From 3fb6ce2c0ee737d20af5a0d157694e6d971929fe Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Thu, 7 Dec 2023 19:18:54 +0800
Subject: [PATCH 1/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../threadlocal/UserContext.java              | 15 +++-
 .../framework/dao/cache/UserSessionCache.java | 62 +++++++-------
 .../framework/dao/mapper/RoleMapper.java      |  8 +-
 .../framework/dao/mapper/RoleMapper.xml       | 80 +++++++++++++------
 .../dao/mapper/UserSessionMapper.java         |  8 +-
 .../dao/mapper/UserSessionMapper.xml          | 18 ++---
 .../java/neatlogic/framework/dto/JwtVo.java   | 67 +++++++++++++++-
 .../java/neatlogic/framework/dto/RoleVo.java  | 11 +++
 .../java/neatlogic/framework/dto/UserVo.java  | 12 +++
 .../filter/JsonWebTokenValidFilter.java       | 10 +--
 .../filter/core/LoginAuthHandlerBase.java     | 42 +++-------
 .../service/AuthenticationInfoService.java    | 26 +++++-
 .../AuthenticationInfoServiceImpl.java        | 76 +++++++++++-------
 .../handler/DefaultLoginAuthHandler.java      |  2 +
 .../login/handler/LoginController.java        | 10 +--
 15 files changed, 295 insertions(+), 152 deletions(-)

diff --git a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
index b104140ac..5f42cd8fc 100644
--- a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
+++ b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
@@ -50,6 +50,8 @@ public class UserContext implements Serializable {
     //是否超级管理员
     private Boolean isSuperAdmin = false;
 
+    private String tokenHash;
+
     public static UserContext init(UserContext _userContext) {
         UserContext context = new UserContext();
         if (_userContext != null) {
@@ -102,6 +104,9 @@ public class UserContext implements Serializable {
         context.setResponse(response);
         context.setTimezone(timezone);
         context.setAuthenticationInfoVo(authenticationInfoVo);
+        if(userVo.getJwtVo() != null) {
+            context.setTokenHash(userVo.getJwtVo().getTokenHash());
+        }
         instance.set(context);
         return context;
     }
@@ -259,8 +264,16 @@ public class UserContext implements Serializable {
     }
 
     public void setIsSuperAdmin(Boolean isSuperAdmin) {
-        if(isSuperAdmin != null) {
+        if (isSuperAdmin != null) {
             this.isSuperAdmin = isSuperAdmin;
         }
     }
+
+    public String getTokenHash() {
+        return tokenHash;
+    }
+
+    public void setTokenHash(String tokenHash) {
+        this.tokenHash = tokenHash;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dao/cache/UserSessionCache.java b/src/main/java/neatlogic/framework/dao/cache/UserSessionCache.java
index 00411f4f3..10461fd18 100644
--- a/src/main/java/neatlogic/framework/dao/cache/UserSessionCache.java
+++ b/src/main/java/neatlogic/framework/dao/cache/UserSessionCache.java
@@ -7,39 +7,39 @@ import net.sf.ehcache.config.CacheConfiguration;
 import net.sf.ehcache.config.Configuration;
 
 public class UserSessionCache {
-	private static CacheManager CACHE_MANAGER;
+    private static CacheManager CACHE_MANAGER;
 
-	private synchronized static Ehcache getCache() {
-		if (CACHE_MANAGER == null) {
-			CacheConfiguration cacheConfiguration = new CacheConfiguration();
-			cacheConfiguration.setName("UserSessionCache");
-			cacheConfiguration.setMemoryStoreEvictionPolicy("LRU");
-			cacheConfiguration.setMaxEntriesLocalHeap(1000);
-			cacheConfiguration.internalSetTimeToIdle(300);
-			cacheConfiguration.internalSetTimeToLive(600);
-			Configuration config = new Configuration();
-			config.addCache(cacheConfiguration);
-			CACHE_MANAGER = CacheManager.newInstance(config);
-		}
-		if (!CACHE_MANAGER.cacheExists("UserSessionCache")) {
-			CACHE_MANAGER.addCache("UserSessionCache");
-		}
-		return CACHE_MANAGER.getEhcache("UserSessionCache");
-	}
+    private synchronized static Ehcache getCache() {
+        if (CACHE_MANAGER == null) {
+            CacheConfiguration cacheConfiguration = new CacheConfiguration();
+            cacheConfiguration.setName("UserSessionCache");
+            cacheConfiguration.setMemoryStoreEvictionPolicy("LRU");
+            cacheConfiguration.setMaxEntriesLocalHeap(1000);
+            cacheConfiguration.internalSetTimeToIdle(300);
+            cacheConfiguration.internalSetTimeToLive(600);
+            Configuration config = new Configuration();
+            config.addCache(cacheConfiguration);
+            CACHE_MANAGER = CacheManager.newInstance(config);
+        }
+        if (!CACHE_MANAGER.cacheExists("UserSessionCache")) {
+            CACHE_MANAGER.addCache("UserSessionCache");
+        }
+        return CACHE_MANAGER.getEhcache("UserSessionCache");
+    }
 
-	public static void addItem(String tenant, String userUuid, Object item) {
-		getCache().put(new Element(tenant + ":" + userUuid, item));
-	}
+    public static void addItem(String key, Object item) {
+        getCache().put(new Element(key, item));
+    }
 
-	public static Object getItem(String tenant, String userUuid) {
-		Element cachedElement = getCache().get(tenant + ":" + userUuid);
-		if (cachedElement == null) {
-			return null;
-		}
-		return cachedElement.getObjectValue();
-	}
+    public static Object getItem(String key) {
+        Element cachedElement = getCache().get(key);
+        if (cachedElement == null) {
+            return null;
+        }
+        return cachedElement.getObjectValue();
+    }
 
-	public static boolean removeItem(String tenant, String userUuid){
-		return getCache().remove(tenant + ":" + userUuid);
-	}
+    public static void removeItem(String key) {
+        getCache().remove(key);
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.java b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.java
index d694615b6..a6d67d952 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.java
+++ b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.java
@@ -35,6 +35,8 @@ public interface RoleMapper {
 
     List<String> getRoleUuidListByUserUuid(String userUuid);
 
+    List<String> getRoleUuidListByUserUuidAndEnv(@Param("userUuid") String userUuid, @Param("env") String env);
+
     List<ValueTextVo> searchRoleForSelect(RoleVo roleVo);
 
     List<RoleAuthVo> searchRoleAuthByRoleUuid(String roleUuid);
@@ -69,9 +71,11 @@ public interface RoleMapper {
 
     List<RoleTeamVo> getRoleTeamListByRoleUuidList(@Param("list") List<String> roleList);
 
-    List<RoleUserVo> getRoleUserListByRoleUuidList(@Param("list")List<String> roleList);
+    List<RoleUserVo> getRoleUserListByRoleUuidList(@Param("list") List<String> roleList);
+
+    List<String> getRoleUuidListByTeamUuidListAndEnv(@Param("teamUuidList") List<String> teamUuidList, @Param("env") String env);
 
-    List<String> getRoleUuidListByTeamUuidListAndCheckedChildren(@Param("teamUuidList") List<String> teamUuidList, @Param("checkedChildren") Integer checkedChildren);
+    List<String> getRoleUuidListByTeamUuidListAndCheckedChildrenAndEnv(@Param("teamUuidList") List<String> teamUuidList, @Param("checkedChildren") Integer checkedChildren, @Param("env") String env);
 
     /**
      * 根据team的uuid获取当前组的roleList
diff --git a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
index 7671472bf..68b1f8e3e 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
@@ -48,7 +48,7 @@ limitations under the License.
         a.`description`
         FROM `role` a
         LEFT JOIN `role_authority` c ON a.`uuid` = c.`role_uuid`
-       <where>
+        <where>
             <if test="keyword != null and keyword != ''">
                 AND (name LIKE CONCAT('%',#{keyword}, '%') OR description LIKE CONCAT('%',#{keyword}, '%'))
             </if>
@@ -58,13 +58,13 @@ limitations under the License.
             <if test="auth != null and auth != ''">
                 AND c.`auth` = #{auth}
             </if>
-           <if test="roleUuidList != null and roleUuidList.size()>0">
-               and uuid in
-               <foreach collection="roleUuidList" item="roleUuid" open="(" separator="," close=")">
-                   #{roleUuid}
-               </foreach>
-           </if>
-       </where>
+            <if test="roleUuidList != null and roleUuidList.size()>0">
+                and uuid in
+                <foreach collection="roleUuidList" item="roleUuid" open="(" separator="," close=")">
+                    #{roleUuid}
+                </foreach>
+            </if>
+        </where>
         GROUP BY a.`uuid`
         ORDER BY a.`id` DESC
         <if test="needPage == true">
@@ -216,9 +216,8 @@ limitations under the License.
     </select>
 
     <select id="getRoleTeamListByRoleUuid" resultType="neatlogic.framework.dto.RoleTeamVo">
-        SELECT
-        `team_uuid` AS teamUuid,
-        `checked_children` AS checkedChildren
+        SELECT `team_uuid`        AS teamUuid,
+               `checked_children` AS checkedChildren
         FROM `team_role`
         WHERE `role_uuid` = #{value}
     </select>
@@ -256,13 +255,32 @@ limitations under the License.
         </foreach>
     </select>
 
-    <select id="getRoleUuidListByTeamUuidListAndCheckedChildren" resultType="java.lang.String" useCache="false">
-        SELECT `role_uuid` FROM `team_role` WHERE `team_uuid` IN
+    <select id="getRoleUuidListByTeamUuidListAndCheckedChildrenAndEnv" resultType="java.lang.String" useCache="false">
+        SELECT tr.`role_uuid` FROM `team_role` tr
+        <if test="env != null and env != ''">
+            left join `role` r on r.uuid= tr.role_uuid
+        </if>
+        WHERE tr.`team_uuid` IN
+        <foreach collection="teamUuidList" item="teamUuid" open="(" separator="," close=")">
+            #{teamUuid}
+        </foreach>
+        AND tr.`checked_children` = #{checkedChildren}
+        <if test="env != null and env != ''">
+            and (r.`env` = #{env} or r.`env` is null )
+        </if>
+    </select>
+
+    <select id="getRoleUuidListByTeamUuidListAndEnv" resultType="java.lang.String" useCache="false">
+        SELECT tr.`role_uuid` FROM `team_role` tr
+        <if test="env != null and env != ''">
+            left join `role` r on r.uuid= tr.role_uuid
+        </if>
+        WHERE tr.`team_uuid` IN
         <foreach collection="teamUuidList" item="teamUuid" open="(" separator="," close=")">
             #{teamUuid}
         </foreach>
-        <if test="checkedChildren != null">
-            AND `checked_children` = #{checkedChildren}
+        <if test="env != null and env != ''">
+            and (r.`env` = #{env} or r.`env` is null )
         </if>
     </select>
 
@@ -278,13 +296,13 @@ limitations under the License.
     </resultMap>
 
     <select id="getRoleListByTeamUuidList" resultMap="roleTeamMap">
-        SELECT t.uuid       as parentTeamUuid,
-               t.`name`     as parentTeamName,
-               tr.role_uuid as roleUuid,
-               r.`name`     as roleName
+        SELECT t.uuid as parentTeamUuid,
+        t.`name` as parentTeamName,
+        tr.role_uuid as roleUuid,
+        r.`name` as roleName
         FROM team t
-                 JOIN team_role tr ON tr.team_uuid = t.uuid
-                 LEFT JOIN role r ON r.uuid = tr.role_uuid
+        JOIN team_role tr ON tr.team_uuid = t.uuid
+        LEFT JOIN role r ON r.uuid = tr.role_uuid
         WHERE t.uuid IN
         <foreach collection="list" item="uuid" open="(" separator="," close=")">
             #{uuid}
@@ -312,7 +330,7 @@ limitations under the License.
         from team_role a
         where a.role_uuid in
         <foreach collection="list" item="roleUuid" open="(" separator="," close=")">
-             #{roleUuid}
+            #{roleUuid}
         </foreach>
         GROUP BY a.role_uuid
     </select>
@@ -338,11 +356,22 @@ limitations under the License.
             #{item}
         </foreach>
     </select>
+    <select id="getRoleUuidListByUserUuidAndEnv" resultType="java.lang.String">
+        select ur.`role_uuid`
+        from `user_role` ur
+        <if test="env != null and env != ''">
+            left join `role` r on r.uuid= ur.role_uuid
+        </if>
+        where ur.`user_uuid` = #{userUuid}
+        <if test="env != null and env != ''">
+            and (r.`env` = #{env} or r.`env` is null )
+        </if>
+    </select>
 
