/* * Copyright (c) 2018-2028, Chill Zhuang All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * Neither the name of the dreamlu.net developer nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * Author: Chill 庄骞 (smallchill@163.com) */ package com.vci.ubcs.auth.utils; import com.vci.ubcs.system.cache.NacosConfigCache; import lombok.SneakyThrows; import com.vci.ubcs.common.constant.TenantConstant; import org.springblade.core.launch.constant.TokenConstant; import org.springblade.core.tenant.BladeTenantProperties; import org.springblade.core.tool.constant.BladeConstant; import org.springblade.core.tool.utils.*; import com.vci.ubcs.system.entity.Tenant; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException; import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; import java.util.Base64; import java.util.Calendar; /** * 认证工具类 * * @author Chill */ public class TokenUtil { public final static String AVATAR = TokenConstant.AVATAR; public final static String ACCOUNT = TokenConstant.ACCOUNT; public final static String USER_NAME = TokenConstant.USER_NAME; public final static String NICK_NAME = TokenConstant.NICK_NAME; public final static String REAL_NAME = TokenConstant.REAL_NAME; public final static String USER_ID = TokenConstant.USER_ID; public final static String DEPT_ID = TokenConstant.DEPT_ID; public final static String POST_ID = TokenConstant.POST_ID; public final static String ROLE_ID = TokenConstant.ROLE_ID; public final static String ROLE_NAME = TokenConstant.ROLE_NAME; public final static String TENANT_ID = TokenConstant.TENANT_ID; public final static String OAUTH_ID = TokenConstant.OAUTH_ID; public final static String CLIENT_ID = TokenConstant.CLIENT_ID; public final static String DETAIL = TokenConstant.DETAIL; public final static String LICENSE = TokenConstant.LICENSE; public final static String LICENSE_NAME = TokenConstant.LICENSE_NAME; public final static String STRATEGYUPDATESTATUS = "strategyUpdateStatus"; public final static String TENANTNAME = "tenantName"; public final static String DEPTNAME = "deptName"; public final static String EMAIL = "email"; public final static String SECRETGRADE = "secretGrade"; public final static String DEPT_HEADER_KEY = "Dept-Id"; public final static String ROLE_HEADER_KEY = "Role-Id"; public final static String CAPTCHA_HEADER_KEY = "Captcha-Key"; public final static String CAPTCHA_HEADER_CODE = "Captcha-Code"; public final static String CAPTCHA_NOT_CORRECT = "验证码不正确"; public final static String TENANT_HEADER_KEY = "Tenant-Id"; public final static String TENANT_PARAM_KEY = "tenant_id"; public final static String DEFAULT_TENANT_ID = "000000"; public final static String TENANT_NOT_FOUND = "租户ID未找到"; public final static String USER_TYPE_HEADER_KEY = "User-Type"; public final static String DEFAULT_USER_TYPE = "web"; public final static String TOKEN_NOT_PERMISSION = "令牌授权已过期"; public final static String USER_NOT_FOUND = "用户名或密码错误"; public final static String USER_HAS_NO_ROLE = "未获得用户的角色信息"; public final static String USER_HAS_NO_TENANT = "未获得用户的租户信息"; public final static String USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员"; public final static String USER_HAS_TOO_MANY_FAILS = "登录错误次数过多,请稍后再试"; public final static String IP_NOT_FOND = "该IP地址无访问权限,请配置IP白名单"; public final static String HEADER_KEY = "Authorization"; public final static String HEADER_PREFIX = "Basic "; public final static String DEFAULT_AVATAR = ""; public final static String PASSWORD_KEY = "password"; public final static String GRANT_TYPE_KEY = "grant_type"; public final static String REFRESH_TOKEN_KEY = "refresh_token"; private static BladeTenantProperties tenantProperties; /** * 获取租户配置 * * @return tenantProperties */ private static BladeTenantProperties getTenantProperties() { if (tenantProperties == null) { tenantProperties = SpringUtil.getBean(BladeTenantProperties.class); } return tenantProperties; } /** * 解码 */ @SneakyThrows public static String[] extractAndDecodeHeader() { String header = WebUtil.getRequest().getHeader(TokenUtil.HEADER_KEY); if (header == null || !header.startsWith(TokenUtil.HEADER_PREFIX)) { throw new UnapprovedClientAuthenticationException("请求头中无client信息"); } byte[] base64Token = header.substring(6).getBytes(Charsets.UTF_8_NAME); byte[] decoded; try { decoded = Base64.getDecoder().decode(base64Token); } catch (IllegalArgumentException var7) { throw new BadCredentialsException("Failed to decode basic authentication token"); } String token = new String(decoded, Charsets.UTF_8_NAME); int index = token.indexOf(StringPool.COLON); if (index == -1) { throw new BadCredentialsException("Invalid basic authentication token"); } else { return new String[]{token.substring(0, index), token.substring(index + 1)}; } } /** * 获取请求头中的客户端id */ public static String getClientIdFromHeader() { String[] tokens = extractAndDecodeHeader(); return tokens[0]; } /** * 获取token过期时间(次日凌晨3点) * * @return expire */ public static int getTokenValiditySecond() { Calendar cal = Calendar.getInstance(); cal.add(Calendar.DAY_OF_YEAR, 1); cal.set(Calendar.HOUR_OF_DAY, 3); cal.set(Calendar.SECOND, 0); cal.set(Calendar.MINUTE, 0); cal.set(Calendar.MILLISECOND, 0); return (int) (cal.getTimeInMillis() - System.currentTimeMillis()) / 1000; } /** * 获取refreshToken过期时间 * * @return expire */ public static int getRefreshTokenValiditySeconds() { return 60 * 60 * 24 * 15; } /** * 判断租户权限 * * @param tenant 租户信息 * @return boolean */ public static boolean judgeTenant(Tenant tenant) { if (tenant == null || tenant.getId() == null) { throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT); } if (StringUtil.equalsIgnoreCase(tenant.getTenantId(), NacosConfigCache.getAdminUserInfo().getTenantId())) { return false; } if (getTenantProperties().getLicense()) { String licenseKey = tenant.getLicenseKey(); String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY); } return false; } }