From c389cd927e5461c2498bebe0ec8409382d0b27b2 Mon Sep 17 00:00:00 2001
From: chenjg <17688741996@163.com>
Date: Fri, 29 Nov 2024 16:48:43 +0800
Subject: [PATCH] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E6=96=B0=E5=A2=9E=E7=AC=AC?=
 =?UTF-8?q?=E4=B8=89=E6=96=B9=E8=AE=A4=E8=AF=81=E6=96=B9=E5=BC=8Fcookie?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filter/core/LoginAuthHandlerBase.java     | 18 ++++++-
 .../login/handler/LoginController.java        |  2 +-
 .../framework/restful/api/LogoutApi.java      | 48 ++++++++++++++++---
 3 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
index f1a8060d7..c1121f576 100644
--- a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
+++ b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
@@ -124,7 +124,7 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
                 String authenticationInfoStr = null;
                 authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(userVo.getUuid());
                 jwtVo = buildJwt(userVo, authenticationInfoVo);
-                setResponseAuthCookie(response, request, tenant, jwtVo);
+                setResponseAuthCookie(response, request, tenant, jwtVo, getType());
                 if (authenticationInfoVo != null && (CollectionUtils.isNotEmpty(authenticationInfoVo.getUserUuidList()) || CollectionUtils.isNotEmpty(authenticationInfoVo.getTeamUuidList()) || CollectionUtils.isNotEmpty(authenticationInfoVo.getRoleUuidList()))) {
                     authenticationInfoVo.setHeaderSet(null);
                     authenticationInfoStr = JSON.toJSONString(authenticationInfoVo);
@@ -210,8 +210,9 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
      * @param request  请求
      * @param tenant   租户
      * @param jwtVo    jwt对象
+     * @param authType 需要标记的认证方式
      */
-    public static void setResponseAuthCookie(HttpServletResponse response, HttpServletRequest request, String tenant, JwtVo jwtVo) {
+    public static void setResponseAuthCookie(HttpServletResponse response, HttpServletRequest request, String tenant, JwtVo jwtVo, String authType) {
         Cookie authCookie = new Cookie("neatlogic_authorization", "GZIP_" + jwtVo.getCc());
         authCookie.setPath("/" + tenant);
         String domainName = request.getServerName();
@@ -229,6 +230,19 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
         // 允许跨域携带cookie
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setContentType(Config.RESPONSE_TYPE_JSON);
+        // 认证方式cookie
+        if (authType == null || Objects.equals("default", authType)) {
+            // 默认登录无需标记，使其失效
+            Cookie authTypeCookie = new Cookie("neatlogic_login_auth_type", null);
+            authTypeCookie.setPath("/" + tenant);
+            authTypeCookie.setMaxAge(0);
+            response.addCookie(authTypeCookie);
+        } else {
+            // 标记第三方认证方式
+            Cookie authTypeCookie = new Cookie("neatlogic_login_auth_type", authType);
+            authTypeCookie.setPath("/" + tenant);
+            response.addCookie(authTypeCookie);
+        }
     }
 
     @Override
diff --git a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
index 1c33437fb..57d119af3 100644
--- a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
+++ b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
@@ -198,7 +198,7 @@ public class LoginController {
                     tenantMapper.updateTenantVisitTime(tenant);
                     tenantVisitSet.add(tenant);
                 }
-                LoginAuthHandlerBase.setResponseAuthCookie(response, request, tenant, jwtVo);
+                LoginAuthHandlerBase.setResponseAuthCookie(response, request, tenant, jwtVo, null);
                 returnObj.put("Status", "OK");
                 returnObj.put("JwtToken", jwtVo.getJwthead() + "." + jwtVo.getJwtbody() + "." + jwtVo.getJwtsign());
                 response.getWriter().print(returnObj);
diff --git a/src/main/java/neatlogic/module/framework/restful/api/LogoutApi.java b/src/main/java/neatlogic/module/framework/restful/api/LogoutApi.java
index 78b625023..da3e5413c 100755
--- a/src/main/java/neatlogic/module/framework/restful/api/LogoutApi.java
+++ b/src/main/java/neatlogic/module/framework/restful/api/LogoutApi.java
@@ -16,7 +16,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.*/
 package neatlogic.module.framework.restful.api;
 
 import com.alibaba.fastjson.JSONObject;
-import neatlogic.framework.common.config.Config;
+import neatlogic.framework.asynchronization.threadlocal.RequestContext;
+import neatlogic.framework.asynchronization.threadlocal.TenantContext;
 import neatlogic.framework.exception.login.LoginAuthNotFoundException;
 import neatlogic.framework.filter.core.ILoginAuthHandler;
 import neatlogic.framework.filter.core.LoginAuthFactory;
@@ -29,6 +30,13 @@ import neatlogic.framework.restful.core.privateapi.PrivateApiComponentBase;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.Objects;
+import java.util.Optional;
+
 @Service
 @OperationType(type = OperationTypeEnum.OPERATE)
 public class LogoutApi extends PrivateApiComponentBase {
@@ -54,17 +62,43 @@ public class LogoutApi extends PrivateApiComponentBase {
 	@Override
 	public Object myDoService(JSONObject jsonObj) throws Exception {
 		ILoginAuthHandler loginAuth;
-		if(StringUtils.isBlank(Config.LOGIN_AUTH_TYPE())){
+		String authType = getAuthTypeCookie();
+		if (StringUtils.isBlank(authType)) {
 			loginAuth = LoginAuthFactory.getLoginAuth("default");
-		}else{
-			loginAuth = LoginAuthFactory.getLoginAuth(Config.LOGIN_AUTH_TYPE());
-		}
-		if(loginAuth == null){
-			throw new LoginAuthNotFoundException(Config.LOGIN_AUTH_TYPE());
+		} else {
+			loginAuth = LoginAuthFactory.getLoginAuth(authType);
+			if (loginAuth == null) {
+				throw new LoginAuthNotFoundException(authType);
+			}
 		}
 		String url = loginAuth.logout();
+		// 使认证方式Cookie失效
+		invalidateAuthTypeCookie();
 		JSONObject returnObj = new JSONObject();
 		returnObj.put("url", StringUtils.isBlank(url) ? StringUtils.EMPTY : url);
 		return returnObj;
 	}
+
+	public String getAuthTypeCookie() {
+		if (RequestContext.get() != null && RequestContext.get().getRequest() != null) {
+			HttpServletRequest request = RequestContext.get().getRequest();
+			if (request.getCookies() != null && request.getCookies().length > 0) {
+				Optional<Cookie> authTypeCookie = Arrays.stream(request.getCookies()).filter(o -> Objects.equals(o.getName(), "neatlogic_login_auth_type")).findFirst();
+				if (authTypeCookie.isPresent()) {
+					return authTypeCookie.get().getValue();
+				}
+			}
+		}
+		return null;
+	}
+
+	public void invalidateAuthTypeCookie() {
+		if (RequestContext.get() != null && RequestContext.get().getResponse() != null && TenantContext.get() != null) {
+			HttpServletResponse response = RequestContext.get().getResponse();
+			Cookie authTypeCookie = new Cookie("neatlogic_login_auth_type", null);
+			authTypeCookie.setPath("/" + TenantContext.get().getTenantUuid());
+			authTypeCookie.setMaxAge(0);
+			response.addCookie(authTypeCookie);
+		}
+	}
 }
-- 
Gitee