 
     <insert id="insertRole" parameterType="neatlogic.framework.dto.RoleVo">
-        INSERT INTO `role` (`id`, `uuid`, `name`, `description`)
-        VALUES (#{id}, #{uuid}, #{name}, #{description})
+        INSERT INTO `role` (`id`, `uuid`, `name`, `description`, `env`)
+        VALUES (#{id}, #{uuid}, #{name}, #{description}, #{env})
     </insert>
 
     <insert id="replaceRoleUser" parameterType="neatlogic.framework.dto.RoleUserVo">
@@ -374,7 +403,8 @@ limitations under the License.
     <update id="updateRole" parameterType="neatlogic.framework.dto.RoleVo">
         UPDATE `role`
         SET `name`        = #{name},
-            `description` = #{description}
+            `description` = #{description},
+            `env`         = #{env}
         WHERE `uuid` = #{uuid}
     </update>
 
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
index 90892ab4a..33c3eeae8 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
@@ -23,7 +23,7 @@ import java.util.Date;
 import java.util.List;
 
 public interface UserSessionMapper {
-    UserSessionVo getUserSessionByUserUuid(String userUuid);
+    UserSessionVo getUserSessionByTokenHash(String userUuid);
 
     int getAllOnlineUserCount(Date sessionTime);
 
@@ -48,10 +48,10 @@ public interface UserSessionMapper {
 
     int getUserSessionCountByDate(String limitDate);
 
-    int insertUserSession(@Param("userUuid") String userUuid, @Param("authInfo") String authInfo);
+    int insertUserSession(@Param("userUuid") String userUuid, @Param("tokenHash") String tokenHash, @Param("tokenCreateTime") Long tokenCreateTime, @Param("authInfo") String authInfo);
 
-    int updateUserSession(String userUuid);
+    int updateUserSession(String tokenHash);
 
-    int deleteUserSessionByUserUuid(String userUuid);
+    int deleteUserSessionByTokenHash(String tokenHash);
 
 }
\ No newline at end of file
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
index ccb8eeea9..4850297f8 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
@@ -19,11 +19,11 @@ limitations under the License.
 <mapper namespace="neatlogic.framework.dao.mapper.UserSessionMapper">
     <cache type="neatlogic.framework.dao.cache.NeatLogicCache" flushInterval="30000" size="100"/>
 
-    <select id="getUserSessionByUserUuid" parameterType="java.lang.String"
+    <select id="getUserSessionByTokenHash" parameterType="java.lang.String"
             resultType="neatlogic.framework.dto.UserSessionVo" useCache="false">
         SELECT `user_uuid` as userUuid, `visit_time` as sessionTime,`auth_info` as authInfoStr
         FROM `user_session`
-        WHERE `user_uuid` = #{value}
+        WHERE `token_hash` = #{value}
     </select>
 
     <select id="getOnlineUserUuidListByUserUuidListAndTeamUuidListAndRoleUuidListAndGreaterThanSessionTimeCount"
@@ -136,23 +136,23 @@ limitations under the License.
         FROM `user_session` b where b.`visit_time` &gt;= #{value}
     </select>
 
-    <insert id="insertUserSession" parameterType="java.lang.String">
-        INSERT INTO `user_session` (`user_uuid`, `visit_time`,`auth_info`)
-        VALUES (#{userUuid}, NOW(3), #{authInfo})
+    <insert id="insertUserSession">
+        INSERT INTO `user_session` (`user_uuid`, `visit_time`, `token_hash`, `token_create_time`, `auth_info`)
+        VALUES (#{userUuid}, NOW(3), #{tokenHash}, #{tokenCreateTime}, #{authInfo})
         ON DUPLICATE KEY
-            UPDATE `visit_time` = NOW(3)
+            UPDATE `visit_time` = NOW(3), `auth_info` = #{authInfo}
     </insert>
 
     <update id="updateUserSession" parameterType="java.lang.String">
         UPDATE `user_session`
         set `visit_time` = now(3)
-        WHERE `user_uuid` = #{userUuid}
+        WHERE `token_hash` = #{value}
     </update>
 
-    <delete id="deleteUserSessionByUserUuid" parameterType="java.lang.String">
+    <delete id="deleteUserSessionByTokenHash" parameterType="java.lang.String">
         DELETE
         FROM `user_session`
-        where `user_uuid` = #{value}
+        where `token_hash` = #{value}
     </delete>
 
 </mapper>
diff --git a/src/main/java/neatlogic/framework/dto/JwtVo.java b/src/main/java/neatlogic/framework/dto/JwtVo.java
index bb4d3fdee..91d8bbb01 100644
--- a/src/main/java/neatlogic/framework/dto/JwtVo.java
+++ b/src/main/java/neatlogic/framework/dto/JwtVo.java
@@ -1,33 +1,92 @@
 package neatlogic.framework.dto;
 
+import com.alibaba.fastjson.JSONObject;
+import neatlogic.framework.common.constvalue.ApiParamType;
+import neatlogic.framework.restful.annotation.EntityField;
+import neatlogic.framework.util.Md5Util;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.Base64;
+
 public class JwtVo {
     private String cc;
     private String jwthead;
     private String jwtbody;
     private String jwtsign;
+    @EntityField(name = "创建时间", type = ApiParamType.STRING)
+    private Long tokenCreateTime;
+
+    @EntityField(name = "token哈希", type = ApiParamType.STRING)
+    private String tokenHash;
+
+    public JwtVo() {
+
+    }
+
+    public JwtVo(UserVo checkUserVo) {
+        JSONObject jwtBodyObj = new JSONObject();
+        jwtBodyObj.put("useruuid", checkUserVo.getUuid());
+        jwtBodyObj.put("userid", checkUserVo.getUserId());
+        jwtBodyObj.put("username", checkUserVo.getUserName());
+        jwtBodyObj.put("tenant", checkUserVo.getTenant());
+        jwtBodyObj.put("isSuperAdmin", checkUserVo.getIsSuperAdmin());
+        jwtBodyObj.put("createTime", tokenCreateTime);
+        jwtbody = Base64.getUrlEncoder().encodeToString(jwtBodyObj.toJSONString().getBytes());
+    }
+
+    public JwtVo(String[] jwtParts) {
+        this.jwthead = jwtParts[0];
+        this.jwtbody = jwtParts[1];
+        this.jwtsign = jwtParts[2];
+    }
+
     public String getCc() {
         return cc;
     }
+
     public void setCc(String cc) {
         this.cc = cc;
     }
+
     public String getJwthead() {
+        if (StringUtils.isBlank(jwthead)) {
+            JSONObject jwtHeadObj = new JSONObject();
+            jwtHeadObj.put("alg", "HS256");
+            jwtHeadObj.put("typ", "JWT");
+            jwthead = Base64.getUrlEncoder().encodeToString(jwtHeadObj.toJSONString().getBytes());
+        }
         return jwthead;
     }
-    public void setJwthead(String jwthead) {
-        this.jwthead = jwthead;
-    }
+
     public String getJwtbody() {
         return jwtbody;
     }
+
+    public void setJwthead(String jwthead) {
+        this.jwthead = jwthead;
+    }
+
     public void setJwtbody(String jwtbody) {
         this.jwtbody = jwtbody;
     }
+
     public String getJwtsign() {
         return jwtsign;
     }
+
     public void setJwtsign(String jwtsign) {
         this.jwtsign = jwtsign;
     }
-    
+
+    public Long getTokenCreateTime() {
+        return tokenCreateTime;
+    }
+
+    public void setTokenCreateTime(Long tokenCreateTime) {
+        this.tokenCreateTime = tokenCreateTime;
+    }
+
+    public String getTokenHash() {
+        return Md5Util.encryptMD5(getJwthead() + "." + getJwtbody() + "." + getJwtsign());
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dto/RoleVo.java b/src/main/java/neatlogic/framework/dto/RoleVo.java
index f006dbd72..40d006060 100644
--- a/src/main/java/neatlogic/framework/dto/RoleVo.java
+++ b/src/main/java/neatlogic/framework/dto/RoleVo.java
@@ -43,6 +43,9 @@ public class RoleVo extends BasePageVo implements Serializable {
     @EntityField(name = "角色描述",
             type = ApiParamType.STRING)
     private String description;
+    @EntityField(name = "环境",
+            type = ApiParamType.STRING)
+    private String env;
     private int userCount;
     private int teamCount;
     private String authGroup;
@@ -174,4 +177,12 @@ public class RoleVo extends BasePageVo implements Serializable {
     public void setTeamList(List<TeamVo> teamList) {
         this.teamList = teamList;
     }
+
+    public String getEnv() {
+        return env;
+    }
+
+    public void setEnv(String env) {
+        this.env = env;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dto/UserVo.java b/src/main/java/neatlogic/framework/dto/UserVo.java
index 3a9402359..7b70f59ff 100644
--- a/src/main/java/neatlogic/framework/dto/UserVo.java
+++ b/src/main/java/neatlogic/framework/dto/UserVo.java
@@ -130,6 +130,10 @@ public class UserVo extends BaseEditorVo implements Serializable {
     private Boolean isSuperAdmin;
     private String source;
 
+    @JSONField(serialize = false)
+    @EntityField(name = "jwtVo", type = ApiParamType.BOOLEAN)
+    private JwtVo jwtVo;
+
     public UserVo() {
 
     }
@@ -587,4 +591,12 @@ public class UserVo extends BaseEditorVo implements Serializable {
     public void setSource(String source) {
         this.source = source;
     }
+
+    public JwtVo getJwtVo() {
+        return jwtVo;
+    }
+
+    public void setJwtVo(JwtVo jwtVo) {
+        this.jwtVo = jwtVo;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
index dae72ab15..ec74c3303 100644
--- a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
+++ b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
@@ -202,22 +202,22 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
     private boolean userExpirationValid(UserVo userVo, String timezone, HttpServletRequest request, HttpServletResponse response) {
         String userUuid = userVo.getUuid();
         String tenant = TenantContext.get().getTenantUuid();
-        AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(tenant, userUuid);
+        AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(userVo.getJwtVo().getTokenHash());
         if (authenticationInfo == null || authenticationInfo.getUserUuid() == null) {
-            UserSessionVo userSessionVo = userSessionMapper.getUserSessionByUserUuid(userUuid);
+            UserSessionVo userSessionVo = userSessionMapper.getUserSessionByTokenHash(userVo.getJwtVo().getTokenHash());
             if (null != userSessionVo) {
                 Date visitTime = userSessionVo.getSessionTime();
                 Date now = new Date();
                 int expire = Config.USER_EXPIRETIME();
                 long expireTime = expire * 60L * 1000L + visitTime.getTime();
                 if (now.getTime() < expireTime) {
-                    userSessionMapper.updateUserSession(userUuid);
+                    userSessionMapper.updateUserSession(userVo.getJwtVo().getTokenHash());
                     authenticationInfo = userSessionVo.getAuthInfo();
-                    UserSessionCache.addItem(tenant, userUuid, authenticationInfo);
+                    UserSessionCache.addItem(userVo.getJwtVo().getTokenHash(), authenticationInfo);
                     UserContext.init(userVo, authenticationInfo, timezone, request, response);
                     return true;
                 }
-                userSessionMapper.deleteUserSessionByUserUuid(userUuid);
+                userSessionMapper.deleteUserSessionByTokenHash(userVo.getJwtVo().getTokenHash());
             }
         } else {
             UserContext.init(userVo, authenticationInfo, timezone, request, response);
diff --git a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
index e1c60e4ba..0b5b54618 100644
--- a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
+++ b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
@@ -17,7 +17,6 @@
 package neatlogic.framework.filter.core;
 
