diff --git a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java index 1bb7dc17d2..2084145759 100644 --- a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java +++ b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java @@ -11,6 +11,7 @@ import io.dataease.auth.service.AuthUserService; import io.dataease.auth.util.JWTUtils; import io.dataease.commons.utils.BeanUtils; import io.dataease.commons.utils.LogUtil; +import io.dataease.commons.utils.TokenCacheUtils; import io.dataease.listener.util.CacheUtils; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; @@ -83,6 +84,9 @@ public class F2CRealm extends AuthorizingRealm { token = (String) auth.getCredentials(); // 解密获得username,用于和数据库进行对比 tokenInfo = JWTUtils.tokenInfoByToken(token); + if (!TokenCacheUtils.validate(token)) { + throw new AuthenticationException("token invalid"); + } } catch (Exception e) { throw new AuthenticationException(e); } diff --git a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java index a68673c3c1..464e0c0979 100644 --- a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java +++ b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java @@ -10,6 +10,7 @@ import io.dataease.auth.service.AuthUserService; import io.dataease.auth.util.JWTUtils; import io.dataease.commons.utils.CommonBeanFactory; import io.dataease.commons.utils.LogUtil; +import io.dataease.commons.utils.TokenCacheUtils; import io.dataease.exception.DataEaseException; import io.dataease.i18n.Translator; import org.apache.commons.lang3.StringUtils; @@ -65,6 +66,9 @@ public class JWTFilter extends BasicHttpAuthenticationFilter { if (StringUtils.startsWith(authorization, "Basic")) { return false; } + if (!TokenCacheUtils.validate(authorization)) { + throw new AuthenticationException(expireMessage); + } // 当没有出现登录超时 且需要刷新token 则执行刷新token if (JWTUtils.loginExpire(authorization)) { throw new AuthenticationException(expireMessage); diff --git a/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/backend/src/main/java/io/dataease/auth/server/AuthServer.java index 44fe78b13e..3eefede2df 100644 --- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java +++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java @@ -234,6 +234,7 @@ public class AuthServer implements AuthApi { if (StringUtils.isBlank(result)) { result = "success"; } + TokenCacheUtils.remove(token); } catch (Exception e) { LogUtil.error(e); if (StringUtils.isBlank(result)) { @@ -287,6 +288,7 @@ public class AuthServer implements AuthApi { if (StringUtils.isBlank(result)) { result = "success"; } + TokenCacheUtils.remove(token); } catch (Exception e) { LogUtil.error(e); if (StringUtils.isBlank(result)) { diff --git a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java index 28072efd05..6d0aaef239 100644 --- a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java +++ b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java @@ -10,6 +10,7 @@ import com.auth0.jwt.interfaces.Verification; import io.dataease.auth.entity.TokenInfo; import io.dataease.auth.entity.TokenInfo.TokenInfoBuilder; import io.dataease.commons.utils.CommonBeanFactory; +import io.dataease.commons.utils.TokenCacheUtils; import io.dataease.exception.DataEaseException; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; @@ -117,7 +118,9 @@ public class JWTUtils { Builder builder = JWT.create() .withClaim("username", tokenInfo.getUsername()) .withClaim("userId", tokenInfo.getUserId()); - return builder.withExpiresAt(date).sign(algorithm); + String sign = builder.withExpiresAt(date).sign(algorithm); + TokenCacheUtils.add(sign, tokenInfo.getUserId()); + return sign; } catch (Exception e) { return null; diff --git a/backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java b/backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java new file mode 100644 index 0000000000..e17f293b51 --- /dev/null +++ b/backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java @@ -0,0 +1,28 @@ +package io.dataease.commons.utils; + +import io.dataease.listener.util.CacheUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; + +public class TokenCacheUtils { + + private static final String KEY = "sys_token_store"; + + public static void add(String token, Long userId) { + CacheUtils.put(KEY, token, userId, null, null); + } + + public static void remove(String token) { + CacheUtils.remove(KEY, token); + } + + public static boolean validate(String token) { + Object sys_token_store = CacheUtils.get(KEY, token); + return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString()); + } + + public static boolean validate(String token, Long userId) { + Object sys_token_store = CacheUtils.get(KEY, token); + return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString()) && userId == Long.parseLong(sys_token_store.toString()); + } +} diff --git a/backend/src/main/resources/ehcache/ehcache.xml b/backend/src/main/resources/ehcache/ehcache.xml index e4086c3e04..c1fedd7f25 100644 --- a/backend/src/main/resources/ehcache/ehcache.xml +++ b/backend/src/main/resources/ehcache/ehcache.xml @@ -270,5 +270,14 @@ memoryStoreEvictionPolicy="LRU" /> + + \ No newline at end of file