ruoyi-gateway/src/main/resources/bootstrap.yml index d389a43a..7f060cdc 100644 --- a/ruoyi-gateway/src/main/resources/bootstrap.yml +++ b/ruoyi-gateway/src/main/resources/bootstrap.yml @@ -3,7 +3,11 @@ server: port: 8082 # Spring -spring: +spring: + redis: + host: 172.20.32.88 + port: 6379 + password: application: # 应用名称 name: ruoyi-gateway @@ -14,16 +18,18 @@ spring: nacos: discovery: # 服务注册地址 - server-addr: nacos-ci4s.argo.svc:8848 + server-addr: 172.20.32.181:31203 username: nacos password: h1n2x3j4y5@ retry: enabled: true + namespace: cc149503-5508-4da9-a735-9505e2a91363 config: + namespace: cc149503-5508-4da9-a735-9505e2a91363 username: nacos password: h1n2x3j4y5@ # 配置中心地址 - server-addr: nacos-ci4s.argo.svc:8848 + server-addr: 172.20.32.181:31203 # 配置文件格式 file-extension: yml # 共享配置 diff --git a/ruoyi-modules/ruoyi-system/src/main/resources/bootstrap.yml b/ruoyi-modules/ruoyi-system/src/main/resources/bootstrap.yml index 4172ade8..e69f69d3 100644 --- a/ruoyi-modules/ruoyi-system/src/main/resources/bootstrap.yml +++ b/ruoyi-modules/ruoyi-system/src/main/resources/bootstrap.yml @@ -14,14 +14,16 @@ spring: nacos: discovery: # 服务注册地址 - server-addr: nacos-ci4s.argo.svc:8848 + namespace: cc149503-5508-4da9-a735-9505e2a91363 + server-addr: 172.20.32.181:31203 username: nacos password: h1n2x3j4y5@ config: + namespace: cc149503-5508-4da9-a735-9505e2a91363 username: nacos password: h1n2x3j4y5@ # 配置中心地址 - server-addr: nacos-ci4s.argo.svc:8848 + server-addr: 172.20.32.181:31203 # 配置文件格式 file-extension: yml # 共享配置