 import com.alibaba.fastjson.JSONObject;
-import neatlogic.framework.asynchronization.threadlocal.TenantContext;
 import neatlogic.framework.asynchronization.threadlocal.UserContext;
 import neatlogic.framework.common.config.Config;
 import neatlogic.framework.dao.cache.UserSessionCache;
@@ -100,9 +99,9 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
             logger.warn("======= myAuth: " + getType() + " ===== " + userVo.getUserId());
             JwtVo jwtVo = buildJwt(userVo);
             setResponseAuthCookie(response, request, tenant, jwtVo);
-            //userVo.setRoleUuidList(roleMapper.getRoleUuidListByUserUuid(userVo.getUuid()));//TODO 是否可以去掉，得排查后续用到的逻辑，换成使用authenticationInfoVo
-            AuthenticationInfoVo authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(userVo.getUuid());
-            userSessionMapper.insertUserSession(userVo.getUuid(), JSONObject.toJSONString(authenticationInfoVo));
+            AuthenticationInfoVo authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(userVo.getUuid(), request.getHeader("Env"));
+            userSessionMapper.insertUserSession(userVo.getUuid(), jwtVo.getTokenHash(), jwtVo.getTokenCreateTime(), JSONObject.toJSONString(authenticationInfoVo));
+            userVo.setJwtVo(jwtVo);
         }
         return userVo;
     }
@@ -117,33 +116,16 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
      * @throws Exception 异常
      */
     public static JwtVo buildJwt(UserVo checkUserVo) throws Exception {
-        JSONObject jwtHeadObj = new JSONObject();
-        jwtHeadObj.put("alg", "HS256");
-        jwtHeadObj.put("typ", "JWT");
-
-        JSONObject jwtBodyObj = new JSONObject();
-        jwtBodyObj.put("useruuid", checkUserVo.getUuid());
-        jwtBodyObj.put("userid", checkUserVo.getUserId());
-        jwtBodyObj.put("username", checkUserVo.getUserName());
-        jwtBodyObj.put("tenant", checkUserVo.getTenant());
-        jwtBodyObj.put("isSuperAdmin", checkUserVo.getIsSuperAdmin());
-//        if (CollectionUtils.isNotEmpty(checkUserVo.getRoleUuidList())) {
-//            jwtBodyObj.put("rolelist", checkUserVo.getRoleUuidList());
-//        }
-
-        String jwthead = Base64.getUrlEncoder().encodeToString(jwtHeadObj.toJSONString().getBytes());
-        String jwtbody = Base64.getUrlEncoder().encodeToString(jwtBodyObj.toJSONString().getBytes());
-
+        Long tokenCreateTime = System.currentTimeMillis();
+        JwtVo jwtVo = new JwtVo(checkUserVo);
         SecretKeySpec signingKey = new SecretKeySpec(Config.JWT_SECRET().getBytes(), "HmacSHA1");
         Mac mac;
-
         mac = Mac.getInstance("HmacSHA1");
         mac.init(signingKey);
-        byte[] rawHmac = mac.doFinal((jwthead + "." + jwtbody).getBytes());
+        byte[] rawHmac = mac.doFinal((jwtVo.getJwthead() + "." + jwtVo.getJwtbody()).getBytes());
         String jwtsign = Base64.getUrlEncoder().encodeToString(rawHmac);
-
         // 压缩cookie内容
-        String c = "Bearer_" + jwthead + "." + jwtbody + "." + jwtsign;
+        String c = "Bearer_" + jwtVo.getJwthead() + "." + jwtVo.getJwtbody() + "." + jwtsign;
         checkUserVo.setAuthorization(c);
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         GZIPOutputStream gzipOutputStream = new GZIPOutputStream(bos);
@@ -151,11 +133,9 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
         gzipOutputStream.close();
         String cc = Base64.getEncoder().encodeToString(bos.toByteArray());
         bos.close();
-        JwtVo jwtVo = new JwtVo();
         jwtVo.setCc(cc);
-        jwtVo.setJwthead(jwthead);
-        jwtVo.setJwtbody(jwtbody);
         jwtVo.setJwtsign(jwtsign);
+        jwtVo.setTokenCreateTime(tokenCreateTime);
         return jwtVo;
     }
 
@@ -189,9 +169,9 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
 
     @Override
     public String logout() {
-        UserSessionCache.removeItem(TenantContext.get().getTenantUuid(), UserContext.get().getUserUuid(true));
-        userSessionMapper.deleteUserSessionByUserUuid(UserContext.get().getUserUuid(true));
-        String url = null;
+        UserSessionCache.removeItem(UserContext.get().getTokenHash());
+        userSessionMapper.deleteUserSessionByTokenHash(UserContext.get().getTokenHash());
+        String url;
         try {
             url = myLogout();
         } catch (IOException e) {
diff --git a/src/main/java/neatlogic/framework/service/AuthenticationInfoService.java b/src/main/java/neatlogic/framework/service/AuthenticationInfoService.java
index 80488249e..dcbbe6ca2 100644
--- a/src/main/java/neatlogic/framework/service/AuthenticationInfoService.java
+++ b/src/main/java/neatlogic/framework/service/AuthenticationInfoService.java
@@ -28,15 +28,33 @@ public interface AuthenticationInfoService {
 
     /**
      * 查询用户鉴权时，需要用到到userUuid、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
-     * @param userUuid
-     * @return
+     *
+     * @param userUuid 用户uuid
      */
     AuthenticationInfoVo getAuthenticationInfo(String userUuid);
 
+
+    /**
+     * 查询用户鉴权时，需要用到到userUuid、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
+     *
+     * @param userUuid 用户uuid
+     * @param env 环境
+     */
+    AuthenticationInfoVo getAuthenticationInfo(String userUuid, String env);
+
     /**
      * 查询用户鉴权时，需要用到到userUuidList、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
-     * @param userUuidList
-     * @return
+     *
+     * @param userUuidList 用户uuid列表
      */
     AuthenticationInfoVo getAuthenticationInfo(List<String> userUuidList);
+
+
+    /**
+     * 查询用户鉴权时，需要用到到userUuidList、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
+     *
+     * @param userUuidList 用户uuid列表
+     * @param env 环境
+     */
+    AuthenticationInfoVo getAuthenticationInfo(List<String> userUuidList, String env);
 }
diff --git a/src/main/java/neatlogic/framework/service/AuthenticationInfoServiceImpl.java b/src/main/java/neatlogic/framework/service/AuthenticationInfoServiceImpl.java
index 458150029..92eedb028 100644
--- a/src/main/java/neatlogic/framework/service/AuthenticationInfoServiceImpl.java
+++ b/src/main/java/neatlogic/framework/service/AuthenticationInfoServiceImpl.java
@@ -51,19 +51,40 @@ public class AuthenticationInfoServiceImpl implements AuthenticationInfoService
 
     /**
      * 查询用户鉴权时，需要用到到userUuid、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
-     * @param userUuid
-     * @return
+     *
+     * @param userUuid 用户uuid
      */
     @Override
-    public AuthenticationInfoVo getAuthenticationInfo(String userUuid){
+    public AuthenticationInfoVo getAuthenticationInfo(String userUuid) {
         List<String> teamUuidList = teamMapper.getTeamUuidListByUserUuid(userUuid);
         List<String> userRoleUuidList = roleMapper.getRoleUuidListByUserUuid(userUuid);
         Set<String> roleUuidSet = new HashSet<>(userRoleUuidList);
+        getTeamUuidListAndRoleUuidList(teamUuidList, roleUuidSet, null);
+        return new AuthenticationInfoVo(userUuid, teamUuidList, new ArrayList<>(roleUuidSet));
+    }
+
+
+    @Override
+    public AuthenticationInfoVo getAuthenticationInfo(String userUuid, String env) {
+        List<String> teamUuidList = teamMapper.getTeamUuidListByUserUuid(userUuid);
+        List<String> userRoleUuidList = roleMapper.getRoleUuidListByUserUuidAndEnv(userUuid, env);
+        Set<String> roleUuidSet = new HashSet<>(userRoleUuidList);
+        getTeamUuidListAndRoleUuidList(teamUuidList, roleUuidSet, env);
+        return new AuthenticationInfoVo(userUuid, teamUuidList, new ArrayList<>(roleUuidSet));
+    }
+
+    /**
+     * 补充teamUuidList roleUuidSet
+     *
+     * @param teamUuidList 组uuid列表
+     * @param roleUuidSet  角色uuid列表
+     */
+    private void getTeamUuidListAndRoleUuidList(List<String> teamUuidList, Set<String> roleUuidSet, String env) {
         if (CollectionUtils.isNotEmpty(teamUuidList)) {
-            List<String> teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndCheckedChildren(teamUuidList, null);
+            List<String> teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndEnv(teamUuidList, env);
             roleUuidSet.addAll(teamRoleUuidList);
             Set<String> upwardUuidSet = new HashSet<>();
-            List<TeamVo> teamList =  teamMapper.getTeamByUuidList(teamUuidList);
+            List<TeamVo> teamList = teamMapper.getTeamByUuidList(teamUuidList);
             for (TeamVo teamVo : teamList) {
                 String upwardUuidPath = teamVo.getUpwardUuidPath();
                 if (StringUtils.isNotBlank(upwardUuidPath)) {
@@ -76,20 +97,19 @@ public class AuthenticationInfoServiceImpl implements AuthenticationInfoService
                 }
             }
             if (CollectionUtils.isNotEmpty(upwardUuidSet)) {
-                teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndCheckedChildren(new ArrayList<>(upwardUuidSet), 1);
+                teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndCheckedChildrenAndEnv(new ArrayList<>(upwardUuidSet), 1, env);
                 roleUuidSet.addAll(teamRoleUuidList);
             }
         }
-        return new AuthenticationInfoVo(userUuid, teamUuidList, new ArrayList<>(roleUuidSet));
     }
 
     /**
      * 查询用户鉴权时，需要用到到userUuidList、teamUuidList、roleUuidList，其中roleUuidList包含用户所在分组的拥护角色列表。
-     * @param userUuidList
-     * @return
+     *
+     * @param userUuidList 用户uuid列表
      */
     @Override
-    public AuthenticationInfoVo getAuthenticationInfo(List<String> userUuidList){
+    public AuthenticationInfoVo getAuthenticationInfo(List<String> userUuidList) {
         Set<String> teamUuidSet = new HashSet<>();
         Set<String> roleUuidSet = new HashSet<>();
         for (String userUuid : userUuidList) {
@@ -97,27 +117,21 @@ public class AuthenticationInfoServiceImpl implements AuthenticationInfoService
             teamUuidSet.addAll(teamUuidList);
             List<String> userRoleUuidList = roleMapper.getRoleUuidListByUserUuid(userUuid);
             roleUuidSet.addAll(userRoleUuidList);
-            if (CollectionUtils.isNotEmpty(teamUuidList)) {
-                List<String> teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndCheckedChildren(teamUuidList, null);
-                roleUuidSet.addAll(teamRoleUuidList);
-                Set<String> upwardUuidSet = new HashSet<>();
-                List<TeamVo> teamList =  teamMapper.getTeamByUuidList(teamUuidList);
-                for (TeamVo teamVo : teamList) {
-                    String upwardUuidPath = teamVo.getUpwardUuidPath();
-                    if (StringUtils.isNotBlank(upwardUuidPath)) {
-                        String[] upwardUuidArray = upwardUuidPath.split(",");
-                        for (String upwardUuid : upwardUuidArray) {
-                            if (!upwardUuid.equals(teamVo.getUuid())) {
-                                upwardUuidSet.add(upwardUuid);
-                            }
-                        }
-                    }
-                }
-                if (CollectionUtils.isNotEmpty(upwardUuidSet)) {
-                    teamRoleUuidList = roleMapper.getRoleUuidListByTeamUuidListAndCheckedChildren(new ArrayList<>(upwardUuidSet), 1);
-                    roleUuidSet.addAll(teamRoleUuidList);
-                }
-            }
+            getTeamUuidListAndRoleUuidList(teamUuidList, roleUuidSet,null);
+        }
+        return new AuthenticationInfoVo(userUuidList, new ArrayList<>(teamUuidSet), new ArrayList<>(roleUuidSet));
+    }
+
+    @Override
+    public AuthenticationInfoVo getAuthenticationInfo(List<String> userUuidList, String env) {
+        Set<String> teamUuidSet = new HashSet<>();
+        Set<String> roleUuidSet = new HashSet<>();
+        for (String userUuid : userUuidList) {
+            List<String> teamUuidList = teamMapper.getTeamUuidListByUserUuid(userUuid);
+            teamUuidSet.addAll(teamUuidList);
+            List<String> userRoleUuidList = roleMapper.getRoleUuidListByUserUuidAndEnv(userUuid, env);
+            roleUuidSet.addAll(userRoleUuidList);
+            getTeamUuidListAndRoleUuidList(teamUuidList, roleUuidSet, env);
         }
         return new AuthenticationInfoVo(userUuidList, new ArrayList<>(teamUuidSet), new ArrayList<>(roleUuidSet));
     }
diff --git a/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java b/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
index 95a3b79a6..ba89d58f0 100644
--- a/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
+++ b/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
@@ -17,6 +17,7 @@ limitations under the License.
 package neatlogic.module.framework.filter.handler;
 
 import neatlogic.framework.common.config.Config;
+import neatlogic.framework.dto.JwtVo;
 import neatlogic.framework.dto.UserVo;
 import neatlogic.framework.filter.core.LoginAuthHandlerBase;
 import com.alibaba.fastjson.JSONArray;
@@ -96,6 +97,7 @@ public class DefaultLoginAuthHandler extends LoginAuthHandlerBase {
                 String jwt = authorization.substring(7);
                 String[] jwtParts = jwt.split("\\.");
                 if (jwtParts.length == 3) {
+                    userVo.setJwtVo(new JwtVo(jwtParts));
                     SecretKeySpec signingKey = new SecretKeySpec(Config.JWT_SECRET().getBytes(), "HmacSHA1");
                     Mac mac;
                     try {
diff --git a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
index 31bdac9c9..4e272f637 100644
--- a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
+++ b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
@@ -100,7 +100,7 @@ public class LoginController {
         JSONObject resultJson = new JSONObject();
         try {
             String userId = jsonObj.getString("userid");
-            if(StringUtils.isBlank(userId)){
+            if (StringUtils.isBlank(userId)) {
                 throw new UserNotFoundException(userId);
             }
             String password = jsonObj.getString("password");
@@ -159,7 +159,7 @@ public class LoginController {
                 }
                 if (checkUserVo != null) {
                     String timezone = "+8:00";
-                    AuthenticationInfoVo authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(checkUserVo.getUuid());
+                    AuthenticationInfoVo authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(checkUserVo.getUuid(), request.getHeader("Env"));
                     UserContext.init(checkUserVo, authenticationInfoVo, timezone, request, response);
                     for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
                         loginPostProcessor.loginAfterInitialization();
@@ -169,15 +169,15 @@ public class LoginController {
 
             if (checkUserVo != null) {
                 checkUserVo.setTenant(tenant);
+                JwtVo jwtVo = LoginAuthHandlerBase.buildJwt(checkUserVo);
                 // 保存 user 登录访问时间
-                userSessionMapper.insertUserSession(checkUserVo.getUuid(),JSONObject.toJSONString(UserContext.get().getAuthenticationInfoVo()));
+                userSessionMapper.insertUserSession(checkUserVo.getUuid(), jwtVo.getTokenHash(), jwtVo.getTokenCreateTime(), JSONObject.toJSONString(UserContext.get().getAuthenticationInfoVo()));
                 //更新租户visitTime
                 TenantContext.get().setUseDefaultDatasource(true);
-                if(!tenantVisitSet.contains(tenant)) {
+                if (!tenantVisitSet.contains(tenant)) {
                     tenantMapper.updateTenantVisitTime(tenant);
                     tenantVisitSet.add(tenant);
                 }
-                JwtVo jwtVo = LoginAuthHandlerBase.buildJwt(checkUserVo);
                 LoginAuthHandlerBase.setResponseAuthCookie(response, request, tenant, jwtVo);
                 returnObj.put("Status", "OK");
                 returnObj.put("JwtToken", jwtVo.getJwthead() + "." + jwtVo.getJwtbody() + "." + jwtVo.getJwtsign());
-- 
Gitee


From 9594786f12c7f9ff67a1dadd8feacb7fc325abc5 Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Tue, 12 Dec 2023 19:35:41 +0800
Subject: [PATCH 2/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../threadlocal/UserContext.java              | 13 ++-
 .../framework/dao/mapper/UserMapper.java      |  2 +-
 .../framework/dao/mapper/UserMapper.xml       | 54 ++++++------
 .../dao/mapper/UserSessionMapper.xml          |  4 +-
 .../java/neatlogic/framework/dto/JwtVo.java   | 27 +++++-
 .../neatlogic/framework/dto/UserAuthVo.java   | 13 +++
 .../framework/dto/UserSessionVo.java          | 11 +++
 .../filter/JsonWebTokenValidFilter.java       |  5 +-
 .../filter/core/LoginAuthHandlerBase.java     |  3 +-
 .../handler/DefaultLoginAuthHandler.java      |  1 +
 .../login/handler/LoginController.java        |  3 +
 .../framework/restful/api/ModuleListApi.java  | 87 ++++++++++---------
 12 files changed, 142 insertions(+), 81 deletions(-)

diff --git a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
index 5f42cd8fc..f1fd5d856 100644
--- a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
+++ b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
@@ -52,6 +52,8 @@ public class UserContext implements Serializable {
 
     private String tokenHash;
 
+    private String env;
+
     public static UserContext init(UserContext _userContext) {
         UserContext context = new UserContext();
         if (_userContext != null) {
@@ -104,8 +106,9 @@ public class UserContext implements Serializable {
         context.setResponse(response);
         context.setTimezone(timezone);
         context.setAuthenticationInfoVo(authenticationInfoVo);
-        if(userVo.getJwtVo() != null) {
+        if (userVo.getJwtVo() != null) {
             context.setTokenHash(userVo.getJwtVo().getTokenHash());
+            context.setEnv(userVo.getJwtVo().getEnv());
         }
         instance.set(context);
         return context;
@@ -276,4 +279,12 @@ public class UserContext implements Serializable {
     public void setTokenHash(String tokenHash) {
         this.tokenHash = tokenHash;
     }
+
+    public String getEnv() {
+        return env;
+    }
+
+    public void setEnv(String env) {
+        this.env = env;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
index 23a6fd416..b7ee01314 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
@@ -73,7 +73,7 @@ public interface UserMapper {
 
     List<UserAuthVo> searchUserAuthByUserUuid(String userUuid);
 
-    List<UserAuthVo> searchUserAllAuthByUserAuth(UserAuthVo userAuthVo);
+    List<UserAuthVo> searchUserAllAuthByUserAuth(@Param("authenticationInfoVo") AuthenticationInfoVo authenticationInfoVo, @Param("env") String env);
 
     List<UserAuthVo> searchUserAllAuthByUserAuthCache(UserAuthVo userAuthVo);
 
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
index e8a7f5efd..b461b5c61 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
@@ -466,36 +466,34 @@ limitations under the License.
         WHERE `user_uuid` = #{userUuid}
     </select>
 
-    <select id="searchUserAllAuthByUserAuth" parameterType="neatlogic.framework.dto.UserAuthVo"
-            resultType="neatlogic.framework.dto.UserAuthVo" useCache="false">
-        SELECT
-        ra.`auth_group` AS authGroup,
-        ra.`auth`
-        FROM `user_role` ur
-        JOIN `role_authority` ra ON ur.`role_uuid` = ra.`role_uuid`
-        WHERE ur.`user_uuid` = #{userUuid}
-        <if test="auth != null and auth != ''">
-            AND ra.`auth` = #{auth}
+    <select id="searchUserAllAuthByUserAuth" resultType="neatlogic.framework.dto.UserAuthVo" useCache="false">
+        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
+            SELECT
+            ra.`auth_group` AS authGroup,
+            ra.`auth`
+            FROM `role_authority` ra
+            <if test="env != null and env != ''">
+                JOIN `role` r on ra.role_uuid = r.uuid
+            </if>
+            <if test="env != null and env != ''">
+                AND r.`env` = #{env}
+            </if>
         </if>
-        UNION
-        SELECT
-        `auth_group` AS authGroup,
-        `auth`
-        FROM `user_authority`
-        WHERE `user_uuid` = #{userUuid}
-        <if test="auth != null and auth != ''">
-            AND `auth` = #{auth}
+        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
+            UNION
         </if>
-        UNION
-        SELECT
-        c.`auth_group` AS authGroup,
-        c.`auth`
-        FROM `user_team` a
-        JOIN `team_role` b ON b.`team_uuid` = a.`team_uuid`
-        JOIN `role_authority` c ON c.`role_uuid` = b.`role_uuid`
-        WHERE a.`user_uuid` = #{userUuid}
-        <if test="auth != null and auth != ''">
-            AND `auth` = #{auth}
+        <if test="userUuidList != null and userUuidList.size() > 0">
+            SELECT
+            `auth_group` AS authGroup,
+            `auth`
+            FROM `user_authority`
+            WHERE `user_uuid` in
+            <foreach collection="userUuidList" open="(" close=")" separator="," item="userUuid">
+                #{userUuid}
+            </foreach>
+        </if>
+        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
+            UNION
         </if>
     </select>
 
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
index 4850297f8..9649443f8 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
@@ -21,7 +21,7 @@ limitations under the License.
 
     <select id="getUserSessionByTokenHash" parameterType="java.lang.String"
             resultType="neatlogic.framework.dto.UserSessionVo" useCache="false">
-        SELECT `user_uuid` as userUuid, `visit_time` as sessionTime,`auth_info` as authInfoStr
+        SELECT `user_uuid` as userUuid, `visit_time` as sessionTime,`auth_info` as authInfoStr,`token_create_time` as tokenCreateTime
         FROM `user_session`
         WHERE `token_hash` = #{value}
     </select>
@@ -140,7 +140,7 @@ limitations under the License.
         INSERT INTO `user_session` (`user_uuid`, `visit_time`, `token_hash`, `token_create_time`, `auth_info`)
         VALUES (#{userUuid}, NOW(3), #{tokenHash}, #{tokenCreateTime}, #{authInfo})
         ON DUPLICATE KEY
-            UPDATE `visit_time` = NOW(3), `auth_info` = #{authInfo}
+            UPDATE `visit_time` = NOW(3), `auth_info` = #{authInfo}, `token_create_time` = #{tokenCreateTime}
     </insert>
 
     <update id="updateUserSession" parameterType="java.lang.String">
diff --git a/src/main/java/neatlogic/framework/dto/JwtVo.java b/src/main/java/neatlogic/framework/dto/JwtVo.java
index 91d8bbb01..594202eb9 100644
--- a/src/main/java/neatlogic/framework/dto/JwtVo.java
+++ b/src/main/java/neatlogic/framework/dto/JwtVo.java
@@ -1,11 +1,13 @@
 package neatlogic.framework.dto;
 
 import com.alibaba.fastjson.JSONObject;
+import neatlogic.framework.asynchronization.threadlocal.RequestContext;
 import neatlogic.framework.common.constvalue.ApiParamType;
 import neatlogic.framework.restful.annotation.EntityField;
 import neatlogic.framework.util.Md5Util;
 import org.apache.commons.lang3.StringUtils;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
 public class JwtVo {
@@ -23,7 +25,7 @@ public class JwtVo {
 
     }
 
-    public JwtVo(UserVo checkUserVo) {
+    public JwtVo(UserVo checkUserVo, Long tokenCreateTime) {
         JSONObject jwtBodyObj = new JSONObject();
         jwtBodyObj.put("useruuid", checkUserVo.getUuid());
         jwtBodyObj.put("userid", checkUserVo.getUserId());
@@ -31,6 +33,13 @@ public class JwtVo {
         jwtBodyObj.put("tenant", checkUserVo.getTenant());
         jwtBodyObj.put("isSuperAdmin", checkUserVo.getIsSuperAdmin());
         jwtBodyObj.put("createTime", tokenCreateTime);
+        if (RequestContext.get() != null && RequestContext.get().getRequest() != null) {
+            String env = RequestContext.get().getRequest().getHeader("Env");
+            if (StringUtils.isNotBlank(env)) {
+                jwtBodyObj.put("env", env);
+            }
+        }
+        this.setTokenCreateTime(tokenCreateTime);
         jwtbody = Base64.getUrlEncoder().encodeToString(jwtBodyObj.toJSONString().getBytes());
     }
 
@@ -87,6 +96,20 @@ public class JwtVo {
     }
 
     public String getTokenHash() {
-        return Md5Util.encryptMD5(getJwthead() + "." + getJwtbody() + "." + getJwtsign());
+        String jwtBody = new String(Base64.getUrlDecoder().decode(getJwtbody()), StandardCharsets.UTF_8);
+        JSONObject jwtBodyObj = JSONObject.parseObject(jwtBody);
+        JSONObject tokenJson = new JSONObject();
+        tokenJson.put("tenant", jwtBodyObj.getString("tenant"));
+        tokenJson.put("useruuid", jwtBodyObj.getString("useruuid"));
+        if (jwtBodyObj.containsKey("env")) {
+            tokenJson.put("env", jwtBodyObj.getString("env"));
+        }
+        return Md5Util.encryptMD5(tokenJson.toJSONString());
+    }
+
+    public String getEnv() {
+        String jwtBody = new String(Base64.getUrlDecoder().decode(getJwtbody()), StandardCharsets.UTF_8);
+        JSONObject jwtBodyObj = JSONObject.parseObject(jwtBody);
+        return jwtBodyObj.getString("env");
     }
 }
diff --git a/src/main/java/neatlogic/framework/dto/UserAuthVo.java b/src/main/java/neatlogic/framework/dto/UserAuthVo.java
index 1324759dd..5faca16a7 100644
--- a/src/main/java/neatlogic/framework/dto/UserAuthVo.java
+++ b/src/main/java/neatlogic/framework/dto/UserAuthVo.java
@@ -24,6 +24,9 @@ public class UserAuthVo extends BasePageVo implements Serializable {
     @EntityField(name = "权限名", type = ApiParamType.STRING)
     private String authName;
 
+    @EntityField(name = "环境", type = ApiParamType.STRING)
+    private String env;
+
 
     public UserAuthVo() {
 
@@ -31,6 +34,9 @@ public class UserAuthVo extends BasePageVo implements Serializable {
 
     public UserAuthVo(String _userUuid) {
         this.userUuid = _userUuid;
+        if (UserContext.get() != null) {
+            this.env = UserContext.get().getEnv();
+        }
     }
 
     public UserAuthVo(String _userUuid, String _auth) {
@@ -84,4 +90,11 @@ public class UserAuthVo extends BasePageVo implements Serializable {
         return authName;
     }
 
+    public String getEnv() {
+        return env;
+    }
+
+    public void setEnv(String env) {
+        this.env = env;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/dto/UserSessionVo.java b/src/main/java/neatlogic/framework/dto/UserSessionVo.java
index 965326366..630dd4edb 100644
--- a/src/main/java/neatlogic/framework/dto/UserSessionVo.java
+++ b/src/main/java/neatlogic/framework/dto/UserSessionVo.java
@@ -15,6 +15,9 @@ public class UserSessionVo {
     @EntityField(name = "权限", type = ApiParamType.STRING)
     private AuthenticationInfoVo authInfo;
 
+    @EntityField(name = "token创建时间", type = ApiParamType.LONG)
+    private Long tokenCreateTime;
+
     public UserSessionVo(String userUuid, Date sessionTime) {
         this.userUuid = userUuid;
         this.sessionTime = sessionTime;
@@ -54,4 +57,12 @@ public class UserSessionVo {
     public void setAuthInfoStr(String authInfoStr) {
         this.authInfoStr = authInfoStr;
     }
+
+    public Long getTokenCreateTime() {
+        return tokenCreateTime;
+    }
+
+    public void setTokenCreateTime(Long tokenCreateTime) {
+        this.tokenCreateTime = tokenCreateTime;
+    }
 }
diff --git a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
index ec74c3303..aa8a0e77f 100644
--- a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
+++ b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
@@ -44,6 +44,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URLDecoder;
 import java.util.Date;
+import java.util.Objects;
 
 public class JsonWebTokenValidFilter extends OncePerRequestFilter {
     // private ServletContext context;
@@ -200,12 +201,10 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
      * @return 不超时返回权限信息，否则返回null
      */
     private boolean userExpirationValid(UserVo userVo, String timezone, HttpServletRequest request, HttpServletResponse response) {
-        String userUuid = userVo.getUuid();
-        String tenant = TenantContext.get().getTenantUuid();
         AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(userVo.getJwtVo().getTokenHash());
         if (authenticationInfo == null || authenticationInfo.getUserUuid() == null) {
             UserSessionVo userSessionVo = userSessionMapper.getUserSessionByTokenHash(userVo.getJwtVo().getTokenHash());
-            if (null != userSessionVo) {
+            if (null != userSessionVo && Objects.equals(userSessionVo.getTokenCreateTime(), userVo.getJwtVo().getTokenCreateTime())) {
                 Date visitTime = userSessionVo.getSessionTime();
                 Date now = new Date();
                 int expire = Config.USER_EXPIRETIME();
diff --git a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
index 0b5b54618..17330da9a 100644
--- a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
+++ b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
@@ -117,7 +117,7 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
      */
     public static JwtVo buildJwt(UserVo checkUserVo) throws Exception {
         Long tokenCreateTime = System.currentTimeMillis();
-        JwtVo jwtVo = new JwtVo(checkUserVo);
+        JwtVo jwtVo = new JwtVo(checkUserVo,tokenCreateTime);
         SecretKeySpec signingKey = new SecretKeySpec(Config.JWT_SECRET().getBytes(), "HmacSHA1");
         Mac mac;
         mac = Mac.getInstance("HmacSHA1");
@@ -135,7 +135,6 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
         bos.close();
         jwtVo.setCc(cc);
         jwtVo.setJwtsign(jwtsign);
-        jwtVo.setTokenCreateTime(tokenCreateTime);
         return jwtVo;
     }
 
diff --git a/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java b/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
index ba89d58f0..3eb28f4dc 100644
--- a/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
+++ b/src/main/java/neatlogic/module/framework/filter/handler/DefaultLoginAuthHandler.java
@@ -112,6 +112,7 @@ public class DefaultLoginAuthHandler extends LoginAuthHandlerBase {
                             userVo.setUserId(jwtBodyObj.getString("userid"));
                             userVo.setUserName(jwtBodyObj.getString("username"));
                             userVo.setIsSuperAdmin(jwtBodyObj.getBoolean("isSuperAdmin"));
+                            userVo.getJwtVo().setTokenCreateTime(jwtBodyObj.getLong("createTime"));
                             if(jwtBodyObj.getJSONArray("rolelist") != null) {
                                 userVo.setRoleUuidList(JSONArray.parseArray(jwtBodyObj.getJSONArray("rolelist").toJSONString(),String.class));
                             }
diff --git a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
index e83a3cf40..b621e5943 100644
--- a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
+++ b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
@@ -17,6 +17,7 @@ limitations under the License.
 package neatlogic.module.framework.login.handler;
 
 import com.alibaba.fastjson.JSONObject;
+import neatlogic.framework.asynchronization.threadlocal.RequestContext;
 import neatlogic.framework.asynchronization.threadlocal.TenantContext;
 import neatlogic.framework.asynchronization.threadlocal.UserContext;
 import neatlogic.framework.auth.init.MaintenanceMode;
@@ -174,6 +175,8 @@ public class LoginController {
             }
 
             if (checkUserVo != null) {
+                //初始化request上下文
+                RequestContext.init(request, request.getRequestURI(), response);
                 checkUserVo.setTenant(tenant);
                 JwtVo jwtVo = LoginAuthHandlerBase.buildJwt(checkUserVo);
                 String AuthenticationInfoStr = null;
diff --git a/src/main/java/neatlogic/module/framework/restful/api/ModuleListApi.java b/src/main/java/neatlogic/module/framework/restful/api/ModuleListApi.java
index 1b681e2da..b986cd809 100644
--- a/src/main/java/neatlogic/module/framework/restful/api/ModuleListApi.java
+++ b/src/main/java/neatlogic/module/framework/restful/api/ModuleListApi.java
@@ -22,6 +22,7 @@ import neatlogic.framework.asynchronization.threadlocal.TenantContext;
 import neatlogic.framework.asynchronization.threadlocal.UserContext;
 import neatlogic.framework.common.constvalue.ApiParamType;
 import neatlogic.framework.dao.mapper.UserMapper;
+import neatlogic.framework.dto.AuthenticationInfoVo;
 import neatlogic.framework.dto.UserAuthVo;
 import neatlogic.framework.dto.module.ModuleVo;
 import neatlogic.framework.restful.annotation.*;
@@ -39,52 +40,54 @@ import java.util.Set;
 @Service
 @OperationType(type = OperationTypeEnum.SEARCH)
 public class ModuleListApi extends PrivateApiComponentBase {
-	@Autowired
-	UserMapper userMapper;
+    @Autowired
+    UserMapper userMapper;
 
-	@Override
-	public String getToken() {
-		return "/module/list";
-	}
+    @Override
+    public String getToken() {
+        return "/module/list";
+    }
 
-	@Override
-	public String getName() {
-		return "获取租户激活模块接口";
-	}
+    @Override
+    public String getName() {
+        return "获取租户激活模块接口";
+    }
 
-	@Override
-	public String getConfig() {
-		return null;
-	}
+    @Override
+    public String getConfig() {
+        return null;
+    }
 
-	@Input({})
-	@Output({
-		@Param( name = "value", type = ApiParamType.STRING, desc = "模块"),
-		@Param( name = "text", type = ApiParamType.STRING, desc = "模块名") 
-		})
-	@Description(desc = "获取租户激活模块接口")
-	@Override
-	public Object myDoService(JSONObject jsonObj) throws Exception {
-		JSONArray resultArray = new JSONArray();
-		 Set<String> authGroupSet = new HashSet<String>();
+    @Input({})
+    @Output({
+            @Param(name = "value", type = ApiParamType.STRING, desc = "模块"),
+            @Param(name = "text", type = ApiParamType.STRING, desc = "模块名")
+    })
+    @Description(desc = "获取租户激活模块接口")
+    @Override
+    public Object myDoService(JSONObject jsonObj) throws Exception {
+        JSONArray resultArray = new JSONArray();
+        Set<String> authGroupSet = new HashSet<String>();
         //获取用户权限
-        List<UserAuthVo>  userAuthList = userMapper.searchUserAllAuthByUserAuth(new UserAuthVo(UserContext.get().getUserUuid()));
-        for(UserAuthVo userAuth:userAuthList) {
-        	authGroupSet.add(userAuth.getAuthGroup());
+        AuthenticationInfoVo authenticationInfoVo = UserContext.get().getAuthenticationInfoVo();
+        String env = UserContext.get().getEnv();
+        List<UserAuthVo> userAuthList = userMapper.searchUserAllAuthByUserAuth(authenticationInfoVo, env);
+        for (UserAuthVo userAuth : userAuthList) {
+            authGroupSet.add(userAuth.getAuthGroup());
         }
-		Set<String> checkSet = new HashSet<>();
-		for (ModuleVo moduleVo : TenantContext.get().getActiveModuleList()) {
-			if (authGroupSet.contains(moduleVo.getGroup())&&!checkSet.contains(moduleVo.getGroup())) {
-				checkSet.add(moduleVo.getGroup());
-				JSONObject returnObj = new JSONObject();
-				returnObj.put("value", moduleVo.getGroup());
-				returnObj.put("text", $.t(moduleVo.getGroupName()));
-				returnObj.put("sort", moduleVo.getGroupSort());
-				resultArray.add(returnObj);
-			}
-		}
-		resultArray.sort(Comparator.comparing(obj-> ((JSONObject) obj).getInteger("sort")));
-		
-		return resultArray;
-	}
+        Set<String> checkSet = new HashSet<>();
+        for (ModuleVo moduleVo : TenantContext.get().getActiveModuleList()) {
+            if (authGroupSet.contains(moduleVo.getGroup()) && !checkSet.contains(moduleVo.getGroup())) {
+                checkSet.add(moduleVo.getGroup());
+                JSONObject returnObj = new JSONObject();
+                returnObj.put("value", moduleVo.getGroup());
+                returnObj.put("text", $.t(moduleVo.getGroupName()));
+                returnObj.put("sort", moduleVo.getGroupSort());
+                resultArray.add(returnObj);
+            }
+        }
+        resultArray.sort(Comparator.comparing(obj -> ((JSONObject) obj).getInteger("sort")));
+
+        return resultArray;
+    }
 }
-- 
Gitee


From 729708bdfff1205b359e0d7c5d686bf438568db3 Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Fri, 15 Dec 2023 19:32:50 +0800
Subject: [PATCH 3/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../threadlocal/UserContext.java              |  2 +-
 .../framework/dao/mapper/UserMapper.java      |  4 +-
 .../framework/dao/mapper/UserMapper.xml       | 55 ++++++++++++++++---
 .../login/handler/LoginController.java        |  6 +-
 4 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
index f1fd5d856..4829f25bb 100644
--- a/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
+++ b/src/main/java/neatlogic/framework/asynchronization/threadlocal/UserContext.java
@@ -52,7 +52,7 @@ public class UserContext implements Serializable {
 
     private String tokenHash;
 
-    private String env;
+    private String env = null;
 
     public static UserContext init(UserContext _userContext) {
         UserContext context = new UserContext();
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
index b7ee01314..399ee355a 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.java
@@ -55,7 +55,9 @@ public interface UserMapper {
 
     UserVo getUserById(Long id);
 
-    UserVo getUserByUuid(String uuid);
+    UserVo getUserByUuidAndEnv(@Param("uuid") String uuid, @Param("env") String env);
+
+    UserVo getUserByUuid(@Param("uuid") String uuid);
 
     UserVo getUserSimpleInfoByUuid(String uuid);
 
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
index b461b5c61..57f02b28c 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
@@ -166,6 +166,35 @@ limitations under the License.
     </resultMap>
 
     <select id="getUserByUuid" parameterType="java.lang.String" resultMap="userInfoMap" useCache="false">
+        SELECT a.`id`,
+        a.`uuid`,
+        a.`user_id` AS userId,
+        a.`user_name` AS userName,
+        a.`email`,
+        a.`phone`,
+        e.`password`,
+        a.`pinyin`,
+        a.`is_active` AS isActive,
+        a.`is_delete` AS isDelete,
+        a.`user_info` AS userInfo,
+        a.`vip_level` AS vipLevel,
+        b.`role_uuid` AS roleUuid,
+        r.`name` AS roleName,
+        r.`description`,
+        c.`team_uuid` AS teamUuid,
+        d.`name` AS teamName,
+        d.`upward_name_path` AS upwardNamePath,
+        a.`is_super_admin` as isSuperAdmin
+        FROM `user` a
+        LEFT JOIN `user_role` b ON a.`uuid` = b.`user_uuid`
+        LEFT JOIN `user_team` c ON a.`uuid` = c.`user_uuid`
+        LEFT JOIN `team` d ON c.`team_uuid` = d.`uuid`
+        LEFT JOIN `role` r ON b.`role_uuid` = r.`uuid`
+        LEFT JOIN `user_password` e ON a.`user_id` = e.`user_id` AND e.`is_active` = 1
+        WHERE a.`uuid` = #{value}
+    </select>
+
+    <select id="getUserByUuidAndEnv" parameterType="java.lang.String" resultMap="userInfoMap" useCache="false">
         SELECT a.`id`,
                a.`uuid`,
                a.`user_id`          AS userId,
@@ -191,7 +220,10 @@ limitations under the License.
                  LEFT JOIN `team` d ON c.`team_uuid` = d.`uuid`
                  LEFT JOIN `role` r ON b.`role_uuid` = r.`uuid`
                  LEFT JOIN `user_password` e ON a.`user_id` = e.`user_id` AND e.`is_active` = 1
-        WHERE a.`uuid` = #{value}
+        WHERE a.`uuid` = #{uuid}
+          AND (r.`env` = #{env}
+            or r.`env` is null)
+
     </select>
 
     <select id="getUserById" parameterType="java.lang.Long" resultMap="userInfoMap" useCache="false">
@@ -467,7 +499,13 @@ limitations under the License.
     </select>
 
     <select id="searchUserAllAuthByUserAuth" resultType="neatlogic.framework.dto.UserAuthVo" useCache="false">
-        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
+        SELECT
+        `auth_group` AS authGroup,
+        `auth`
+        FROM `user_authority`
+        WHERE `user_uuid` = #{authenticationInfoVo.userUuid}
+        <if test="authenticationInfoVo.roleUuidList!= null and authenticationInfoVo.roleUuidList.size() > 0">
+            UNION
             SELECT
             ra.`auth_group` AS authGroup,
             ra.`auth`
@@ -476,13 +514,15 @@ limitations under the License.
                 JOIN `role` r on ra.role_uuid = r.uuid
             </if>
             <if test="env != null and env != ''">
-                AND r.`env` = #{env}
+                AND r.`env` = #{env} or  r.`env` is null
             </if>
+            WHERE ra.`role_uuid` in
+            <foreach collection="authenticationInfoVo.roleUuidList" open="(" close=")" separator="," item="roleUuid">
+                #{roleUuid}
+            </foreach>
         </if>
-        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
+        <if test="authenticationInfoVo.userUuidList != null and authenticationInfoVo.userUuidList.size() > 0">
             UNION
-        </if>
-        <if test="userUuidList != null and userUuidList.size() > 0">
             SELECT
             `auth_group` AS authGroup,
             `auth`
@@ -492,9 +532,6 @@ limitations under the License.
                 #{userUuid}
             </foreach>
         </if>
-        <if test="userUuidList != null and userUuidList.size() > 0 and roleUuidList!= null and roleUuidList.size() > 0">
-            UNION
-        </if>
     </select>
 
     <select id="searchUserAllAuthByUserAuthCache" parameterType="neatlogic.framework.dto.UserAuthVo"
diff --git a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
index b621e5943..adb22c7a4 100644
--- a/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
+++ b/src/main/java/neatlogic/module/framework/login/handler/LoginController.java
@@ -140,9 +140,9 @@ public class LoginController {
             if (Config.ENABLE_MAINTENANCE() && Config.MAINTENANCE().equals(userVo.getUserId())) {
                 String maintenancePassword = Config.MAINTENANCE_PASSWORD();
                 maintenancePassword = RC4Util.decrypt(maintenancePassword);
-                if(Objects.equals(Config.LOGIN_AUTH_PASSWORD_ENCRYPT(),"md5")) {
+                if (Objects.equals(Config.LOGIN_AUTH_PASSWORD_ENCRYPT(), "md5")) {
                     maintenancePassword = "{MD5}" + Md5Util.encryptMD5(maintenancePassword);
-                }else if(Objects.equals(Config.LOGIN_AUTH_PASSWORD_ENCRYPT(),"base64")){
+                } else if (Objects.equals(Config.LOGIN_AUTH_PASSWORD_ENCRYPT(), "base64")) {
                     maintenancePassword = "{BS}" + new String(Base64.getEncoder().encode(maintenancePassword.getBytes()));
                 }
                 if (password.equals(maintenancePassword)) {
@@ -166,7 +166,7 @@ public class LoginController {
                 }
                 if (checkUserVo != null) {
                     String timezone = "+8:00";
-                    authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(checkUserVo.getUuid());
+                    authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(checkUserVo.getUuid(), request.getHeader("Env"));
                     UserContext.init(checkUserVo, authenticationInfoVo, timezone, request, response);
                     for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
                         loginPostProcessor.loginAfterInitialization();
-- 
Gitee


From 19b7b76e730075a8c0142507f6c38691bfb09e96 Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Mon, 18 Dec 2023 18:39:39 +0800
Subject: [PATCH 4/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../framework/dao/mapper/UserMapper.xml       |  2 +-
 .../dao/mapper/UserSessionMapper.java         |  2 +
 .../dao/mapper/UserSessionMapper.xml          |  7 ++++
 .../java/neatlogic/framework/dto/JwtVo.java   | 35 ++++++++++++----
 .../filter/JsonWebTokenValidFilter.java       | 22 ++++++----
 .../filter/core/ILoginAuthHandler.java        | 42 +++++++++++--------
 .../filter/core/LoginAuthHandlerBase.java     | 14 ++++++-
 .../filter/handler/HmacLoginAuthHandler.java  |  7 ++++
 8 files changed, 94 insertions(+), 37 deletions(-)

diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
index 57f02b28c..10b311ffa 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserMapper.xml
@@ -191,7 +191,7 @@ limitations under the License.
         LEFT JOIN `team` d ON c.`team_uuid` = d.`uuid`
         LEFT JOIN `role` r ON b.`role_uuid` = r.`uuid`
         LEFT JOIN `user_password` e ON a.`user_id` = e.`user_id` AND e.`is_active` = 1
-        WHERE a.`uuid` = #{value}
+        WHERE a.`uuid` = #{uuid}
     </select>
 
     <select id="getUserByUuidAndEnv" parameterType="java.lang.String" resultMap="userInfoMap" useCache="false">
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
index 33c3eeae8..732a8d148 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.java
@@ -50,6 +50,8 @@ public interface UserSessionMapper {
 
     int insertUserSession(@Param("userUuid") String userUuid, @Param("tokenHash") String tokenHash, @Param("tokenCreateTime") Long tokenCreateTime, @Param("authInfo") String authInfo);
 
+    int insertUserSessionWithoutTokenCreateTime(@Param("userUuid") String userUuid, @Param("tokenHash") String tokenHash, @Param("tokenCreateTime") Long tokenCreateTime, @Param("authInfo") String authInfo);
+
     int updateUserSession(String tokenHash);
 
     int deleteUserSessionByTokenHash(String tokenHash);
diff --git a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
index 9649443f8..1a17f04ce 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/UserSessionMapper.xml
@@ -143,6 +143,13 @@ limitations under the License.
             UPDATE `visit_time` = NOW(3), `auth_info` = #{authInfo}, `token_create_time` = #{tokenCreateTime}
     </insert>
 
+    <insert id="insertUserSessionWithoutTokenCreateTime">
+        INSERT INTO `user_session` (`user_uuid`, `visit_time`, `token_hash`, `token_create_time`, `auth_info`)
+        VALUES (#{userUuid}, NOW(3), #{tokenHash}, #{tokenCreateTime}, #{authInfo})
+        ON DUPLICATE KEY
+            UPDATE `visit_time` = NOW(3)
+    </insert>
+
     <update id="updateUserSession" parameterType="java.lang.String">
         UPDATE `user_session`
         set `visit_time` = now(3)
diff --git a/src/main/java/neatlogic/framework/dto/JwtVo.java b/src/main/java/neatlogic/framework/dto/JwtVo.java
index 594202eb9..2c6fe063e 100644
--- a/src/main/java/neatlogic/framework/dto/JwtVo.java
+++ b/src/main/java/neatlogic/framework/dto/JwtVo.java
@@ -2,6 +2,7 @@ package neatlogic.framework.dto;
 
 import com.alibaba.fastjson.JSONObject;
 import neatlogic.framework.asynchronization.threadlocal.RequestContext;
+import neatlogic.framework.common.config.Config;
 import neatlogic.framework.common.constvalue.ApiParamType;
 import neatlogic.framework.restful.annotation.EntityField;
 import neatlogic.framework.util.Md5Util;
@@ -9,6 +10,7 @@ import org.apache.commons.lang3.StringUtils;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
+import java.util.Objects;
 
 public class JwtVo {
     private String cc;
@@ -18,6 +20,9 @@ public class JwtVo {
     @EntityField(name = "创建时间", type = ApiParamType.STRING)
     private Long tokenCreateTime;
 
+    @EntityField(name = "是否校验tokenCreateTime", type = ApiParamType.STRING)
+    private boolean isValidTokenCreateTime = true;
+
     @EntityField(name = "token哈希", type = ApiParamType.STRING)
     private String tokenHash;
 
@@ -96,15 +101,18 @@ public class JwtVo {
     }
 
     public String getTokenHash() {
-        String jwtBody = new String(Base64.getUrlDecoder().decode(getJwtbody()), StandardCharsets.UTF_8);
-        JSONObject jwtBodyObj = JSONObject.parseObject(jwtBody);
-        JSONObject tokenJson = new JSONObject();
-        tokenJson.put("tenant", jwtBodyObj.getString("tenant"));
-        tokenJson.put("useruuid", jwtBodyObj.getString("useruuid"));
-        if (jwtBodyObj.containsKey("env")) {
-            tokenJson.put("env", jwtBodyObj.getString("env"));
+        if (StringUtils.isBlank(tokenHash)) {
+            String jwtBody = new String(Base64.getUrlDecoder().decode(getJwtbody()), StandardCharsets.UTF_8);
+            JSONObject jwtBodyObj = JSONObject.parseObject(jwtBody);
+            JSONObject tokenJson = new JSONObject();
+            tokenJson.put("tenant", jwtBodyObj.getString("tenant"));
+            tokenJson.put("useruuid", jwtBodyObj.getString("useruuid"));
+            if (jwtBodyObj.containsKey("env")) {
+                tokenJson.put("env", jwtBodyObj.getString("env"));
+            }
+            tokenHash = Md5Util.encryptMD5(tokenJson.toJSONString());
         }
-        return Md5Util.encryptMD5(tokenJson.toJSONString());
+        return tokenHash;
     }
 
     public String getEnv() {
@@ -112,4 +120,15 @@ public class JwtVo {
         JSONObject jwtBodyObj = JSONObject.parseObject(jwtBody);
         return jwtBodyObj.getString("env");
     }
+
+    public void setValidTokenCreateTime(boolean validTokenCreateTime) {
+        isValidTokenCreateTime = validTokenCreateTime;
+    }
+
+    public boolean validTokenCreateTime(Long userSessionTokenCreateTime) {
+        if (Config.ENABLE_NO_SECRET() || !isValidTokenCreateTime) {
+            return true;
+        }
+        return Objects.equals(userSessionTokenCreateTime, getTokenCreateTime());
+    }
 }
diff --git a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
index aa8a0e77f..24b3f4908 100644
--- a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
+++ b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
@@ -25,6 +25,7 @@ import neatlogic.framework.common.util.TenantUtil;
 import neatlogic.framework.dao.cache.UserSessionCache;
 import neatlogic.framework.dao.mapper.UserSessionMapper;
 import neatlogic.framework.dto.AuthenticationInfoVo;
+import neatlogic.framework.dto.JwtVo;
 import neatlogic.framework.dto.UserSessionVo;
 import neatlogic.framework.dto.UserVo;
 import neatlogic.framework.filter.core.ILoginAuthHandler;
@@ -44,7 +45,6 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URLDecoder;
 import java.util.Date;
-import java.util.Objects;
 
 public class JsonWebTokenValidFilter extends OncePerRequestFilter {
     // private ServletContext context;
@@ -118,8 +118,10 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
                             if (userVo != null && StringUtils.isNotBlank(userVo.getUuid())) {
                                 logger.warn("======= userUuid: " + userVo.getUuid());
                                 isUnExpired = userExpirationValid(userVo, timezone, request, response);
-                                for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
-                                    loginPostProcessor.loginAfterInitialization();
+                                if(isUnExpired) {
+                                    for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
+                                        loginPostProcessor.loginAfterInitialization();
+                                    }
                                 }
                             }
                         }
@@ -201,22 +203,24 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
      * @return 不超时返回权限信息，否则返回null
      */
     private boolean userExpirationValid(UserVo userVo, String timezone, HttpServletRequest request, HttpServletResponse response) {
-        AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(userVo.getJwtVo().getTokenHash());
+        JwtVo jwt = userVo.getJwtVo();
+        AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(jwt.getTokenHash());
+        UserSessionCache.removeItem(jwt.getTokenHash());
         if (authenticationInfo == null || authenticationInfo.getUserUuid() == null) {
-            UserSessionVo userSessionVo = userSessionMapper.getUserSessionByTokenHash(userVo.getJwtVo().getTokenHash());
-            if (null != userSessionVo && Objects.equals(userSessionVo.getTokenCreateTime(), userVo.getJwtVo().getTokenCreateTime())) {
+            UserSessionVo userSessionVo = userSessionMapper.getUserSessionByTokenHash(jwt.getTokenHash());
+            if (null != userSessionVo && (jwt.validTokenCreateTime(userSessionVo.getTokenCreateTime()))) {
                 Date visitTime = userSessionVo.getSessionTime();
                 Date now = new Date();
                 int expire = Config.USER_EXPIRETIME();
                 long expireTime = expire * 60L * 1000L + visitTime.getTime();
                 if (now.getTime() < expireTime) {
-                    userSessionMapper.updateUserSession(userVo.getJwtVo().getTokenHash());
+                    userSessionMapper.updateUserSession(jwt.getTokenHash());
                     authenticationInfo = userSessionVo.getAuthInfo();
-                    UserSessionCache.addItem(userVo.getJwtVo().getTokenHash(), authenticationInfo);
+                    UserSessionCache.addItem(jwt.getTokenHash(), authenticationInfo);
                     UserContext.init(userVo, authenticationInfo, timezone, request, response);
                     return true;
                 }
-                userSessionMapper.deleteUserSessionByTokenHash(userVo.getJwtVo().getTokenHash());
+                userSessionMapper.deleteUserSessionByTokenHash(jwt.getTokenHash());
             }
         } else {
             UserContext.init(userVo, authenticationInfo, timezone, request, response);
diff --git a/src/main/java/neatlogic/framework/filter/core/ILoginAuthHandler.java b/src/main/java/neatlogic/framework/filter/core/ILoginAuthHandler.java
index c36242b51..fe7e8b28d 100644
--- a/src/main/java/neatlogic/framework/filter/core/ILoginAuthHandler.java
+++ b/src/main/java/neatlogic/framework/filter/core/ILoginAuthHandler.java
@@ -9,39 +9,40 @@ import javax.servlet.http.HttpServletResponse;
 public interface ILoginAuthHandler {
 
     /**
-    * @Author 89770
-    * @Time 2020年11月19日  
-    * @Description: 认证类型
-    * @Param 
-    * @return
+     * @return
+     * @Author 89770
+     * @Time 2020年11月19日
+     * @Description: 认证类型
+     * @Param
      */
     String getType();
-    
+
     /**
      * 资源权限拦截
-    * @Author 89770
-    * @Time 2020年11月19日  
-    * @Description: 认证逻辑
-    * @Param 
-    * @return
+     *
+     * @return
+     * @Author 89770
+     * @Time 2020年11月19日
+     * @Description: 认证逻辑
+     * @Param
      */
-    UserVo auth(HttpServletRequest request,HttpServletResponse response) throws Exception;
+    UserVo auth(HttpServletRequest request, HttpServletResponse response) throws Exception;
 
 
     /**
      * 登录认证
+     *
      * @param userVo
      * @param resultJson
      * @return
      */
     UserVo login(UserVo userVo, JSONObject resultJson);
-    
+
     /**
-    * @Author 89770
-    * @Time 2020年11月19日  
-    * @Description: 跳转url ，如果为null，则跳自带的登录页
-    * @Param 
-    * @return
+     * @Author 89770
+     * @Time 2020年11月19日
+     * @Description: 跳转url ，如果为null，则跳自带的登录页
+     * @Param
      */
     String directUrl();
 
@@ -50,4 +51,9 @@ public interface ILoginAuthHandler {
      */
     String logout();
 
+    /**
+     * 是否需要更新校验token createTime
+     */
+    boolean isValidTokenCreateTime();
+
 }
diff --git a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
index 17330da9a..e227ebff7 100644
--- a/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
+++ b/src/main/java/neatlogic/framework/filter/core/LoginAuthHandlerBase.java
@@ -100,7 +100,14 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
             JwtVo jwtVo = buildJwt(userVo);
             setResponseAuthCookie(response, request, tenant, jwtVo);
             AuthenticationInfoVo authenticationInfoVo = authenticationInfoService.getAuthenticationInfo(userVo.getUuid(), request.getHeader("Env"));
-            userSessionMapper.insertUserSession(userVo.getUuid(), jwtVo.getTokenHash(), jwtVo.getTokenCreateTime(), JSONObject.toJSONString(authenticationInfoVo));
+            if(isValidTokenCreateTime()) {
+                userSessionMapper.insertUserSession(userVo.getUuid(), jwtVo.getTokenHash(), jwtVo.getTokenCreateTime(), JSONObject.toJSONString(authenticationInfoVo));
+            }else{
+                jwtVo.setValidTokenCreateTime(isValidTokenCreateTime());
+                if(UserSessionCache.getItem(jwtVo.getTokenHash()) == null) {
+                    userSessionMapper.insertUserSessionWithoutTokenCreateTime(userVo.getUuid(), jwtVo.getTokenHash(), jwtVo.getTokenCreateTime(), JSONObject.toJSONString(authenticationInfoVo));
+                }
+            }
             userVo.setJwtVo(jwtVo);
         }
         return userVo;
@@ -219,4 +226,9 @@ public abstract class LoginAuthHandlerBase implements ILoginAuthHandler {
     public UserVo myLogin(UserVo userVo, JSONObject resultJson) {
         return null;
     }
+
+    @Override
+    public boolean isValidTokenCreateTime(){
+        return true;
+    }
 }
diff --git a/src/main/java/neatlogic/module/framework/filter/handler/HmacLoginAuthHandler.java b/src/main/java/neatlogic/module/framework/filter/handler/HmacLoginAuthHandler.java
index d3d5a4ccd..45cf04ab1 100644
--- a/src/main/java/neatlogic/module/framework/filter/handler/HmacLoginAuthHandler.java
+++ b/src/main/java/neatlogic/module/framework/filter/handler/HmacLoginAuthHandler.java
@@ -113,4 +113,11 @@ public class HmacLoginAuthHandler extends LoginAuthHandlerBase {
         return null;
     }
 
+
+    @Override
+    public boolean isValidTokenCreateTime(){
+        //hmac认证用于其他系统直接调用后台认证，无需更新tokenCreateTime，否则可能会导致同个用户浏览器登录失效。
+        return false;
+    }
+
 }
-- 
Gitee


From f82d921cb70ed09bef8c2ad716a068423a83273d Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Tue, 19 Dec 2023 12:23:42 +0800
Subject: [PATCH 5/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filter/JsonWebTokenValidFilter.java       | 185 ++++++++++--------
 1 file changed, 102 insertions(+), 83 deletions(-)

diff --git a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
index 24b3f4908..b74f0adf8 100644
--- a/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
+++ b/src/main/java/neatlogic/framework/filter/JsonWebTokenValidFilter.java
@@ -32,7 +32,7 @@ import neatlogic.framework.filter.core.ILoginAuthHandler;
 import neatlogic.framework.filter.core.LoginAuthFactory;
 import neatlogic.framework.login.core.ILoginPostProcessor;
 import neatlogic.framework.login.core.LoginPostProcessorFactory;
-import neatlogic.framework.service.AuthenticationInfoService;
+import neatlogic.framework.util.$;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -47,11 +47,8 @@ import java.net.URLDecoder;
 import java.util.Date;
 
 public class JsonWebTokenValidFilter extends OncePerRequestFilter {
-    // private ServletContext context;
     @Resource
     private UserSessionMapper userSessionMapper;
-    @Resource
-    private AuthenticationInfoService authenticationInfoService;
 
     /**
      * Default constructor.
@@ -72,9 +69,7 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
         Cookie[] cookies = request.getCookies();
         String timezone = "+8:00";
         boolean isUnExpired = false;
-        boolean hasTenant = false;
         UserVo userVo = null;
-        JSONObject redirectObj = new JSONObject();
         String authType = "default";
         ILoginAuthHandler defaultLoginAuth = LoginAuthFactory.getLoginAuth(authType);
         ILoginAuthHandler loginAuth = defaultLoginAuth;
@@ -91,98 +86,123 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
 
         //判断租户
         try {
-            //logger.info("requestUrl:"+request.getRequestURI()+" ------------------------------------------------ start");
             String tenant = request.getHeader("Tenant");
             //认证过程中可能需要从request中获取inputStream，为了后续spring也可以获取inputStream，需要做一层cached
             HttpServletRequest cachedRequest = new CachedBodyHttpServletRequest(request);
-            if (TenantUtil.hasTenant(tenant)) {
-                hasTenant = true;
-                TenantContext.init();
-                TenantContext.get().switchTenant(tenant);
-                logger.warn("======= defaultLoginAuth: ");
-                //先按 default 认证，不存在才根据具体 AuthType 认证用户
-                userVo = defaultLoginAuth.auth(cachedRequest, response);
-                if (userVo == null) {
-                    //获取认证插件名,优先使用请求方指定的认证
-                    String authTypeHeader = request.getHeader("AuthType");
-                    if (StringUtils.isNotBlank(authTypeHeader)) {
-                        authType = authTypeHeader;
-                    } else {
-                        authType = Config.LOGIN_AUTH_TYPE();
-                    }
-                    logger.info("AuthType: " + authType);
-                    if (StringUtils.isNotBlank(authType)) {
-                        loginAuth = LoginAuthFactory.getLoginAuth(authType);
-                        if (loginAuth != null) {
-                            userVo = loginAuth.auth(cachedRequest, response);
-                            if (userVo != null && StringUtils.isNotBlank(userVo.getUuid())) {
-                                logger.warn("======= userUuid: " + userVo.getUuid());
-                                isUnExpired = userExpirationValid(userVo, timezone, request, response);
-                                if(isUnExpired) {
-                                    for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
-                                        loginPostProcessor.loginAfterInitialization();
-                                    }
+            if (!TenantUtil.hasTenant(tenant)) {
+                returnErrorResponseJson($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.lacktenant", tenant), 521, response, loginAuth.directUrl());
+                return;
+            }
+            TenantContext.init();
+            TenantContext.get().switchTenant(tenant);
+            logger.warn("======= defaultLoginAuth: ");
+            //先按 default 认证，不存在才根据具体 AuthType 认证用户
+            userVo = defaultLoginAuth.auth(cachedRequest, response);
+            if (userVo == null) {
+                //获取认证插件名,优先使用请求方指定的认证
+                String authTypeHeader = request.getHeader("AuthType");
+                if (StringUtils.isNotBlank(authTypeHeader)) {
+                    authType = authTypeHeader;
+                } else {
+                    authType = Config.LOGIN_AUTH_TYPE();
+                }
+                logger.info("AuthType: " + authType);
+                if (StringUtils.isNotBlank(authType)) {
+                    loginAuth = LoginAuthFactory.getLoginAuth(authType);
+                    if (loginAuth != null) {
+                        userVo = loginAuth.auth(cachedRequest, response);
+                        if (userVo != null && StringUtils.isNotBlank(userVo.getUuid())) {
+                            logger.warn("======= getUser succeed: " + userVo.getUuid());
+                            isUnExpired = userExpirationValid(userVo, timezone, request, response);
+                            if (isUnExpired) {
+                                for (ILoginPostProcessor loginPostProcessor : LoginPostProcessorFactory.getLoginPostProcessorSet()) {
+                                    loginPostProcessor.loginAfterInitialization();
                                 }
                             }
+                        } else {
+                            returnErrorResponseJson($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.authfailed", loginAuth.getType()), 523, response, loginAuth.directUrl());
+                            return;
                         }
+                    } else {
+                        returnErrorResponseJson($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.authtypeinvalid", authType), 522, response, defaultLoginAuth.directUrl());
+                        return;
                     }
                 } else {
-                    isUnExpired = userExpirationValid(userVo, timezone, request, response);
-                    logger.warn("======= getAuthenticationInfoService succeed: " + userVo.getUuid());
+                    returnErrorResponseJson($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.authfailed", loginAuth.getType()), 523, response, defaultLoginAuth.directUrl());
+                    return;
                 }
+            } else {
+                logger.warn("======= getUser succeed: " + userVo.getUuid());
+                isUnExpired = userExpirationValid(userVo, timezone, request, response);
             }
 
-            if (hasTenant && userVo != null && isUnExpired) {
-                //兼容“处理response,对象toString可能会异常”的场景，过了filter，应该是520异常
-                try {
-                    filterChain.doFilter(cachedRequest, response);
-                } catch (Exception ex) {
-                    logger.error(ex.getMessage(), ex);
-                    response.setStatus(520);
-                    redirectObj.put("Status", "ERROR");
-                    redirectObj.put("Message", ex.getMessage());
-                    response.setContentType(Config.RESPONSE_TYPE_JSON);
-                    response.getWriter().print(redirectObj.toJSONString());
-                }
+            //回话超时
+            if (!isUnExpired) {
+                returnErrorResponseJson($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.unexpired"), 527, response, loginAuth.directUrl());
+                return;
             } else {
-                if (!hasTenant) {
-                    response.setStatus(521);
-                    redirectObj.put("Status", "FAILED");
-                    redirectObj.put("Message", "租户 '" + tenant + "' 不存在或已被禁用");
-                    logger.warn("======= login error: 租户 '" + tenant + "' 不存在或已被禁用");
-                } else if (userVo == null) {
-                    response.setStatus(522);
-                    redirectObj.put("Status", "FAILED");
-                    if (loginAuth == null) {
-                        redirectObj.put("Message", "找不到认证方式 '" + authType + "'");
-                        logger.warn("======= login error: 找不到认证方式 '" + authType + "'");
-                    } else {
-                        redirectObj.put("Message", "认证失败(" + loginAuth.getType() + ")，请重新登录");
-                        logger.warn("======= login error: 通过" + loginAuth.getType() + "认证失败，请重新登录");
-                    }
-                    redirectObj.put("DirectUrl", loginAuth != null ? loginAuth.directUrl() : defaultLoginAuth.directUrl());
-                } else {
-                    response.setStatus(527);
-                    redirectObj.put("Status", "FAILED");
-                    redirectObj.put("Message", "会话已超时或已被终止，请重新登录");
-                    logger.warn("======= login error: 会话已超时或已被终止，请重新登录");
-                    redirectObj.put("DirectUrl", loginAuth != null ? loginAuth.directUrl() : defaultLoginAuth.directUrl());
-                }
-                removeAuthCookie(response);
-                response.setContentType(Config.RESPONSE_TYPE_JSON);
-                response.getWriter().print(redirectObj.toJSONString());
+                logger.warn("======= is Expired");
+            }
+
+            try {
+                filterChain.doFilter(cachedRequest, response);
+            } catch (Exception ex) {
+                //兼容“处理response,对象toString可能会异常”的场景，过了filter，应该是520异常
+                logger.error(ex.getMessage(), ex);
+                returnErrorResponseJson(ex.getMessage(), 520, response, false);
             }
         } catch (Exception ex) {
-            logger.error("认证失败", ex);
-            response.setStatus(522);
-            redirectObj.put("Status", "FAILED");
-            redirectObj.put("Message", ex.getMessage());
-            redirectObj.put("DirectUrl", loginAuth != null ? loginAuth.directUrl() : defaultLoginAuth.directUrl());
+            logger.error($.t("nff.jsonwebtokenvalidfilter.dofilterinternal.authfailederrorlog"), ex);
+            returnErrorResponseJson(ex.getMessage(), 524, response, loginAuth != null ? loginAuth.directUrl() : defaultLoginAuth.directUrl());
+        }
+    }
+
+    /**
+     * 返回异常JSON
+     *
+     * @param message      异常信息
+     * @param responseCode 异常码
+     * @param response     相应
+     * @param directUrl    前端跳转url
+     * @throws IOException 异常
+     */
+    private void returnErrorResponseJson(String message, Integer responseCode, HttpServletResponse response, boolean isRemoveCookie, String directUrl) throws IOException {
+        JSONObject redirectObj = new JSONObject();
+        redirectObj.put("Status", "FAILED");
+        redirectObj.put("Message", message);
+        logger.warn("======login error:" + message);
+        response.setStatus(responseCode);
+        redirectObj.put("DirectUrl", directUrl);
+        if (isRemoveCookie) {
             removeAuthCookie(response);
-            response.setContentType(Config.RESPONSE_TYPE_JSON);
-            response.getWriter().print(redirectObj.toJSONString());
         }
-        //logger.info("requestUrl:"+request.getRequestURI()+" ------------------------------------------------ end");
+        response.setContentType(Config.RESPONSE_TYPE_JSON);
+        response.getWriter().print(redirectObj.toJSONString());
+    }
+
+    /**
+     * 返回异常JSON
+     *
+     * @param message      异常信息
+     * @param responseCode 异常码
+     * @param response     相应
+     * @param directUrl    前端跳转url
+     * @throws IOException 异常
+     */
+    private void returnErrorResponseJson(String message, Integer responseCode, HttpServletResponse response, String directUrl) throws IOException {
+        returnErrorResponseJson(message, responseCode, response, true, directUrl);
+    }
+
+    /**
+     * 返回异常JSON
+     *
+     * @param message      异常信息
+     * @param responseCode 异常码
+     * @param response     相应
+     * @throws IOException 异常
+     */
+    private void returnErrorResponseJson(String message, Integer responseCode, HttpServletResponse response, boolean isRemoveCookie) throws IOException {
+        returnErrorResponseJson(message, responseCode, response, isRemoveCookie, null);
     }
 
     /**
@@ -205,7 +225,6 @@ public class JsonWebTokenValidFilter extends OncePerRequestFilter {
     private boolean userExpirationValid(UserVo userVo, String timezone, HttpServletRequest request, HttpServletResponse response) {
         JwtVo jwt = userVo.getJwtVo();
         AuthenticationInfoVo authenticationInfo = (AuthenticationInfoVo) UserSessionCache.getItem(jwt.getTokenHash());
-        UserSessionCache.removeItem(jwt.getTokenHash());
         if (authenticationInfo == null || authenticationInfo.getUserUuid() == null) {
             UserSessionVo userSessionVo = userSessionMapper.getUserSessionByTokenHash(jwt.getTokenHash());
             if (null != userSessionVo && (jwt.validTokenCreateTime(userSessionVo.getTokenCreateTime()))) {
-- 
Gitee


From f254ce745f722594570d4214e02dd656661cd9ab Mon Sep 17 00:00:00 2001
From: lvzk <897706680@qq.com>
Date: Tue, 19 Dec 2023 14:28:44 +0800
Subject: [PATCH 6/6] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=E8=A7=92=E8=89=B2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=8A=A8=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97?=
 =?UTF-8?q?=E6=AE=B5=20#[1014988100042752]=E8=A7=92=E8=89=B2=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86-=E8=A7=92=E8=89=B2=E5=A2=9E=E5=8A=A0=E5=8A=A8?=
 =?UTF-8?q?=E6=80=81=E5=8C=B9=E9=85=8D=E7=94=9F=E6=95=88=E5=AD=97=E6=AE=B5?=
 =?UTF-8?q?=20http://192.168.0.96:8090/demo/rdm.html#/story-detail/9390509?=
 =?UTF-8?q?47543040/939050947543042/1014988100042752?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../neatlogic/framework/dao/mapper/RoleMapper.xml    |  3 ++-
 .../changelog/2023-12-19/neatlogic_tenant.sql        |  9 +++++++++
 .../framework/changelog/2023-12-19/version.json      | 12 ++++++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/neatlogic_tenant.sql
 create mode 100644 src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/version.json

diff --git a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
index 68b1f8e3e..9649499cd 100644
--- a/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
+++ b/src/main/java/neatlogic/framework/dao/mapper/RoleMapper.xml
@@ -126,7 +126,8 @@ limitations under the License.
         SELECT `id`,
                `uuid`,
                `name`,
-               `description`
+               `description`,
+               `env`
         FROM `role`
         WHERE `uuid` = #{value}
     </select>
diff --git a/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/neatlogic_tenant.sql b/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/neatlogic_tenant.sql
new file mode 100644
index 000000000..d37c5776f
--- /dev/null
+++ b/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/neatlogic_tenant.sql
@@ -0,0 +1,9 @@
+truncate `user_session`;
+
+ALTER TABLE `user_session` ADD COLUMN `token_hash` char(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT 'token哈希值' AFTER `user_uuid`;
+
+ALTER TABLE `user_session` ADD COLUMN `token_create_time` bigint NULL DEFAULT NULL COMMENT 'token创建的时间' AFTER `token_hash`;
+
+ALTER TABLE `user_session` DROP PRIMARY KEY;
+
+ALTER TABLE `user_session` ADD PRIMARY KEY (`token_hash`) USING HASH;
\ No newline at end of file
diff --git a/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/version.json b/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/version.json
new file mode 100644
index 000000000..106d5f32f
--- /dev/null
+++ b/src/main/resources/neatlogic/resources/framework/changelog/2023-12-19/version.json
@@ -0,0 +1,12 @@
+{
+  "content":[
+    {
+      "type":"新增功能",
+      "detail":[
+        {"msg":"1.根据访问入口header env,动态生效角色"},
+        {"msg":"2.资源中心--资产清单查看权限依据团体和模型查看权限"},
+        {"msg":"3.优化登录及认证逻辑"}
+      ]
+    }
+  ]
+}
-- 
Gitee